The security.tld file shipped in spring-security-taglibs-5.1.4.RELEASE.jar refers to J2EE 1.4 schema resource. Use of th...

SummarySupport of a simple rbac approach would be great. It doesn't have to be a full blown implementation, but just the...

I did not know whether to log this as a bug or an enhancement, but it feels more like a bug to me. Either in the migrati...

SummaryUsing a war overlay I set the same name attribute for both http beans and it is overridden as expected, but the f...

Hi I am a little bit confused using spring-multi-filterchain when i mix oauth2Login & oauth2ResourceServer (SB 3.0.5...

Expected BehaviorRememberMeServices should handle itself logout. To make this happen, Declare RememberMeServices.logout ...

docsCreate a custom InMemoryOAuth2AuthorizationRequestRepository and configure it according to the documentExpected to u...

SummaryOAuth2 Client receives access_token, refresh_token, and oidc_id_token from the Authorization Server, which to me ...

Describe the bugAfter upgrading to 5.8.2 it is impossible anymore to authenticate with JWT containing duplicated keys in...

Implementing a SAML2 logout using Spring security's SAML2 implementaion leads to the following exception stacktrace when...

Expected BehaviorWhen setting a security context have it also be propagated to the worker threads used by Completable Fu...

Describe the bugHi, I have currently migrated my application from Spring Boot 2.7.10 to 3.0.5. My application tests fail...

Expected BehaviorWhen using the default login page in WebFluxSecurity and a login error occurs for various reasons (such...

Expected BehaviorThe SQL keywords in the users.sql script provided by Spring Security should be written in uppercase let...

springboot 3.0.2 spring security 6.0.1I wang to custom a LoginFilter to replace UsernamePasswordAuthenticationFilter.bu...

Hello!I have a problem using SAML, when I have only 1 kubernetes pod, I can work normally, when I have 2 pods, SAML cann...

DEBUG o.s.security.web.FilterChainProxy : Securing POST /loginDEBUG s.s.w.c.SecurityContextPersistenceFilter : ...

We recently made changes to prepare for migrating to Spring Security 6.0. Specifically, we moved from the deprecated Sec...

We should encourage users to switch over to the lambda DSL by deprecating methods that are only valid for the old way (u...

Hello, we are migrating to Spring Boot 3 and trying to replace deprecated GlobalMethodSecurityConfiguration, but it does...