I am using AuthenticationEntryPoint to handle the Authentication issues.To deliver the exception reason to the end-user....

Describe the bugWe get an NPE when we try to add a new filter using standard DSL relative to another filter that was reg...

In the Authentication Migrations page, there's a typo in the frist section.Describe the bugby setting rethrowAuthenticat...

Hello,The documentation for "Configuring CsrfTokenRequestAttributeHandler" here (github link here) currently says that t...

Describe the bugRelayState Param with SamlLogoutRequest is ignored.Instead its replaced with a hardcoded UUID and cannot...

Describe the bugCurrently RememberMeConfigurer does not allow using non-default cookie names for authentication. I hope ...

I am going through an upgrade of a Spring Boot 2.6 to Boot 3.0 application. I found the documentation at https://docs.sp...

Describe the bugDespite configuring SessionCreationPolicy.NEVER for the SecurityFilterChain (using HttpSecurity) a sessi...

Session Management underwent a sizeable change in the 6.0 release. This has raised questions from the community like htt...

@jzheaux I have implemented SMAL2 login and logout using Spring Security 6.0.1. I have followed https://github.com/sprin...

Expected BehaviorThe method with the name defaultExpressionHandler of class PrePostMethodSecurityConfiguration should in...

Expected BehaviorI could read the documentation (migration guide and or normal documentation) and have a good understand...

We should default to Xor CSRF tokens in 6.0:Use XorCsrfTokenRequestAttributeHandler in CsrfFilterUse XorServerCsrfTokenR...

Hi all,I am developing a microservice application, using spring security on the spring cloud gateway, with an oidc authe...

Expected BehaviorI would like to be able to use and modify OidcAuthorizationCodeAuthenticationProvider and the functiona...

It would be nice to have the asserting party's full entity descriptor available at runtime.One way to achieve this is to...

I am trying to code along with the Hello Spring MVC Security Java Config guide. However, the referenced directory doesn'...

I'm using spring-security in my project. After upgrading to Spring Boot 3.0.2, the dispatcherServlet seems not working.I...

Please provide an API to enable OAuth2AuthorizationCodeGrantFilter to resolve the Authentication, given the OAuth2Author...

Jean-Pierre Bergamin (Migrated from SEC-2856) said:After enabling remember-me authentication for our SSO portal, people ...