SummaryI want to know how to setup the relay state with the new saml library. Basically once I am authenticated via the ...

Under below condition, the method ignoresthis.useReferer. I wonder if it is done on purpose.- isAlwaysUseDefaultTargetUr...

Expected BehaviorAbstractRememberMeServices implemented RememberMeServices methods with final modifier. This actually bl...

Comment From: marcusdacoregiohttps://github.com/spring-projects/spring-security/wiki/Spring-Security-6.0-Migration-Guide

Describe the bugJwtAuthenticationProvider delegates the instantiation of an Authentication to a Converter<Jwt, ? exte...

Describe the bugIn the documentation to migrating a reactive application to spring security 6.0.0 is an issue (or the im...

When working with Spring Webflux and CSRF protection additional steps are needed to expose the CSRF Token to the fronten...

Expected Behaviordevelopers can build all of modules with its jar .source and api doc to a zip fileCurrent Beha...

Expected BehaviorAs mentionned in OpenID documentation, Open ID Provider Configuration should only provide application/j...

Expected BehaviorKotlin's SessionManagementDsl should have all the configurable properties that the SessionManagementCon...

Describe the bugI am using spring security httpBasic and formLogin with rememberMe functionality. My goal was to replace...

If a server is behind a reverse proxy, for example, the application correct URL is "https://www.exmaple.com/t1/app-conte...

There are a lot of reports about a StackOverflowError when exposing the AuthenticationManager as a bean and using it ins...

Right now the latest version is ranked highest, but we could improve this so that other versions are ranked properly too...

SummaryNOTE: This was originally brought up as a question in gh-8322 this ticket is to resolve that questionIdeally we w...

WebExpressionAuthorizationManager, ExpressionAuthorizationDecision, and DefaultHttpSecurityExpressionhandler are in org....

Hi,diagram related to SecurityContextHolderFilter is referring to SecurityContextPersistenceFilter instead of SecurityCo...

We currently have class SessionDestroyedListener implements ApplicationListener<SessionDestroyedEvent> defined whi...

Original issue: spring-projects/spring-boot#33495Spring Boot auto-configures the reactive ServerHttpObservationFilter ah...

When a feature branch is added, like 5.8.x, it currently needs to be added to the antora-playbook.yml and local-antora-p...