Currently, the WebSocket / stomp security reference documentation contains two unhelpful lines about authenticating a us...

Expected BehaviorWe need a configuration for the relying party to indicate it wants to send a signed samlp:AuthnRequest....

SummaryWith 5.7.x mandatory validation of InResponseTo was introduced if it is provided in the authentication response. ...

DescriptionThe out-of-the-box behavior is that unauthenticated calls trigger session creation but authenticated calls do...

Expected BehaviorWe would like to have the possibility to easily log SAML responses as with the (previous) SAMLLogger-AP...

The protocol states that the Subject is optional.<element name="Assertion" type="saml:AssertionType&qu...

The documentation currently uses AnnotationMethodMatcher, but this is incorrect. The code requires a Pointcut.Comment Fr...

Expected BehaviorIn version 6.0, the default CsrfTokenRequestHandler of the CsrfFilter class has changed to XorCsrfToken...

Describe the bugSome of methods seem to not match the method signature in two libs in maven. To ReproduceSet versions i...

SummarySpring Framework recently overhauled it's logging via SPR-16898 and Spring Security should do the same. This is a...

Expected BehaviorBoth WebSecurityConfigurerAdapter and SecurityFilterChain can co-exist to ease migration from the forme...

can I save the request to redis in spring mvc and then restore the request after webflux authentication?Added: I used tw...

Hello.MVC Matcher rules that worked in Spring Security 5.7.6 don't work in 6.0.1.Spring Security 5.7.6 configuration (Sp...

Describe the bugIn my project we have 2 SecurityFilterChainsexternalFilterChain for external API requestsdefaultlFilterC...

Describe the bugIn an application (using Spring Boot 3.0.1) the response body does not match the Content-Type header for...

Mentioned in https://github.com/spring-projects/spring-boot/issues/33645 and opening here. @EnableMethodSecurity (and @E...

Currently, in SecurityExpressionRoot we use AuthenticationSupplier as a cacheable Supplier that allows us to call the pr...

Describe the bugWe use Spring Security for OAuth2 login using Keycloak. Until Spring Security 5.7.5 the JWT Token valida...

I am using AbstractPreAuthenticatedProcessingFilter to create and populate an instance of PreAuthenticatedAuthentication...

@Slf4j@SpringBootApplication()@MapperScan("com.exam.**.mapper")@EnableAsyncpublic class QuestionApplication ex...