Expected BehaviorIn version 6.0, the default ServerCsrfTokenRequestHandler of the CsrfWebFilter class has changed to Xor...

Hi,I learn the below way to customize the authority prefix and claim name. Would like to suggest provide configuration p...

SummaryThe migration guide to latest spring security mentions replacing antmatcher with requestmatcher. However, this do...

Describe the bugI have an endpoint:@GetMapping("/someEndpoint")public Mono<Boolean> bucketExists(JwtAuth...

ScenarioSpring cloud gateway as Oauth2-client. Authorization rules configured in services behind gateway. when end user...

Describe the bugConfiguration rules that worked in Spring Security 5.7.6 don't work in 6.0.1.After migrating the securit...

How to add user authorities(Role) to the Authentication.getAuthorities.For jwt token, I can customize a class implement ...

Hi, Recently i learn that when it comes to generating and validating JWT token, we have to write our own logic. Is thi...

Related to #5629Like it is for Resource Server JWT support, it should be simple to customize the authentication token th...

SummaryReactiveSecurityContextHolder is broken when used with Futures. It does not always provide results and sometimes...

Describe the bugUsing the new DeferredCsrfToken, CsrfAuthenticationStrategy does not regenerate CsrfToken with CookieCsr...

Describe the bugJackson serialization of DefaultSaml2AuthenticatedPrincipal doesn't work anymore since Spring Boot 2.7.3...

Expected BehaviorI would like to be able to set a logoutRequestRepository for Saml2RelyingPartyInitiatedLogoutSuccessHan...

SummaryUse @NonNullApi annotation as Spring Core did.Actual BehaviorMany parts of the API like ClaimAccessor return null...

Describe the bugThe authorizationRequestResolver can't be changed in the OAuth2 client configuration. Because of this, w...

With the deprecated Saml2AuthenticationRequestContext it was possible to set a custom RelayState, but with the new OpenS...

Describe the bugI tried all codes in https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-ht...

Currently we use the unofficial spring-security-saml release 2.0.0.M31 in an open-source SAML SP-IdP Proxy. As the sprin...

Would love to see identity provider-side implementation support in spring security.Comment From: jzheauxDuplicate of #10...

I want a custom login form to include an additional field.So I plan to provide a custom UsernamePasswordAuthenticationF...