Forward port of issue #12274 to 5.7.x.Comment From: marcusdacoregioFixed via https://github.com/spring-projects/spring-s...

Is the flow of AuthorizationFilter.class incorrect? No FilterInvocation.https://docs.spring.io/spring-security/reference...

Describe the bugWhen using the Delegation-based Strategy with OidcUserService as documented at https://docs.spring.io/sp...

** Versions ** * Spring boot version: 2.7.1* Spring security 5.7* JDK version: 1.11I have previously added an issue at h...

I'm using 5.7.3 via Spring Boot security starters and the app was build using JHipster version 7.9.3Describe the bugIf a...

. Encryption certificate is about to expire how we can renew it and install it in our system .Comment From: sjohnrThanks...

https://github.com/spring-projects/spring-security/blob/1648151dd232973bacda2bf624f260251c553982/web/src/main/java/org/s...

Expected Behaviorwhen using http.oauth2Client() api i am aware that i should implement actual user(resource owner) authe...

The build is failing withCaused by: org.gradle.internal.resolve.ModuleVersionResolveException: Could not resolve org.gre...

It'd be handy to be able to construct an instance of HttpSecurity independently from an WebSecurityConfigurerAdapter.In ...

Describe the bugWhile trying to enable method security with prePost the usual way was to extend org.springframework.secu...

The WebSecurityConfigurerAdapter has been deprecated and its javadoc is too hard to understand how to replace it.We shou...

hi, I have the similar issue ashttps://github.com/spring-projects/spring-security/issues/5983#issuecomment-430620308.I a...

We should default to Xor CSRF tokens in 6.0, but CsrfAuthenticationStrategy still uses CsrfTokenRequestAttributeHandler ...

Now that the migration guide is largely written, it should be restructured into multiple pages to be more manageable for...

Now that the migration guide is largely written, it should be restructured into multiple pages to be more manageable for...

Describe the bugCsrfAuthenticationStrategy does not check for an existing token and always saves a null token when calle...

Describe the bugI have to migrate an existing OAuth2RestTemplate based OAuth2 microservice to Spring Security / WebClien...

For all instrumentation:https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/api....

Expected BehaviorWhen building a ClientRegistration and passing a string to the AuthorizationGrantType constructor, inva...