玖涯软件开发|java/go/python

Spring Security <spring-security.version> override for spring-boot-starter-security does not work

Describe the bugSince the CVEs started to fail, we need to urgently update the spring-security-* artifacts from 5.7.4 → ...

Spring Security SAML: OpenSaml4AuthenticationProvider.createDefaultAssertionValidator() should make it easier to add ValidationContext static parameters

Expected BehaviorIdeally I would be able to create a default assertion validator via createDefaultAssertionValidator() a...

Spring Security Add SpringTestContext.addFilter

Add SpringTestContext.addFilter which allows Spring Security's tests to specify a Filter to be added to the SpringTestCo...

Spring Security Unauthorized when authenticated user is shown an error page

Describe the bugWhen an error occurs during the request, an authenticated user is shown a 401 Unauthorized instead of a ...

Spring Security [Login with OpenID Identity] form is displayed on the page

Describe the bugWhen I use the [oauth2-login] tag, the [Login with OAuth 2.0] and [Login with OpenID Identity] form are ...

Spring Security CookieCsrfTokenRepository does not set the XSRF cookie on login response with Spring Security 6 RC1

Describe the bugIn Spring Security 5.x and 6.x before RC1 includes the new XSRF token in the login response so it is imm...

Spring Security Check for opensaml version on OpenSaml support classes

It would be nice for users to know exactly which version of opensaml classes to use. A check could be performed in order...

Spring Security Consider making ReactiveSecurityContextHolder mutable

Expected BehaviorWith the non-reactive SecurityContextHolder you can set the authentication from anywhere like this:Secu...

Spring Security Support empty cotext ReactorContextTestExecutionListener pass Security

I would like to have option to pass SecurityContextHolder.createEmptyContext() into my reactor testExpected BehaviorTest...

Spring Security AuthenticationServiceException propagation flag is unconfigurable in 5.8

There is no way to configure the rethrowAuthenticationServiceException flag for ServerHttpSercurity#httpBasic or #oauth2...

Spring Security Opportunity to use role and authorities together

Expected BehaviorIf create UserDetails like thisUser.builder() .role("admin") .authorities("write&quo...

Spring Security Documentation is not updated about "Expression-Based Access Control" in version 5.6.2

I found that the interface has changed in the new version, but there is no corresponding documentation on the official w...

Spring Security SEC-2839: SecurityNamespaceHandler - related to SEC-1455

Pelit Mamani (Migrated from SEC-2839) said:After reloading parsers, one needs to call 'get' again.Please see:class: org....

Spring Security RequestMatcherDelegatingAuthorizationManager should deny when no match

In Spring Security 5, the default AuthorizationManager for RequestMatcherDelegatingAuthorizationManager abstains.This de...

Spring Security Update the RP-initiated Logout links

Describe the bugWe're using the following link when we refer to the OIDC RP-Initiated Logout feature:https://openid.net/...

Spring Security ExceptionHandlingConfigurer provides no way to configure AuthenticationTrustResolver on ExceptionTranslationFilter

Expected BehaviorThere should be a way to set the custom implementation for AuthenticationTrustResolver on ExceptionTran...