玖涯软件开发|java/go/python

On the OAuth 2.0 login page, it seems the bootstrap css stylesheets are not used.Expected behaviorIf these resources are...

https://github.com/spring-projects/spring-security/pull/11934 deprecated some methods in order to enforce the right Requ...

We should switch the default of XML authorization to true. When doing so, update DeferHttpSessionXmlConfigTests xml conf...

In some places, like XML configuration (AuthorizationFilterParser, FilterChainBeanDefinitionParser, MatcherType), the de...

SummaryThe CSRF tokens generated by Spring are vulnerable to a BREACH attack. More details at http://breachattack.com/I'...

Describe the bughttps://docs.spring.io/spring-security/reference/servlet/oauth2/client/authorization-grants.htmlsays you...

We should remove SecurityContextPersistenceFilter in favor of explicit saves to the SecurityContextRepository. This will...

We should add the same test support that Spring Boot has to help us modify the classpath to make it easier to create tes...

We should add a default method CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse) that returns Defer...

Expected BehaviorSupport latest improvements and better defaults for security protocols such as removing SHA1 prefering ...

Forward port of issue #11347 to 6.0.x.Comment From: marcusdacoregioClosed via https://github.com/spring-projects/spring-...

Forward port of issue #11347 to 6.0.x.Comment From: marcusdacoregioDuplicate of https://github.com/spring-projects/sprin...

Forward port of issue #9159 to 6.0.x.Comment From: marcusdacoregioDuplicate of https://github.com/spring-projects/spring...

By default, we should reject using the built in RequestMatcher implementations other than MvcRequestMatcher in a MvcRequ...

Related https://github.com/spring-projects/spring-security/issues/4261Expected BehaviorSince the HPKP HeaderSupport has ...

Add missing SessionManagementDsl.requireExplicitAuthenticationStrategyComment From: rwinchClosed in 6d56af7b6543d6a162c9...

I used SSO based on Google and WebFlux and I don't know how to add own role in authentication. Now I have only ROLE_USER...

See Gamesight/slack-workflow-status#38Comment From: sjohnrThis fix was unsuccessful. Reopening to investigate further.Co...

I have token claims to explicitly convert at this point, but in stead of implementing my own converters i would like to ...

The filter SecureHeaders adds a content-security-policy header.This is contrary to the documentation saying "Spring Secu...