Spring Security BasicAuthenticationFilter skips re-authentication if username changes and Authentication object is not UsernamePasswordAuthenticationToken

  • 2025-01-18 07:44:46
  • 2188
Describe the bugThe BasicAuthenticationFilter skips re-authentication if the username changes in the basic authenticatio...

Spring Security HttpSecurityConfiguration should configure ContentNegotiationStrategy

  • 2025-01-18 07:44:43
  • 176
To align with the behavior of WebSecurityConfigurerAdapter, the HttpSecurityConfiguration class should inject the Conten...

Spring Security Add native hint for the users JDBC schema

  • 2025-01-18 07:44:41
  • 1487
Describe the bugWhen using Spring Boot 3.0.0-M5 to build a native application with the ./mvnw -Pnative package and the a...

Spring Security docs zip does not contain reference html files (5.7.3)

  • 2025-01-18 07:44:38
  • 4301
Describe the bugREADME.adoc says that "./gradlew build" will build docs, but it builds only api docs. I could not find ...

Spring Security SAML2 InResponseTo validation error caused by how Chrome loading favicon

  • 2025-01-18 07:44:35
  • 3011
Describe the bugThis is a bug related to SAML2 InResponseTo validation, and I have tested Firefox, Safari, this bug or s...

Spring Security OAuth2 should be easier to set up without a servlet context

  • 2025-01-18 07:44:32
  • 6819
ContextRight now I'm spending a lot of time futzing around trying to figure out how to use spring-cloud-openfeign with t...

Spring Security Oauth2 client: Allow deescalating logged ERROR for invalid client registration ID

  • 2025-01-18 07:44:30
  • 3362
Current BehaviorCurrently, when attempting to work withz invalid client ID, an ERROR is logged : Authorization Request f...

Spring Security Spring Security Bcrypt with strength/log rounds = 31 results in 'Bad number of rounds' error although 31 should be ok

  • 2025-01-18 07:44:27
  • 3804
Describe the bug:I implement a webapp using Spring Boot and Spring Security. Passwords of my users are stored in my DB a...

Spring Security AuthorizationGrantType does not work when capitalized in configuration

  • 2025-01-18 07:44:22
  • 3703
Expected Behaviorspring.security.oauth2.client.registration.{provider}.authorization-grant-type: CLIENT_CREDENTIALSshoul...

Spring Security Default use of RequestAttributeSecurityContextRepository instead of NullSecurityContextRepository

  • 2025-01-18 07:44:19
  • 952
Rather than totally ignoring saving the SecurityContext we should place it on the request as a request attribute to ensu...

Spring Security Use SecurityContextHolderStrategy

  • 2025-01-18 07:44:16
  • 1123
When components access the SecurityContext statically through SecurityContextHolder, this can create race conditions whe...

Spring Security CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler

  • 2025-01-18 07:44:13
  • 178
We should rename CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and refactor CsrfFilter to no longer need C...

Spring Security Improve customization of DefaultOAuth2UserService to handle other content types

  • 2025-01-18 07:44:11
  • 2737
Expected BehaviorDefaultOAuth2UserService can be extended to e.g. allow for custom body parsing to handle application/jw...

Spring Security Remove setAuthenticationManager from HttpSecurityConfiguration

  • 2025-01-18 07:44:07
  • 1211
The @Autowired from that method was removed in https://github.com/spring-projects/spring-security/issues/9256.Since the ...

Spring Security SEC-2767: @PreAuthorize in combintation with @ModelAttribute fails

  • 2025-01-18 07:44:03
  • 636
uxbux hulan (Migrated from SEC-2767) said:using: spring & spring-mvc 4.1.0.RELEASE when annotated controllers with @...

Spring Security Support for custom success handling in case of oauth2 client

  • 2025-01-18 07:43:58
  • 4791
Expected BehaviorWould great to have something similar to defaultSuccessUrl as in case of OAuth2 login for OAuth2 client...

Spring Security Support refresh_token as a configuration property similar to client_credentials in OAuth2 for WebClient

  • 2025-01-18 07:43:55
  • 2701
SummaryI have to consume a 3rd party REST API. This API does not support client_credentials authentication grant type. I...

Spring Security SEC-1667: Consider adding a method to SecurityContextHolderStrategy that returns the current state of the SecurityContext without creating a new one

  • 2025-01-18 07:43:53
  • 3481
Kyrill Alyoshin (Migrated from SEC-1667) said:We do have scenarios when we have to call SecurityContextHolder#getContext...

Spring Security Support for custom error handling in case of oauth2 client

  • 2025-01-18 07:43:50
  • 4230
Expected BehaviorWould great if with authorizationFailureHandler it would be possible to provide a custom error response...

Spring Security ProviderManager eventPublisher is null

  • 2025-01-18 07:43:47
  • 811
Describe the bugIn version spring boot 2.6.8, eventPublisher was set up in ProviderManager as follows@Configurationpubli...
上一页 下一页
.