Sprint Security 5.7.2.I have simple method with authentication principal and instead of principal get empty object. @...

PrefaceI asked this question on Stack Overflow but I would like to encourage enhancing the Spring documentation for such...

Describe the bugThe current identity provider i am using only supports ES256, and i was unable to finish the login flow ...

The OpenSamlMetadataResolver does not set the AuthnRequestsSigned attribute.https://github.com/spring-projects/spring-se...

Expected BehaviorAdd implementation of Artifact Resolution Profile, as specified here: https://www.oasis-open.org/commit...

Expected BehaviorThis method will create a new ValidationContext with only the CLOCK_SKEW param. But I want a way to ove...

Describe the bugAdding a filter relative (before/after) to a custom defined filter added previously does not work since ...

SummaryWhen attempting to retrieve the Principal in either a WebFlux Controller or Handler method (using the getPrincipa...

In applications annotated with @EnableWebFluxSecurity, and ReactiveAuthenticationManager beans defined, UserDetailsServ...

Descriptionthis may looks weird but it's a serious issue i encountered while working on a spring web project project,i u...

I'm using Spring Security 5.7.3The StackOverFlowError occurs with both two conditions:- Register an AuthenticationManage...

I am using Spring for a single page stateless REST application. I have enabled CSRF using the cookie token repository. ...

SummaryThe SecurityMockMvcResultMatchers do not work when SessionCreationPolicy.STATELESS is used.All examples from http...

SummaryI would like to create a meta annotation for @WithMockUser from Spring Security Test that uses @AliasFor to set t...

I'm using Spring Security 5.7.3The StackOverFlowError occurs with both two conditions:- Register an AuthenticationManage...

My IDE reports two errors in the following class:1.WebSecurityConfigurerAdapter is a deprecated class;2.Could not autowi...

The method is deprecated as a result of issue: CVE-2020-5408. The solution was to deprecate this method. This does not s...

Expected BehaviorIt would be great to have similar capabilities in oauth2Client as in oauth2Login to provide defaultSucc...

SummaryToday, in order to extract Spring Security roles from custom role representations in the Oidc User flow, code nee...

Expected BehaviorExtract granted authorities from a given OAuth2User.Current BehaviorCurrently the OAuth2 support uses a...