Describe the bugConsider the following controller:@RestControllerpublic class SecuredController { @GetMapping(path = ...

Related #11360 [ ] Add rememberMe to MessageMatcherDelegatingAuthorizationManager[ ] Add fullyAuthenticated to MessageMa...

I have checked out the branch 5.8.x, started ./gradlew :servlet:spring-boot:java:saml2:login:bootRunand opened http://lo...

[x] #11700[x] #11699java.lang.RuntimeException: getSession(false) at example.SessionAccessedFilter$1.getSession(Sessi...

CsrfFilter uses CsrfToken.parameterNameto specify the attribute name that the CsrfToken is set on. This doesn't make sen...

LazyCsrfTokenRepository supports lazily saving the CsrfToken which allowed for lazily saving the CsrfToken. However, it ...

Currently NamespaceLdapAuthenticationProviderTests use a fixed port for LDAP tests which can cause test failures if the ...

Expected BehaviorFor Resource Server, the Decoder can fetch different algorithms based on the public key endpointhttps:/...

GitHubMilestoneApiTests uses Instant.now() for due_on. Since Instant.now() is UTC time based, isMilestoneDueTodayWhenDue...

SummaryWe should add a strategy where Jwt decoders can delegate to other Jwt decoders based upon the algorithm that is i...

I can't find the support for Reactive RemberMe Authentication based on Token and Persistence Store inReactive Web Securi...

Comment From: marcusdacoregioThere are some errors when updating this dependency:> Task :spring-security-config:compi...

Comment From: marcusdacoregioFixed via https://github.com/spring-projects/spring-security/commit/da09788be988ff3462e118e...

Expected BehaviorHave an easy mechanism to use .with(oauth2Login()) on a service that uses the ServletOAuth2AuthorizedCl...

Expected BehaviorSupport Azure AD's feature of Continuous access evaluation.Current BehaviorContinuous access evaluation...

Currently, all Spring Security's @Enable annotations are meta-annotated with @Configuration. While convenient, this is n...

What` is the setting to make CustomAuthenticationProvider work in Spring Security 5.7 or later? UserAuthenticationProvid...

We should remove the CAS module entirely since we depend on the java client and there are no plans to support Jakarta EE...

It would be nice to be able to customize the redirect strategy within OAuth2AuthorizationRequestRedirectWebFilter, so th...

Describe the bugBased on this comment, if the request attribute is null, an error is thrown from the strategy:java.lang....