In spring-security-saml2-service-provider 5.7.2. the class OpenSaml4AuthenticationRequestResolver has this method:@Overr...

Describe the bug @Override public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) { ret...

Expected BehaviorWith WebFlux, mockUser() must have effect if a controller method is annotated with @PreAuthorize. It ha...

Expected BehaviorWith WebFlux, mockUser() must have effect if a controller method is annotated with @PreAuthorize. It ha...

Describe the bugI created a simple example with Spring Boot 3 + SAML. In doing so, I discovered that authentication with...

When using org.springframework.security:spring-security-oauth2-client (or org.springframework.boot:spring-boot-starter-o...

SummaryI have setup the Spring security authorization server which has a client registered in its registry. I have confi...

I'm using 5.7.2 via Spring Boot security starters.ReactiveOAuth2AuthorizedClientManager.authorize is called twice for ea...

FilterSecurityInterceptor will be deprecated in 5.8 in favor of the new AuthorizationFilter.This is part of the work of ...

Expected BehaviorThe ability to have access to AuthnRequest Id and Response InResponseTo when saving and loading Abstrac...

Hi, it would be nice to have mentioned in documentation that forward headers has to be used when app is behind proxy ser...

Expected BehaviorAdd BigDecimal type into SecurityJackson2Modules as allowed classCurrent BehaviorIt needs to add mixins...

WebSecurityConfigurerAdapter has been deprecated in Spring Security 5.7 but the javadoc of the following classes still e...

WebSecurityConfigurerAdapter has been deprecated in Spring Security 5.7 but the javadoc of EnableWebSecurity still encou...

Our current CI build takes quite a bit of time. We should see if there are ways to improve it. For example, right now th...

We should switch from gradle/gradle-build-action@v2 to spring-io/spring-gradle-build-action@v1 (see README).Replace the ...

Inline scripts of SAML pages for post binding does not work if CSP is active.Therefore the page should include a hash of...

WebTestClient + MockMvc is not currently supported. If possible, we should warn users with an IllegalStateException that...

spring-boot-2.6.3I'm migrating my MockMvc tests to WebTestClient, for having all my tests using the same underlying API....

When MockMvc is used to set up a WebTestClient, applying a mutator such as csrf() fails with a NullPointerException, but...