玖涯软件开发|java/go/python

Spring Security Support for Newer Digest Authentication (RFC 7616)

RFC 7616 has been officially made available for several years now but Spring Security still only supports RFC 2617 for d...

Spring Security Option to toggle off CSRF token as url parameter

Expected BehaviorIt should be possible to introduce a toggle that toggles the option of sending in the CSRF token as a U...

Spring Security Spring Secuirty bcrypt blank password

SummaryI'm using spring boot webapp with security. Passwords of my users are stored in my DB after encoding with bcrypt....

Spring Security Pick up and apply multiple FilterChain for url

Scenario Let's say we have two end points which are ["/api/v1/resource","/api/v1/resource/admin"]. Also I have two f...

Spring Security Provide templating or extension to generate SAML2 POST form

The Saml2WebSsoAuthenticationRequestFilter#createSamlPostRequestFormData(...) should allow to customize generated HTML f...

Spring Security Update metadata in MavenPublishingConventionsPlugin

Artifacts (e.g. org.springframework.security:spring-security-core:5.6.2) are currently published with historical metadat...

Spring Security Keep Webflux Security Documentation consistent

Expected BehaviorWebflux Security Documentation should be consistent with the examples and only use @EnableWebFluxSecuri...

Spring Security Sources and javadocs missing in latest snapshots

The latest published snapshots do not have the sources or javadoc jar present. This appears to be the case for 6.0.0-SNA...

Spring Security CSRF on spring cloud gateway removing formData from POST requests 400 bad request error

Describe the bugI have enabled CSRF on my spring cloud api gateway server. I have angular as my GUI framework which call...

Spring Security Automate release process

This issue lists the required tasks for automating the release. I've organized the release process (see RELEASE.adoc) in...

Spring Security Documentation about CSRF and cookies is confusing

Reading https://docs.spring.io/spring-security/reference/features/exploits/csrf.html for 5.7.2 one can read (https://doc...

Spring Security Regression with URL encode client credentials

Describe the bugWe are using https://spring.io/projects/spring-security-oauth as an oauth2 provider.In separate projects...

Spring Security [Documentation] Update resource server docs about valdiation of JWT 'aud' claim

The documentation (https://docs.spring.io/spring-security/reference/reactive/oauth2/resource-server/jwt.html#_runtime_ex...

Spring Security Make default expression handler in PrePostMethodSecurityConfiguration to use existing permission evaluator

Expected BehaviorThe expression handler that gets created per default in PrePostMethodSecurityConfiguration at https://g...

Spring Security Add Kotlin example showing integration with WebTestClient

In Java code a WebTestClient can be configured as followsWebTestClient .bindToApplicationContext(this.context) // ...

Spring Security org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal fails to return more than one "attribute"

Describe the bug**Affects: 5.5.2 \spring-security-saml2-service-provider I have been testing a SAML SSO integration usin...