We should consider renaming CommonOAuth2Provider to be more specific.The defaults provided in CommonOAuth2Provider are s...

The new AuthorizationFilter that supersedes the FilterSecurityInterceptor applies to every dispatcher type. We should al...

We should consider introducing public JoseHeader getJoseHeader() and public JwtClaimsSet getJwtClaimsSet() and potential...

Hi,I'm still not entirely sure if it's a bug or a configuration error (but in that case, I couldn't find how to fix it i...

We should consider adding a relative softlink in config/src/main/resources/org/springframework/security/config so that s...

Local could be interpreted as ~/.m2/repository or perhaps other locations.Changing the name clarifies that it is going t...

ReactorContextTestExecutionListener.DelegateTestExecutionListener.SecuritySubContext.currentContext() uses Context.putAl...

Spring Framework updated TaskScheduler to use the new Java time API https://github.com/spring-projects/spring-framework/...

Expected BehaviorWe should be able to configure the authenticationSuccessHandler and authenticationFailureHandler for x5...

DefaultFilterChainValidator should check for duplicate AuthorizationFilter instances as well as the common error of havi...

It would be nice to have an implementation of Saml2AuthenticatedPrincipal that includes the original Response instance. ...

Describe the bugI'm not sure if it's a spring security or spring core bug. I've tried to do some debugging, but no idea ...

Comment From: jzheauxFixed in https://github.com/spring-projects/spring-security/commit/74a007dc917243a7daad246d70f9be90...

Hi,Would it be possible for AbstractWebClientReactiveOAuth2AccessTokenResponseClient to have the WebClient instance cust...

java.lang.RuntimeException: getSession(false) at example.SessionAccessedFilter$1.getSession(SessionAccessedFilter.jav...

SummaryTried expanding the Spring Security framework with a new Method level annotation, however, baked in classes and p...

Describe the bugRunning the Gradle build from master branch the ServerJwtDslTests & WebTestClientHtmlUnitDriverBuild...

In the official documentation of Spring Security 6.0.0 have an deprecated example:https://docs.spring.io/spring-security...

Describe the bug@AuthenticationPrincipal doesn't work when using Interface parameters.To ReproduceGiven a User interface...

SummaryCurrently the ServerRequestCacheWebFilter causes the WebSession to be read on every request. We should be able to...