玖涯软件开发|java/go/python

Spring Security Explore the use of the jackson PolymorphicTypeValidator

Currently Spring Security goes through the class white list in the TypeIdResolverThis may or may not be simplified using...

Spring Security Add Convenience Methods for Adding Security Metadata

SummaryWe should take advantage of https://github.com/spring-projects/spring-framework/issues/23513

Spring Security Document OpenID Connect Discovery for client (Servlet)

OpenID Connect Discovery for client was introduced in 5.1 and was documented for spring-webflux, however, there is no do...

Spring Security Update Guides to Use Gradle

SummaryOriginal report https://github.com/spring-projects/spring-security/issues/4283#issuecomment-365228557Comment From...

Spring Security Remove ServerWebExchangeReactorContextWebFilter when SPR-17213 Resolved

SummaryRemove ServerWebExchangeReactorContextWebFilter when SPR-17213 is resolved.We would also need to update the confi...

Spring Security Add AuthorizationManager XML Support for Method Security

Add <method-security>, similar to <global-method-security>. Will replace in the same way that @EnableMethodS...

Spring Security JwtDecoderInitializationException in temurin v17.0.3

Describe the bugWe are using Spring Boot 2.7.0 (Spring v5.3.20) with Spring Authorization Server 0.3.0. Works great with...

Spring Security ClientRegistrations#fromIssuerLocation should have shorter (or configurable) Http Connect/Read timeouts

Expected BehaviorWhen using ClientRegistrations.fromIssuerLocation("http://192.0.2.0") or any non-responding address[1],...

Spring Security Support @Transient SecurityContext and Provide TransientSecurityContext

We should add support for @Transient SecurityContext in HttpSessionSecurityContextRepository and then provide a Security...

Spring Security Docs example uses access(String) with authorizeHttpRequests()

Documentation (Example 2) states that it's possible to writehttp.authorizeHttpRequests(authorize -> authorize.mvcM...

Spring Security Consider updating testing examples to use JUnit Jupiter

The reference currently uses JUnit 4 in testing examples -- for example, Setting Up MockMvc and Spring Security.Consider...

Spring Security Spring Security x509 won't allow multiple authentication

SummaryWith form login, you can re-authenticate a user via username/password at any time with Spring Security. With x509...

Spring Security Some Security Expressions cause NPE when used within @Query

Describe the bugWhen I define method to provide currently authenticated user within repository, I get NullPointerExcepti...

Spring Security SAML request encoding: on redirect binding, base64 encoded message contains CRLF

Describe the bugWhen SAML SP generate a SAML request to redirect user to IDP, the base64 encoded message has \r\n insert...

Spring Security WebMvcTest No Longer Auto-Configures Spring Security When Using SecurityFilterChain Over WebSecurityConfigurerAdapter

Describe the bugAfter making the changes described in Spring Security without the WebSecurityConfigurerAdapter, specific...