Backport of #10956 Comment From: marcusdacoregioClosed via https://github.com/spring-projects/spring-security/commit/d3a...

Backport of #10956 Comment From: marcusdacoregioClosed via https://github.com/spring-projects/spring-security/commit/195...

SummaryThe usual Spring MVC Security allows us to reference beans in the web security expressions:http .authorize...

[x] Remove RelyingPartyRegistration deprecations[x] Remove Saml2AuthenticationRequestFactory, Saml2AuthenticationRequest...

Expected BehaviorNon-Reactive Spring Security has a DelegatingRequestMatcherHeaderWriterCurrent BehaviorThere is no impl...

SummaryBy default CSRF protection creates a HTTP session even if session creation policy is configured to be STATELESS. ...

SummaryI posted this question on StackOverflow : https://stackoverflow.com/questions/71871306/spring-security-how-to-mix...

Describe the bugAuthenticate an unauthorized Authentication using ServerSecurityContextRepository cause the Mono<Secu...

Describe the bugWhen defining two AuthenticationManager using XML beans definition and having AllowBeanDefinitionOverrid...

Describe the bugWhen using @EnableGlobalMethodSecurity(prePostEnabled = true) alongside Spring Data REST, it is possible...

Hello,I have read about this vulnerability on the Spring Framework Github, it seems an old venerability.It seems the iss...

Describe the bugIn testing Spring Security 5.7.0-RC1 as part of Spring Boot 2.7.0-RC1 along with Spring Session 2021.2.0...

Describe the bugWhen ServerHttpSecurity.build() creates a SecurityWebFilterChain, it replaces the default entry point wi...

SummarySupport Expect-CT Headerhttps://datatracker.ietf.org/doc/draft-stark-expect-ct/?include_text=1https://scotthelme....

Consider the following configuration:@Configurationpublic class SecurityConfiguration { @Bean SecurityFilterChain ...

Consider the following configuration:@Configurationpublic class SecurityConfiguration { @Bean SecurityFilterChain ...

SummaryThe lowercase-comparisons attribute of <filter-security-metadata-source> is documented and supported by the...

Describe the bugFollowing the deprecation of WebSecurityConfigurerAdapter, there is a new recommended way of configuring...

I am using salesforce for the OAuth purpose and added all the properties but it not showing to option to login with sale...

Currently release-next-version.yml fails when there is not a scheduled release or when there are open issues and a relea...