玖涯软件开发|java/go/python

Spring Security RequestMatcherDelegatingAuthorizationManager should use RequestMatcherEntry

Since RequestMatcherDelegatingAuthorizationManager.Builder#add has not gone GA yet, it should be changed to use RequestM...

Spring Security Logging introduced in version 5.6.2 DefaultSecurityFilterChain conditioning is not correct

Describe the bugThis logging was brought in in version 5.6.2 DefaultSecurityFilterChain.java:if (!filters.isEmpty()) { ...

Spring Security Provide debug logs if http-method (POST) rejected with 401 when CSRF (default) enabled

SummaryBy default, Spring Boot web application with CSRF enabled, unless doing http.csrf().disabled() explicitly. HTTP P...

Spring Security spring-security-oauth2-client uses a range of net.minidev:json-smart that causes dependency resolution issues

spring-security-oauth2-client depends on net.minidev:json-smart:[1.3.3,2.4.7], which causes issues: > Could not res...

Spring Security Way to configure WebClient in AbstractWebClientReactiveOAuth2AccessTokenResponseClient

Describe the bugWe are using OAUth Client to generate OAuth token using client credentials auth method. While first call...

Spring Security DelegatingAuthorizationManager Should Fire Events

Firing success and failure events from DelegatingAuthorizationManager would simplify auditing. AuthorizationSuccessEvent...

Spring Security Filter chain, where there are multiple identical filters

Comment From: sjohnrThanks for getting in touch, but it feels like this is a question that would be better suited to Sta...

Spring Security Spring Cloud Gateway Getting a 500 Exception while trying to refresh_token using expired access_token and refresh_token

I have a secured Spring Cloud Gateway application using ServerHttpSecurity.oauth2Login() that can successfully renew exp...

Spring Security Change samplesBranch property to point to correct samples branch

In the Spring Security Samples repository, the main branch is being used for Spring Security 6 samples, while the 5.7.x ...

Spring Security SecurityContextRepository loadContext(HttpServletRequest)

We should add the ability to loadContext from just the request.[x] gh-11029[x] Add SecurityContextRepository.loadContext...

Spring Security AuthenticationPrincipalArgumentResolver not used when argument class implements Principal

Summaryputting an @AuthenticationPrincipal annotation on a Controller parameter, where the parameter's type implements P...

Spring Security Expose GENSALT_DEFAULT_LOG2_ROUNDS as public constant

SummaryAllow public access to default number of rounds currently defined at org.springframework.security.crypto.bcrypt.B...

Spring Security Clarify Exception IllegalArgumentException: [Assertion failed] - this argument is required; it must not be null

SummaryClarify Exception IllegalArgumentException: [Assertion failed] - this argument is required; it must not be nullAc...

Spring Security Add how multiple SecurityFilterChain are created in documentation

Hello. Thank you the wonderful project.As I can gather from the documentation currently available here, multiple Securit...

Spring Security enableAuthorities=false in JdbcDaoImpl should not throw UsernameNotFoundException

Summarywhen user set enableAuthorities=false manually in org.springframework.security.core.userdetails.jdbc.JdbcDaoImp, ...

Spring Security AbstractUserDetailsReactiveAuthenticationManager potentially blocks a parallel Scheduler upgrading password encoding

SummaryAbstractUserDetailsReactiveAuthenticationManager invokes the PasswordEncoder in a parallel Scheduler by default.P...