玖涯软件开发|java/go/python

Spring Security Make TrustedIssuerJwtAuthenticationManagerResolver Extensible to Better Support Multi-Tenant Resource Server Customization

Expected BehaviorIf I want to support multi-issuer authentication for a resource server, I can instantiate a JwtIssuerRe...

Spring Security DelegatingReactiveAuthorizationManager ignores extra mappings

Describe the bugI'm assuming this is a bug. DelegatingReactiveAuthorizationManager is created using a builder and keeps ...

Spring Security Dynamic post-logout-redirect-url in OidcClientInitiatedLogoutSuccessHandler

Expected BehaviorProvide a way to provide a redirect URL which depends on the request after OIDC logout.Current Behavior...

Spring Security AbstractHttpConfigurer or PermitAllSupport#permitAll Accessor

Expected BehaviorI Custom Configurer, want to use PermitAllSupport#permitAllbecause my package: "cn.xxx.xxx" Current Beh...

Spring Security SEC-3004: Allow access to WebInvocationPrivilegeEvaluator when using multiple <http>

Mattias Jiderhamn (Migrated from SEC-3004) said:When using a Spring Security configuration with a single <http> en...

Spring Security Update samples to use SecurityFilterChain bean instead of WebSecurityConfigurerAdapter

Depends on: gh-8805Comment From: rwinchWe should also hold off on the sample rewrites that I'm doing right nowComment Fr...

Spring Security There is no suitable serializer for class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest

Describe the bugThe replicate spring session is not create because the Saml2RedirectAuthenticationRequest class is not s...

Spring Security @Bean SecurityFilterChain is not working in tomcat with xml security configuration files.

Environment : Spring 5.3.12Spring Security 5.6.0Tomcat 9.0Expected Behavior@BeanSecurityFilterChain filterChain(HttpSecu...

Spring Security SecuredAnnotationSecurityMetadataSource cannot infer annotation class when annotationMetadataExtractor is provided as a lamda expression

SummaryIn the following example the constructor of the SecuredAnnotationSecurityMetadataSource cannot understand the typ...

Spring Security Expose DefaultCsrfMatcher as public

This request is simply because we have our own Csrf matcher, but we had to copy this code as part of doing it. would be ...

Spring Security Doc: Supply custom UserDetails instance for MockMvc @AuthenticatedUser injection

Update: ok, I found that you can pass a UserDetails object, that is satisfactory. So I'm changing this to a documentatio...

Spring Security Guide/Documentation for JWT Authentication implementation using OAuth Resource Server

Expected BehaviorIdeally there would be some official documentation of this because judging from the amount of results y...

Spring Security MockMvc throws exception instead checking 401

In Spring Cloud Dataflow while upgrading from boot 2.4 to 2.5 one of a mockmvc tests started to fail by throwing an Auth...

Spring Security Multi-tenancy Documentation - JwtDecoder sample has multiple errors

Describe the bugThe sample code for the JwtDecoder is does not compile: docs/modules/ROOT/pages/servlet/oauth2/resource-...

Spring Security No 5.5 xsd at http://www.springframework.org/schema/security/spring-security-5.5.xsd

The latest xsd at http://www.springframework.org/schema/security/ is 5.4. Should there be a 5.5?Comment From: jzheauxTha...

Spring Security Address most frequently asked questions

This issue will be used to group other tickets that address the more frequently asked in Stackoverflow, Gitter, Issues, ...

Spring Security AuthorityReactiveAuthorizationManager compares GrantedAuthority instances using Object.equals instead of comparing the String value returned by getAuthority()

Describe the bugWhen using custom implementations of GrantedAuthority with a custom AuthenticationManager, they will not...