Related #9385 Expected BehaviorAllow to add Cross-Origin-Resource-Policy header via dsl and xml.https://developer.mozill...

Expected BehaviorAllow to add Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy headers via dsl and xml.https:...

Spring Security 5.5.1In each of the inner classes in the OAuth2AuthorizedClientProviderBuilder (such as the PasswordGran...

Describe the bugLogging out by sending a POST request to /logout sometimes fails, because the Saml2LogoutResponseFilter ...

This issue addresses incorrect usage of the Kotlin DSL related to documentation improvements under gh-8174. @Bean ...

When users configure the SecurityFilterChain they can opt to use authorizeHttpRequests or authorizeRequests. Using both ...

Expected BehaviorWhen triggering authentication by calling the login method on a HttpServlet3RequestFactory (i.e. after ...

Summarysupport Shiro Wildcard Permissions like featureActual BehaviorExpected BehaviorShiro Wildcard Permissions feature...

SummaryI'm using the LdapAuthenticationProviderConfigurer for my spring security LDAP configuration.Actual BehaviorActua...

SummaryWhen using Spring's security with the Webflux framework, removing and adding users dynamically isn't straightforw...

Affects: 5.3.13I'm using Spring Cloud Gateway with Spring Security and the issue is connected with default Security Head...

Add a description of ServletOAuth2AuthorizedClientExchangeFilterFunction.authenticate to WebClient integration for Servl...

Servlet documentation should mention how to provide a custom parameters converter to override parameters of an OAuth 2.0...

Describe the bugThe BasicLookupStrategy in Spring-ACL is fore most cases fine and good designed for interchangeable impl...

Expected BehaviorWhen we get errors from IDP (in our case its Okta), we should get a correctly formed OAuth2Error with t...

When using HttpSecurity#authorizeHttpRequests together with FormLoginConfigurer#permitAll, PermitAllSupport throws the e...

Describe the bugCreate a spring boot war application and deploy to tomcat server.Undeploy the app from tomcat causes the...

In the latest Spring Security which leverages WebFlux, the security config works like below,SecurityWebFilterChain sprin...

Describe the bugDue to changes related to spring-projects/spring-framework#27697, the DefaultFilterInvocationSecurityMet...

Description of the bugWhen the Saml2 Single Logout feature is used, a logout request is resolved using OpenSaml4LogoutRe...