玖涯软件开发|java/go/python

Spring Security Update to Gradle 7.3

Now that Gradle 7.3 is released we should upgrade since it supports Java 17

Spring Security Regression: SAML Authentication fails when EncryptedAssertion is signed but response is not signed

Describe the bugWith spring-security 5.5.0+ authenticating with SAML fails with Saml2AuthenticationException{error=[malf...

Spring Security Split up Documentation Further

The documentation is larger than it should be for some of the pages. Ideally, pages with more than 1000 lines should be ...

Spring Security Update to Spring Framework 6.0

Spring Security 6.0 will use Spring Framework 6.0.This change requires migrating to Jakarta EE 9 and many dependency upg...

Spring Security OAuth2 authorization code flow, support parameters when request access token.

BackgroundIn Microsoft identity platform and OAuth 2.0 authorization code flow:1. When request an authorization code, th...

Spring Security An AuthenticationManager is required. Oauth2ResourceServer + anonymous disable

issue sourceHello, i caught strange behavior, when did disable anonymous() in WebSecurityConfigurerAdapter with oauth2Re...

Spring Security Preload JwkSet on Application Startup and not upon the first request

Expected BehaviorWhen we create a NimbusReactiveJwtDecoder with NimbusReactiveJwtDecoder.withJwkSetUri and setting the w...

Spring Security Reaching to infinte loop with minimal configuration of saml2 and spring security

The bug is default filter of saml2Login(with defaults) get missed configured .using api : org.springframewor...

Spring Security How to call oidc authenticate by postman?

I'm using KeyCloak as the authentication server and SpringCloud Gateway as the oauth2 client. After I finish integrating...

Spring Security Allow extend ClientRegistration class to load client secret lazily

In our setup, the client secret is an encrypted property, and decrypt requires a remote call which affects the startup t...

Spring Security In saml2 LogoutRequest from RP doesn't contain KeyInfo

LogoutRequest initiated from RP doesn't contain KeyInfo section. The same was fixed in #9746 by @fhanik for AuthReques...

Spring Security Add proxy/load-balancer/ssl termination support, like SAMLContextProviderLB

Current BehaviorI have a springboot application using SAML2 (using spring-security-saml2-service-provider). My applicati...

Spring Security SAML 2.0 JUnit Tests are being skipped

This appears to be related to #9467.Comment From: marcusdacoregioFixed via https://github.com/spring-projects/spring-sec...

Spring Security Why whitelabel error page is not a result of a security breach

Not a bug (Question)Nothing to reproduceExpected behavior is fineWhy this page is not a result of a any kind of a securi...

Spring Security Support multiple claim in JwtGrantedAuthoritiesConverter.

Now JwtGrantedAuthoritiesConverter only support one claim (scp/scope -> SCOPE_), now we have request to support multi...

Spring Security @Postmapping(/) is not working as expected stopping by 403 forbidden on browser and CSRF Token has been associated to this clientCSRF on console

SummaryI am working with Keycloak .all "Get" request are working fine i.e @GetMapping("/") in resource microservice.But...

Spring Security AbstractAuthenticationFailureEvent published twice when parent ProviderManager throws ProviderNotFoundException

I am currently running into an issue with ProviderManager hierarchy and its error handling with regards to a custom Auth...