玖涯软件开发|java/go/python

Spring Security SwitchUserFilter Not Working In Spring Version 2.3.1.RELEASE which is working fine in 2.2.6.RELEASE

Hi,We are using SwitchUserFilter to build the impersonate feature in our application, The login to impersonate feature w...

Spring Security Evaluates Enum validity as @PathVariable before validating authorities in @PreAuthorize annotation

Describe the bugWhen using the @PreAuthorize annotation together with using an enum as a @PathVariable, as long as there...

Spring Security Incomplete documentation about session management using java configuration

https://docs.spring.io/spring-security/site/docs/5.3.4.RELEASE/reference/html5/#session-mgmtSpring Security supports XML...

Spring Security SEC-2334: Expose createDefaultDecisionVoters method in UrlAuthorizationConfigurer, ExpressionUrlAuthorizationConfigurer, GlobalMethodSecurityConfiguration

Nick Williams (Migrated from SEC-2334) said:Currently, UrlAuthorizationConfigurer, ExpressionUrlAuthorizationConfigurer,...

Spring Security Principal claim name in JwtAuthenticationConverter is null but documented default

Describe the bugAt JwtAuthenticationConverter the principalClaimName is null, but the setter method is documentedSets th...

Spring Security Update artifacts deployment to be dependent on check samples job

Expected BehaviorOur deployment (artifacts, schema, docs) should only be done if our samples project is building and pas...

Spring Security Exception using @AuthenticationPrincipal with primitive parameters

SummaryI have a Controller using @AuthenticationPrincipal(expression = "...") on a long value.Actual BehaviorIt's succes...

Spring Security Invalid JavaBean property 'logoutHandlers' being accessed (warning in the logs)

Describe the bugI use Spring-Security and found a strange warning in my logs:11:54:01,463 WARN org.springframework.bean...

Spring Security MappedJwtClaimSetConverter#withDefaults doesn't remove claims from JWT as documented

Describe the bugAs stated in Spring Security Documentation, to remove a claim from a JWT just pass a converter for the c...

Spring Security redirect-uri was not encoded, is it by design?

Describe the bugplease see this line, https://github.com/spring-projects/spring-security/blob/fc553bf19aa24e5bc5363d92a7...

Spring Security Session is not invalidated on logout

Describe the bugOn logout in a Reactive application, the WebSession is not invalidated. To Reproduce1. Login with a user...

Spring Security Update to Spring Boot 2.4.8

Update to Spring Boot 2.4.8Comment From: spring-projects-issuesFixed via 2f81cbc577d4ca01ed99c0ece62cd72e4aaf0a9e

Spring Security Facility to set relaystate

Expected BehaviorMoving from Spring SAML Extension to Spring SAML 2 Provider. Except for global logout have been able to...

Spring Security OAuth2 redirect URI uses HTTP instead of HTTPS when running behind reverse proxy

Summary• Running behind a reverse proxy that performs SSL termination, and adds the X-Forwarded-... headers• The OAuth2 ...

Spring Security Move and rename OAuth2IntrospectionClaimAccessor/Names

We should move and rename OAuth2IntrospectionClaimAccessor and OAuth2IntrospectionClaimNames to allow for reuse.Currentl...

Spring Security Expose additional response attributes with OAuth2AuthorizedClientManager return type OAuth2AuthorizedClient

Expected BehaviorI am using Spring security 5.3.3.RELEASE and I have a use case where am using a B2B (service to service...