Hi, We are currently authenticating our web application using spring azure,We need to provide an alternative provider wh...

Michael Furman (Migrated from SEC-1845) said:Hi!The simplest way to block Brute Force Attacks is to add the delay before...

Describe the bugRelogin after logout leads to an error (404).To Reproduce* Startup a minimal webapp with spring-boot int...

Describe the bugI am not sure about the location of this ticket, since the reason is a 401 on https://repo.spring.io.Bui...

SummaryWe have many Java and XML samples in the reference documentation.We should expand these to include Kotlin samples...

Summaryspring-security-core-5.0.0.M4 Artifact is not correctly uploaded in jcenter. Only .pom and .pom.asc files exist. ...

Describe the bugWhen using a DelegatingPasswordEncoder with defaultPasswordEncoderForMatches set and you call the matche...

Keith Garry Boyce (Migrated from SEC-3156) said:It says here that a filter can be replaced. position The explicit positi...

Validate that milestones are scheduled on the correct day of our release train using https://github.com/spring-io/spring...

Describe the bugRecently we have upgraded our Spring boot from 2.3 to 2.5 so within this upgrade, Security were upgraded...

Describe the bugSome links in the Spring Security docs are broken. To ReproduceRun a link checker browser plugin against...

A link checker will come in handy when resolving https://github.com/spring-projects/spring-security/issues/9784. We shou...

In 5.5, gh-samples-url points to https://github.com/spring-projects/spring-security/tree/5.5.0/samples, but the samples ...

We should alert the community to where our samples are and that they are currently in migration to spring-security-sampl...

Remember Persistent Token Approach has a dead link to external explanation of the algorithm that it uses.This approach ...

We are using jwt.key-value propertysecurity: oauth2: resource: jwt: key-value: __KEY__and dependenciesim...

Artur (Migrated from SEC-3194) said:AbstractSecurityWebApplicationInitializer don't have way to customize url mappings, ...

The documentation at 19.2.2 demonstrates how to use the jwt() processor to test security rules under MockMvc, but it doe...

I previously used the old Spring Security OAuth2 module, which provided an expression object #oauth2 with hasScope and s...

While the file docs/manual/src/docs/asciidoc/_includes/reactive/cors.adoc exists, it is not included in the reference do...