玖涯软件开发|java/go/python

Spring Security IdP SingleSignOnService Binding overridden to REDIRECT

Describe the bugBinding value of POST provided in IdP metadata overridden by default value of REDIRECTTo ReproduceConfig...

Spring Security Build failures on Windows Machine due to line feed character

Describe the bugWhen running the command ./gradlew clean build on the project, you should face some errors with the chec...

Spring Security String#replaceAll error when compiling the project in Windows

Describe the bugWhen compiling the project on Windows running the command ./gradlew install you should face an error lik...

Spring Security Spring security update from 5.1.x to 5.2.x breaks security configuration

SummaryUpdated spring security to version 5.2.2-RELEASE (starting point 5.1.5-RELEASE) and the build started failing wi...

Spring Security Prevent CI from running on forks

The project's GitHub Actions CI build has a hard dependency on some secrets (e.g. GRADLE_ENTERPRISE_CACHE_USERNAME), whi...

Spring Security Spring Security 5.4.6 not working response.sendError()

Hello!I'm using Spring Boot 2.4.5 with Spring Security.When I updated my Spring Boot for the new version, I have a probl...

Spring Security saml2-service-provider: OpenSaml4AuthenticationProvider has Java 11 bytecode

Describe the bugIn contrast to the rest of the classes in spring-security-saml2-service-provider-5.5.0*.jar, OpenSaml4Au...

Spring Security Use webclient in ReactiveUserDetailsService, throw Mono.error, making ConcurrentModificationException.

Describe the bugUse webclient in ReactiveUserDetailsService, throw Mono.error, making ConcurrentModificationException.If...

Spring Security Async JWKS retriever

The default JWKS retriever in Spring Security (RestOperationsResourceRetriever) performs its operation synchronously as ...

Spring Security NimbusOpaqueTokenIntrospector uses deprecated MediaType.APPLICATION_JSON_UTF8

NimbusOpaqueTokenIntrospector.requestHeaders defines the header MediaType.APPLICATION_JSON_UTF8 which seems to be deprec...

Spring Security Use constant time comparisons for CSRF tokens

While it is not a practical exploit at this point, it is best to be defensive. We should change CSRF token comparison to...

Spring Security OpenSaml4AuthenticationProvider should validate Response Status

When the IdP returns an AuthnResponse for a failed authentication flow without any assertions the statusCode is not retu...

Spring Security Add Build Task for Incrementing Minor Version

Whenever Spring Security increments a minor version, there is some manual work to do:Bump the version in SpringSecurityC...

Spring Security pre-authenticated principal has changed to and will be reauthenticated occasionally.

My application uses the spring 4.3.4 version and the spring-security 4.2.0 version. Here is the application context <...

Spring Security permitAll requests return 401 status for incorrect token

SummaryHi guys. We have dedicated authorization server application and and rest application. I've noticed that insecure ...

Spring Security @PreAuthorize (on a method of @RestController implementing an interface) removes it from HandlerMapping and I got 404

Describe the bugIn my project, I have a @RestController implementing an interface. That interface has the definition of ...

Spring Security Session Key "SPRING_SECURITY_SAVED_REQUEST" conflict between WebSessionServerRequestCache and HttpSessionRequestCache

Describe the bugI am building our Spring boot application and Spring Cloud Gateway application with Spring Security, and...