We should allow for custom ServerAuthenticationEntryPoint to be configured via ServerHttpSecurity.ExceptionHandlingSpec....

Describe the bugRequests that have the header "X-Requested-With: XMLHttpRequest" (correctly) return HTTP 401.However, re...

Describe the bugI have declared a filter and using spring-security. I noticed that when forwarding request to new Servle...

Hi Team,I am always getting below error when trying to connect with ldap server-error is on the below line - return new ...

Describe the bugIn the Oauth2ResourceServerConfigurer, there is no way to customize the AuthenticationFailureHandler of ...

Expected BehaviorThe implementations of OAuth2UserService support the application/jwt content type when fetching the Use...

there are two simple server.the 1st is gateway server.it's only import gateway and security.<dependency> <gr...

Expected BehaviorIntroduce opt-in API to initialize Bearer Token before first request, and to refresh this token periodi...

This should reject Optional usage even if it is not imported since users may use method chaining. I think this might be ...

As per https://tanzu.vmware.com/security/cve-2021-22112 5.3.8 has the fix, but we dont see difference between 5.3.7 ...

Describe the bugWhen using Spring Security with WebFlux, /actuator can be unsecured but all other actuator endpoints can...

Expected BehaviorOAuth2AccessTokenResponse can be serialized.Token storing with redis is popular . @Bean public Re...

SummaryAccessDeniedHandler and AuthenticationEntryPoint do not work because the global exception handler is definedActua...

Describe the bugWhen using the AbstractRequestLoggingFilter it calls request.getRemoteUser() to fetch the username of th...

Related to #9289, after a method is invoked, authorization needs to know the object returned from the method invocation....

The newly added BearerTokenAuthenticationConverter creates a package tangle in the Resource Server support.Comment From:...

It looks like Spring Security's javadoc is being built with Java 11. This prevents a Java 8 build from linking to it wit...

Rob Winch (Migrated from SEC-2745) said:I'm using HTTP Basic authentication with an LDAP server as a backend (using auth...

This feature will partially implement JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization...

Currently, Spring Security only supports basic and post authentication methods between client and authorization server. ...