玖涯软件开发|java/go/python

Spring Security SAML: support RSA_SHA1 signed authnrequest

Expected BehaviorUsing spring-security in application acting as a SAML SP, it should be possible to choose RSA_SHA1 (htt...

Spring Security Match requests based on servlet dispatcher type

Add a matcher to match requests and apply security rules based on the servlet Dispatcher type (FORWARD,INCLUDE,REQUEST,A...

Spring Security Add JavaDoc to AesBytesEncryptor

Related to #3879.It would be helpful to have JavaDoc in AesBytesEncryptor that explains its default behavior. For exampl...

Spring Security OAuth2: JwtIssuerAuthenticationManagerResolver to use a custom BearerTokenResolver

Expected BehaviorWhen using the JwtIssuerAuthenticationManagerResolver there should be a away to replace the DefaultBear...

Spring Security Saml2MetadataFilter should encode the Content-Disposition header

The registration id is concatenated into the Content-Disposition header:response.setHeader(HttpHeaders.CONTENT_DISPOSITI...

Spring Security [SAML] Allow to override metadata file name on Saml2MetadataFilter

Currently writeMetadataToResponse method on Saml2MetadataFilter is private, we may need it protected, so we can allow de...

Spring Security OAuth2AuthenticationTokenMixinTests should anticipate a lower-precision timestamp

Instant can contain up to nine digits in its decimal part, but Jackson only supports microsecond precision by default. G...

Spring Security Update contribution guidelines to require JDK 11 to build

As part of updating Spring Security's build to require JDK 11, the contribution guidelines should be updated.Comment Fro...

Spring Security Rework LDAP ApacheDS tests to work with JDK 11

ApacheDS is not compatible with JDK 11, and the reason is that one of its classes imports sun.reflect.Reflection in orde...

Spring Security Remove javax.annotation Usage from LDAP Tests

javax.annotation does not ship with JDK 11. Spring Security uses javax.annotation.PreDestroy in some of its LDAP tests, ...

Spring Security Migrate LDAP samples to use UnboundIdContainer

ApacheDS does not have a GA release that is compatible with JDK 11.The Spring Security LDAP samples use ApacheDSContaine...

Spring Security Update Spring Security build to require JDK 11

The latest OpenSAML major version (4.x) requires JDK 11, and the earlier OpenSAML version (3.x) has reached its end of l...

Spring Security R2dbcReactiveOAuth2AuthorizedClientServiceTests should anticipate a lower-precision timestamp

Instant can contain up to nine digits in its decimal part, but most databases only support microsecond precision. Given ...

Spring Security Test method in PasswordOAuth2AuthorizedClientProviderTests has incorrect setup of token expiry

I believe the test authorizeWhenPasswordAndAuthorizedAndTokenNotExpiredButClockSkewForcesExpiryThenReauthorize in class ...

Spring Security Add possibility to insert extra form data parameter when getting access token with oauth2 client_credential flow

SummarySome OIDC/OAuth2 provider like Auth0 requires audience parameter set in the post body when calling /oauth/token e...