SummaryImprove org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpecfor more configuration o...

SummaryWe need to implement (exactly) this with spring security and would like to know if this is supported by spring se...

Describe the bugwith the default configuration, spring security invalidates the existing session when the user authentic...

Thank you for such a fast response on 9224!You declined it (for a good reason) and I decided to create a new issue.Is it...

Michael Osipov (Migrated from SEC-3198) said:The public method getRemoteUser tries to return auth.getPrincipal().toStrin...

For digest authentication, if I set PasswordAlreadyEncoded to true, I can store the password - MD5(password:realm:passwo...

HiI raised a question in springcloud git with regards to vulnerability CVE-2016-9878 (https://pivotal.io/security/cve-20...

SummaryCannot follow the demo here:https://docs.spring.io/spring-security/site/docs/current/guides/html5//helloworld-jav...

The sample controllers in MiscHttpConfigTests and OpaqueTokenDslTests erroneously use @AuthenticationPrincipal and Authe...

Appendix Section in docs is empty it should be removed.Comment From: rwinchThis is actually a mistake in the hierarchy. ...

Describe the bugCookieRequestCache is used to save a request which contains an URL encoded query parameter. After restor...

Describe the bugThe documentation states that the metadata endpoint can be changed by like this:filter.setRequestMatcher...

ContextWhen configuring an Spring application as an OAuth Resource Server and we use Jwt, we can set manually the princi...

Describe the bugWhen configuring a Spring Webflux application to use Spring Security to protect APIS with Basic Authenti...

Expected BehaviorWe should be able to customize/configure the way AuthnRequest is built by spring-security. It was possi...

Expected BehaviorIn spring-security-oauth2-client,when multiple clientRegistrations use the same provider,by one user-co...

SummaryAfter upgrading my project from version 5.3.5.RELEASE to 5.4.0 (also 5.4.1) my tests using Wiremock started faili...

Affects: 5.1.7.RELEASEspring boot:2.1.5.RELEASEWhen using StreamingResponseBody and Spring Security together,Error occur...

Deprecate ClientAuthenticationMethod.BASIC and ClientAuthenticationMethod.POST in favour of ClientAuthenticationMethod.C...

Current BehaviorIn org.springframework.security.oauth2.core.ClaimAccessor interface there is a containsClaim method: ...