SummaryAs I can see there is no audience validation support provided by the framework side, but it is pretty common case...

SummaryAdd require-ssl flag for webflux appsConfigurationSomething like...@Beanpublic SecurityWebFilterChain springSecur...

As of RSocket 1.1.0 (see rsocket/rsocket-java#906), the previously deprecated Flywheight classes have been removed.Sprin...

Expected BehaviorI want to be able to have a custom login page with my own template for logout and error states, while s...

Expected BehaviorThe Kotlin DSL has methods for conveniently specifying the access hasAuthority(String) and hasRole(Stri...

When trying to use Spring Security ACL, I am facing error: org.postgresql.util.PSQLException: ERROR: operator does not e...

Describe the bugI have a empty root context and an app (child) context contains all my beans. I have a separated xml fil...

65656590┭┮﹏┭┮Comment From: eleftherias@lanmingle thanks for getting in touch. Could you provide more information on the ...

Make class public: LazyPasswordEncoder, DefaultPasswordEncoderAuthenticationManagerBuilderComment From: rwinchCan you ex...

Expected BehaviorWhen multiple UserDetailsServices found, throw NoUniqueBeanDefinitionException.Current BehaviorWhen I r...

Expected BehaviorOAuth2AuthorizedClient and its nested classes are designed immutable. Can you change this behaviour? Cu...

Related to #6220 The AbstractRememberMeServices attempts to use the setHttpOnly method only if that method is available ...

Related to #6220 AbstractRequestMatcherRegistry checks first to make sure that the class javax.servlet.ServletRegistrati...

JwtTimestampValidator has a property called maxClockSkew.Let's simplify this to clockSkew. We need to change the field n...

A user can easily obtain the current user principal using the @AuthenticationPrincipal annotation, say in a Spring MVC a...

SummaryIn the xml configuration for Spring Security, the xsd fail to validate attribute disabled of the headers element ...

It would be handy in tests to be able to specify a Jwt authentication in tests:this.mockMvc.perform(get("/") ...

SummaryUsing an unrecognized port results in a NullPointerException when redirecting.CauseOn this line, HttpsRedirectWeb...

I guess there is a bug in org.springframework.security.core.authority.AuthorityUtils.javapublic static Set<String>...

SummaryI wanted to extend JwtAuthenticationConverter in the resource server and override convert method to return my own...