Describe the bugBroken link in Spring Security reference document.To ReproduceGo to https://docs.spring.io/spring-securi...

Describe the bugThe common pattern for filters is to provide the ability to set a custom RequestMatcher for them to exec...

Expected BehaviorRename bearerTokenConverter (and setter) to more generic name, eg. serverAuthenticationConverterRename ...

The io.projectreactor.netty:reactor-netty module has been split into 2 modules: reactor-netty-core and reactor-netty-htt...

Saml2WebSsoAuthenticationFilter, Saml2WebSsoAuthenticationRequestFilter, and upcoming filters like Saml2MetadataFilter a...

SecurityMockMvcRequestPostProcessors is a class that simplifies creating RequestPostProcessors for the purposes of testi...

SummaryIf a request handler returns ETag or Last-Modified headers (manually or by using Spring's WebRequest.checkNotModi...

Rob Winch (Migrated from SEC-2056) said:Description:Spring Security's DaoAuthenticationProvider authenticates users by u...

Can authorization code mode be more flexible to support app login, because app login omits the authorization of authoriz...

Expected BehaviorOAuth2MethodSecurityExpressionHandler should work with JwtAuthenticationTokenCurrent BehaviorCurrently ...

Describe the bugServerBearerTokenAuthenticationConverter throws exceptions in casebearer token doesn't match pattern or ...

Describe the bugWhen using @PreAuthorize("isAuthenticated()") on a Controller that inherits from a base class, where bot...

There was a recent change in reactor-core that is causing the snapshot build to fail.Mono.deferWithContext() was changed...

Describe the bugThe class JwtDecoderProviderConfigurationUtils is instanciating the RestTemplate instead of using the be...

We should register a RestOperations @Bean in OAuth2ClientConfiguration that is configured with default settings and is u...

SummaryThis is a nitpick, quality-of-life issue regarding the new opaque token introspection support in spring-security-...

Expected BehaviorWe are able to serialize/deserialize the class Saml2Authentication and SimpleSaml2AuthenticatedPrincipa...

OpenSamlImplementation is a package-private Spring Security class that exists to remove some of the boilerplate needed t...

OpenSamlAuthenticationRequestFactory leverages a package-private class OpenSamlImplementation to remove boilerplate from...

OpenSamlAuthenticationProvider leverages a package-private class OpenSamlImplementation to remove boilerplate from its o...