SummaryIt would be nice if Spring Security supported Rate Limiting. This should provide support for the web, but not be ...

The title of the file samples/boot/saml2login/README.adoc is currently "OAuth 2.0 Login Sample". It should be "SAML 2.0 ...

SummaryIn the new thymeleaf-extras-springsecurity5 I'm trying to make all the functionality already existing for Servlet...

SummaryWhen loggin into my web application using oath2 (in this summary I will use google provider as example), it will ...

Our build is failing when running against the latest Spring Framework snapshot.The test matchesRequireCsrfProtectionWhen...

Expected BehaviorPlacing a limit on the number of requests a user can make using a valid access token to resource ser...

ApacheDS's TcpTransport allows for a zero port, selecting any available port at startup. It does not correctly propagate...

It seems that the following line in Md4PasswordEncoder is redundant:https://github.com/spring-projects/spring-security/b...

I have a similar problem mentioned in this SO thread - here.I have tried both the recommended solution in above SO threa...

SummaryWhen calling method AclImpl.hashCode, a java.lang.StackOverflowError is throwActual BehaviorA cross-reference exi...

I am having string value in iss claim but spring security is expecting iss value as URL.. Is it possible to change somet...

FilterInvocation creates a dummy HttpServletRequest to allow creating dummy HttpServletRequest instances. The DummyReque...

SummaryIn case of an old ACL schema where the object_id_identity is of type bigint instead of the current varchar(36), t...

Describe the bugWhen attempting to compose a message in the Java Config hellojs sample, there is a JavaScript error.To R...

Describe the bugWhen attempting to log in to the Java Config hellojs sample, it fails with a message:There is no Passwor...

Describe the bugCurrently the XML OpenID sample uses GET /logout, which doesn't work since the DefaultLogoutPageGenerati...

Expected Behaviorthere should be addFilterBefore method for http security kotlin dsl, for the equivalent of http.addFilt...

It should be possible to use an ObjectPostProcessor to post-process the configuration of Saml2WebSsoAuthenticationReques...

TestRelyingPartyRegistrations is in spring-security-config, but it ought to be in the same package as RelyingPartyRegist...

ScenarioA SAML2 response assertion has an invalid signature.BehaviorThis commit changed the expected Saml2Authentication...