Summaryuse deprecated method User#withDefaultPasswordEncoder() in sample projectExpected Behaviormodify that sampleVersi...

SummaryOPTIONS header does not take user access into account to fill in Allow header in response.Actual BehaviorFrom the...

SummaryCan't find equivalent for https://github.com/spring-projects/spring-security-oauth/blob/master/spring-security-oa...

SummaryVersionsResourceTasks wrote a date comment which prevented this fromproducing the same result and caused misses i...

SummaryThere are a number of things we can do to improve our builds performance. Enable parallel buildsRemove cleanRemov...

Dan Dormont (Migrated from SEC-2470) said:When SessionFixationProtectionStrategy creates a new HTTPSession based on an e...

Related to #6883 When NimbusJwtDecoder#withJwkSetUri is invoked, the builder assumes RS256 if no algorithm is specified....

SummaryA @RegisteredOAuth2AuthorizedClient should be able to have the scopes necessary to make a particular request. If ...

SummaryEnsure we can support a flow with dynamic OAuth scopes. For example, perhaps an application lets the user choose ...

SummaryWebClient support should delete access tokens if they failComment From: jgrandjaThis has been solved via #7840 #7...

SummaryThe Spring Security 5 XSDs are missing from https://www.springframework.org/schema/security/Expected BehaviorThey...

SummaryMicrosoft recently published an advisory to enable LDAP channel binding and LDAP signing: https://portal.msrc.mic...

A fatal error has been detected by the Java Runtime Environment:SIGSEGV (0xb) at pc=0x00007f5e79885cb8, pid=3364, tid=0x...

We have upgraded a project from Spring Security 3 to Spring Security 5 recently. There is a page which should be accessi...

SummaryNeed byte[] parameter type for Bcrypt.checkpw method. Currently, this method is only accepting string as the para...

See issue https://github.com/eclipse/jetty.project/issues/4141Running on java 12 + spring security 5.1.6 + jetty 9.4.21 ...

Even if context has a valid refresh token, if the authentication server revokes the token or times out, the refresh toke...

At the time of logging this issue, googling for "Spring Security Reference" returns a top result of:https://docs.spring....

In OAuth2LoginReactiveAuthenticationManager the following is stated in the comments.This {@link org.springframework.secu...

I found a bug in com.nimbusds.oauth2.sdk, the client_id parameter was not passed in during the Authorization Requestclie...