SummaryCurrently we have the ability to store a user's initial request using WebSessionServerRequestCache. This causes t...

Dear colleagues,As org.springframework.security:spring-security-oauth2-jose:jar:5.1.7 brings in com.nimbusds:nimbus-jose...

I have below config to validate the access_token from the request Using the resource server api. I have the requirement ...

Hi Spring security team,I'm using the brand new SAML 2 support with Spring Boot 2.2.1 and Spring Security 5.2.1 and I ha...

SummarySimilar to how we extracted out the CSRF documentation, we should extract the HTTP headers documentation into the...

SummarySpring Boot is the way going forward. We should remove the other hello documentation.

Backport of https://github.com/spring-projects/spring-security/issues/7658Comment From: jzheauxFixed via cd0bec48deb4e17...

Related to #7422 There are two Servlet-based ExchangeFilterFunctions in the code base:ServletBearerExchangeFilterFunctio...

Related to this comment:Let's add a request attribute that CsrfFilter is aware of and an exchange attributes that CsrfWe...

The source file org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser.java has on line 210...

SummaryWe should add support for adding a custom filter in the Kotlin DSL.The configuration would look like@EnableWebSec...

SummaryCurrently, in the Kotlin DSL, function autocompletion is not limited to their specific scope.This leads to config...

Hi,I'm trying to add oauth resource server multi tenancy support (by issuer) to my existing webflux stack (Boot 2.2, Spr...

JwtClaimValidator could be a nice generalization of JwtIssuerValidator. Something like:public JwtClaimValidator(String c...

In nearly all cases, NimbusJwtDecoder and NimbusReactiveJwtDecoder throw aa OAuth2IntrospectionException when something ...

In order to add a custom parameter to the default authorization request, an application follows the delegator pattern:OA...

Update to Spring Framework 5.2.4.RELEASEUpdate to Reactor Dysprosium-SR5Update to Spring Data Moore-SR5Update to Jackson...

DefaultAuthenticationEventPublisher will drop any exceptions that it doesn't have mapped. This means that an application...

DefaultAuthenticationEventPublisher can be configured with additional exception mappings via setAdditionalExceptionMappi...

SummaryIn the documentation, we show code samples and allow the user to choose which language they want to see them in (...