Josh Cummings
Josh Cummings
By doing: ```java @Bean ApplicationListener securityEventListener() { ObservationRegistry observationRegistry = ObservationRegistry.create(); observationRegistry.observationConfig().observationHandler(new ObservationTextPublisher()); return DelegatingObservationSecurityEventListener.withDefaults(observationRegistry).build(); } ``` Then all `AuthenticationSuccessEvent`s, `AuthenticationFailureEvent`s, `AuthorizationGrantedEvent`s, and `AuthorizationDeniedEvent`s will be handled by Micrometer. Specifically,...
Related #8885, https://github.com/spring-projects/spring-security/issues/9904#issuecomment-863439948 It would be nice to be able to provide an issuer location to `NimbusJwtDecoder` instead of a JWK Set URI. It would allow the issuer discovery to...
Based on https://github.com/spring-projects/spring-security/pull/10447#issuecomment-966593724, `Argon2PasswordEncoder`, `ScryptPasswordEncoder`, and `Pbkdf2PasswordEncoder` should have their minimums updated. Please also see gh-7411 gh-4788
Support for `@EnableMethodSecurity(mode=ASPECTJ)` and ``. For `@EnableMethodSecurity`, see the AspectJ sample on [this `spring-security-samples` branch](https://github.com/jzheaux/spring-security-samples/commit/7d077ea90484946504562c6f8f45971370d5abfe).
Some of the classes in `oauth2-resource-server` could be better aligned with the whole. For example, if `XYZ` represents the root package for that module, then: - authentication filters tend to...
To compose two authorization managers, some boilerplate is necessary. For example, to achieve a logical "or" between two authorization managers, they can be composed like so: ```java (authentication, object) ->...
It would be easier to use `RequestMatcherDelegatingAuthorizationManager.Builder` if it used builder methods similar to `MessageMatcherDelegatingAuthorizationManager.Builder`. Specifically, it would be nice to be able to do things like the following: ```java...
When going GA, the release automation should create the appropriate `for: backport-to-x.y.z` label.