spring-security
spring-security copied to clipboard
spring-projects
Spring Security
We should adapt the recommendations and examples in the blog article [Spring Security without the WebSecurityConfigurerAdapter](https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter) into the reference documentation. For example, we can configure an `AuthenticationManager` for use by...
- [ ] Use DocumentedObservation for Authentication - [ ] Use DocumentedObservation for Authorization - [ ] Use DocumentedObservation for Filter Chain
We should look into how to make the SAML 2.0 support native compatible. At first, it seems not viable for the Spring Security 6 GA since we are using the...
While upgrading Spring Boot from 2.6 to 2.7, one of our tests started failing. The test verifies thread switching with `WebClient` for OAuth2 client in the servlet environment. This happens...
One way to opt-in to this behavior may be when an application chooses to wire an `AuthenticationManager` directly in the configurer.
Fix NullPointerException when the remoteAddress is unresolved by using remoteAddress.getHostString() or remoteAddress.getAddress().getHostAddress() when it is. The ipAddressMatcher.matches(String) call will attempt to re-parse and resolve the address anyway. Closes gh-11888
Use Generics in the interface to set the type of the parameters rather than using the Object class. Currently for PermissionEvaluator method boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) Would...
[Mikhail Mazursky](https://jira.spring.io/secure/ViewProfile.jspa?name=ash2k) (Migrated from [SEC-1908](https://jira.spring.io/browse/SEC-1908?redirect=false)) said: I was updating spring 3.0.x to 3.1.0 and one of my tests (with Mockito) showed a compilation error. The problem i encountered was the...
As of #10556, support for OpenSAML 3 has been removed. Spring Boot is currently [upgrading to Spring Security SNAPSHOTs](https://github.com/spring-projects/spring-boot/issues/32604) and ran into a dependency resolution problem; Spring Security depends on...
**Expected Behavior** I had legacy OAuth2 authorization server which I can't change, it issues Access token without expiration time and without Refresh token. When I use reactive WebClient with `ServerOAuth2AuthorizedClientExchangeFilterFunction`...
