spring-security
spring-security copied to clipboard
spring-projects
Spring Security
**Describe the bug** README.adoc says that "./gradlew build" will build docs, but it builds only api docs. I could not find a way to build reference locally. **To Reproduce** ./gradlew...
This could fix gh-11822
**Describe the bug** The entityId specified for a relying-party-registration via xml namespace seems to be ignored and defaults to the metadata location. **To Reproduce** Define a relying party registration via...
For Webflux applications, if the security configuration is configured with `.cors()` and there is no bean of type `CorsConfigurationSource`, a `CorsFilter` is silently not added. It would be better to...
**Describe the bug** When `server.forward-headers-strategy=framework` is used in a WebFlux project that makes use of an `IpAddressServerWebExchangeMatcher` a `NullPointerException` is thrown when a `Forwarded` or `X-Forwarded-For` header is present because...
**Expected Behavior** We need a configuration for the relying party to indicate it wants to send a signed samlp:AuthnRequest. The value can be set in the OpenSamlMetadataResolver EntityDescriptorCustomizer, but it...
When components access the `SecurityContext` statically through `SecurityContextHolder`, this can create race conditions when there are multiple application contexts that want to specify the `SecurityContextHolderStrategy`. This is because in `SecurityContextHolder`...
**Expected Behavior** `DefaultOAuth2UserService` can be extended to e.g. allow for custom body parsing to handle `application/jwt`for signed and/or encrypted UserInfo Response. Rough draft: ```java public class CustomOAuth2UserService extends DefaultOAuth2UserService {...
[uxbux hulan](https://jira.spring.io/secure/ViewProfile.jspa?name=uxbux) (Migrated from [SEC-2767](https://jira.spring.io/browse/SEC-2767?redirect=false)) said: using: spring & spring-mvc 4.1.0.RELEASE when annotated controllers with @ModelAttribute and @PreAuthorize autowired dependencies are null. found out that removing @ModelAttribute works.
**Expected Behavior** There should be a way to set the custom implementation for AuthenticationTrustResolver on ExceptionTranslationFilter via ExceptionHandlingConfigurer **Current Behavior** Cant set this up using the configurer. And the configurer...
