spring-security
spring-security copied to clipboard
spring-projects
Spring Security
### Summary The SecurityMockMvcResultMatchers do not work when `SessionCreationPolicy.STATELESS` is used. All examples from https://stackoverflow.com/questions/37550039/test-spring-with-mockmvc ### Actual Behavior The tests fails with the following exception `java.lang.AssertionError: Authentication should not be...
**Expected Behavior** "Impersonate" (SwitchUserGrantedAuthority) is supported by JSON session serialization (SecurityJackson2Modules). **Current Behavior** Not supported -> Exception. **Context** I want to use JSON sessions. SwitchUserGrantedAuthority is the only missing element...
### Summary Today, in order to extract Spring Security roles from custom role representations in the Oidc User flow, code needs to fall back to implementing an `OAuth2UserService`: ```java public...
Fix issue 3065 / SEC-2839: an old bug where it was possible to parse when the init did not succeed completely. Essentially, it was forgotten to refetch the parser after...
The example in Javadoc of ``UrlAuthorizationConfigurer`` is referring its default constructor that no longer exists.
**Expected Behavior** Two cases: 1. When the `isPassive` flag is set to `true`, and the request is sent to an IdP that doesn't support passive mode, the expected statusCode is...
### Summary I'm using [an OIDC Provider](https://github.com/panva/node-oidc-provider) that supports [OIDC Back-channel Logout Spec](https://openid.net/specs/openid-connect-backchannel-1_0.html). However the current version of Spring Security doesn't implement this functionality. ### Actual Behavior There's no way...
**Describe the bug** If your SAML Response is signed, spring security wont be able to verify that I did some debugging and discovered that the following class had the problem....
Some notes here: - Dependabot [supports ignoring ](https://github.blog/changelog/2021-05-21-dependabot-version-updates-can-now-ignore-major-minor-patch-releases/) major, minor, or patch updates - [gradle-dependency-submission](https://github.com/mikepenz/gradle-dependency-submission) project supports submitting Gradle dependencies via the Dependabot API, but it does this via parsing...
