spring-security
spring-security copied to clipboard
spring-projects
Spring Security
Dear Spring Security Developers, I have been reviewing your test code and noticed an issue with repeated creation of mock objects in your tests. Here are four examples where this...
Closes gh-14691
I expect to always be able to invoke endpoints marked with permitAll. However, ConcurrentSessionFilter early aborts such requests at the edge of expiration. https://github.com/spring-projects/spring-security/blob/ed6ff670d102736eea0ac360921c9015151ac630/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java#L145 and there doesn't seem a way...
### Description This PR adds a ContinueRequestSessionInformationExpiredStrategy to contiue next filters even though the session expired. ### Changes + Add ContinueRequestSessionInformationExpiredStrategy + Add testcode Issue #14077
**Catched exception should be logged before JwtException is thrown** Before a JwtException is thrown, the catched errorMsg should logged on an appropriate level. In order to quickly be able to...
Closes gh-11983
This (reactive) page is currently out of sync with the Servlet page. This pull request aims to ensure alignment between both pages.
**Expected Behavior** Currently, if the JWT is having typ as "at+jwt", the token is rejected with message "Failed to authenticate since the JWT was invalid". I am aware that this...
This PR removes a redundant conditional check in the doParse method of the specified class. The condition dataSource != null is always evaluated as true because the getAttribute method always...
**Describe the bug** SessionManagementFilter does not seem to honor the require explicit save option - securityContext .requireExplicitSave(true) and saves the authenticated security context to session. The require explicit save option...
