spring-security
spring-security copied to clipboard
spring-projects
Spring Security
## TL;DR Closes https://github.com/spring-projects/spring-security/issues/7273 ## Motivation I noticed inconsistency in all tests that are using `andExpect(MockMvcResultMatchers.redirectedUrl("/xyz"))`. I was able to test everything using relative urls with one exception - `/login`...
### Summary Password reuse is a serious problem for users and the source of many different hacks. It would be awesome if we could provide integration with https://haveibeenpwned.com to alert...
**Expected Behavior** - I think we should mention all the required dependencies in this documentation so it will be more helpfull. **Current Behaviour** - There is no mention of `spring-security-ldap`...
**Expected Behavior** It should be possible to customize cache in NimbusJwtDecoder created by OidcIdTokenDecoderFactory. NimbusJwtDecoder currently supports spring cache as possible implementation. If only OidcIdTokenDecoderFactory exposed possibility to set cache...
**Expected Behavior** Be able to extend the `AbstractWebClientReactiveOAuth2AccessTokenResponseClient` for custom `AuthorizationGrantType` implementations not just the four default ones implemented in the spring security framework. **Current Behavior** The current implementation of...
Passkeys have emerged as the industry standard consumer facing solution to get rid of passwords see [passkeys.dev](https://passkeys.dev) with first class support from Google, Apple, and Microsoft. Passkey looks like it...
**Describe the bug** When using @RolesAllowed annotation on interface level and inheriting that interface with another interface spring detects @RolesAllowed as a duplicate. ` org.springframework.core.annotation.AnnotationConfigurationException: Found more than one annotation...
When logging into a site with compromised password in chrome (this happens when I authenticate to a sample Spring Security application with a password of password), I see this ...
The current implementation of `OAuth2AuthorizedClientId` is enough to compare IDs, but I have a use case where I retrieve some if this IDs and need to access the registration ID,...
