spring-security
spring-security copied to clipboard
spring-projects
Spring Security
For details see #14688
**Expected Behavior** When the OIDC provider uses different hostnames from frontend and backend endpoints, fetching metadata from the configure issuer hostname does not fail. **Current Behavior** If the frontend and...
How to convert Http Api to Reactive Http API? It would be great if we have bridge between 2 APIs
The `InitializeUserDetailsBeanManagerConfigurer` should inject the `PasswordEncoder` into the constructor of `DaoAuthenticationProvider` to prevent the unnecessary execution of `PasswordEncoderFactories.createDelegatingPasswordEncoder()` which causes issues for users with FIPS compliant JDKs. See https://github.com/spring-projects/spring-security/issues/14670
We support filtering the results of collections, but it would be nice to filter non-collection types. I haven't decided on the syntax for this but here is a rough idea:...
We should look into adding OpenFGA support See https://openfga.dev/ Some NOTES for myself: - [ ] We can use [Testcontainers support](https://docs.spring.io/spring-boot/docs/3.2.x/reference/htmlsingle/#features.testcontainers.at-development-time) for starting the openfga Docker image - [ ]...
## Context By default `HttpSecurityConfiguration` wires an `AuthenticationManager` with either: - a `DaoAuthenticationProvider` when the user provides a `UserDetailsService` - or a user-provided `AuthenticationProvider` bean - (or none of the...
**Expected Behavior** An example for configuring the claim delimiter is listed in the [Extracting Authorities](https://docs.spring.io/spring-security/reference/servlet/oauth2/resource-server/jwt.html#oauth2resourceserver-jwt-authorization-extraction) section of the OAuth2 Resource Server JWT documentation. **Current Behavior** The JwtGrantedAuthoritiesConverter has 3 available...
**Expected Behavior** OidcBackChannelLogoutHandler should be able to logout user's session using http://localhost... host and protocol **Current Behavior** In Spring security config 6.2.1, The URL which is being used for the...
