spring-security
spring-security copied to clipboard
spring-projects
Spring Security
**Describe the bug** I am facing an issue retrieving the authenticated user after receiving SAML from Microsoft Intra ID as the Identity Provider (IdP). The Saml2AuthenticatedPrincipal object is always null....
springboot:3.2.1 springsecurity:6.2.1 When xsrf token is invalid, delegate.resolveCsrfTokenValue returns null, but the return type of SpaCsrfTokenRequestHandler.resolveCsrfTokenValue is not nullable, which causes NullPointerException ## To Reproduce Use the setup in [csrf-integration-javascript-spa](https://docs.spring.io/spring-security/reference/servlet/exploits/csrf.html#csrf-integration-javascript-spa),...
**Describe the bug** When serializing and deserializing pages in the cache store in a upgraded wicket application (upgraded from spring boot 2.7.18 and Wicket 9.15, java 11) using Wicket 10.0.0-M2...
**Expected Behavior** Saml2MetadataFilter should be able to return a metadata for a registration without Asserting Party details. **Context** The Asserting Party/IdP details might not be available during the metadata download...
It would be nice if we supported `AuthrozationDecision` return types for Method Security SpEL. This would allow method security to easily convey more information to the framework on why authorization...
Support custom return types for for SpEL method security through the use of providing a Converter of that return type to the Authorization Decision. I don't think that I like...
### Summary Sample: https://github.com/bitsofinfo/spring-boot-data-pre-authorize-issue spring-security 4.1.3, spring-boot 4.1, latest spring-data-jpa/rest libraries I have a custom repository interface that extends from other interfaces that ultimately extend from `PagingAndSortingRepository` with an annotated...
**Expected Behavior** Saml2LogoutRequestFilter should return a logout response back to the user agent when validation errors happen. This would allow the logout flow to continue to other SPs involved in...
Hello everyone, This proposal is about tiny enhancements applied to JdbcUserDetailsManager.userExists() method. As we do not really use an information returned by select query `select username from users where username...
Based one [this comment](https://github.com/spring-projects/spring-security/issues/9401#issuecomment-1833459899) from @rrrship, the documentation should be updated to correctly state that Spring Security fully supports coroutines at this point.
