spring-security
spring-security copied to clipboard
spring-projects
Spring Security
:zap: **UPDATE** :zap:: A proposed solution is available in the latest 6.2 snapshot build. Please see [this comment](https://github.com/spring-projects/spring-security/issues/13568#issuecomment-1759913041) for details. I would love your feedback. **UPDATE**: Thanks again, @dreis2211 for...
I'm currently upgrading an existing application from spring-security-saml2-core 1.0.10.RELEASE (which has reached end-of-life) to spring-security-saml2-service-provider 5.6.9. As these versions have significant differences, I started by creating a sample Spring application...
When the Gradle Wrapper Bot creates a PR to update Gradle, it does it for only one branch. When forward porting to other branches, no forward port issues attached to...
Requires upgrading `buildSrc` in 5.8.x to use JDK 17 due to spring-security-release-plugin built against JDK 17. Related gh-14242
**Describe the bug** `mockJwt() WebTestClientConfigurer` does not seem to work with `MockMvcWebTestClient` that was introduced in Spring 5.3 as [documented](https://docs.spring.io/spring-security/site/docs/current/reference/html5/#mockjwt-webtestclientconfigurer). **To Reproduce** ```java @Test void getMessagesWebTestClient() { final WebTestClient testClient...
This issue is an ongoing theme for the Spring Security. Issues that relate to this will be added below. # Build Improvements - [x] :star2: #11308 - [ ] :star2:...
**Describe the bug** Setting up a basic async HTTP GET endpoint where the returned response is allowed to be cached by downstream clients (via the `Cache-Control` header) produces duplicate `Cache-Control`...
### Summary From what I can tell the recently added SAML2 support only supports Spring MVC or more generally servlet based requests. Any plans to add spring-webflux support?
**Describe the bug** `removeAuthorizationRequest` method of `HttpSessionOAuth2AuthorizationRequestRepository` always return null which cause `OAuth2AuthenticationException` when using it with `GenericJackson2JsonRedisSerializer` **To Reproduce** 1. Configure project included below dependencies ```groovy plugins { id...
The current OIDC back-channel logout support saves the end-user's CSRF token to use in a self-logout call when the back-channel request comes from the authorization server. This adds more information...