spring-security
spring-security copied to clipboard
spring-projects
Spring Security
We could somehow post-process the release changelog file and remove duplicates. The duplicates are identified as, for example: - Bump io.micrometer:micrometer-observation from 1.12.0 to 1.12.1 https://github.com/spring-projects/spring-security/pull/14283 - Bump io.micrometer:micrometer-observation from...
**Describe the bug** Problem is a possible `NullPointerException` (NPE) in `DefaultOAuth2User.getName`. **To Reproduce** Get null value on the name attribute during after OAuth authentaction. Or simply create attributes for `DefaultOAuth2User`...
**Describe the bug** # OAuth2AuthorizationRequest is not extendable **To Reproduce** the following is declaration of [AuthorizationRequestRepository](https://github.com/spring-projects/spring-security/blob/773e86701edcd6f2179ad66204f55e24c3ae3d51/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java#L40) and OAuth2AuthorizationRequest is final class. it means that we can not create new CustomOAuth2AuthorizationRequest...
Hi Team, This pr fixes a typo in the Spring Security documentation and updates the source block roles for consistency. - Changed `.collect(Collectors.toList()));` to `.collect(Collectors.toList());`. - Changed `[source,java,role="secondary"]` to `[source,kotlin,role="secondary"]`...
It would be nice to be able to perform OAuth2 Logout in v5.8.x (same functionality as v6 offers in that regard: local/back-channel/client-initiated). ### Background: We have 3 "login capable" products...
This PR is for two different features, both requested by @OrangeDog. With this change, applications can specify query parameters in the `authenticationRequestUri` value through a new method: `authenticationRequestUriQuery`: ```java http...
Closes gh-15286
Backport of the solution for #15003 to `6.2.x` .
**Expected Behavior** The **CurrentSecurityContextArgumentResolver** should be capable of supporting property population of different types, meaning it should be able to map information from the security context onto parameters of varying...
**Expected Behavior** Class and its methods should be `public`. **Current Behavior** Class and its methods are package-private. **Context** To allow writing alternatives to `RelyingPartyRegistrations` and others by adapting OpenSAML APIs....
