spring-security
spring-security copied to clipboard
spring-projects
Spring Security
Some users are having a hard time configuring their environment to work with the Spring Security codebase. We should review and improve the CONTRIBUTING doc in order to avoid contributors...
Related #8885, https://github.com/spring-projects/spring-security/issues/9904#issuecomment-863439948 It would be nice to be able to provide an issuer location to `NimbusJwtDecoder` instead of a JWK Set URI. It would allow the issuer discovery to...
**Expected Behavior** Something like the `JwtAuthenticationConverter` but for token instrospection. My first thougt is, inside `OpaqueTokenAuthenticationProvider`, delegate`AbstractAuthenticationToken convert(OAuth2AuthenticatedPrincipal principal, String token)` to a configurable bean. As we already have the...
Closes gh-11621
Based on https://github.com/spring-projects/spring-security/pull/10447#issuecomment-966593724, `Argon2PasswordEncoder`, `ScryptPasswordEncoder`, and `Pbkdf2PasswordEncoder` should have their minimums updated. Please also see gh-7411 gh-4788
**Describe the bug** I am migrating from `WebSecurityConfigurerAdapter `to use `SecurityFilterChain `bean. In my current implementation I have an ability to support both Basic authentication as well as Oauth2ResourceServerAuthentication. (using...
The client should have the ability to authenticate with the Authorization Server using X.509 certificate. See RFC 8705 [OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens](https://tools.ietf.org/html/rfc8705)
**Describe the bug** I have enabled CSRF on my spring cloud API gateway server. I have angular as my GUI framework which calls the rest services through the API gateway....
