spring-security
spring-security copied to clipboard
spring-projects
Spring Security
## Context Currently, the default Spring Security login and logout pages are styled using [Bootstrap CSS](https://getbootstrap.com/). The version we use is `4.0.0-beta`, while the newer version is `5.3.x`. It is...
# Inline CSS for default login/logout pages Context: gh-15302 Remove the dependency on Bootstrap CSS. Results in faster load times, no failures in air-gapped or offline scenarios, and no dependency...
It would be great to have the PDFs and single HTML pages back again, so the docs can be read like a book. I personally find the single HTML without...
This change (as I have the code here) requires https://github.com/spring-projects/spring-security/pull/15272 to be merged (and this should be rebased before merging). Assume this role mapping in text send to the `RoleHierarchyImpl`:...
**Expected Behavior** OAuth tokens could be reused. Even if multiple requests happen concurrently. **Current Behavior** If a lot of token requests happen concurrently each request retrieves its own access token....
There are cases where support for multiple `OpaqueTokenIntrospectors` in an `OpaqueTokenAuthenticationProvider` is needed. This is easier than adding another provider to `ProviderManager`, because `OpaqueTokenAuthenticationConverter` is often the same for different...
We should add a clear example to the reference for setting up an application with the `client_credentials` grant type. Often, this use case requires access tokens scoped to the application...
Endpoint returns a 500, instead of 403 status code when the user does not have required permission
**Describe the bug** When upgrading Spring boot from 3.2.5 to Spring boot 3.3.0, which contains a new version of Spring security 6.3, I got some failing test cases that should...
Hi there, This PR is to address [issue #14768](https://github.com/spring-projects/spring-security/issues/14768), which involves reducing repeated mock object creation in tests. Although my issue submission mentioned 4 separate draft PRs, I combined them...
This theme will focus on providing consistency for Servlet and Reactive applications that use OAuth2 Client features. Examples include providing consistent parameters for access token requests and notable differences in...