spring-security

spring-security copied to clipboard

NullPointerException when GrantedAuthority.getAuthority() returns null

3

**Describe the bug** When my custom GrantedAuthority returns null on `getAuthority()`, I get the following exception that makes the application fail. ``` 2024-06-13T17:44:59.000+02:00 ERROR 12657 --- [ parallel-2] a.w.r.e.AbstractErrorWebExceptionHandler :...

Crystark

Find Roles for Authority using the RoleHierarchy?

2

My current understanding (and please correct me if this incorrect) is that - an Authority is essentially an externally managed 'flag' that indicates what the user is. In the cases...

nielsbasjes

Clarify exception "This object has not been built"

1

### Summary With this code: ```java @PostMapping("loginFacebook") public ClientAuth loginFacebook(@RequestBody @NotNull FacebookAuthResponse authResponse) throws FacebookException { Preconditions.checkArgument(!Strings.isNullOrEmpty(authResponse.getAccessToken()), "authResponse.accessToken must be provided"); final Facebook fb = facebookFactory.getInstance(); fb.setOAuthAccessToken(new AccessToken(authResponse.getAccessToken())); final Long...

ceefour

NimbusJwtDecoderJwkSupport should offer method to get OAuth2TokenValidator

9

### Summary `NimbusJwtDecoderJwkSupport` is the underlying implementation for Spring Security `JwtDecoder`. `NimbusJwtDecoderJwkSupport` provides a method to `setJwtValidator(OAuth2TokenValidator)`, but it does not have a method to retrieve the set validator(s). `NimbusJwtDecoderJwkSupport`...

TheFonz2017

marcusdacoregio

The SecuredAuthorizationManager can now find @Secured annotations on …

5

…subclasses when a method in the superclass is called. closes the issue #15002

abimael-turing

reference documentation dark mode isn't rendering images properly

2

Tried this in both opera, opera incognito, and chromium (which I never use (maybe ever on this computer)). I doubt this is limited to spring security, but I'm not certain...

xenoterracide

SAML 2.0 Documentation should talk about decrypting unsigned SAML 2.0 responses

1

In 5.5, a change was made to disallow decryption unless the SAML 2.0 response is signed. Since this is a breaking change, we should have some documentation that shows how...

jzheaux

(Spring Boot 2.7->3.2) Duplicate @PreAuthorize annotation error across class hierarchy

8

**Describe the bug** I have an abstract class that has the `@PreAuthorize` annotation. Its subclass also has an identical `@PreAuthorize` annotation. **To Reproduce** Attempting to invoke an endpoint in the...

arnaldop

SessionRegistryImpl leaks principals under high load

6

There is a concurrency bug in SessionRegistryImpl where if you have multiple threads call registerNewSession concurrently with the same sessionId but different principal, sessionIds map will have one item but...

wojtassi