spring-security

spring-security copied to clipboard

dark-mode problem due to transparency has been fixed

2

In spring-security documentation page I was having difficulty to read diagrams in dark mode. Because their backgrounds were transparent and text black. So I converted the background of all diagrams...

best-rion

**Expected Behavior** Add a constructor with AuthenticationProvider as a factor to the DaoAuthenticationProvider class **Current Behavior** DaoAuthenticationProvider has a constructor with a passwordEncoder as a factor and a generator with...

siwan9

Related [https://github.com/spring-projects/spring-security/issues/15220](https://github.com/spring-projects/spring-security/issues/15220) ``` @Bean @Order(0) SecurityFilterChain app(HttpSecurity http) throws Exception { http .securityMatcher("/app/**") .authorizeHttpRequests(...) .formLogin(...) return http.build(); } @Bean @Order(1) SecurityFilterChain api(HttpSecurity http) throws Exception { http .securityMatcher("/app/**") .authorizeHttpRequests(...) .httpBasic(...)...

franticticktick

ServerBearerTokenAuthenticationConverter does not support form encoded body parameter

4

**Describe the bug** When using opaque tokens with an OAuth 2 resource server, webflux's `ServerBearerTokenAuthenticationConverter` does not support authentication via url-encoded POST requests with their access token as a body...

jonah1und1

AbstractAuthenticationFilterConfigurer: add defaultSuccessUrl() function which doesn't override the successHandler field, or the variant with successHandler parameter

2

**Expected Behavior** For FormLoginConfigurer, builder chain defaultSuccessUrl()..successHandler() applies results from both methods **Current Behavior** Because defaultSuccessUrl() creates its own successHandler inside, and calls successHandler() as well, we get 2 possible...

Hotvianskyi

Align DelegatingAuthenticationConverter Constructors

2

This change is valuable since `new ArrayList()` and `List.of` have different behaviors, meaning that these two constructors give two different object states without saying so. This PR aligns the two...

kse-music

Catch base64 decode exception

2

Closes gh-15905 This is also aligned with `CookieServerRequestCache` ``` onErrorResume(IllegalArgumentException.class, (ex) -> Mono.empty()) ```

kse-music

**Describe the bug** URL deserialization from the `REDIRECT_URI` cookie in CookieRequestCache fails and results in a 500 Internal Server Error if the cookie contains a non-Base64 character. The 500 Internal...

2is10

Factor out some common object mocking in tests

5

Hi there, This PR is to address [issue #14768](https://github.com/spring-projects/spring-security/issues/14768), which involves reducing repeated mock object creation in tests. I mistakenly closed PR #15256 and then discovered that I do not...

gzhao9

github-actions[bot]