spring-security
spring-security copied to clipboard
spring-projects
Spring Security
If [an authorized object](https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html#authorize-object) is sent to Spring Data, for example using `CrudRepository#save`, the call fails since it tries to look up model metadata by the class name, a CGLIB...
**Describe the bug** I've migrated from spring boot 2.7.18 to spring boot 3.3.4, I've a SAML 2.0 with OpenSaml in my project, previously I used to redirect to the SAML...
Hello, would it be possible please to upgrade Nimbus dependency in Spring Security 5.8.x? The library is vulnerable to https://nvd.nist.gov/vuln/detail/CVE-2023-52428.
Forward port of issue #15974 to 5.8.x.
Forward port of issue #15975 to 5.8.x.
Spring Security does not use the `ServerExchangeRejectedHandler` Bean when exposed. We should fix this, but in the meantime users can leverage a `BeanPostProcessor` approach. ```java @Bean BeanPostProcessor beanPostProcessor() { return...
Spring Security does not use the `ServerWebExchangeFirewall` Bean when exposed. We should fix this, but in the meantime users can leverage a `BeanPostProcessor` approach. ```java @Bean BeanPostProcessor beanPostProcessor() { return...
**Describe the bug** The example [here](https://docs.spring.io/spring-security/reference/servlet/oauth2/login/advanced.html#oauth2login-advanced-oidc-user-service) doesn't work. **To Reproduce** Just repeat the customization and see that the requests are not autorized at all. Adding ``` .authorizeHttpRequests(c -> c.anyRequest().authenticated()) ```...
`PortResolver` was created to work around an old IE bug where `ServerRequest.getServerPort()` could return the incorrect port at times. We should: - [ ] #7273 - [ ] Construct Absolute...