spring-security
spring-security copied to clipboard
spring-projects
Spring Security
**Describe the bug** The documentation suggests using the deprecated `WebSecurityConfigurerAdapter` class for Kerberos integration. **To Reproduce** See the following links: https://docs.spring.io/spring-security-kerberos/docs/current/reference/html/ssk-spnego.html https://docs.spring.io/spring-security-kerberos/docs/current/reference/htmlsingle/ **Expected behavior** There will be Kerberos integration examples...
**Describe the bug** Following CONTRIBUTING.adoc is not enough to get an IDE ready to run unit-tests and contribute. I could not get porject build and unit-tests run from Spring Too...
**Expected Behavior** Both `WebSecurityConfigurerAdapter` and `SecurityFilterChain` can co-exist to ease migration from the former to the latter. **Current Behavior** Exception is thrown: ``` Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please...
Support for `@EnableMethodSecurity(mode=ASPECTJ)` and ``. For `@EnableMethodSecurity`, see the AspectJ sample on [this `spring-security-samples` branch](https://github.com/jzheaux/spring-security-samples/commit/7d077ea90484946504562c6f8f45971370d5abfe).
Starting from 5.7 the `WebSecurityConfigurerAdapter` has been deprecated in favour of using a custom bean for creating a `SecurityFilterChain` that will inject an `HttpSecurity` and build it. The `WebSecurityConfigurerAdapter` has...
** Versions ** * Spring boot version: 2.7.1 * Spring security 5.7 * JDK version: 1.11 I have previously added an issue at https://github.com/spring-projects/spring-boot/issues/31836 and they redirect to possible spring-security...
Transient authentication checks since 5.7.x lead to missing authentication in HttpSession attributes
PR: https://github.com/spring-projects/spring-security/pull/9993 This breaks my app when I switched from 5.6.6 to 5.7, as JwtAuthenticationToken which has @transient is being used. the regular flow with 5.6.6: - request A (websocket...
By removing OpenSAML3 support in Spring Security 6 we need to make sure that the OpenSAML dependency versions are updated and are compatible with JDK 17. See: - https://github.com/spring-projects/spring-security/issues/10556#issuecomment-1201699608
**Expected Behavior** `RedirectServerAuthenticationSuccessHandler`/`ServerRequestCache.getRedirectUri()` should allow to redirect using an absolute URL (e.g. `http://localhost/secured-path`) so that reverse proxies can automatically rewrite the location header, like with Web MVC (`SavedRequestAwareAuthenticationSuccessHandler` / `RequestCache`)....
Currently, the `spring-security-saml2-service-provider` supports the two versions of OpenSAML: 3 and 4. Since the classes for OpenSAML3 are already deprecated in Spring Security, we should remove them in version `6.0`....