spring-security
spring-security copied to clipboard
spring-projects
Spring Security
In Spring Security 6, a naming convention was established to clearly distinguish all Open SAML components as version 4 or version 5 components. This ticket removes deprecated classes that don't...
Accompanying methods and constructors that use `AssertingPartyDetails` are superceded by methods and constructors that use `AssertingPartyMetadata`
They are replaced by methods and constructors that use `AuthorizationResult`.
`DaoAuthenticationProvider` now requires its required components in the constructor
`RoleHierchyImpl` now requires it's required parameters in a constructor
It is replaced by `AnnnotationTemplateExpressionDefaults`
It is replaced by `EnableWebSecurity`
`AclPermissionEvaluator` has long been the de facto standard for evaluating ACLs. This ticket removes implementations of `AfterInvocationProvider` and `AccessDecisionVoter` that duplicate this.
**Describe the bug** There are more than 1000 opened issues and some issues are 10 years old down on the list. Some of them are about `PersistentTokenBasedRememberMeServices` which throws `CookieTheftException`...
`SpringSecurityLdapTemplate` exposes many operations that are available in modern-day Spring LDAP by way of `LdapClient` and `LdapQueryBuilder`. We should try and replace usage of `SpringSecurityLdapTemplate` with Spring LDAP's default `LdapClient`...