spring-security
spring-security copied to clipboard
spring-projects
Spring Security
This PR implements a simpler approach, as suggested by @jzheaux, to support `OAuth2AuthenticatedPrincipal` injection into `JwtAuthenticationToken` Resolves: #6237
Replace comparison based on the != operator by an .equals() comparison based on the text value. The 2 objects have the same value in most setups, but not when used...
**Describe the bug** When using OAuth2 opaque Bearer token, without jwt token, the code breaks after upgrade to `spring-boot:3.5.0`. The same code worked without problem with `spring-boot:3.4.6`. Here, exception is...
Currently `dpop` can't be configured. `OAuth2ResourceServerConfigurer` has `dPoPAuthenticationConfigurer` and it is already initialized with `DPoPAuthenticationConfigurer` and in `configure` method it is always applied to `http`. It would be nice to...
We need to implement the Reactive counterpart of gh-16589.
[Thomas Koch](https://jira.spring.io/secure/ViewProfile.jspa?name=thkoch) (Migrated from [SEC-2379](https://jira.spring.io/browse/SEC-2379?redirect=false)) said: I've a model class supported by Hibernate/JPA with row level security and a PagingAndSortingRepository interface for this model. I want to call findAll(pageable) on...
This feature will deliver [OAuth 2.0 Protected Resource Metadata](https://datatracker.ietf.org/doc/html/rfc9728).
We should strongly consider removing the `com.nimbusds:oauth2-oidc-sdk` dependency as it has caused a number of issues over the years ever since we added it's usage in the OAuth2 support. The...
See issue gh-15354.
