spring-security
spring-security copied to clipboard
spring-projects
Spring Security
**Describe the bug** auth_time claim doesn't show the time of the original authentication. But the time when session was updated. **To Reproduce** Log in using the authorization code grant. Request...
**Describe the bug** I am opening a new issue, because it looks like my last comment on the already closed https://github.com/spring-projects/spring-authorization-server/issues/2183 did not reach its audience. My use-case is, in...
**Describe the bug** Due to the deprecation of MvcRequestMatcher, its replacement 'PathPatternRequestMatcher' requires to know the servlet path(s) beforehand. In my usecase i cannot know this. **To Reproduce** 1. Have...
**Expected Behavior** The default behaviour of the `AuthenticationSuccessHandler` and `AuthenticationFailureHandler`s should be acessible, so that they can be extended and/or composed without having to copy-paste them from the current source...
**Expected Behavior** The `expires_in` parameter in the PAR endpoint should be configurable via configuration properties or the DSL, allowing users to set the expiration duration based on their needs. **Current...
**Describe the bug** When using Spring Security 7.0.0-M3 and defining a `ReactiveUserDetailsService` the application fails to start with error `java.lang.IllegalArgumentException: userDetailsPasswordService cannot be null` **To Reproduce** - start.spring.io and generate...
Fix: Corrected class name inconsistency in password-storage.adoc example
Directives should be Directive `HeaderWriterLogoutHandler clearSiteData = new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(Directives.ALL))`
See GH-17563 Adds API key authentication support. Key components include the following: - `ApiKei` is a data model consisting of ID and secret parts. `ApiKey` provides method for generating new...
Currently, the doExecute method in spring−security−kerberos−client always wraps exceptions in a RestClientException. This unnecessarily complicates exception handling for HTTP status errors and other exceptions. This change modifies the behavior to...
