spring-security
spring-security copied to clipboard
spring-projects
Spring Security
**Expected Behavior** The OAuth2ResourceServerConfigurer class should be able to resolve a custom, developer-defined AuthenticationDetailsSource bean for when instantiating the BearerTokenAuthenticationFilter: `BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(resolver);` `filter.setBearerTokenResolver(bearerTokenResolver);` `filter.setAuthenticationEntryPoint(this.authenticationEntryPoint);` `filter = postProcess(filter);`...
Related gh-11277
In OpenSaml support classes the Saml2VersionUtils class is used to check whether a supported version of OpenSaml is found on the classpath. Closes gh-10567
Closes gh-10957 The test below shows the issue with "authenticated" access as a default parameter. After fix the test is not relevant as the problem is solved at the compilation...
Our current CI build takes quite a bit of time. We should see if there are ways to improve it. For example, right now the samples take 13 minutes. Perhaps...
The `Saml2LogoutConfigurer.class` will use the configured `Saml2LogoutRequestRepository.class` and set it on the `Saml2RelyingPartyInitiatedLogoutSuccessHandler.class`. I added this change to make progress on [gh-11363](https://github.com/spring-projects/spring-security/issues/11363).
WebTestClient + MockMvc is not currently supported. If possible, we should warn users with an `IllegalStateException` that this is not supported when the `WebTestClient` is set up. A note should...
[Alex Khromov](https://jira.spring.io/secure/ViewProfile.jspa?name=alehro) (Migrated from [SEC-2104](https://jira.spring.io/browse/SEC-2104?redirect=false)) said: Below are two snippets from my spring-security.xml. The first one is buggy the second one is good. The problem is that I don't see...
`spring-boot-2.6.3` I'm migrating my `MockMvc` tests to `WebTestClient`, for having all my tests using the same underlying API. The following example project shows that authenticating on the `/login` page works...
When MockMvc is used to set up a `WebTestClient`, applying a mutator such as `csrf()` fails with a `NullPointerException`, but would ideally fail with a more meaningful error such as...