spring-security
spring-security copied to clipboard
spring-projects
Spring Security
Currently, there are other places where `PermissionEvaluator` is inherited and methods are overridden. However, these places aren't yet covered by jspecify. I expect that in the future, when these places...
Closes: gh-17781
**Describe the bug** Upgrading from 6.x to 7.0, the `org.springframework.security.access` package has now been `@NullMarked`. The documentation for `PermissionEvaluator#hasPermission(..., Object targetDomainObject, ...)` says: > **May be null** in which case...
Closes gh-18157
**Describe the bug** Upgrading from 6.x to 7.0, the `org.springframework.security.provisioning` package has now been `@NullMarked`. Both `getPassword` and `setPassword` in `MutableUser` have been marked as `@Nullable`, but `changePassword` in `UserDetailsManager`...
Migration to org.htmlunit:htmlunit in S101PluginExtension
**Describe the bug** When running a native spring boot image with spring security and redis sessions I get an error both with JDK serialization and the [json serialization](https://docs.spring.io/spring-session/reference/configuration/redis.html#serializing-session-using-json) when trying...
**Expected Behavior** We would like to set `restOperations` (`RestTemplate`) on [`OidcBackChannelLogoutHandler`](https://github.com/spring-projects/spring-security/blob/main/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcBackChannelLogoutHandler.java#L66). **Current Behavior** Currently `restOperations` cannot be directly modified on [`OidcBackChannelLogoutHandler`](https://github.com/spring-projects/spring-security/blob/main/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcBackChannelLogoutHandler.java#L66) requiring us to copy the entire classes' source only...
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot] avatar"){kind=avatar}