spring-security
spring-security copied to clipboard
spring-projects
Spring Security
Spring Security's MockMvc Support does not currently work with WebTestClient. This is a list of issues related to this problem. It includes both adding the feature to support Spring Security...
RFC 7616 has been officially made available for several years now but Spring Security still only supports RFC 2617 for digest auth. **Current Behavior** The current digest auth in Spring...
### Actual Behavior GET request to /logout produces generic error and 404 status. ### Expected Behavior There could be more clear error message and 405 status code returned instead. ###...
### Summary Ideally, the hashCode method defined by a class should return distinct integers for distinct objects. Not doing so impacts performance when the objects are stored in a HashMap...
**Expected Behavior** `Pbkdf2PasswordEncoder` should not let you generate a hash longer than the hash function. This should either return an error or reduce the output size to match the hash...
Some of the classes in `oauth2-resource-server` could be better aligned with the whole. For example, if `XYZ` represents the root package for that module, then: - authentication filters tend to...
**Expected Behavior** It should be possible to introduce a toggle that toggles the option of sending in the CSRF token as a URL parameter, and only allows for it as...
When configuring security rules, it will be very helpful to understand what we are configuring. Example with this kind of configuration : ``` @Configuration public class UIResourceProtection extends WebSecurityConfigurerAdapter {...
The `Saml2WebSsoAuthenticationRequestFilter#createSamlPostRequestFormData(...)` should allow to customize generated HTML form for SAML2 login request. The `Saml2WebSsoAuthenticationRequestFilter#createSamlPostRequestFormData(...)` create a HTML form which is hardcoded. It should supports custom form generation by adding...
When building a SecurityFilterChain from HttpSecurity, a prototype is built in HttpSecurityConfiguration. However, this prototype is not aware of AuthenticationEventPublisher in the bean factory. Although it is possible to set...
