Spring Security Locally-Configured Key Rotation

  • 2025-01-18 06:36:42
  • 880
JWK sets are the premier way to support key rotation in Spring Security's OAuth 2.0 Resource Server.However, not all Ide...

Spring Security Provide Servlet equivalent of UnAuthenticatedServerOAuth2AuthorizedClientRepository

  • 2025-01-18 06:36:39
  • 12524
SummaryCurrently when Using ServletOAuth2AuthorizedClientExchangeFilterFunction (this might also apply to the Server im...

Spring Security filterOrdersHttpSecurity.addFilterAtOffsetOffilterOrders does not add filter order to filterOrders

  • 2025-01-18 06:36:35
  • 3143
Describe the bugKeycloak for spring-boot adds two filters successively which results in a NPE: @Override protected...

Spring Security need use relaystate to resolve csrf when integrate saml2

  • 2025-01-18 06:36:32
  • 948
Some documents suggest using relaystate to pass csrftoken to solve CSRF attacks. Some documents suggest using relaystate...

Spring Security Remember-me throws error or always redirect to login again

  • 2025-01-18 06:36:26
  • 10621
SummaryNot working as expected. It works only with: NoOpPasswordEncoderActual BehaviorThrows UserDetailsService is requi...

Spring Security ExceptionTranslationWebFilter does not support AnonymousAuthenticationWebFilter

  • 2025-01-18 06:36:23
  • 535
Hi,The ExceptionTranslationWebFilter doesn't check if the authentication object of the ReactiveSecurityContextHolder is ...

Spring Security Authentication scheme case-insensitivity

  • 2025-01-18 06:36:21
  • 11235
/cc @vpavic @jzheaux @rwinch @tnwang @nlebasLet's revisit the Authentication scheme case-insensitivity as it seems we're...

Spring Security SEC-1912: Md5PasswordEncoder should allow option to include cipher when getting byte array from password hash

  • 2025-01-18 06:36:18
  • 1319
Drew Wings (Migrated from SEC-1912) said:OpenLDAP stores MD5 hashed passwords with a cipher {MD5}. When the byte array f...

Spring Security SEC-1818: BindAuthenticator and AbstractLdapAuthenticator improvement

  • 2025-01-18 06:36:16
  • 1307
Mikhail Mazursky (Migrated from SEC-1818) said:I'm using bind authenticator and i want to format userDn not only based o...

Spring Security SEC-1894: Add XML support for configuring custom InvalidSessionStrategy

  • 2025-01-18 06:36:13
  • 1108
Victor Polischuk (Migrated from SEC-1894) said:There is no simple way to setup custom strategy on session invalidation. ...

Spring Security SEC-1872: PreAuthorize and PostAuthorize that evaluates java code

  • 2025-01-18 06:36:10
  • 2794
christophe blin (Migrated from SEC-1872) said:The @PreAuthorize and @PostAuthorize are very handy to quickly write a sim...

Spring Security SEC-1871: AbstractRememberMeServices method getCookiePath()

  • 2025-01-18 06:36:07
  • 485
Jon Osborn (Migrated from SEC-1871) said:For some implementations behind proxy services, the CookiePath must be 'url enc...

Spring Security Digest authentication and ChangeSessionIdAuthenticationStrategy

  • 2025-01-18 06:36:05
  • 872
Hello.I'm using SS for Digest auth in Spring based application/Spring Core 4.2.5.Spring MVC 4.2.5.Spring Security 4.0.4....

Spring Security SEC-1851: DigestAuthenticationEntryPoint should generate really unique nonce values

  • 2025-01-18 06:36:02
  • 1311
Vladimir Korolev (Migrated from SEC-1851) said:RFC 2617 specifies that "nonce" should be uniquely generated. See http://...

Spring Security SEC-1860: Add <http-digest> similar to <http-basic> to the security namespace

  • 2025-01-18 06:35:59
  • 326
Eugen Paraschiv (Migrated from SEC-1860) said:The element of the security namespace has to support basic authenticatio...

Spring Security DefaultSpringSecurityContextSource can't handle spaces in baseDn

  • 2025-01-18 06:35:53
  • 4062
Describe the bugWhen given a valid URL such as ldap://server/dc=org%20with%20space,dc=com, the DefaultSpringSecurityCon...

Spring Security SEC-1844: Add the HTTPonly flag to the rememberMe cookie even it is not Servlet 3.0 API

  • 2025-01-18 06:35:50
  • 860
Michael Furman (Migrated from SEC-1844) said:Hi!It is important to add the HTTPonly flag to the rememberMe cookie.Versio...

Spring Security SEC-1831: org.springframework.security.web.savedrequest.HttpSessionRequestCache should allow developer set the session attribute name

  • 2025-01-18 06:35:48
  • 2081
wayne zheng (Migrated from SEC-1831) said:In the Class org.springframework.security.web.savedrequest.HttpSessionRequestC...

Spring Security SEC-1840: UserMap is deprecated and InMemoryDaoImpl uses it; what to do?

  • 2025-01-18 06:35:44
  • 621
The Alchemist (Migrated from SEC-1840) said:org.springframework.security.core.userdetails.memory.UserMap is deprecated b...

Spring Security SEC-1801: Please put generated POMs in samples and include with git source code

  • 2025-01-18 06:35:41
  • 513
Dave Syer (Migrated from SEC-1801) said:Please put generated POMs in samples and include with git source code. I'd real...
上一页 下一页
.