Skip to content

Issues: spring-projects/spring-security

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

914 Open 11,466 Closed
914 Open 11,466 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Allow customizing the strategy for resolving the principal in OAuth2ClientHttpRequestInterceptor in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15826 opened Sep 18, 2024 by sjohnr 6.4.x
@sjohnr
Consider adding ClientRegistrationIdResolver to ExchangeFilterFunctions in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15825 opened Sep 18, 2024 by sjohnr 6.4.x
@sjohnr
Consider favoring ObjectProvider#getIfAvailable in: config An issue in spring-security-config type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#15821 opened Sep 17, 2024 by jzheaux 7.0.x
Add support for requesting protected resources with RestClient via a ServletBearerExchangeFilterFunction or equivalent in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#15820 opened Sep 17, 2024 by azizabah
@sjohnr
ServerBearerTokenAuthenticationConverter does not support form encoded body parameter in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#15818 opened Sep 17, 2024 by jonah1und1
@sjohnr
Consider removing one level of the OIDC Backchannel Logout DSL in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15817 opened Sep 16, 2024 by jzheaux General Backlog
Favor ObjectProvider over custom getBeanOrNull method in: core An issue in spring-security-core type: enhancement A general enhancement
#15805 opened Sep 13, 2024 by jzheaux
1
@jzheaux @ngocnhan-tran1996
2
Provide a way to append extra request matchers to the default matcher for AbstractPreAuthenticatedProcessingFilter status: waiting-for-feedback We need additional information before we can continue type: enhancement A general enhancement
#15785 opened Sep 10, 2024 by crizzis
1
@jzheaux
3
OidcBackChannelLogoutTokenValidator should not throw an NPE when issuer is missing in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: bug A general bug
#15771 opened Sep 9, 2024 by jzheaux 6.2.x
1
@jzheaux @wapkch
2
Remove 5.8.x from Auto Merge Forward Dependabot PRs type: task A general task
#15770 opened Sep 9, 2024 by marcusdacoregio 5.8.15
@sjohnr
CORS example from the documentation does not work since Spring Security 6.2.6 / 6.3.3 in: docs An issue in Documentation or samples status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: bug A general bug
#15769 opened Sep 9, 2024 by mgocd 6.2.7
@jzheaux
2
Spring OAuth2 Client + native does not work out of the box. Should be easy to fix status: feedback-reminder We've sent a reminder that we need additional information before we can continue status: waiting-for-feedback We need additional information before we can continue type: enhancement A general enhancement
#15764 opened Sep 9, 2024 by rcomblen
2
InitializeUserDetailsBeanManagerConfigurer does configure a DaoAuthenticationProvider without Encoder although there are encoders found status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15751 opened Sep 6, 2024 by tkrah
1
Improve Integration between Authorized Objects and Spring Data in: core An issue in spring-security-core type: enhancement A general enhancement
#15746 opened Sep 5, 2024 by jzheaux 6.4.x
@jzheaux
2
Include Compromised Password Information in UserDetails in: core An issue in spring-security-core type: enhancement A general enhancement
#15745 opened Sep 5, 2024 by marcusdacoregio
Consider allowing oneTimeTokenLogin() to authenticate different devices in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
#15744 opened Sep 5, 2024 by marcusdacoregio
1
Webservice returns invalid response containing Empty Headers (":") (2) status: waiting-for-feedback We need additional information before we can continue type: bug A general bug
#15738 opened Sep 5, 2024 by david0
@jzheaux
1
Consider adding OneTimeTokenService for a clustered environment type: enhancement A general enhancement
#15735 opened Sep 4, 2024 by CrazyParanoid
5
Consider deprecating Global Authentication status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#15722 opened Sep 2, 2024 by Kehrlann
Provide a way to customize the default RequestCache without replacing the entire implementation in: config An issue in spring-security-config type: enhancement A general enhancement
#15707 opened Aug 28, 2024 by eric-creekside
4
Supporting logout+jwt for back-channel logout with spring-webflux in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: enhancement A general enhancement
#15702 opened Aug 27, 2024 by c1rd3cm
@jzheaux
2
Add Reactive One-Time Token Login support in: config An issue in spring-security-config type: enhancement A general enhancement
#15699 opened Aug 27, 2024 by marcusdacoregio
1
@CrazyParanoid
3
Support @AuthorizedReturnObject for Java Records
#15696 opened Aug 27, 2024 by rwinch
1
Full authentication is required to access this resource in: web An issue in web modules (web, webmvc) status: waiting-for-feedback We need additional information before we can continue
#15690 opened Aug 26, 2024 by luohuanyu
4
Possible bug in AbstractRequestMatcherRegistry#requireOnlyPathMappedDispatcherServlet? (DispatcherServlet not found when resolving request matcher) for: stackoverflow A question that's better suited to stackoverflow.com status: waiting-for-feedback We need additional information before we can continue
#15684 opened Aug 23, 2024 by mauromol
2
ProTip! Add no:assignee to see everything that’s not assigned.