-
Notifications
You must be signed in to change notification settings - Fork 5.9k
Issues: spring-projects/spring-security
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
Allow customizing the strategy for resolving the principal in An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
type: enhancement
A general enhancement
OAuth2ClientHttpRequestInterceptor
in: oauth2
Consider adding An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
type: enhancement
A general enhancement
ClientRegistrationIdResolver
to ExchangeFilterFunction
s
in: oauth2
Consider favoring ObjectProvider#getIfAvailable
in: config
An issue in spring-security-config
type: breaks-passivity
A change that breaks passivity with the previous release
type: enhancement
A general enhancement
Add support for requesting protected resources with RestClient via a ServletBearerExchangeFilterFunction or equivalent
in: oauth2
An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
status: waiting-for-triage
An issue we've not yet triaged
type: enhancement
A general enhancement
#15820
opened Sep 17, 2024 by
azizabah
ServerBearerTokenAuthenticationConverter does not support form encoded body parameter
in: oauth2
An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
status: waiting-for-triage
An issue we've not yet triaged
type: enhancement
A general enhancement
#15818
opened Sep 17, 2024 by
jonah1und1
Consider removing one level of the OIDC Backchannel Logout DSL
in: oauth2
An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
type: enhancement
A general enhancement
Favor ObjectProvider over custom getBeanOrNull method
in: core
An issue in spring-security-core
type: enhancement
A general enhancement
#15805
opened Sep 13, 2024 by
jzheaux
Provide a way to append extra request matchers to the default matcher for AbstractPreAuthenticatedProcessingFilter
status: waiting-for-feedback
We need additional information before we can continue
type: enhancement
A general enhancement
#15785
opened Sep 10, 2024 by
crizzis
OidcBackChannelLogoutTokenValidator should not throw an NPE when issuer is missing
in: oauth2
An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
type: bug
A general bug
CORS example from the documentation does not work since Spring Security 6.2.6 / 6.3.3
in: docs
An issue in Documentation or samples
status: ideal-for-contribution
An issue that we actively are looking for someone to help us with
type: bug
A general bug
Spring OAuth2 Client + native does not work out of the box. Should be easy to fix
status: feedback-reminder
We've sent a reminder that we need additional information before we can continue
status: waiting-for-feedback
We need additional information before we can continue
type: enhancement
A general enhancement
#15764
opened Sep 9, 2024 by
rcomblen
InitializeUserDetailsBeanManagerConfigurer does configure a DaoAuthenticationProvider without Encoder although there are encoders found
status: waiting-for-triage
An issue we've not yet triaged
type: bug
A general bug
#15751
opened Sep 6, 2024 by
tkrah
Improve Integration between Authorized Objects and Spring Data
in: core
An issue in spring-security-core
type: enhancement
A general enhancement
Include Compromised Password Information in An issue in spring-security-core
type: enhancement
A general enhancement
UserDetails
in: core
#15745
opened Sep 5, 2024 by
marcusdacoregio
Consider allowing An issue in web modules (web, webmvc)
type: enhancement
A general enhancement
oneTimeTokenLogin()
to authenticate different devices
in: web
#15744
opened Sep 5, 2024 by
marcusdacoregio
Webservice returns invalid response containing Empty Headers (":") (2)
status: waiting-for-feedback
We need additional information before we can continue
type: bug
A general bug
#15738
opened Sep 5, 2024 by
david0
Consider adding OneTimeTokenService for a clustered environment
type: enhancement
A general enhancement
#15735
opened Sep 4, 2024 by
CrazyParanoid
Consider deprecating Global Authentication
status: waiting-for-triage
An issue we've not yet triaged
type: enhancement
A general enhancement
#15722
opened Sep 2, 2024 by
Kehrlann
Provide a way to customize the default RequestCache without replacing the entire implementation
in: config
An issue in spring-security-config
type: enhancement
A general enhancement
#15707
opened Aug 28, 2024 by
eric-creekside
Supporting logout+jwt for back-channel logout with spring-webflux
in: oauth2
An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
status: ideal-for-contribution
An issue that we actively are looking for someone to help us with
type: enhancement
A general enhancement
#15702
opened Aug 27, 2024 by
c1rd3cm
Add Reactive One-Time Token Login support
in: config
An issue in spring-security-config
type: enhancement
A general enhancement
#15699
opened Aug 27, 2024 by
marcusdacoregio
Full authentication is required to access this resource
in: web
An issue in web modules (web, webmvc)
status: waiting-for-feedback
We need additional information before we can continue
#15690
opened Aug 26, 2024 by
luohuanyu
Possible bug in AbstractRequestMatcherRegistry#requireOnlyPathMappedDispatcherServlet? (DispatcherServlet not found when resolving request matcher)
for: stackoverflow
A question that's better suited to stackoverflow.com
status: waiting-for-feedback
We need additional information before we can continue
#15684
opened Aug 23, 2024 by
mauromol
Previous Next
ProTip!
Add no:assignee to see everything that’s not assigned.