Skip to content

Issues: spring-projects/spring-security

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

916 Open 11,601 Closed
916 Open 11,601 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Discrepancy in Documentation Regarding UsernamePasswordAuthenticationToken Creation Flow status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#16149 opened Nov 23, 2024 by tony0808
OAuth2LoginAuthenticationFilter acts as an uber AuthenticationManager status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#16142 opened Nov 21, 2024 by jarek-jpa
Consider using @Fallback instead of BeanDefinitionRegistryPostProcessor for OAuth2AuthorizedClientManager in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#16137 opened Nov 20, 2024 by sjohnr 6.5.x
@sjohnr
Improve startup validation of request matchers in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
#16135 opened Nov 20, 2024 by jzheaux 6.5.x
@jzheaux
1
[OAuth2] Misconfigured OAuth2LoginAuthenticationFilter when combining OAuth2 login and OAuth2 client configuration in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16105 opened Nov 15, 2024 by BWohlbrecht 6.2.9
@sjohnr
2
Should return www-authenticate even for "X-Requested-With: XMLHttpRequest" requests in: web An issue in web modules (web, webmvc) type: bug A general bug
#16103 opened Nov 15, 2024 by MartinEmrich
5
Add OpenTelemetry Span Creation for Spring Security Filters and Expose as Configurable Property status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#16092 opened Nov 14, 2024 by Seifenn
Getting error as The response contained an InResponseTo attribute [] but no saved authentication request was found in saml2 in: saml2 An issue in SAML2 modules status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16091 opened Nov 14, 2024 by sasirekha98
@jzheaux
Bump version com.nimbusds:oauth2-oidc-sdk status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#16089 opened Nov 14, 2024 by bostandyksoft
Consider making the constructor of OAuth2AccessToken.TokenType public in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#16086 opened Nov 13, 2024 by sjohnr 6.5.x
@sjohnr
Verification Options do not Return Saved Transports for Credentials in: web An issue in web modules (web, webmvc) status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16084 opened Nov 13, 2024 by Jyosua
@rwinch
OidcBackChannelLogoutWebFilter returns an error for unauthenticated ajax requests in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16073 opened Nov 12, 2024 by katya-tis
@jzheaux
1
OidcBackChannelLogoutWebFilter error response is not a correct JSON in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16072 opened Nov 12, 2024 by katya-tis
@jzheaux
Passkey Endpoints do not Honor .permitAll() in: web An issue in web modules (web, webmvc) status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16070 opened Nov 12, 2024 by Jyosua
@rwinch
Mutate breaks functionality of StrictFirewallHttpHeaders with recently modified HttpHeaders#writabeHttpHeaders in: web An issue in web modules (web, webmvc) status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16069 opened Nov 12, 2024 by MichalStehlikCz
@rwinch
1
AuthorizeReturnObject should target the authorized object within MVC return values
#16059 opened Nov 11, 2024 by jzheaux
1
Exceptions for Authorized Objects should propagate when returned from a Controller
#16058 opened Nov 11, 2024 by jzheaux
Improve Integration between Authorized Objects and Spring MVC in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
#16057 opened Nov 11, 2024 by jzheaux
2 tasks
6.5.x
@jzheaux
ServerBearerTokenAuthenticationConverter validates parameters when not enabled in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: bug A general bug
#16038 opened Nov 4, 2024 by sjohnr 6.2.x
@jonah1und1
1
Further document adding types to the Jackson allowlist status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#16015 opened Oct 30, 2024 by jzheaux
Add JdbcRelyingPartyRegistrationRepository status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: enhancement A general enhancement
#16012 opened Oct 30, 2024 by sasirekha98
2
ServerHeadersDsl doesn't allow addition of custom ServerHttpHeadersWriter in: config An issue in spring-security-config type: enhancement A general enhancement
#16009 opened Oct 29, 2024 by vonZeppelin
1
@jzheaux @evgeniycheban
1
Consider aligning OAuth 2.0 Access Token Response parsing in BodyExtractor in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#16001 opened Oct 25, 2024 by sjohnr 6.5.x
@sjohnr
Saml2WebSsoAuthenticationFilter should allow requests through when SAMLResponse is absent in: saml2 An issue in SAML2 modules type: enhancement A general enhancement
#16000 opened Oct 25, 2024 by jzheaux 6.5.x
AuthorizeReturnObject should target the authorized object within Spring Data components type: bug A general bug
#15994 opened Oct 25, 2024 by noshua 6.5.x
@jzheaux
4
ProTip! Adding no:label will show everything without a label.