Skip to content

Issues: spring-projects/spring-security

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
0 Open 685 Closed
0 Open 685 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

SEC-1987 & SEC-1986 status: invalid An issue that we don't feel is valid
#14 by leleuj was closed Nov 17, 2021 Loading…
@rwinch
31
CSRF Support for SameSite in: web An issue in web modules (web, webmvc) status: invalid An issue that we don't feel is valid type: enhancement A general enhancement
#7537 by rwinch was closed Nov 17, 2021 5.3.x
@rwinch
29
SEC-2539: Unable to browse my application in: core An issue in spring-security-core status: invalid An issue that we don't feel is valid type: bug A general bug type: jira An issue that was migrated from JIRA
#2751 by spring-projects-issues was closed Apr 3, 2014
@rwinch
18
AccessDeniedHandler and AuthenticationEntryPoint does not work Because of the global exception handler status: invalid An issue that we don't feel is valid
#6908 by allurx was closed Dec 3, 2020
@rwinch
18
WebFlux security should not overwrite the default entry point with a delegating entry point in: config An issue in spring-security-config status: invalid An issue that we don't feel is valid
#9266 by foo4u was closed Apr 20, 2021
@jgrandja
15
SEC-2431: ambiguous method for UrlAuthorizationConfigurer in: config An issue in spring-security-config status: invalid An issue that we don't feel is valid type: bug A general bug type: jira An issue that was migrated from JIRA
#2652 by spring-projects-issues was closed Feb 19, 2014
@rwinch
14
once https - always https status: invalid An issue that we don't feel is valid type: bug A general bug
#9466 by guai was closed Mar 5, 2021
@rwinch
14
SEC-917: Spring Security hangs SJSAS 8.1 (Enterprise) status: invalid An issue that we don't feel is valid type: bug A general bug type: jira An issue that was migrated from JIRA
#1170 by spring-projects-issues was closed Jul 30, 2008 2.0.4
13
Spring Security with Active Directory shows *Property 'userDn' not set - anonymous context will be used for read-write operations* INFO message even if anonymous is disabled in HttpSecurity settings status: invalid An issue that we don't feel is valid type: bug A general bug
#14079 by dbnex14 was closed Nov 7, 2023
@marcusdacoregio
13
Validate token passed in query parameters same as headers status: invalid An issue that we don't feel is valid
#7012 by bhavikkumar was closed Jun 26, 2019 Loading…
1
@rwinch
13
SEC-2928: @EnableGlobalMethodSecurity(jsr250Enabled = true) returns "Access is denied" in: core An issue in spring-security-core status: invalid An issue that we don't feel is valid type: bug A general bug type: jira An issue that was migrated from JIRA
#3139 by spring-projects-issues was closed Apr 22, 2015
@rwinch
12
SEC-2459: Spring Security Cookie Issue. Cookie not flagged HTTP-Only in: web An issue in web modules (web, webmvc) status: invalid An issue that we don't feel is valid type: bug A general bug type: jira An issue that was migrated from JIRA
#2680 by spring-projects-issues was closed Feb 19, 2014
@rwinch
12
SEC-748: Support and basic implementation for CAS single sign out protocol in: cas An issue in spring-security-cas status: invalid An issue that we don't feel is valid type: enhancement A general enhancement type: jira An issue that was migrated from JIRA
#1008 by spring-projects-issues was closed May 19, 2021
@rwinch
12
SEC-2792: HeaderChecks not applied to Load Balanced https originated redirects in: core An issue in spring-security-core status: invalid An issue that we don't feel is valid type: bug A general bug type: jira An issue that was migrated from JIRA
#2938 by spring-projects-issues was closed Oct 27, 2015
@rwinch
12
SEC-2144: using AspectJMethodSecurityInterceptor for authorization the annotated method is ignored in hierarchi in: core An issue in spring-security-core status: invalid An issue that we don't feel is valid type: bug A general bug type: jira An issue that was migrated from JIRA
#2370 by spring-projects-issues was closed Nov 1, 2013
@rwinch
12
Provide debug logs if http-method (POST) rejected with 401 when CSRF (default) enabled in: web An issue in web modules (web, webmvc) status: invalid An issue that we don't feel is valid
#7473 by dopsun was closed Nov 9, 2021
@marcusdacoregio
12
OidcReactiveOAuth2UserService should not retrieve user info when access token does not contain specific scopes. in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: invalid An issue that we don't feel is valid
#10615 by chenrujun was closed Jan 6, 2022
@sjohnr
12
OidcIdTokenDecoderFactory allows only one algorithm (default to RS256) to be specified for JWT Decoder. Doesn't work when there are multiple algorithms used by IDP to issue signed JWT Tokens in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: invalid An issue that we don't feel is valid
#11049 by jigneshshukla was closed Apr 4, 2022
@jgrandja
12
authorizeHttpRequests ignores AuthenticationProvider status: invalid An issue that we don't feel is valid type: bug A general bug
#12602 by zotornit was closed Feb 3, 2023
@marcusdacoregio
12
OpenSAML dependency is resolved from a 3rd party repository in: saml2 An issue in SAML2 modules status: invalid An issue that we don't feel is valid type: bug A general bug
#11966 by bclozel was closed Dec 12, 2023
@rwinch
12
AccessDeniedHandler cannot handle exception thrown from AuthorizationManagerBeforeMethodInterceptor in: core An issue in spring-security-core status: invalid An issue that we don't feel is valid
#12951 by insight720 was closed Jan 23, 2024
@jzheaux
12
permitAll() broken? in: web An issue in web modules (web, webmvc) status: invalid An issue that we don't feel is valid
#13303 by UglyHobbitFeet was closed Jun 16, 2023
@marcusdacoregio
12
SEC-1185: MethodInvocationPrivilegeEvaluator.isAllowed() Returns True When Authentication is null in: core An issue in spring-security-core status: invalid An issue that we don't feel is valid type: bug A general bug type: jira An issue that was migrated from JIRA
#1434 by spring-projects-issues was closed Aug 12, 2009 3.0.0 M2
11
SEC-2982: Make org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider non-final in: ldap An issue in spring-security-ldap status: invalid An issue that we don't feel is valid type: enhancement A general enhancement type: jira An issue that was migrated from JIRA
#3191 by spring-projects-issues was closed Jun 27, 2019
@rwinch
11
SEC-1937: Support multiple <authentication-manager> elements in: config An issue in spring-security-config status: invalid An issue that we don't feel is valid type: bug A general bug type: jira An issue that was migrated from JIRA
#2163 by spring-projects-issues was closed Jan 22, 2014 3.1.1
11
ProTip! Mix and match filters to narrow down what you’re looking for.