Aurora Blog
Home
Spring Security FormLogin to be configurable to take in username and password as json.
Expected BehaviorFormLogin should be configurable to take in username and password as a predefined json object.Current B...
2025-12-17 14:01:09
4511
Spring Security Support generating RFC 9068 compliant JWT access tokens
Expected BehaviorNimbusJwtEncoder should allow the user to specify whether it should generate JWT access tokens complyin...
2025-12-17 14:01:05
1995
Spring Security NimbusJwtEncoder produces JWT with wrong "typ" header value
Describe the bugIn Spring Security 7, a NimbusJwtEncoder constructed by private NimbusJwtEncoder(JWK jwk) produces Jwt o...
2025-12-17 14:01:03
2310
Spring Security Define a dedicated AuthenticationSuccessHandler for the OAuth2AuthorizationEndpointFilter
https://github.com/spring-projects/spring-security/blob/9126aaf19b33d7cfa4494fa2b9ccf2918f50e62b/oauth2/oauth2-authoriza...
2025-12-04 14:01:41
1374
Spring Security Expose default error/success handlers in OAuth2AuthorizationEndpointFilter
Expected BehaviorThe default behaviour of the AuthenticationSuccessHandler and AuthenticationFailureHandlers should be a...
2025-12-04 14:01:39
704
Spring Security Default clientSettings.isRequireProofKey=true does not make sense for non auth-code-flow clients
I have a spring boot 4 app with an oauth2 client registration, that is configured with refresh_token for the authorizati...
2025-12-04 14:01:34
1424
Spring Security put() in DefaultOAuth2TokenContext is not respected during token generation
We use this guide to create a custom grant type for our CIBA use case but we found a potential problem in enriching the ...
2025-12-04 14:01:32
1645
Spring Security PermissionEvaluator targetDomainObject should be @Nullable
Describe the bugUpgrading from 6.x to 7.0, the org.springframework.security.access package has now been @NullMarked.The ...
2025-12-04 14:01:27
433
Spring Security Expose Methods in OAuth2EndpointUtils
Currently the methods in org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2EndpointUtils...
2025-11-29 14:01:14
718
Spring Security can no longer use custom jwtdecoder
Describe the bugWhile running into the common(?) 'Read timed out' error I tried to follow the common advise of providing...
2025-11-25 14:01:27
14261
Spring Security Add NimbusJwtDecoder RestTemplate timeouts to migration guide
Related to #18195, we should add detail in the migration guide about how extend the socket timeout values.
2025-11-25 14:01:25
106
Spring Security Missing oauth2AuthorizationServer method from HttpSecurityDsl in 7.0
HttpSecurity on 7.0 added oauth2AuthorizationServer method, but HttpSecurityDsl missing thathttps://github.com/spring-pr...
2025-11-25 14:01:24
410
Spring Security Spring ACL permissions are not bitmask-based
Describe the bugIf I grant a user the .....W permission (mask 3) and check it against a document I annotated with @PreAu...
2025-11-18 14:02:25
4144
Spring Security NPE in FilterChainProxy.getFilters(String)
Describe the bugorg.springframework.security.web.FilterChainProxy.getFilters(String) throws NPE in Spring Security 6.5.6...
2025-11-18 14:02:23
1868
Spring Security Document Jackson 3 Migration
Document how the switch to Jackson 3 is a breaking change. For example, users with custom Security classes that are mapp...
2025-11-18 14:02:15
312
Spring Security CORS auto-detection fails when CorsConfigurationSource bean name differs from default
Summary: Spring Security only detects a CorsConfigurationSource bean by name "corsConfigurationSource", causing silent C...
2025-11-15 14:00:56
6180
Spring Security OAuth2 should validate MFA
Expected BehaviorWhen Enabling MFA, OAuth2 auhorization flows should (optionally) first get MFA validated, then continue...
2025-11-15 14:00:54
1096
Spring Security AuthenticationPrincipalArgumentResolver has an outdated Authentication when OIDC ID Token is updated after refresh token
Hi, In a plain oauth2Login() application (keycloak as IDP for example), after https://github.com/spring-projects/spring-...
2025-11-15 14:00:49
1012
Spring Security WebAuthn login fails when validating allowCredentials
Describe the bugWhen used as a single factor, WebAuthn login works.Used as a second factor, WebAuthn login fails, becaus...
2025-11-15 14:00:48
3138
Spring Security Application won't start when we use a custom JpaRepositoryFactoryBean with constructor injection and have org.springframework.boot::spring-boot-starter-oauth2-client as a dependency in pom
Spring Boot Version3.5.7Describe the bugSuppose we havepublic class CustomBaseJpaRepositoryFactoryBean<T extends Repo...
2025-11-15 14:00:46
9255
上一页
下一页
1
2
3
4
5
6
7
…
17
.