diff --git a/docs/modules/ROOT/pages/migration/servlet/oauth2.adoc b/docs/modules/ROOT/pages/migration/servlet/oauth2.adoc index e80e0a916e..6cdb9043dd 100644 --- a/docs/modules/ROOT/pages/migration/servlet/oauth2.adoc +++ b/docs/modules/ROOT/pages/migration/servlet/oauth2.adoc @@ -83,9 +83,9 @@ fun jwtDecoder(): JwtDecoder { Spring Security does not support processing `` payloads over GET as this is not supported by the SAML 2.0 spec. -To better comply with this, `Saml2AuthenticationTokenConverter` will not process GET requests by default as of Spring Security 8. +To better comply with this, `Saml2AuthenticationTokenConverter`, `OpenSaml4AuthenticationTokenConverter`, and `OpenSaml5AuthenticationTokenConverter` will not process GET requests by default as of Spring Security 8. To prepare for this, the property `shouldConvertGetRequests` is available. -To use it, publish your own `Saml2AuthenticationTokenConverter` like so: +To use it, publish your own converter like so: [tabs] ====== @@ -94,9 +94,8 @@ Java:: [source,java,role="primary"] ---- @Bean -Saml2AuthenticationTokenConverter authenticationConverter(RelyingPartyRegistrationRepository registrations) { - Saml2AuhenticationTokenConverter authenticationConverter = new Saml2AuthenticationTokenConverter( - new DefaultRelyingPartyRegistrationResolver(registrations)); +OpenSaml5AuthenticationTokenConverter authenticationConverter(RelyingPartyRegistrationRepository registrations) { + OpenSaml5AuthenticationTokenConverter authenticationConverter = new OpenSaml5AuthenticationTokenConverter(registrations); authenticationConverter.setShouldConvertGetRequests(false); return authenticationConverter; } @@ -108,12 +107,11 @@ Kotlin:: ---- @Bean fun authenticationConverter(val registrations: RelyingPartyRegistrationRepository): Saml2AuthenticationTokenConverter { - val authenticationConverter = new Saml2AuthenticationTokenConverter( - DefaultRelyingPartyRegistrationResolver(registrations)) + val authenticationConverter = Saml2AuthenticationTokenConverter(registrations) authenticationConverter.setShouldConvertGetRequests(false) return authenticationConverter } ---- ====== -If you must continue using `Saml2AuthenticationTokenConverter` to process GET requests, you can call `setShouldConvertGetRequests` to `true.` +If you must continue using `Saml2AuthenticationTokenConverter`, `OpenSaml4AuthenticationTokenConverter`, or `OpenSaml5AuthenticationTokenConverter` to process GET requests, you can call `setShouldConvertGetRequests` to `true.`