Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-13 07:32:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update shouldConvertGetRequests Migration Steps

Browse Source 
Issue gh-17099
This commit is contained in:
Josh Cummings 2025-06-03 13:08:51 -06:00
parent f73f253beb
commit 492444c588
No known key found for this signature in database
GPG Key ID: 869B37A20E876129
1 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs/modules/ROOT/pages/migration/servlet/oauth2.adoc
View File

@ -83,9 +83,9 @@ fun jwtDecoder(): JwtDecoder {
Spring Security does not support processing `<saml2:Response>` payloads over GET as this is not supported by the SAML 2.0 spec. Spring Security does not support processing `<saml2:Response>` payloads over GET as this is not supported by the SAML 2.0 spec.
To better comply with this, `Saml2AuthenticationTokenConverter` will not process GET requests by default as of Spring Security 8. To better comply with this, `Saml2AuthenticationTokenConverter`, `OpenSaml4AuthenticationTokenConverter`, and `OpenSaml5AuthenticationTokenConverter` will not process GET requests by default as of Spring Security 8.
To prepare for this, the property `shouldConvertGetRequests` is available. To prepare for this, the property `shouldConvertGetRequests` is available.
To use it, publish your own `Saml2AuthenticationTokenConverter` like so: To use it, publish your own converter like so:
[tabs] [tabs]
====== ======
@ -94,9 +94,8 @@ Java::
[source,java,role="primary"] [source,java,role="primary"]
---- ----
@Bean @Bean
Saml2AuthenticationTokenConverter authenticationConverter(RelyingPartyRegistrationRepository registrations) { OpenSaml5AuthenticationTokenConverter authenticationConverter(RelyingPartyRegistrationRepository registrations) {
Saml2AuhenticationTokenConverter authenticationConverter = new Saml2AuthenticationTokenConverter( OpenSaml5AuthenticationTokenConverter authenticationConverter = new OpenSaml5AuthenticationTokenConverter(registrations);
new DefaultRelyingPartyRegistrationResolver(registrations));
authenticationConverter.setShouldConvertGetRequests(false); authenticationConverter.setShouldConvertGetRequests(false);
return authenticationConverter; return authenticationConverter;
} }
@ -108,12 +107,11 @@ Kotlin::
---- ----
@Bean @Bean
fun authenticationConverter(val registrations: RelyingPartyRegistrationRepository): Saml2AuthenticationTokenConverter { fun authenticationConverter(val registrations: RelyingPartyRegistrationRepository): Saml2AuthenticationTokenConverter {
val authenticationConverter = new Saml2AuthenticationTokenConverter( val authenticationConverter = Saml2AuthenticationTokenConverter(registrations)
DefaultRelyingPartyRegistrationResolver(registrations))
authenticationConverter.setShouldConvertGetRequests(false) authenticationConverter.setShouldConvertGetRequests(false)
return authenticationConverter return authenticationConverter
} }
---- ----
====== ======
If you must continue using `Saml2AuthenticationTokenConverter` to process GET requests, you can call `setShouldConvertGetRequests` to `true.` If you must continue using `Saml2AuthenticationTokenConverter`, `OpenSaml4AuthenticationTokenConverter`, or `OpenSaml5AuthenticationTokenConverter` to process GET requests, you can call `setShouldConvertGetRequests` to `true.`