- Moved to BearerTokenAuthenticationFilter constructor to align with
AuthenticationFilter
- Undeprecated BearerTokenResolver to reduce number of migration scenarios
- Updated to 7.0 schema
- Added migration docs
Issue gh-14750
In tests, we want to both test that functionality works and also
demonstrate common or expected usage, where possible. It is likely
incorrect to use @Order(0) for a target visitor as this states that
it should take precedence over all Spring Security visitors defined
at a lower precedence.
Also, it appears this may have been added this way because of a mock
visitor that appears to be unused by any tests. Further, when an
application has multiple visitors, they should use the TargetVisitor.of
method to publish one bean with the order determined by the order
of the method parameters instead of having two separate beans.
This commit removes the @Order(0) annotation and also the mock
visitor, deferring to the natural ordering afforded by the
framework.
Issue gh-15994
NimbusJwtDecoder and NimbusReactiveJwtDecoder now use
Spring Security's JwtTypeValidator by default instead
of Nimbus's type validator.
Closes gh-17181
Now that NimbusReactiveOpaqueTokenIntrospector is
deprecated, this commit changes the Spring
Security default to now use SpringReactiveOpaqueTokenIntrospector.
Issue gh-15988
Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
To make SpringSecurityCoreVersionSerializableTests more manageable,
this commit moves the sample class constructions to a separate file.
In this way, the tests file only changes when serialization tests are
added. When classes are introduced, they can be added to SerializationSamples,
separating the two concerns
If Instancio fails to instatiate the class sample, it will
now also delete the serialized sample file. Otherwise, it will
leave a zero-byte file on the filesystem, confusing future test runs
Given that these classes each have a consistent serialization UID
across minor versions, but that the 6.5.x serialized version is using a
different UID, these serialized files were likely generated in error.
As such, this commit replaces the serialized files with correct ones.
Issue gh-16432
Since we don't need to ensure the serializability of test components
across versions, we can ignore missing version UIDs when those
test components aren't about testing Java serialization.
Issue gh-17038
We should test that serialized files from the current minor version
can be deserialized. This ensures that serializations remain
deserializable in patch releases.
Issue gh-3737
