Spring MVC changed their default behavior in
https://github.com/spring-projects/spring-framework/issues/23915 This
causes failures in some of Spring Security's tests.
This explicitly sets useSuffixPatternMatch=true to ensure that Spring
Security still works if users have modified their defaults.
Closes gh-8493
Improve the documentation to show how to re-use the Opaquetoken properties of `OAuth2ResourceServerProperties` to set up basic auth in the configured `RestTemplate`.
The `io.freefair.aspectj.post-compile-weaving` plugin v5.0.1 includes [a fix](https://github.com/freefair/gradle-plugins/pull/213) that allows all tasks for `./gradlew classes` to be marked as `UP-TO-DATE` following an initial `./gradlew clean classes`. Without this fix, any compile task that is enhanced by the `io.freefair.aspectj.post-compile-weaving` plugin will incorrectly have compilation outputs configured as a _task input_, resulting in the task being out of date following a `clean compile`.
Before this commit, JdbcOAuth2AuthorizedClientService threw DuplicateKeyException when re-authorizing or when authorizing the same user from a different client.
This commit makes JdbcOAuth2AuthorizedClientService's saveAuthorizedClient method consistent with that of InMemoryOAuth2AuthorizedClientService.
Fixes gh-8425
- docs stated that empty authorityPrefix are allowed but implementation denied to use `""`
- commit removes the `hasText`-limitation but restricts to `notNull`
Fixes gh-8421
When the issuer is set in the provider metadata, we validate the iss
field of the ID Token against it.
The OpenID Connect Specification says this must always be validated.
But this would be a breaking change for applications configured other
than with ClientRegistrations.fromOidcIssuerLocation(issuer). This will
be done later with #8326
Fixes gh-8321
Saml2AuthenticationRequestContext creation logic is not extensible at
the moment as it is provided inside of Saml2WebSsoAuthenticationRequestFilter.
This change enables to custom logic to be used when creating Saml2AuthenticationRequestContext by
taking the logic from the aforementioned filter to a seperate extensible
API by the name Saml2AuthenticationRequestContextResolver.
This provides following API contract and implementation:
- Saml2AuthenticationRequestContextResolver
- DefaultSaml2AuthenticationRequestContextResolver
Fixes gh-8360
Extended the documentation for the opaque Resource Server in order to clearly state which dependencies are required in order for the minimal deployment to work. Replaced dead link for Contribute guidelines in README.adoc
Closes gh-8391
Allow the configuration of a custom GrantedAuthorityMapper for reactive OAuth2Login
- Add setter in OidcAuthorizationCodeReactiveAuthenticationManager
and OAuth2LoginReactiveAuthenticationManager
- Use an available GrantedAuthorityMapper bean to configure the default ReactiveAuthenticationManager
Fixes gh-8324
