This commit removes unnecessary main-branch merges starting from
9f8db22b774fe78fef3598c07e184c371892c1c7 and adds the following
needed commit(s) that were made afterward:
- 4d6ff49b9d663d0f25454f3704a45c83b35da689
- ed6ff670d102736eea0ac360921c9015151ac630
- c823b007942a04a27d02c0a28bc2ad85e8790084
- 44fad21363bef1b06422be28c9bbfadde5e44804
This commit removes unnecessary main-branch merges starting from
8750608b5bca45525c99d0a41a20ed02de93d8c7 and adds the following
needed commit(s) that were made afterward:
- 5dce82c48bc0b174838501c5a111b2de70822914
Prevent JwtAuthenticationProvider from setting authentication details
when jwtAuthenticationConverter returned an authentication instance
with non null details.
Closes gh-11822
Before this commit splitting the authorities claim was done by a
hardcoded regex " ". This commit allows to configure to set any regex
to split the authorities claim while keeping the previously
hardcoded regex as a default.
Closes gh-12074
Before this commit splitting the authorities claim was done by a
hardcoded regex " ". This commit allows to configure to set any regex
to split the authorities claim while keeping the previously
hardcoded regex as a default.
Since Spring Security still needs these methods and classes, we
should wait on deprecating them if we can.
Instead, this commit changes the original classes to have a
boolean property that is currently false, but will switch to true
in 6.0.
At that time, BearerTokenAuthenticationFilter can change to use
the handler.
Closes gh-11932
Issue gh-11932, gh-9429
(Server)AuthenticationEntryPointFailureHandler should produce HTTP 500 instead
when an AuthenticationServiceException is thrown, instead of HTTP 401.
This commit deprecates the current behavior and introduces an opt-in
(Server)AuthenticationEntryPointFailureHandlerAdapter with the expected
behavior.
BearerTokenAuthenticationFilter uses the new adapter, but with a closure
to keep the current behavior re: entrypoint.
Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).
The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).
The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.
Closes gh-11661
