These four items, not three items, constitute the auth process:
. A user is prompted to log in with a username and password.
. The system (successfully) verifies that the password is correct for the username.
. The context information for that user is obtained (their list of roles and so on).
. A security context is established for the user
Prior to this change, "HttpBasicSpec#authenticationManager" and
"FormLoginSpec#authenticationManager" were always overridden by
"ServerHttpSecurity#authenticationManager".
This commit makes sure override only happens when custom authentication
manager was not specified.
Fixes: gh-5660
A class with a number of handy request-based implementations of
AuthenticationManagerResolver targeted at common multi-tenancy
scenarios.
Fixes: gh-6976
If the salt length is 28 characters and the
version is 2{a,x,y}, an IndexOutOfBoundsException
is thrown. This commit adds an extra check that
the salt length should be at least 29 characters long
if the version is not equal to "2".
Fixes: gh-6907
Previously ServerBearerTokenAuthenticationConverter would throw an
IllegalArgumentException when the access token in a URI was empty String.
It also incorrectly provided HttpStatus.BAD_REQUEST for an empty String
access token in the headers.
This changes ServerBearerTokenAuthenticationConverter to consistently
throw a OAuth2AuthenticationException with an HttpStatus.UNAUTHORIZED
Fixes gh-7011
Issue #5856
Commit 385bdfc055
NOTE: This commit 'partially' reverts #5856. Only the ServerWebExchangeMatcher for OAuth2LoginSpec is reverted.
Fixes gh-6890
These hashCode implementations seemed suspicious (field hashCodes XORed together with 31).
Included caseSensitive in AntPathRequestMatcher.hashCode() to be consistent with equals().
Added new implementation of jwt() method that
makes it possible to directly provide a previously
prepared JWT token to WebTestClient mutator.
Fixes: spring-projectsgh-6896
Behrang
Tadaya Tsuyukubo
Lars Grefer
Eleftheria Stein
Josh Cummings
Léon van der Kaap
Rob Winch
Joe Grandja
Thomas Vitale
Bagyoni Attila
Daniel Meier
Dennis Devriendt
sandmannn