abstraction for Runnable that can be used for async and
scheduled tasks. The primary contract for task scheduling is
TaskScheduler and there's no such wrapper available at the moment.
The new DelegatingSecurityContextTaskScheduler class implements
TaskScheduler interface.
Fixes gh-6043
1. Added method authenticationEntryPoint in ServerHttpSecurity to allow
setting authenticationEntryPoint.
2. Added test in ServerHttpSecurityTests to check if
if specified realm name set by authenticationEntryPoint is
returned
Fixes: gh-6270
When setup the acl tables as specified in the Spring.io documentation
I have faced the following error on a PostgreSql database:
org.postgresql.util.PSQLException: ERROR: operator does not exist:
bigint = character varying.
This is because the acl_object_identity.object_id_identity column is
of type varchar(36) but it is not necessarily accessed with a value
of type String.
- JdbcAclService / JdbcMutableAclService: SQL query must match
object_id_identity column specification
- JdbcAclService: changed JdbcTemplate to JdbcOperations for testability
- JdbcAclServiceTest: Increased test coverage,
the integration tests using embedded db relates to this commit
cd8d2079ed
Fixes gh-5508
1. Created new WebFilter AnonymousAuthenticationWebFilter to
for anonymous authentication
2. Created class AnonymousSpec, method anonymous to configure
anonymous authentication in ServerHttpSecurity
3. Added ANONYMOUS_AUTHENTICATION order after AUTHENTICATION for
anonymous authentication in SecurityWebFiltersOrder
4. Added tests for anonymous authentication in
AnonymousAuthenticationWebFilterTests and ServerHttpSecurityTests
5. Added support for Controller in WebTestClientBuilder
Fixes: gh-5934
This change
- replaces anyListOf(Class<T> clazz).
With Java 8 this method will be removed in Mockito 3.0.
This method is only used for generic friendliness to avoid casting,
this is not anymore needed in Java 8.
- replaces anyObject
with any or any(Class<T> clazz)
Fixes gh-6212
Addition of two new methods addFilterBefore and addFilterAfter in
ServerHttpSecurity to allow addition of WebFilter before and after of
specified order
Fixes: gh-6138
The Authorization header was matched for OAuth2
against the "Bearer" keyword in a case sensitive
fashion.
According to RFC 2617, it should be case insensitive
and some oauth clients (including some earlier
versions of spring-security) expect it so.
This is the reactive counterpart to commit
63f2b6094f .
Fixes gh-6195
This commit ensures that the jacoco plugin is applied when calling
check and test tasks.
Also remoed the clean task that prevented sonarqube using coverage data
Fixes: gh-6199
The Authorization header was matched for OAuth2
against the "Bearer" keyword in a case sensitive
fashion.
According to RFC 2617, it should be case insensitive
and some oauth clients (including some earlier
versions of spring-security) expect it so.
Added the ability to specify a custom WebClient in
WebClientReactiveClientCredentialsTokenResponseClient.
Also added testing to ensure the custom WebClient is not null and is
used.
Fixes: gh-6051