BearerTokenAuthenticationConverter is introduced to solve the
problem of not being able to change AuthenticationDetailsSource.
BearerTokenAuthenticationFilter delegates to
BearerTokenAuthenticationConverter the task of creating
BearerTokenAuthenticationToken and setting AuthenticationDetailsSource.
BearerTokenAuthenticationConverter is customizable and the customized
converter can be used in BearerTokenAuthenticationFilter.
Closes gh-8840
The new method is intended to replace ClaimAccessor#containsClaim, the
return type of which was non-primitive Boolean. The existing
containsClaim method is now deprecated.
Closes gh-9201
- Adjusted internal logic to follow DelegatingOAuth2TokenValidator
- Changed JavaDoc to align more closely with
JwtGrantedAuthoritiesConverter
- Polished test names to follow Spring Security naming convention
- Updated test class name to follow Spring Security naming convention
- Polished tests to use TestJwts
- Added tests to address additional use cases
Closes gh-7596
- Moved support to JwtDecoders and ReactiveJwtDecoders since there is
already the expectation that those classes make an outbound connection
to complete configuration. Since there's no outbound connection when
configuring a NimbusJwtDecoder or NimbusReactiveJwtDecoder, it would be
more intrusive to change that.
Closes gh-7160
Consistently use `assertThatExceptionOfType(...).isThrownBy(...)`
rather than `assertThatCode` or `assertThatThrownBy`. This aligns with
Spring Boot and Spring Cloud. It also allows the convenience
`assertThatIllegalArgument` and `assertThatIllegalState` methods to
be used.
Issue gh-8945
Remove all blank lines from test code so that test methods are
visually grouped together. This generally helps to make the test
classes easer to scan, however, the "given" / "when" / "then"
blocks used by some tests are now not as easy to discern.
Issue gh-8945
Use regular expression search/replace to ensure all single-arg
lambdas have parenthesis. This aligns with the style used in Spring
Boot and ensure that single-arg and multi-arg lambdas are consistent.
Issue gh-8945
Update all utility classes so that they have a private constructor. This
prevents users from accidentally creating an instance, when they should
just use the static methods directly.
Issue gh-8945
Add an additional lines after the copyright header and before the
`package` declaration. This aligns with the style used by Spring
Framework.
Issue gh-8945
Replace static imports with class referenced methods. With the exception
of a few well known static imports, checkstyle restricts the static
imports that a class can use. For example, `asList(...)` would be
replaced with `Arrays.asList(...)`.
Issue gh-8945
Migrate Mockito imports to use the BDD variant. This aligns better with
the "given" / "when" / "then" style used in most tests since the "given"
block now uses Mockito `given(...)` calls.
The commit also updates a few tests that were accidentally using
Power Mockito when regular Mockito could be used.
Issue gh-8945
Apply an Eclipse cleanup rules to ensure that fields are always accessed
using `this.`. This aligns with the style used by Spring Framework and
helps users quickly see the difference between a local and member
variable.
Issue gh-8945
Bearer token was resolved immediately after calling method convert. In situations when malformed token was provided or authorization header and access token query param were present in request exception was thrown instead of signalling error.
After this change Bearer token is resolved on subscription and invalid states are handled by signaling error to subscriber.
Closes gh-8865
Bearer token was resolved immediately after calling method convert. In situations when malformed token was provided or authorization header and access token query param were present in request exception was thrown instead of signalling error.
After this change Bearer token is resolved on subscription and invalid states are handled by signaling error to subscriber.
Closes gh-8865
Bearer token was resolved immediately after calling method convert. In situations when malformed token was provided or authorization header and access token query param were present in request exception was thrown instead of signalling error.
After this change Bearer token is resolved on subscription and invalid states are handled by signaling error to subscriber.
Closes gh-8865
Removed some duplication by delegating to
DefaultOAuth2AuthenticatedPrincipal
Changed order of listed interfaces to satisfy compiler issue. When
listed with OAuth2AuthenticatedPrincipal first, then
OAuth2ResourceServerBeanDefinitionParserTests would fail to import
OpaqueTokenBeanDefinitionParser. Switching
OAuth2AuthenticatedPrincipal with OAuth2IntrospectionClaimAccessor
resolved the compilation issue.
Issue gh-6489
In order to simplify retrieving of OAuth 2.0 Introspection specific
attributes, OAuth2IntrospectionClaimAccessor interface was introduced
and also new OAuth2AuthenticatedPrincipal implementing this new
interface (OAuth2IntrospectionAuthenticatedPrincipal).
Also DefaultOAuth2AuthenticatedPrincipal was replaced by
OAuth2IntrospectionAuthenticatedPrincipal in cases where OAuth 2.0
Introspection is performed (NimbusOpaqueTokenIntrospector,
NimbusReactiveOpaqueTokenIntrospector).
DefaultOAuth2AuthenticatedPrincipal can be still used by applications
that introspected the token without OAuth 2.0 Introspection.
OAuth2IntrospectionAuthenticatedPrincipal will also be used as a
default principal in tests where request is post-processed/mutated
by OpaqueTokenRequestPostProcessor/OpaqueTokenMutator.
Closes gh-6489
- docs stated that empty authorityPrefix are allowed but implementation denied to use `""`
- commit removes the `hasText`-limitation but restricts to `notNull`
Fixes gh-8421
- docs stated that empty authorityPrefix are allowed but implementation denied to use `""`
- commit removes the `hasText`-limitation but restricts to `notNull`
Fixes gh-8421
- docs stated that empty authorityPrefix are allowed but implementation denied to use `""`
- commit removes the `hasText`-limitation but restricts to `notNull`
Fixes gh-8421
Added ability to specify the header that
ServerBearerTokenAuthenticationConverter and
DefaultBearerTokenResolver use to extract a Bearer Token.
Fixes gh-8337
Josh Cummings
Rob Winch
Jeongjin Kim
olivier.antoine
grimsa
Ropi
Arvid Ottenberg
Nick Hitchan
Phillip Webb
Dávid Kováč
kothasa
Julian Müller
Evgeniy Cheban
Teddy Reinert