This commit refines the documentation by:
- Updating Jackson documentation for Jackson 3
- Removing the outdated documentation in servlet
- Adding migration guidelines
Closes gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
This commit separates the authentication principal, the assertion details,
and the relying party tenant into separate components. This allows the
principal to be completely decoupled from how Spring Security triggers and
processes SLO.
Specifically, it adds Saml2AssertionAuthentication, a new authentication
implementation that allows an Object principal and a Saml2ResponseAssertionAccessor
credential. It also moves the relying party registration id from
Saml2AuthenticatedPrincipal to Saml2AssertionAuthentication.
As such, Saml2AuthenticatedPrincipal is now deprecated in favor of
placing its assertion components in Saml2ResponseAssertionAccessor and
the relying party registration id in Saml2AssertionAuthentication.
Closes gh-10820
- Moved to BearerTokenAuthenticationFilter constructor to align with
AuthenticationFilter
- Undeprecated BearerTokenResolver to reduce number of migration scenarios
- Updated to 7.0 schema
- Added migration docs
Issue gh-14750
NimbusJwtDecoder and NimbusReactiveJwtDecoder now use
Spring Security's JwtTypeValidator by default instead
of Nimbus's type validator.
Closes gh-17181
To simplify migration, the filter's setter methods still use AntPathRequestMatcher.
Users can call the equivalent RequestMatcher setter methods to opt-in to the change early.
Issue gh-16417
Update BeanDefinitionParsers to use PathPatternRequestMatcher conditionally
on the presence of a PathPatternRequestMatcher.Builder bean
Closes gh-16828
This commit removes unnecessary main-branch merges starting from
8750608b5b and adds the following
needed commit(s) that were made afterward:
- 5dce82c48b
Rob Winch
Sébastien Deleuze
Josh Cummings
Tran Ngoc Nhan
Josh Cummings
Steve Riesenberg
Kawin Naipongprasit
Marcus Da Coregio
delver
daisuzz
Brummolix
Tao Sun