SecurityMockServerConfigurers.java previously used the StringUtils from
the optional oauth2-oidc-sdk dependency. Replacing this with the
StringUtils from the spring framework this should not force adding the
dependency in cases where it is not actually used.
Closes gh-9923
When a bean of type ReactiveJwtAuthenticationConverter is defined,
the OAuth2 Resource Server configuration will use it automatically
when no other converter is defined through the DSL.
Closes gh-9698
Added missing infrastructure role to methodSecurityMetadataSource bean
and move the post processing of the defaultMethodExpressionHandler to
the end of afterSingletonsInstantiated.
Closes gh-9845
Wrap DelegatingSecurityContextTaskScheduler's Runnable tasks in
DelegatingSecurityContextRunnables, allowing to specify a
SecurityContext to use for tasks execution.
- Renamed private variable taskScheduler to delegate
- Removed unused local variable in unit test
- Add SecurityContext tests for delegating TaskScheduler
Closes gh-9514
Flux#skip discards its corresponding elements, meaning that they
aren't intended for reuse. When using RSocket's ByteBufPayloads,
this means that the bytes are releaseed back into RSocket's pool.
Since the downstream request may still need the skipped payload,
we should construct the publisher in a different way so as to
avoid the preemptive release.
Deferring Spring JavaFormat to clarify what changed.
Closes gh-9345
Changed the converter used to convert a map into an OAuth2AccessTokenResponse to
support any object as the value, including json numbers and nested objects. Also
deprecated old classes/setters and added new classes/setters.
Closes gh-9685
The ExceptionTranslationWebFilter does not support correctly when
anonymous authentication is enabled. With this enabled provoked always
the execution of the access denied handler, and with this fix it
behaves like the ExceptionTranslationFilter (servlet), executing the
access denied handler only if the principal is not empty and neither
anonymous.
Closes gh-9130
Performs a redirect to the original request URL when an invalid requested session is detected.
In effect, when a user's session times out, the user is redirected to URL they originally requested instead of some fixed URL.
Steve Riesenberg
Christian Frommeyer
Joe Grandja
Eleftheria Stein
Thomas Vitale
Josh Cummings
Steve Riesenberg
Ruben Suarez Alvarez
YBCoding
pxzxj
Marcus Hert da Coregio
Kay-Uwe Janssen
Giacomo Baso
Filip Hanik
theexiile1305
Tomoki Tsubaki
AlexeyAnufriev
Rob Winch
Hans Hosea Schaefer
César Revert
Craig Andrews