Steve Riesenberg

icon indicating a website link https://insource.io

icon location Omaha, NE

Results 276 comments of Steve Riesenberg

Prevent JwtAuthenticationProvider from setting authentication details when jwtAuthenticationConverter returned an authentication instance with non null details

This is merged via 7ad4ebd07ad0c3c8a507cf68bb35308b6595042a

Document how to publish an `AuthenticationManager` `@Bean` without `WebSecurityConfigurerAdapter`

Sorry you had some trouble, @uniquejava. Please see my [initial comment](https://github.com/spring-projects/spring-security/issues/11926#issue-1392720412) on this issue for how I recommend publishing an `AuthenticationManager` `@Bean`. Additional ways to publish one are documented on...

Document how to publish an `AuthenticationManager` `@Bean` without `WebSecurityConfigurerAdapter`

Thanks for your input on this everyone, and sorry for the delay in getting this task done. I've updated the Username/Password Authentication page. It now includes a few full examples...

WebClient client cert auth broken by spring-security:6.0.0-M6 (worked in 6.0.0-M5)

@napstr, in addition to `requireExplicitSave(true)` make sure you [specify `DelegatingSecurityContextRepository`](https://docs.spring.io/spring-security/reference/5.8/migration/servlet/session-management.html#_change_httpsessionsecuritycontextrepository_to_delegatingsecuritycontextrepository): ```java http // ... .securityContext((securityContext) -> securityContext .requireExplicitSave(true) .securityContextRepository(new DelegatingSecurityContextRepository( new RequestAttributeSecurityContextRepository(), new HttpSessionSecurityContextRepository() )) ); ```

OAuth2AuthenticationExceptionMixin doesn't work in JDK 17

`OAuth2AuthenticationExceptionMixinTests` fail due to this issue ~on JDK 21~ _when upgrading the jacoco tool version from `0.8.7` to `0.8.9`_. ``` com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Invalid type definition for type `org.springframework.security.oauth2.core.OAuth2AuthenticationException`: Failed to construct...

Simplify configuration of OAuth2 Client component model

Hi folks. I wasn't able to put an update on this issue due to SpringOne happening simultaneously, but better late than never. A [blog post](https://spring.io/blog/2023/08/22/tackling-the-oauth2-client-component-model-in-spring-security) went out a few weeks...

Simplify configuration of OAuth2 Client component model

As mentioned [above](https://github.com/spring-projects/spring-security/issues/11783#issuecomment-1709230777), the remaining task for this release is to finish updates to the documentation via gh-13785. I'm going to close this issue for tracking purposes, as gh-13763 will...

No introduction to CachingUserDetailsService in the documentation

@FdHerrera > I'd like to take this issue, if it's ok for you. Thanks! > According to the discussion in this thread, the idea is to recommend using `@Cacheable` instead...

Add JSON session support for SwitchUserGrantedAuthority

Thanks @markusheiden, this is now merged for 6.3 as 5c5503924b8de1c507c3b485ec1ed6c17277b110 with polish commit bd345fb2a8e6f9269583c5a278a8d8f4c27ff3ee.

TokenRelayGatewayFilter always fetches access token via refresh token

Hi @injae-kim. Thanks for the PR and taking a deep look at the token relay filter! Before proceeding, can we review your configuration and discuss why the issue you're facing...