VMware offers training and certification to turbo-charge your progress.Learn more
Spring Security OAuth 2.0.4.RELEASE is available now in the usual repositories. It's a bug fix release, so upgrading is recommended, but there is also a small set of new features:
OAuth2Authentication) can now be
queried explicitly to find the grant type for the associated
token. If the token is being refreshed the grant type in the
OAuth2Request presented to a
TokenEnhancer is the
original grant type, not "refresh_token".
The client authorities are exposed in the "/check_token" endpoint
Password grants are more flexible and open to extension because both client and server can add additional parameters to the request. A custom
AuthenticationManager on the server side should still expect a
UsernamePasswordAuthenticationToken, but the additional parameters will be available in the
AuthenticationDetails. Multi-factor authentication for mobile devices could be implemented in this way, for instance.
Keystore support for JWT token signing and verification.
User provides a Resource and a password and can then lift the
keys out of the store by name. As long as they are RSA keys they
can be injected into a
JwtAccessTokenConverter (using a new
There were numerous community contributions to this release, for which many thanks!