Spring Team
Eleftheria Stein-Kousathana

Eleftheria Stein-Kousathana

Spring Security committer

Toronto, Canada

Blog Posts by Eleftheria Stein-Kousathana

Spring Security - Lambda DSL

Overview of Lambda DSL

The release of Spring Security 5.2 includes enhancements to the DSL, which allow HTTP security to be configured using lambdas.

It is important to note that the prior configuration style is still valid and supported. The addition of lambdas is intended to provide more flexibility, but their usage is optional.

You may have seen this style of configuration in the Spring Security documentation or samples.
Let us take a look at how a lambda configuration of HTTP security compares to the previous configuration style.

Read more...

Spring Security 5.2.0.RC1 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.2.0.RC1! You can find the complete details in the release notes and the highlights below:

RSocket

gh-7360 - Add RSocket Support

SAML

gh-6019 - Add SAML Service Provider Support

OAuth 2.0

Resource server

gh-7101 - JwtGrantedAuthoritiesConverter allows configuring the authority prefix
gh-7100 - JwtGrantedAuthoritiesConverter allows configuring the authorities claim name
gh-7345 - Opaque Token Introspector returns an Authenticated Principal
gh-7346 - Add Adapter to Translate Jwt to BearerTokenAuthentication
gh-5334 and gh-7284 - Resource Server supports WebClient Bearer Token propagation

Client

gh-7228 - Prevent null value in Context if subscribe was invoked outside of Web Context
gh-7114 - Allow configurable Clock in OAuth2AuthorizedClientProvider implementations
gh-7293 - Fix WebClient Memory Leaks
gh-7222 - Allow setting securityContextRepository for reactive OAuth2 login
gh-7051 - Allow setting authenticationFailureHandler for reactive OAuth2 login
gh-7232 - OAuth2LoginConfigurer discovers OAuth2UserService beans
gh-7339 - DefaultOAuth2UserService and OidcUserService extract authorities from scopes
gh-7122 - OAuth2AuthorizedClientManager works outside of a request
gh-6003 - Support Resource Owner Password Credentials grant

JOSE

gh-6883 - JWT decoding supports multiple algorithms
gh-7290 - NimbusJwtDecoderJwkSupport supports "application/jwk-set+json" Accept header
Read more...

Spring Security 5.2.0.M3 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.2.0.M3! You can find the complete details in the changelog and the highlights below:

OAuth 2.0

gh-6727 - Support for Multi-tenancy in Reactive Resource Server
gh-6798 - Support for custom parameters in Opaque Token
gh-6239 - Finer variables for OAuth2 redirectUriTemplate expansion
gh-6863 - OAuth2 login has configurable authentication success handler
gh-6832 & gh-6849 - JWT and opaque token have configurable authentication manager
gh-6634 - Support for mock JWT in tests

Similar to other request post processors, jwt() can be used to establish a SecurityContext with a JwtAuthenticationToken.

mockMvc.perform(get("/")
       .with(jwt(jwt -> jwt.claim("scope", "message:read"))));
Read more...