- Add usernameExpression property with SpEL evaluation support
- Auto-convert userNameAttributeName to SpEL for backward compatibility
- Use SimpleEvaluationContext for secure expression evaluation
- Pass evaluated username to OAuth2UserAuthority for spring-projectsgh-15012 compatibility
- Add Builder pattern to DefaultOAuth2User
- Add Builder pattern to OAuth2UserAuthority
- Add Builder pattern to OidcUserAuthority with inherance support
- Support nested property access (e.g., "data.username")
- Add usernameExpression property to ClientRegistration documentation
- Update What's New section
Fixes gh-16390
Signed-off-by: yybmion <yunyubin54@gmail.com>
CodeQL Advanced / codeql-analysis-call (push) Waiting to runDetails
CI / Build (17, ubuntu-latest) (push) Waiting to runDetails
CI / Build (17, windows-latest) (push) Waiting to runDetails
CI / Test Against Snapshots (17, 17) (push) Waiting to runDetails
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to runDetails
CI / Deploy Artifacts (push) Blocked by required conditionsDetails
CI / Deploy Docs (push) Blocked by required conditionsDetails
CI / Deploy Schema (push) Blocked by required conditionsDetails
CI / Perform Release (push) Blocked by required conditionsDetails
CI / Send Notification (push) Blocked by required conditionsDetails
Deploy Docs / build (push) Has been cancelledDetails
DefaultOAuth2AuthorizationRequestResolver should not depend on
OAuth2AuthorizationRequestRedirectFilter because
OAuth2AuthorizationRequestRedirectFilter already depends on
DefaultOAuth2AuthorizationRequestResolver.
OAuth2AuthorizationRequestRedirectFilter also takes advantage of the
new constructor that defaults the base uri.
Polishes gh-16384
- Add username field to DefaultOAuth2User for direct name injection
- Add Builder pattern with DefaultOAuth2User.withUsername(String) static factory method
- Deprecate constructor that uses nameAttributeKey lookup in favor of Builder pattern
- Update Jackson mixins to support username field serialization/deserialization
This change prepares for SpEL support in the next commit.
Signed-off-by: yybmion <yunyubin54@gmail.com>
Simplified the assertion so that it is focused on the core
behavior being verified. This will likely also make the test
more stable when updating Spring Framework versions.
Issue gh-16860
In the process of verifying gh-15852, another issue with URI was discovered.
This commit adds tests to the uri-computing methods and changes them to use
UriComponents instead of URI.
Issue gh-15852
Initially it was proposed to put ClientSettings as a top level class, but
to be consistent with ProviderDetails, this commit moves ClientSettings to
be an inner class of ClientRegistration
Issue gh-16382
# Conflicts:
# oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientSettings.java
yoobin_mion
yybmion
Rob Winch
DingHao
Tran Ngoc Nhan
Josh Cummings
Evgeniy Cheban
Risto Virtanen
Steve Riesenberg
Max Batischev
Hao
Pat McCusker