Updated AccessTokenClaims
and DefaultAuthenticationUtils
to preferentially support the access token claim names used by AuthenticationServices 2.X+, and fall back to AuthenticationServices 1.X claim names for backwards compatibility
Added method to determine if the current user authentication is within an admin context.
AuthenticationUtils#userIsInAdminContext
.
The method is new but the claims it checks are preexisting from other releases.
Includes bugfixes from 1.4.7-GA
As of Broadleaf Release Train 2.0.0-GA, all common libraries have been upgraded to Spring Boot 3.
This version includes all changes up to 1.4.6-GA
Fixed a bug where blank and empty public key property values (in broadleaf.resource.security.oauth2.encodedpublickey
or broadleaf.resource.security.oauth2.encodedpublickeys.*
) were processed by KeyUtil
instead of being ignored completely
Fixed a bug where the JwtDecoder
bean in OAuth2ResourceSecurityConfiguration
did not honor the broadleaf.resource.security.oauth2.jwkSetUri
property.
Now, if no explicit public key property values are provided and the JWK Set URI property value is provided, the JwtDecoder
will be configured to verify tokens via the JWK Set URI.