Josh Cummings
Josh Cummings
Hi, @dreis2211, thanks for the explanation. The concern with allowing both in the same application is that of ordering. Spring Security cannot reason about how to weave the list of...
@pavankjadda, when I copy the beans into my IDE, they don't compile due to referring to several other components in your application. Will you please post a minimal sample? The...
Hi, @evgeniycheban, are you able to apply the requested changes?
> Should the user be able to mix reactive and non-reactive expressions in `@PreAuthorize`? I wonder if the user could simply do `@authz.checkReactive(#root, 'ADMIN')` and then invoke `hasRole('ADMIN')` from within...
Thanks, @evgeniycheban, just saw your update. Thank you for such a valuable and time-consuming contribution. I'll add any minor polish that remains and hopefully merge this week.
Nice, @evgeniycheban! This is now merged into `5.8.x` and `main`. I also added a polish commit at e990174c89b36821a832f13e0b7096cc5cd37e4b and a documentation commit at 070dce1baf2f6ea801d4f2f28c16defb47442a2b. Thanks again for all your consistent...
@shazin sorry for the delay on this PR. Can you please adjust to align with [@rwinch's comment](https://github.com/spring-projects/spring-security/issues/10347#issuecomment-1147754004) on the original ticket?
Hi, [Alex](https://jira.spring.io/secure/ViewProfile.jspa?name=alehro). The difference is that `access="permitAll"` and `security="none"` are not the same thing. `permitAll` means only that no authorization rules are applied. All the authentication and web application security...
@salgmachine @svanschooten What is the authorization server you are using that issues encrypted JWTs? Or are you planning on rolling your own? (Note that this ticket is Resource Server-focused)
After some research, I've only found one authorization server that supports JWE, which is PingIdentity. Additionally, [numerous](https://lists.jboss.org/pipermail/keycloak-user/2017-August/011531.html) [common](https://devforum.okta.com/t/encrypt-jwt-payload/2331) [authorization](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/46) [servers](https://forums.aws.amazon.com/thread.jspa?messageID=822585) have little to no support for JWE and some have...