mjeffrey
mjeffrey
The workaround from @tiberiuzuld fixed the issue for me. It might be a good idea to set up an integration test with a restrictive CSP and a basic app generated...
We have this issue as well on Spring Boot 2.1.3
We hit the same thing (including CVE-2022-31548 ) ``` [ERROR] jakarta.annotation-api-1.3.5.jar: CVE-2022-31569(9.3) [ERROR] jakarta.transaction-api-1.3.3.jar: CVE-2022-31569(9.3) [ERROR] querydsl-core-5.0.0.jar: CVE-2022-31548(9.3) [ERROR] spring-cloud-commons-3.1.3.jar: CVE-2022-31569(9.3) [ERROR] spring-security-rsa-1.0.10.RELEASE.jar: CVE-2022-31569(9.3) ``` These CVE descriptions both seem...
Since these are stupid CVEs (and very explicit) we exclude using a match everything pattern. ``` ^.*$ CVE-2022-31569 CVE-2022-31548 ```
Hi @anthonyraymond. Thanks for the info. You mentioned `Actually, the Spring boot adapter itself is to be deprecated` Do you have a link to something official from Keycloak?
hi Alexey, I work with pdesmarets and he asked me to have a look at this. I see the problem with xjc you were talking about: xjc only needs to...
@sjohnr I don't want to ask for too much related to implementation, you guys know this much better than me but I think what you said would do what is...
The interceptor from @stenkil-sn got me thinking that this is probably the way to do it. So I tried using the existing Spring Security Oauth classes and it seems pretty...
@ColdFireIce > but instead of using an interceptor i opted for the `ClientHttpRequestInitializer`. Is there a difference, or is one better than the other I think ClientHttpRequestInitializer is probably the...
> @mjeffrey I had a look at your code in [POC on Github](https://github.com/mjeffrey/spring-security-oauth2-restclient-interceptor) (thanks for sharing it). It still depends on the reactive stack, especially when using `ServletOAuth2AuthorizedClientExchangeFilterFunction` . But...