Skip to content

Commit ed3b9ef

Browse files
NiklasHerrmann21NiklasHerrmann21
authored
Bugfix/4.0.2 (#1939)
* fix: Use getClientIdentity() for token exchange credentials Simplified DefaultIdTokenExtension and DefaultXsuaaTokenExtension to use OAuth2ServiceConfiguration.getClientIdentity() instead of manually checking for certificate vs client secret. This ensures correct credential handling for both X.509 certificate and client secret authentication. Also added IAS certificate properties (certificate, key, credential-type, certurl) to IdentityServicesPropertySourceFactory to properly map X.509 credentials for IAS service bindings. Changes: - DefaultIdTokenExtension: Use iasConfig.getClientIdentity() - DefaultXsuaaTokenExtension: Use xsuaaConfig.getClientIdentity() - IdentityServicesPropertySourceFactory: Add IAS certificate properties * test: Update tests to use getClientIdentity() mocks * chore: Release 4.0.2 * test: Remove unused credentials variables from tests * fix: Use token issuer for multi-tenant IAS token exchange In multi-tenant scenarios, the IAS token exchange must use the issuer from the token (consumer IAS tenant) instead of the provider IAS URL from the configuration. This ensures the exchange request goes to the correct tenant where the user exists. * chore: Release 4.0.3
1 parent ea432c8 commit ed3b9ef

26 files changed

Lines changed: 42 additions & 37 deletions

File tree

CHANGELOG.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,10 @@
11
# Change Log
22
All notable changes to this project will be documented in this file.
33

4+
## 4.0.3
5+
6+
- Fix multi-tenant IAS token exchange to use token issuer URL instead of provider IAS URL from configuration in `DefaultIdTokenExtension`
7+
48
## 4.0.2
59

610
- Fix token exchange credential handling to use `getClientIdentity()` instead of manually checking for certificate vs client secret

MIGRATION_4.0.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ If you use these classes, add the new dependency:
5858
<dependency>
5959
<groupId>com.sap.cloud.security.xsuaa</groupId>
6060
<artifactId>token-client-spring</artifactId>
61-
<version>4.0.2</version>
61+
<version>4.0.3</version>
6262
</dependency>
6363
```
6464
No code changes required - the classes remain in the same package.
@@ -88,7 +88,7 @@ No code changes required - the classes remain in the same package.
8888
<dependency>
8989
<groupId>com.sap.cloud.security</groupId>
9090
<artifactId>resourceserver-security-spring-boot-starter</artifactId>
91-
<version>4.0.2</version>
91+
<version>4.0.3</version>
9292
</dependency>
9393
```
9494

@@ -146,7 +146,7 @@ Replace the standard starter with the Spring Boot 3 starter:
146146
<dependency>
147147
<groupId>com.sap.cloud.security</groupId>
148148
<artifactId>resourceserver-security-spring-boot-3-starter</artifactId>
149-
<version>4.0.2</version>
149+
<version>4.0.3</version>
150150
</dependency>
151151
```
152152

@@ -203,7 +203,7 @@ The `spring-xsuaa` module has been removed. Migrate to either:
203203
<dependency>
204204
<groupId>com.sap.cloud.security</groupId>
205205
<artifactId>java-security-test</artifactId>
206-
<version>4.0.2</version>
206+
<version>4.0.3</version>
207207
<scope>test</scope>
208208
</dependency>
209209
```
@@ -234,7 +234,7 @@ import com.sap.cloud.security.test.JwtGenerator;
234234
<dependency>
235235
<groupId>com.sap.cloud.security</groupId>
236236
<artifactId>spring-security-3</artifactId>
237-
<version>4.0.2</version>
237+
<version>4.0.3</version>
238238
</dependency>
239239
```
240240

@@ -272,7 +272,7 @@ The `token-client` module now uses Java 11 HttpClient by default - no additional
272272
<dependency>
273273
<groupId>com.sap.cloud.security.xsuaa</groupId>
274274
<artifactId>token-client</artifactId>
275-
<version>4.0.2</version>
275+
<version>4.0.3</version>
276276
</dependency>
277277
```
278278

@@ -326,7 +326,7 @@ If you use any of these classes, add the new dependency:
326326
<dependency>
327327
<groupId>com.sap.cloud.security.xsuaa</groupId>
328328
<artifactId>token-client-spring</artifactId>
329-
<version>4.0.2</version>
329+
<version>4.0.3</version>
330330
</dependency>
331331
```
332332

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -120,7 +120,7 @@ If your application uses Spring Boot 3.x and you cannot immediately upgrade to S
120120
<dependency>
121121
<groupId>com.sap.cloud.security</groupId>
122122
<artifactId>resourceserver-security-spring-boot-3-starter</artifactId>
123-
<version>4.0.2</version>
123+
<version>4.0.3</version>
124124
</dependency>
125125
```
126126

@@ -275,7 +275,7 @@ The SAP Cloud Security Services Integration is published to maven central: https
275275
<dependency>
276276
<groupId>com.sap.cloud.security</groupId>
277277
<artifactId>java-bom</artifactId>
278-
<version>4.0.2</version>
278+
<version>4.0.3</version>
279279
<scope>import</scope>
280280
<type>pom</type>
281281
</dependency>

bom/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88

99
<groupId>com.sap.cloud.security</groupId>
1010
<artifactId>java-bom</artifactId>
11-
<version>4.0.2</version>
11+
<version>4.0.3</version>
1212
<packaging>pom</packaging>
1313
<name>java-bom</name>
1414

env/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
<parent>
1010
<groupId>com.sap.cloud.security.xsuaa</groupId>
1111
<artifactId>parent</artifactId>
12-
<version>4.0.2</version>
12+
<version>4.0.3</version>
1313
</parent>
1414

1515
<groupId>com.sap.cloud.security</groupId>

java-api/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,6 @@
55
<dependency>
66
<groupId>com.sap.cloud.security</groupId>
77
<artifactId>java-api</artifactId>
8-
<version>4.0.2</version>
8+
<version>4.0.3</version>
99
</dependency>
1010
```

java-api/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
<parent>
1010
<groupId>com.sap.cloud.security.xsuaa</groupId>
1111
<artifactId>parent</artifactId>
12-
<version>4.0.2</version>
12+
<version>4.0.3</version>
1313
</parent>
1414

1515
<groupId>com.sap.cloud.security</groupId>

java-security-test/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ It is pre-configured with a security filter that only accepts valid tokens. Furt
4040
<dependency>
4141
<groupId>com.sap.cloud.security</groupId>
4242
<artifactId>java-security-test</artifactId>
43-
<version>4.0.2</version>
43+
<version>4.0.3</version>
4444
<scope>test</scope>
4545
</dependency>
4646
```

java-security-test/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
<parent>
1010
<groupId>com.sap.cloud.security.xsuaa</groupId>
1111
<artifactId>parent</artifactId>
12-
<version>4.0.2</version>
12+
<version>4.0.3</version>
1313
</parent>
1414

1515
<groupId>com.sap.cloud.security</groupId>

java-security/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -69,7 +69,7 @@ Since it requires the Tomcat 10 runtime, it needs to be deployed using the [SAP
6969
<dependency>
7070
<groupId>com.sap.cloud.security</groupId>
7171
<artifactId>java-security</artifactId>
72-
<version>4.0.2</version>
72+
<version>4.0.3</version>
7373
</dependency>
7474
<dependency>
7575
<groupId>org.apache.httpcomponents</groupId>

0 commit comments

Comments
 (0)