Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

com.c4-soft.springaddons.starter:spring-addons-starters-recaptcha

Package Overview
Dependencies
Maintainers
0
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

com.c4-soft.springaddons.starter:spring-addons-starters-recaptcha

  • 7.8.11
  • Source
  • Maven
  • Socket score
Version published
Maintainers
0
Source

Ease OAuth2 / OpenID Configuration & Tests in Spring Boot 3

Useful links

  • OAuth2 security configuration tutorials (with and without spring-addons-starter-oidc)
  • spring-addons-starter-oidc a Spring Boot starter pushing OAuth2 clients & resource server security auto-configuration to the next level
  • spring-addons-oauth2-test annotations for populating test security-context with OAuth2 authentication instances
  • spring-addons-starter-oidc-test ease unit-tests in applications using spring-addons-starter-oidc
  • spring-addons-starter-rest experimental auto-configuration for RestClient, WebClient and @HttpExchange proxies (base-URL, Basic & OAuth2 Bearer auth)
  • Release Notes
  • Maven-Central Reminders

Breaking News

In 7.7.0, some @ConfigurationProperties were changed to inner-class definition (instead of standing in a source file of their own). Migration should be no more complicated than organizing imports.

The OAuth2 BFF tutorial is now on Baeldung. It was deeply refreshed in the process and now contains samples for Angular, React (Next.js) and Vue (Vite).

OIDC starter

With spring-addons-starter-oidc, you might need 0 Java conf, even in scenarios like:

  • accepting tokens issued by several trussted authorization servers
  • mapping authorities from a variety of claims
  • needing custom OAuth2 redirection URI or HTTP status
  • having per environment CORS configuration (not allowing the same origins in staging and prod for instance)
  • exposing CSRF token as a cookie accessible to a single-page application
  • logging out from an authorization server not strictly implementing RP-Initiated Logout (case of Auth0 and Amazon Cognito for instance)
  • adding extra parameters to authorization or token requests (like the audience required by Auth0)

Unit & Integration Testing With Security

Testing access control requires to configure the test security context. For that, spring-security-test provides with MockMvc request post-processors and WebTestClient mutators, but this can work only in the context of a request, which limits its usage to controllers.

To test any type of @Component (@Controller, off course, but also @Service and @Repository) there are only two options:

  • build tests security context by yourself and populate it with stubbed / mocked authentications
  • use annotations to do it for you (this is where spring-addons-oauth2-test jumps in)

Useful resources:

FAQs

Package last updated on 19 Sep 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm

Security News

Research

Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm

The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.

By Kush Pandya  -  Dec 11, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc