Skip to content

Navigation Menu

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

SAP / cloud-security-services-integration-library Public

Notifications You must be signed in to change notification settings
Fork 135
Star 151

Code
Issues 3
Pull requests 6
Actions
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Security
Insights

Releases: SAP/cloud-security-services-integration-library

Releases · SAP/cloud-security-services-integration-library

Version 2.2.0

29 Oct 11:49

nenaraab

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

Version 2.2.0

[spring-xsuaa] PropertySourceFactory supports custom property sources and default can optionally be disabled with spring.xsuaa.disable-default-property-source=true
[spring-xsuaa] Supports Spring Core 5.2.0.RELEASEand Spring Boot 2.2.0.RELEASE
[spring-xsuaa] Deprecates TokenUrlUtils in favor of OAuth2ServiceEndpointsProvider
[spring-xsuaa] XsuaaJwtDecoderBuilder can be configured with your RestOperations (RestTemplate). When using auto-configuration your RestTemplate bean is used by default.
Internally, we've cleaned up maven dependencies (converged versions) and
- removed transient dependency of spring-security-oauth2 to jackson.
- introduced org.owasp.dependency-check-maven which performs CVSS checks.
[token-client] supports password token flows as documented here.

Hint:

Make sure that in @SpringBootTest annotation the XsuaaAutoConfiguration is specified before the XsuaaTokenFlowAutoConfiguration class.

Assets 2

Loading

All reactions

Version 2.1.0

17 Oct 12:05

nenaraab

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

Version 2.1.0

Version 2.1.0

The token-client library supports Apache Http Client. So you can make use of it without any Spring dependencies! Have also a look at the java-tokenclient-usage sample application.
Fix CVE-2018-1000613 by removing unnecessary dependencies (issue 144).
Makes XsuaaMockWebServer more robust.
Adds link to TechEd 2019 self-learning material.

Assets 2

Loading

All reactions

Version 2.0.0

15 Oct 21:19

nenaraab

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

Version 2.0.0

2.0.0

Deleted package com.sap.xs2.security.container in order to avoid Class Loader issues, when an application makes use of SAP-libraries using the SAP-internal container lib like CAP.
- As already mentioned use SpringSecurityContext class instead of SecurityContext class.
Removed deprecated methods:
- XsuaaServiceConfiguration.getTokenUrl()
- XsuaaToken.getClaimAccessor() is not required anymore as Xsuaa itself implements JwtClaimAccessor .
Deprecated TokenBroker interface and its implementation UaaTokenBroker, as this is going to be replaced with the OAuth2TokenService interface which is provided by the new token-client library. If you wish to configure / pass your RestTemplate you can pass an instance of OAuth2TokenService:

new TokenBrokerResolver( 
  <<your configuration>>, 
  <<your cache>>, 
  new XsuaaOAuth2TokenService(<<your restTemplate>>), 
  <<your authenticationInformationExtractor>>);

TokenUlrUtils class is now package protected and will be deleted with version.
token-client library supports basically Password-Grant Access Tokens.

Assets 2

Loading

All reactions

Version 1.7.0

06 Sep 15:15

nenaraab

Compare

Choose a tag to compare

Loading

Version 1.7.0

1.7.0

We now provide a new slim token-client library with a XsuaaTokenFlows class, which serves as a factory for the different flows (user, refresh and client-credentials). This deprecates the existing Token.requestToken(XSTokenRequest) API.
- The token-client library can be used by plain Java applications.
- Auto-configuration is provided for Spring Boot applications only, when using XSUAA Spring Boot Starter.
ANNOUNCEMENT: Please be aware that with version 2.0.0 we want to get rid of package com.sap.xs2.security.container in order to avoid Class Loader issues, when an application makes use of SAP-libraries using the SAP-internal container lib.

Assets 2

Loading

All reactions

1.6.0

02 Aug 09:36

nenaraab

Compare

Choose a tag to compare

Loading

1.6.0

1.6.0

Provides spring starter for spring-xsuaa, which enables auto-configuration as documented here

<dependency>
    <groupId>com.sap.cloud.security.xsuaa</groupId>
    <artifactId>xsuaa-spring-boot-starter</artifactId>
    <version>1.6.0</version>
</dependency>

Supports reactive ServerHttpSecurity (Spring webflux). Have a look at the (webflux sample application)[samples/spring-webflux-security-xsuaa-usage/README.md]
To make sure that the Spring SecurityContext is always initialized with a validated token use SpringSecurityContext.init() method as documented here
To avoid issues, when an application makes use of SAP-libraries using the SAP-internal container lib, use SpringSecurityContext instead of SecurityContext
Some enhancements for XSUAA integration

Incompatible changes

As of version 1.6.0 you need to make use of XSUAA Spring Boot Starter in order to leverage auto-configuration (see Troubleshoot section here)

Assets 2

Loading

All reactions

1.5.0

05 Jul 11:17

nenaraab

Compare

Choose a tag to compare

Loading

1.5.0

1.5.0

Supports jku URI which is provided as part of the JSON Web Signature (JWS). The jku of the Jwt token header references the public key URI of the Xsuaa OAuth Authorization Server, and needs to match to the xsuaa.uaadomain.
Completely customizable auto-configurations so that apps can override the spring-xsuaa defaults:
- auto-configuration for Xsuaa OAuth Authorization Server is documented here.
- auto-configuration for Xsuaa Mock Server configuration can be found here.
Uses apache slf4j Logger for better log analysis on Cloud Foundry. This is provided with org.springframework.boot:spring-boot-starter-logging.
Improves and enhances sample application.
Renames class TokenImpl to XsuaaToken. Furthermore for convenience XsuaaToken subclasses org.springframework.security.oauth2.jwt.Jwt.
Subclassing of TokenAuthenticationConverter is no longer allowed, instead TokenAuthenticationConverter can be configured with your own AuthoritiesExtractor implementation (an example can be found here).
Please note that the port of the mock web server that is provided with the xsuaa mock library had to be defined statically. It runs now always on port 33195.
Find more complex examples here: https://github.com/SAP/cloud-application-security-sample

Assets 2

Loading

All reactions

1.4.0

13 May 22:09

mwdb

Compare

Choose a tag to compare

Loading

1.4.0

API method to query token validity
Bugfix in basic authentication support: allow usage of JWT token or basic authentication with one configuration
Allows overwrite / enhancement of XSUAA jwt token validators
Allow applications to initialize of Spring SecurityContext for non HTTP requests. As documented in https://github.com/SAP/cloud-security-xsuaa-integration/blob/master/spring-xsuaa/README.md

Build results have been published to maven central: https://search.maven.org/search?q=com.sap.cloud.security

Assets 2

Loading

All reactions

Support for Broker plan

19 Mar 21:39

mwdb

Compare

Choose a tag to compare

Loading

Support for Broker plan

Changes:

Broker plan validation failed due to incorrect audience validation

Build results have been published to maven central: https://search.maven.org/search?q=com.sap.cloud.security

Assets 2

Loading

All reactions

1.3.0

13 Mar 21:35

mwdb

Compare

Choose a tag to compare

Loading

1.3.0

Changes:

JwtGenerator offers enhancement options: custom claims and audience
Test framework support for multi tenancy

Build results have been published to maven central: https://search.maven.org/search?q=com.sap.cloud.security

Assets 2

Loading

All reactions

1.2.0

24 Jan 08:16

mwdb

Compare

Choose a tag to compare

Loading

1.2.0

Eases enhancement of TokenAuthenticationConverter (issue 23)
Makes XsuaaAudienceValidator more robust (issue 21)
XSTokenRequest accepts custom RestTemplate (issue 25) to e.g. configure timeout behavior.
Provides spring-xsuaa-test library with JWTGenerator (issue 29)
Provides spring-xsuaa-mock library with XSUAA authentication mock web server for offline token key validation (issue 30)

Build results have been published to maven central: https://search.maven.org/search?q=com.sap.cloud.security

Assets 2

Loading

All reactions

Previous 1 2 … 9 10 11 12 13 Next

Footer

© 2025 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.