From d52c308d03175d7cc49bec5c3861166dd85569bc Mon Sep 17 00:00:00 2001
From: liga-oz <liga.ozolina@sap.com>
Date: Mon, 22 Jan 2024 16:24:13 +0100
Subject: [PATCH 1/5] update README.md

Signed-off-by: liga-oz <liga.ozolina@sap.com>
---
 spring-security/README.md | 31 +++++++++++++++++--------------
 1 file changed, 17 insertions(+), 14 deletions(-)

diff --git a/spring-security/README.md b/spring-security/README.md
index ca357b5c6..2cde5497f 100644
--- a/spring-security/README.md
+++ b/spring-security/README.md
@@ -78,12 +78,12 @@ Depending on the service bindings in the environment, a different implementation
 In addition, a bean of type [XsuaaTokenFlows](../token-client/src/main/java/com/sap/cloud/security/xsuaa/tokenflows/XsuaaTokenFlows.java) is provided that can be used to fetch XSUAA tokens.
 
 #### Autoconfiguration classes
-| Autoconfiguration class                                                                                                                          | Description                                                                                                                                                                                                                                                                                                                                                                                                                                |
-|--------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| [HybridAuthorizationAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/HybridAuthorizationAutoConfiguration.java)       | Creates a converter ([XsuaaTokenAuthorizationConverter](./src/main/java/com/sap/cloud/security/spring/token/authentication/XsuaaTokenAuthorizationConverter.java)) that removes the XSUAA application identifier from the scope names, allowing local scope checks to be performed using [Spring's common built-in expression](https://docs.spring.io/spring-security/site/docs/current/reference/html5/#el-common-built-in) `hasAuthority |
-| [HybridIdentityServicesAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/HybridIdentityServicesAutoConfiguration.java) | Configures a `JwtDecoder` which is able to decode and validate tokens from Xsuaa and/or Identity service<br/>Furthermore it registers `IdentityServiceConfiguration` and optionally `XsuaaServiceConfiguration`, that allow overriding the identity service configurations found in the service bindings (via `identity.*` and `xsuaa.*` properties).                                                                                      |
-| [XsuaaTokenFlowAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/XsuaaTokenFlowAutoConfiguration.java)                 | Configures an `XsuaaTokenFlows` bean to fetch the XSUAA tokens. Starting with `2.10.0` version it supports X.509 based authentication                                                                                                                                                                                                                                                                                                      |
-| [SecurityContextAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/SecurityContextAutoConfiguration.java)               | Configures [`JavaSecurityContextHolderStrategy`](./src/main/java/com/sap/cloud/security/spring/token/authentication/JavaSecurityContextHolderStrategy.java) to be used as `SecurityContextHolderStrategy` to keep the `com.sap.cloud.security.token.SecurityContext` in sync                                                                                                                                                               |
+| Autoconfiguration class                                                                                                                          | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
+|--------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| [HybridAuthorizationAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/HybridAuthorizationAutoConfiguration.java)       | Creates a converter ([XsuaaTokenAuthorizationConverter](./src/main/java/com/sap/cloud/security/spring/token/authentication/XsuaaTokenAuthorizationConverter.java)) that removes the XSUAA application identifier from the scope names, allowing local scope checks to be performed using [Spring's common built-in expression](https://docs.spring.io/spring-security/site/docs/current/reference/html5/#el-common-built-in) `hasAuthority. Supports only single Xsuaa bindings |
+| [HybridIdentityServicesAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/HybridIdentityServicesAutoConfiguration.java) | Configures a `JwtDecoder` which is able to decode and validate tokens from Xsuaa and/or Identity service<br/>Furthermore it registers `IdentityServiceConfiguration` and optionally `XsuaaServiceConfiguration`, that allow overriding the identity service configurations found in the service bindings (via `identity.*` and `xsuaa.*` properties).                                                                                                                           |
+| [XsuaaTokenFlowAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/XsuaaTokenFlowAutoConfiguration.java)                 | Configures an `XsuaaTokenFlows` bean to fetch the XSUAA tokens. Starting with `2.10.0` version it supports X.509 based authentication                                                                                                                                                                                                                                                                                                                                           |
+| [SecurityContextAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/SecurityContextAutoConfiguration.java)               | Configures [`JavaSecurityContextHolderStrategy`](./src/main/java/com/sap/cloud/security/spring/token/authentication/JavaSecurityContextHolderStrategy.java) to be used as `SecurityContextHolderStrategy` to keep the `com.sap.cloud.security.token.SecurityContext` in sync                                                                                                                                                                                                    |
 
 #### Autoconfiguration properties
 | Autoconfiguration property           | Default value | Description                                                                                                             |
@@ -93,6 +93,16 @@ In addition, a bean of type [XsuaaTokenFlows](../token-client/src/main/java/com/
 
 You can gradually replace auto-configurations as explained [here](https://docs.spring.io/spring-boot/docs/current/reference/html/using-boot-auto-configuration.html).
 
+#### Multiple Xsuaa configurations
+In case of multiple Xsuaa configurations, the [XsuaaTokenAuthorizationConverter](./src/main/java/com/sap/cloud/security/spring/token/authentication/XsuaaTokenAuthorizationConverter.java) bean is not autoconfigured. 
+The bean needs to be created manually based on the service configuration you want the converter to be initialized with.
+
+```java
+@Bean
+public Converter<Jwt, AbstractAuthenticationToken> xsuaaAuthConverter(XsuaaServiceConfigurations xsuaaConfigs) {
+	return new XsuaaTokenAuthorizationConverter(xsuaaConfigs.getConfigurations().get(0).getProperty(APP_ID));
+}
+```
 
 ### Security Configuration
 This is an example how to configure your application as Spring Security OAuth 2.0 Resource Server for authentication of HTTP requests:
@@ -314,14 +324,7 @@ sap.security.services:
 ```  
 	
 #### Multiple XSUAA bindings
-If you need to manually configure the application for more than one XSUAA service instances (e.g. one of plan `application` and another one of plan `broker`), you can provide them as follows:
-````yaml
- sap.security.services:
-       xsuaa[0]:
-            ...     # credentials of XSUAA of plan 'application' 
-       xsuaa[1]:
-         clientid:  # clientid of XSUAA of plan 'broker' 
-````
+If you need to manually configure the application for more than one XSUAA service instances (e.g. one of plan `application` and another one of plan `broker`), you need to provide them as `VCAP_SERVICES` environment variable jump to second point of [Local Testing](#local-testing) section.
 
 ### Local testing
 To run or debug your secured application locally you need to provide the mandatory Xsuaa or Identity service configuration attributes prior to launching the application. 

From e3fa9677804772491a5e4f778e5afddcf99c966b Mon Sep 17 00:00:00 2001
From: liga-oz <liga.ozolina@sap.com>
Date: Mon, 22 Jan 2024 16:28:24 +0100
Subject: [PATCH 2/5] fix typo

Signed-off-by: liga-oz <liga.ozolina@sap.com>
---
 spring-security/README.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/spring-security/README.md b/spring-security/README.md
index 2cde5497f..53d1c0ac3 100644
--- a/spring-security/README.md
+++ b/spring-security/README.md
@@ -78,12 +78,12 @@ Depending on the service bindings in the environment, a different implementation
 In addition, a bean of type [XsuaaTokenFlows](../token-client/src/main/java/com/sap/cloud/security/xsuaa/tokenflows/XsuaaTokenFlows.java) is provided that can be used to fetch XSUAA tokens.
 
 #### Autoconfiguration classes
-| Autoconfiguration class                                                                                                                          | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
-|--------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| [HybridAuthorizationAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/HybridAuthorizationAutoConfiguration.java)       | Creates a converter ([XsuaaTokenAuthorizationConverter](./src/main/java/com/sap/cloud/security/spring/token/authentication/XsuaaTokenAuthorizationConverter.java)) that removes the XSUAA application identifier from the scope names, allowing local scope checks to be performed using [Spring's common built-in expression](https://docs.spring.io/spring-security/site/docs/current/reference/html5/#el-common-built-in) `hasAuthority. Supports only single Xsuaa bindings |
-| [HybridIdentityServicesAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/HybridIdentityServicesAutoConfiguration.java) | Configures a `JwtDecoder` which is able to decode and validate tokens from Xsuaa and/or Identity service<br/>Furthermore it registers `IdentityServiceConfiguration` and optionally `XsuaaServiceConfiguration`, that allow overriding the identity service configurations found in the service bindings (via `identity.*` and `xsuaa.*` properties).                                                                                                                           |
-| [XsuaaTokenFlowAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/XsuaaTokenFlowAutoConfiguration.java)                 | Configures an `XsuaaTokenFlows` bean to fetch the XSUAA tokens. Starting with `2.10.0` version it supports X.509 based authentication                                                                                                                                                                                                                                                                                                                                           |
-| [SecurityContextAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/SecurityContextAutoConfiguration.java)               | Configures [`JavaSecurityContextHolderStrategy`](./src/main/java/com/sap/cloud/security/spring/token/authentication/JavaSecurityContextHolderStrategy.java) to be used as `SecurityContextHolderStrategy` to keep the `com.sap.cloud.security.token.SecurityContext` in sync                                                                                                                                                                                                    |
+| Autoconfiguration class                                                                                                                          | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
+|--------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| [HybridAuthorizationAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/HybridAuthorizationAutoConfiguration.java)       | Creates a converter ([XsuaaTokenAuthorizationConverter](./src/main/java/com/sap/cloud/security/spring/token/authentication/XsuaaTokenAuthorizationConverter.java)) that removes the XSUAA application identifier from the scope names, allowing local scope checks to be performed using [Spring's common built-in expression](https://docs.spring.io/spring-security/site/docs/current/reference/html5/#el-common-built-in) `hasAuthority. Supports only single Xsuaa binding |
+| [HybridIdentityServicesAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/HybridIdentityServicesAutoConfiguration.java) | Configures a `JwtDecoder` which is able to decode and validate tokens from Xsuaa and/or Identity service<br/>Furthermore it registers `IdentityServiceConfiguration` and optionally `XsuaaServiceConfiguration`, that allow overriding the identity service configurations found in the service bindings (via `identity.*` and `xsuaa.*` properties).                                                                                                                          |
+| [XsuaaTokenFlowAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/XsuaaTokenFlowAutoConfiguration.java)                 | Configures an `XsuaaTokenFlows` bean to fetch the XSUAA tokens. Starting with `2.10.0` version it supports X.509 based authentication                                                                                                                                                                                                                                                                                                                                          |
+| [SecurityContextAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/SecurityContextAutoConfiguration.java)               | Configures [`JavaSecurityContextHolderStrategy`](./src/main/java/com/sap/cloud/security/spring/token/authentication/JavaSecurityContextHolderStrategy.java) to be used as `SecurityContextHolderStrategy` to keep the `com.sap.cloud.security.token.SecurityContext` in sync                                                                                                                                                                                                   |
 
 #### Autoconfiguration properties
 | Autoconfiguration property           | Default value | Description                                                                                                             |

From 0cda439f6406fe440be579f12484ca959fe851b5 Mon Sep 17 00:00:00 2001
From: Manuel Fink <123368068+finkmanAtSap@users.noreply.github.com>
Date: Tue, 23 Jan 2024 10:12:20 +0100
Subject: [PATCH 3/5] add missing `

Signed-off-by: Manuel Fink <123368068+finkmanAtSap@users.noreply.github.com>
---
 spring-security/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spring-security/README.md b/spring-security/README.md
index 53d1c0ac3..8ca55fa93 100644
--- a/spring-security/README.md
+++ b/spring-security/README.md
@@ -80,7 +80,7 @@ In addition, a bean of type [XsuaaTokenFlows](../token-client/src/main/java/com/
 #### Autoconfiguration classes
 | Autoconfiguration class                                                                                                                          | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
 |--------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| [HybridAuthorizationAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/HybridAuthorizationAutoConfiguration.java)       | Creates a converter ([XsuaaTokenAuthorizationConverter](./src/main/java/com/sap/cloud/security/spring/token/authentication/XsuaaTokenAuthorizationConverter.java)) that removes the XSUAA application identifier from the scope names, allowing local scope checks to be performed using [Spring's common built-in expression](https://docs.spring.io/spring-security/site/docs/current/reference/html5/#el-common-built-in) `hasAuthority. Supports only single Xsuaa binding |
+| [HybridAuthorizationAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/HybridAuthorizationAutoConfiguration.java)       | Creates a converter ([XsuaaTokenAuthorizationConverter](./src/main/java/com/sap/cloud/security/spring/token/authentication/XsuaaTokenAuthorizationConverter.java)) that removes the XSUAA application identifier from the scope names, allowing local scope checks to be performed using [Spring's common built-in expression](https://docs.spring.io/spring-security/site/docs/current/reference/html5/#el-common-built-in) `hasAuthority`. Supports only single Xsuaa binding |
 | [HybridIdentityServicesAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/HybridIdentityServicesAutoConfiguration.java) | Configures a `JwtDecoder` which is able to decode and validate tokens from Xsuaa and/or Identity service<br/>Furthermore it registers `IdentityServiceConfiguration` and optionally `XsuaaServiceConfiguration`, that allow overriding the identity service configurations found in the service bindings (via `identity.*` and `xsuaa.*` properties).                                                                                                                          |
 | [XsuaaTokenFlowAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/XsuaaTokenFlowAutoConfiguration.java)                 | Configures an `XsuaaTokenFlows` bean to fetch the XSUAA tokens. Starting with `2.10.0` version it supports X.509 based authentication                                                                                                                                                                                                                                                                                                                                          |
 | [SecurityContextAutoConfiguration](./src/main/java/com/sap/cloud/security/spring/autoconfig/SecurityContextAutoConfiguration.java)               | Configures [`JavaSecurityContextHolderStrategy`](./src/main/java/com/sap/cloud/security/spring/token/authentication/JavaSecurityContextHolderStrategy.java) to be used as `SecurityContextHolderStrategy` to keep the `com.sap.cloud.security.token.SecurityContext` in sync                                                                                                                                                                                                   |

From bf01bae7cb97542e8eee4adbe49a70c00ed24f3e Mon Sep 17 00:00:00 2001
From: Manuel Fink <123368068+finkmanAtSap@users.noreply.github.com>
Date: Wed, 24 Jan 2024 10:10:45 +0100
Subject: [PATCH 4/5] Update README.md

Signed-off-by: Manuel Fink <123368068+finkmanAtSap@users.noreply.github.com>
---
 spring-security/README.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/spring-security/README.md b/spring-security/README.md
index 8ca55fa93..1a406b758 100644
--- a/spring-security/README.md
+++ b/spring-security/README.md
@@ -94,15 +94,18 @@ In addition, a bean of type [XsuaaTokenFlows](../token-client/src/main/java/com/
 You can gradually replace auto-configurations as explained [here](https://docs.spring.io/spring-boot/docs/current/reference/html/using-boot-auto-configuration.html).
 
 #### Multiple Xsuaa configurations
-In case of multiple Xsuaa configurations, the [XsuaaTokenAuthorizationConverter](./src/main/java/com/sap/cloud/security/spring/token/authentication/XsuaaTokenAuthorizationConverter.java) bean is not autoconfigured. 
+:warning: In case of multiple Xsuaa configurations, the [XsuaaTokenAuthorizationConverter](./src/main/java/com/sap/cloud/security/spring/token/authentication/XsuaaTokenAuthorizationConverter.java) bean is not autoconfigured. 
 The bean needs to be created manually based on the service configuration you want the converter to be initialized with.
 
+For example, to create a converter that removes the application identifier of the *first* XSUAA configuration from the scope names, you could create the following bean:
+
 ```java
 @Bean
 public Converter<Jwt, AbstractAuthenticationToken> xsuaaAuthConverter(XsuaaServiceConfigurations xsuaaConfigs) {
 	return new XsuaaTokenAuthorizationConverter(xsuaaConfigs.getConfigurations().get(0).getProperty(APP_ID));
 }
 ```
+You may want to filter the list accessible via `XsuaaServiceConfigurations#getConfigurations` based on the configuration properties to find a specific configuration from the list.
 
 ### Security Configuration
 This is an example how to configure your application as Spring Security OAuth 2.0 Resource Server for authentication of HTTP requests:

From 2651f2abd1e1d92e6dcbe56fe692405493782112 Mon Sep 17 00:00:00 2001
From: Manuel Fink <123368068+finkmanAtSap@users.noreply.github.com>
Date: Wed, 24 Jan 2024 10:20:47 +0100
Subject: [PATCH 5/5] Update README.md

Signed-off-by: Manuel Fink <123368068+finkmanAtSap@users.noreply.github.com>
---
 spring-security/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spring-security/README.md b/spring-security/README.md
index 1a406b758..4412f3e3b 100644
--- a/spring-security/README.md
+++ b/spring-security/README.md
@@ -327,7 +327,7 @@ sap.security.services:
 ```  
 	
 #### Multiple XSUAA bindings
-If you need to manually configure the application for more than one XSUAA service instances (e.g. one of plan `application` and another one of plan `broker`), you need to provide them as `VCAP_SERVICES` environment variable jump to second point of [Local Testing](#local-testing) section.
+If you need to manually configure the application for more than one XSUAA service instances (e.g. one of plan `application` and another one of plan `broker`), you need to provide them as `VCAP_SERVICES` environment variable (see second point of [Local Testing](#local-testing) section).
 
 ### Local testing
 To run or debug your secured application locally you need to provide the mandatory Xsuaa or Identity service configuration attributes prior to launching the application.