Menu
I'd like to use Oauth2 authentication in spring rest API for login. But I got some warning like AuthorizationServerConfigurerAdapter is deprecated and see the OAuth 2.0 Migration Guide for Spring Security 5.
I checked there but not found a much migration guide. Can anyone please share the full example for this.
Thanks in advance...
787
Since Spring Security doesn't provide Authorization Server support, migrating a Spring Security OAuth Authorization Server is out of scope for this document.
Spring Security OAuth2 project is currently deprecated and Spring Security team has decided to no longer provide support for authorization servers.
End of Life Notice. The Spring Security OAuth project has reached end of life and is no longer actively maintained by VMware, Inc. This project has been replaced by the OAuth2 support provided by Spring Security and Spring Authorization Server.
Purpose of @EnableAuthorizationServer In practical scenario, what this means is that you are setting up a token generation web-application ( Layer-7 ) on top of your enterprise User LDAP or User Database and is usually a separate application from your consumer side apps ( APIs etc ).
Spring Security OAuth2 project is currently deprecated and Spring Security team has decided to no longer provide support for authorization servers. They are going to reconsider this decision, but nothing is known at the moment, and I would advise you to consider other solutions, for example, Keycloak.
15/04/2020: A new Spring Authorization Server is announced.
It is a community-driven project led by the Spring Security team and is focused on delivering Authorization Server support to the Spring community.
07/05/2020: End-of-Life for Spring Security OAuth have been clarified.
To that end, the plan is to provide patch and security fixes for the 2.4.x and 2.5.x line until May 2021. Additionally, security fixes will be supported for the 2.5.x line until May 2022, at which point the project will have reached end-of-life. The same end-of-life timeline applies to the Spring Boot 2 auto-configuration project.
151
To work with AuthorizationServer (and AuthorizationServerConfigurerAdapter as well) in Spring Boot application you can use Spring Security OAuth Boot 2 Autoconfig. Despite it's in maintenance mode, it's updated actively (as of January 2020), its fresh version is 2.2.3 which is correspondent to Spring Boot version 2.2.3. Its reference guide says that:
Note that you need to specify the version for spring-security-oauth2-autoconfigure, since it is not managed by Spring Boot any longer, though it should match Boot’s version anyway
I used it in my demo project and everything seems OK. So, to work with OAuth2, JWT tokens, Authorization and Resource servers, all you need is to add it to your project:
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.2.3.RELEASE</version>
</dependency>
My demo project.
UPDATE
Starting with version 2.3.0 the Spring Security OAuth Boot 2 Autoconfig (which have spring-security-oauth2:2.4.1 under the hood) is also deprecated.
But according to End-of-Life for Spring Security OAuth post in Spring Blog:
...the plan is to provide patch and security fixes for the 2.4.x and 2.5.x [spring-security-oauth2] line until May 2021. Additionally, security fixes will be supported for the 2.5.x line until May 2022, at which point the project will have reached end-of-life. The same end-of-life timeline applies to the Spring Boot 2 auto-configuration project.
Also a new Spring Authorization Server project was announced.
It is a community-driven project led by the Spring Security team and is focused on delivering Authorization Server support to the Spring community.
In Spring Security OAuth 2.0 Roadmap Update they recommend using Keycloak as an open-source implementation of the authorization server. So I think that the following links will be helpful:
34
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
