Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 01:02:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Deprecate openID 2.0 support

Browse Source 
This commit puts deprecation notice on docs, sample applications and configurations (java and xml)

Fixes gh-7153
This commit is contained in:
Dávid Kovács 2020-04-25 15:27:47 +02:00
parent f7b33da577
commit 339d44b5a1
18 changed files with 128 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
View File

@ -233,7 +233,9 @@ public final class HttpSecurity extends
* </pre>
*
* @return the {@link OpenIDLoginConfigurer} for further customizations.
*
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
* @throws Exception
* @see OpenIDLoginConfigurer
*/
@ -355,6 +357,9 @@ public final class HttpSecurity extends
*
* @param openidLoginCustomizer the {@link Customizer} to provide more options for
* the {@link OpenIDLoginConfigurer}
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
* @return the {@link HttpSecurity} for further customizations
* @throws Exception
*/

3
config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
View File

@ -118,6 +118,9 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
* </ul>
*
* @author Rob Winch
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
* @since 3.2
*/
public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> extends

56
config/src/main/resources/org/springframework/security/config/spring-security-4.2.xsd
View File

@ -131,7 +131,7 @@
</xs:annotation>
<xs:complexType/>
</xs:element>
<xs:attributeGroup name="password-encoder.attlist">
<xs:attribute name="ref" type="xs:token">
<xs:annotation>
@ -164,7 +164,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="user-property">
<xs:attribute name="user-property" use="required" type="xs:token">
<xs:annotation>
@ -433,7 +433,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="ldap-ap.attlist">
<xs:attribute name="server-ref" type="xs:token">
<xs:annotation>
@ -513,7 +513,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="password-compare.attlist">
<xs:attribute name="password-attribute" type="xs:token">
<xs:annotation>
@ -573,7 +573,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="protect.attlist">
<xs:attribute name="method" use="required" type="xs:token">
<xs:annotation>
@ -817,13 +817,13 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="protect-pointcut.attlist">
<xs:attribute name="expression" use="required" type="xs:string">
<xs:annotation>
@ -1265,7 +1265,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="access-denied-handler.attlist">
<xs:attribute name="ref" type="xs:token">
<xs:annotation>
@ -1290,7 +1290,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="intercept-url.attlist">
<xs:attribute name="pattern" type="xs:token">
<xs:annotation>
@ -1361,7 +1361,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="logout.attlist">
<xs:attribute name="logout-url" type="xs:token">
<xs:annotation>
@ -1408,7 +1408,7 @@
<xs:attributeGroup ref="security:ref"/>
</xs:complexType>
</xs:element>
<xs:attributeGroup name="form-login.attlist">
<xs:attribute name="login-processing-url" type="xs:token">
<xs:annotation>
@ -1496,7 +1496,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:element name="attribute-exchange">
<xs:annotation>
<xs:documentation>Sets up an attribute exchange configuration to request specified attributes from the
@ -1695,7 +1695,7 @@
</xs:simpleType>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="http-basic.attlist">
<xs:attribute name="entry-point-ref" type="xs:token">
<xs:annotation>
@ -1711,7 +1711,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="session-management.attlist">
<xs:attribute name="session-fixation-protection">
<xs:annotation>
@ -1767,7 +1767,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="concurrency-control.attlist">
<xs:attribute name="max-sessions" type="xs:integer">
<xs:annotation>
@ -1814,7 +1814,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="remember-me.attlist">
<xs:attribute name="key" type="xs:token">
<xs:annotation>
@ -1912,7 +1912,7 @@
<xs:attributeGroup name="remember-me-data-source-ref">
<xs:attributeGroup ref="security:data-source-ref"/>
</xs:attributeGroup>
<xs:attributeGroup name="anonymous.attlist">
<xs:attribute name="key" type="xs:token">
<xs:annotation>
@ -1945,8 +1945,8 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="http-port">
<xs:attribute name="http" use="required" type="xs:token">
<xs:annotation>
@ -1963,7 +1963,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="x509.attlist">
<xs:attribute name="subject-principal-regex" type="xs:token">
<xs:annotation>
@ -2160,7 +2160,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="ap.attlist">
<xs:attribute name="ref" type="xs:token">
<xs:annotation>
@ -2212,7 +2212,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="user.attlist">
<xs:attribute name="name" use="required" type="xs:token">
<xs:annotation>
@ -2823,4 +2823,4 @@
<xs:enumeration value="LAST"/>
</xs:restriction>
</xs:simpleType>
</xs:schema>
</xs:schema>

64
config/src/main/resources/org/springframework/security/config/spring-security-5.4.xsd
View File

@ -124,7 +124,7 @@
</xs:annotation>
<xs:complexType/>
</xs:element>
<xs:attributeGroup name="password-encoder.attlist">
<xs:attribute name="ref" type="xs:token">
<xs:annotation>
@ -408,7 +408,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="ldap-ap.attlist">
<xs:attribute name="server-ref" type="xs:token">
<xs:annotation>
@ -488,7 +488,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="password-compare.attlist">
<xs:attribute name="password-attribute" type="xs:token">
<xs:annotation>
@ -541,7 +541,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="protect.attlist">
<xs:attribute name="method" use="required" type="xs:token">
<xs:annotation>
@ -785,13 +785,13 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="protect-pointcut.attlist">
<xs:attribute name="expression" use="required" type="xs:string">
<xs:annotation>
@ -960,7 +960,10 @@
<xs:element ref="security:oauth2-resource-server"/>
<xs:element name="openid-login">
<xs:annotation>
<xs:documentation>Sets up form login for authentication with an Open ID identity
<xs:documentation>Sets up form login for authentication with an Open ID identity.
NOTE: The OpenID 1.0 and 2.0 protocols have been deprecated and users are
<a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
</xs:documentation>
</xs:annotation>
<xs:complexType>
@ -1236,7 +1239,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="access-denied-handler.attlist">
<xs:attribute name="ref" type="xs:token">
<xs:annotation>
@ -1261,7 +1264,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="intercept-url.attlist">
<xs:attribute name="pattern" type="xs:token">
<xs:annotation>
@ -1318,7 +1321,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="logout.attlist">
<xs:attribute name="logout-url" type="xs:token">
<xs:annotation>
@ -1365,7 +1368,7 @@
<xs:attributeGroup ref="security:ref"/>
</xs:complexType>
</xs:element>
<xs:attributeGroup name="form-login.attlist">
<xs:attribute name="login-processing-url" type="xs:token">
<xs:annotation>
@ -1878,7 +1881,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:element name="attribute-exchange">
<xs:annotation>
<xs:documentation>Sets up an attribute exchange configuration to request specified attributes from the
@ -1905,7 +1908,10 @@
</xs:attributeGroup>
<xs:element name="openid-attribute">
<xs:annotation>
<xs:documentation>Attributes used when making an OpenID AX Fetch Request
<xs:documentation>Attributes used when making an OpenID AX Fetch Request.
NOTE: The OpenID 1.0 and 2.0 protocols have been deprecated and users are
<a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
</xs:documentation>
</xs:annotation>
<xs:complexType>
@ -2077,7 +2083,7 @@
</xs:simpleType>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="http-basic.attlist">
<xs:attribute name="entry-point-ref" type="xs:token">
<xs:annotation>
@ -2093,7 +2099,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="session-management.attlist">
<xs:attribute name="session-fixation-protection">
<xs:annotation>
@ -2149,7 +2155,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="concurrency-control.attlist">
<xs:attribute name="max-sessions" type="xs:integer">
<xs:annotation>
@ -2196,7 +2202,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="remember-me.attlist">
<xs:attribute name="key" type="xs:token">
<xs:annotation>
@ -2294,7 +2300,7 @@
<xs:attributeGroup name="remember-me-data-source-ref">
<xs:attributeGroup ref="security:data-source-ref"/>
</xs:attributeGroup>
<xs:attributeGroup name="anonymous.attlist">
<xs:attribute name="key" type="xs:token">
<xs:annotation>
@ -2327,8 +2333,8 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="http-port">
<xs:attribute name="http" use="required" type="xs:token">
<xs:annotation>
@ -2345,7 +2351,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="x509.attlist">
<xs:attribute name="subject-principal-regex" type="xs:token">
<xs:annotation>
@ -2482,7 +2488,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="ap.attlist">
<xs:attribute name="ref" type="xs:token">
<xs:annotation>
@ -2534,7 +2540,7 @@
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="user.attlist">
<xs:attribute name="name" use="required" type="xs:token">
<xs:annotation>
@ -3174,4 +3180,4 @@
<xs:enumeration value="LAST"/>
</xs:restriction>
</xs:simpleType>
</xs:schema>
</xs:schema>

2
docs/articles/src/docbook/codebase-structure.xml
View File

@ -146,7 +146,7 @@
<entry valign="middle">spring-security-openid</entry>
<entry>OpenID web authentication support.</entry>
<entry>If you need to authenticate users against an external OpenID
server.</entry>
server. (Deprecated)</entry>
<entry><literal>org.springframework.security.openid</literal></entry>
</row>
</tbody>

3
docs/manual/src/docs/asciidoc/_includes/about/modules.adoc
View File

@ -102,6 +102,9 @@ The top-level package is `org.springframework.security.cas`.
[[spring-security-openid]]
== OpenID -- `spring-security-openid.jar`
[NOTE]
The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by spring-security-oauth2.
This module contains OpenID web authentication support.
It is used to authenticate users against an external OpenID server.
The top-level package is `org.springframework.security.openid`.

1
docs/manual/src/docs/asciidoc/_includes/servlet/authentication/index.adoc
View File

@ -33,6 +33,7 @@ This also gives a good idea of the high level flow of authentication and how pie
* <<servlet-rememberme, Remember Me>> - How to remember a user past session expiration
* <<servlet-jaas, JAAS Authentication>> - Authenticate with JAAS
* <<servlet-openid,OpenID>> - OpenID Authentication (not to be confused with OpenID Connect)
// FIXME: The one above is deprecated. Should it be removed from here as well?
* <<servlet-preauth>> - Authenticate with an external mechanism such as https://www.siteminder.com/[SiteMinder] or Java EE security but still use Spring Security for authorization and protection against common exploits.
* <<servlet-x509,X509 Authentication>> - X509 Authentication

4
docs/manual/src/docs/asciidoc/_includes/servlet/authentication/openid.adoc
View File

@ -1,5 +1,9 @@
[[servlet-openid]]
== OpenID Support
[NOTE]
The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by spring-security-oauth2.
The namespace supports https://openid.net/[OpenID] login either instead of, or in addition to normal form-based login, with a simple change:
[source,xml]

3
samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
View File

@ -20,6 +20,9 @@ import org.springframework.security.web.context.AbstractSecurityWebApplicationIn
/**
* No customizations of {@link AbstractSecurityWebApplicationInitializer} are necessary.
*
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
* @author Rob Winch
*/
public class MessageSecurityWebApplicationInitializer extends

5
samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
View File

@ -20,6 +20,11 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.samples.security.CustomUserDetailsService;
/**
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
*/
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
// @formatter:off

5
samples/javaconfig/openid/src/main/java/org/springframework/security/samples/mvc/UserController.java
View File

@ -21,6 +21,11 @@ import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
/**
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
*/
@Controller
@RequestMapping("/user/")
public class UserController {

7
samples/javaconfig/openid/src/main/java/org/springframework/security/samples/security/CustomUserDetailsService.java
View File

@ -22,6 +22,11 @@ import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.openid.OpenIDAuthenticationToken;
/**
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
*/
public class CustomUserDetailsService implements
AuthenticationUserDetailsService<OpenIDAuthenticationToken> {
public UserDetails loadUserDetails(OpenIDAuthenticationToken token)
@ -29,4 +34,4 @@ public class CustomUserDetailsService implements
return new User(token.getName(), "",
AuthorityUtils.createAuthorityList("ROLE_USER"));
}
}
}

7
samples/javaconfig/openid/src/main/resources/views/login.html
View File

@ -7,6 +7,11 @@
<body th:include="layout :: body" th:with="content=~{::content}">
<div th:fragment="content">
<form name="f" th:action="@{/login/openid}" method="post" id="openid_form">
<p><strong>
NOTE: The OpenID 1.0 and 2.0 protocols have been deprecated and users are
<a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
</strong></p>
<input type="hidden" name="action" value="verify" />
<fieldset>
<legend>Sign-in or Create New Account</legend>
@ -43,4 +48,4 @@
</script>
</div>
</body>
</html>
</html>

3
samples/xml/openid/src/main/java/org/springframework/security/samples/openid/CustomUserDetails.java
View File

@ -23,6 +23,9 @@ import org.springframework.security.core.userdetails.User;
/**
* Customized {@code UserDetails} implementation.
*
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
* @author Luke Taylor
* @since 3.1
*/

3
samples/xml/openid/src/main/java/org/springframework/security/samples/openid/CustomUserDetailsService.java
View File

@ -32,6 +32,9 @@ import org.springframework.security.openid.OpenIDAuthenticationToken;
* Custom UserDetailsService which accepts any OpenID user, "registering" new users in a
* map so they can be welcomed back to the site on subsequent logins.
*
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
* @author Luke Taylor
* @since 3.1
*/

4
samples/xml/openid/src/main/resources/logback.xml
View File

@ -1,3 +1,7 @@
<!-- NOTE: The OpenID 1.0 and 2.0 protocols have been deprecated and users are
<a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>. -->
<configuration>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>

6
samples/xml/openid/src/main/webapp/index.jsp
View File

@ -6,6 +6,12 @@
<h1>OpenID Sample Home Page</h1>
<p><strong>
NOTE: The OpenID 1.0 and 2.0 protocols have been deprecated and users are
<a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
</strong></p>
<sec:authentication property='principal.newUser' var='isNew' />
<p>
Welcome<c:if test="${!isNew}"> back,</c:if> <sec:authentication property='principal.name' />!

6
samples/xml/openid/src/main/webapp/openidlogin.jsp
View File

@ -29,6 +29,12 @@
<body>
<p><strong>
NOTE: The OpenID 1.0 and 2.0 protocols have been deprecated and users are
<a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
</strong></p>
<c:if test="${not empty param.login_error}">
<font color="red">
Your login attempt was not successful, try again.<br/><br/>