Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-30 00:32:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Document deprecations in oauth2 modules

Browse Source 
* oauth2-client
* oauth2-resource-server

Issue gh-12022
This commit is contained in:
Steve Riesenberg 2022-11-10 16:02:33 -06:00
parent 9bc38ed318
commit 754fe7f457
No known key found for this signature in database
GPG Key ID: 5F311AB48A55D521
1 changed files with 155 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

155
docs/modules/ROOT/pages/migration.adoc
View File

@ -3972,6 +3972,136 @@ fun passwordEncoder(): PasswordEncoder {
---- ----
==== ====
=== Deprecations in OAuth2 Client
In Spring Security 6, deprecated classes and methods were removed from xref:servlet/oauth2/client/index.adoc[OAuth2 Client].
Each deprecation is listed below, along with a direct replacement.
==== `ServletOAuth2AuthorizedClientExchangeFilterFunction`
The method `setAccessTokenExpiresSkew(...)` can be replaced with one of:
* `ClientCredentialsOAuth2AuthorizedClientProvider#setClockSkew(...)`
* `RefreshTokenOAuth2AuthorizedClientProvider#setClockSkew(...)`
* `JwtBearerOAuth2AuthorizedClientProvider#setClockSkew(...)`
The method `setClientCredentialsTokenResponseClient(...)` can be replaced with the constructor `ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)`.
[NOTE]
====
See xref:servlet/oauth2/client/authorization-grants.adoc#oauth2Client-client-creds-grant[Client Credentials] for more information.
====
==== `OidcUserInfo`
The method `phoneNumberVerified(String)` can be replaced with `phoneNumberVerified(Boolean)`.
==== `OAuth2AuthorizedClientArgumentResolver`
The method `setClientCredentialsTokenResponseClient(...)` can be replaced with the constructor `OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager)`.
[NOTE]
====
See xref:servlet/oauth2/client/authorization-grants.adoc#oauth2Client-client-creds-grant[Client Credentials] for more information.
====
==== `ClaimAccessor`
The method `containsClaim(...)` can be replaced with `hasClaim(...)`.
==== `OidcClientInitiatedLogoutSuccessHandler`
The method `setPostLogoutRedirectUri(URI)` can be replaced with `setPostLogoutRedirectUri(String)`.
==== `HttpSessionOAuth2AuthorizationRequestRepository`
The method `setAllowMultipleAuthorizationRequests(...)` has no direct replacement.
==== `AuthorizationRequestRepository`
The method `removeAuthorizationRequest(HttpServletRequest)` can be replaced with `removeAuthorizationRequest(HttpServletRequest, HttpServletResponse)`.
==== `ClientRegistration`
The method `getRedirectUriTemplate()` can be replaced with `getRedirectUri()`.
==== `ClientRegistration.Builder`
The method `redirectUriTemplate(...)` can be replaced with `redirectUri(...)`.
==== `AbstractOAuth2AuthorizationGrantRequest`
The constructor `AbstractOAuth2AuthorizationGrantRequest(AuthorizationGrantType)` can be replaced with `AbstractOAuth2AuthorizationGrantRequest(AuthorizationGrantType, ClientRegistration)`.
==== `ClientAuthenticationMethod`
The static field `BASIC` can be replaced with `CLIENT_SECRET_BASIC`.
The static field `POST` can be replaced with `CLIENT_SECRET_POST`.
==== `OAuth2AccessTokenResponseHttpMessageConverter`
The field `tokenResponseConverter` has no direct replacement.
The method `setTokenResponseConverter(...)` can be replaced with `setAccessTokenResponseConverter(...)`.
The field `tokenResponseParametersConverter` has no direct replacement.
The method `setTokenResponseParametersConverter(...)` can be replaced with `setAccessTokenResponseParametersConverter(...)`.
==== `NimbusAuthorizationCodeTokenResponseClient`
The class `NimbusAuthorizationCodeTokenResponseClient` can be replaced with `DefaultAuthorizationCodeTokenResponseClient`.
==== `NimbusJwtDecoderJwkSupport`
The class `NimbusJwtDecoderJwkSupport` can be replaced with `NimbusJwtDecoder` or `JwtDecoders`.
==== `ImplicitGrantConfigurer`
The class `ImplicitGrantConfigurer` has no direct replacement.
[WARNING]
====
Use of the `implicit` grant type is not recommended and all related support is removed in Spring Security 6.
====
==== `AuthorizationGrantType`
The static field `IMPLICIT` has no direct replacement.
[WARNING]
====
Use of the `implicit` grant type is not recommended and all related support is removed in Spring Security 6.
====
==== `OAuth2AuthorizationResponseType`
The static field `TOKEN` has no direct replacement.
[WARNING]
====
Use of the `implicit` grant type is not recommended and all related support is removed in Spring Security 6.
====
==== `OAuth2AuthorizationRequest`
The static method `implicit()` has no direct replacement.
[WARNING]
====
Use of the `implicit` grant type is not recommended and all related support is removed in Spring Security 6.
====
=== Deprecations in OAuth2 Resource Server
In Spring Security 6, deprecated classes and methods were removed from xref:servlet/oauth2/resource-server/index.adoc[OAuth2 Resource Server].
Each deprecation is listed below, along with a direct replacement.
==== `JwtAuthenticationConverter`
The method `extractAuthorities(...)` can be replaced with `JwtGrantedAuthoritiesConverter#convert(...)`.
== Reactive == Reactive
=== Use `AuthorizationManager` for Method Security === Use `AuthorizationManager` for Method Security
@ -4142,3 +4272,28 @@ http {
==== Opt-out Steps ==== Opt-out Steps
To opt-out of the 6.0 defaults and instead continue to pass `AuthenticationServiceException` on to ``ServerAuthenticationEntryPoint``s, you can follow the same steps as above, except set `rethrowAuthenticationServiceException` to false. To opt-out of the 6.0 defaults and instead continue to pass `AuthenticationServiceException` on to ``ServerAuthenticationEntryPoint``s, you can follow the same steps as above, except set `rethrowAuthenticationServiceException` to false.
=== Deprecations in OAuth2 Client
==== `ServerOAuth2AuthorizedClientExchangeFilterFunction`
The method `setAccessTokenExpiresSkew(...)` can be replaced with one of:
* `ClientCredentialsReactiveOAuth2AuthorizedClientProvider#setClockSkew(...)`
* `RefreshTokenReactiveOAuth2AuthorizedClientProvider#setClockSkew(...)`
* `JwtBearerReactiveOAuth2AuthorizedClientProvider#setClockSkew(...)`
The method `setClientCredentialsTokenResponseClient(...)` can be replaced with the constructor `ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)`.
[NOTE]
====
See xref:reactive/oauth2/client/authorization-grants.adoc#oauth2Client-client-creds-grant[Client Credentials] for more information.
====
==== `WebSessionOAuth2ServerAuthorizationRequestRepository`
The method `setAllowMultipleAuthorizationRequests(...)` has no direct replacement.
==== `UnAuthenticatedServerOAuth2AuthorizedClientRepository`
The class `UnAuthenticatedServerOAuth2AuthorizedClientRepository` has no direct replacement. Usage of the class can be replaced with `AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager`.