zilcuanu
Reputation: 3715
EnableAuthorizationServer is working and is not deprecated
I was following this guide which mentions that the @EnableAuthorizationServer is deprecated. But when I created a project with the following dependencies, I am not getting the deprecated messages. Is there something I am missing here.
Depedencies - Output from mvn dependency:tree
[INFO] --- maven-dependency-plugin:3.1.2:tree (default-cli) @ spring-oauth-server ---
[INFO] com.classpath:spring-oauth-server:jar:0.0.1-SNAPSHOT
[INFO] +- org.springframework.boot:spring-boot-starter-actuator:jar:2.3.7.RELEASE:compile
[INFO] | +- org.springframework.boot:spring-boot-starter:jar:2.3.7.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot:jar:2.3.7.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot-autoconfigure:jar:2.3.7.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot-starter-logging:jar:2.3.7.RELEASE:compile
[INFO] | | | +- ch.qos.logback:logback-classic:jar:1.2.3:compile
[INFO] | | | | \- ch.qos.logback:logback-core:jar:1.2.3:compile
[INFO] | | | +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.13.3:compile
[INFO] | | | | \- org.apache.logging.log4j:log4j-api:jar:2.13.3:compile
[INFO] | | | \- org.slf4j:jul-to-slf4j:jar:1.7.30:compile
[INFO] | | +- jakarta.annotation:jakarta.annotation-api:jar:1.3.5:compile
[INFO] | | \- org.yaml:snakeyaml:jar:1.26:compile
[INFO] | +- org.springframework.boot:spring-boot-actuator-autoconfigure:jar:2.3.7.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot-actuator:jar:2.3.7.RELEASE:compile
[INFO] | | +- com.fasterxml.jackson.core:jackson-databind:jar:2.11.3:compile
[INFO] | | \- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.11.3:compile
[INFO] | \- io.micrometer:micrometer-core:jar:1.5.9:compile
[INFO] | +- org.hdrhistogram:HdrHistogram:jar:2.1.12:compile
[INFO] | \- org.latencyutils:LatencyUtils:jar:2.0.3:runtime
[INFO] +- org.springframework.boot:spring-boot-starter-web:jar:2.3.7.RELEASE:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-json:jar:2.3.7.RELEASE:compile
[INFO] | | +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.11.3:compile
[INFO] | | \- com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.11.3:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-tomcat:jar:2.3.7.RELEASE:compile
[INFO] | | +- org.apache.tomcat.embed:tomcat-embed-core:jar:9.0.41:compile
[INFO] | | +- org.glassfish:jakarta.el:jar:3.0.3:compile
[INFO] | | \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:9.0.41:compile
[INFO] | +- org.springframework:spring-web:jar:5.2.12.RELEASE:compile
[INFO] | | \- org.springframework:spring-beans:jar:5.2.12.RELEASE:compile
[INFO] | \- org.springframework:spring-webmvc:jar:5.2.12.RELEASE:compile
[INFO] | +- org.springframework:spring-aop:jar:5.2.12.RELEASE:compile
[INFO] | +- org.springframework:spring-context:jar:5.2.12.RELEASE:compile
[INFO] | \- org.springframework:spring-expression:jar:5.2.12.RELEASE:compile
[INFO] +- org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:jar:2.2.6.RELEASE:compile
[INFO] | +- org.springframework.cloud:spring-cloud-starter:jar:2.2.6.RELEASE:compile
[INFO] | | +- org.springframework.cloud:spring-cloud-context:jar:2.2.6.RELEASE:compile
[INFO] | | | \- org.springframework.security:spring-security-crypto:jar:5.3.6.RELEASE:compile
[INFO] | | +- org.springframework.cloud:spring-cloud-commons:jar:2.2.6.RELEASE:compile
[INFO] | | \- org.springframework.security:spring-security-rsa:jar:1.0.9.RELEASE:compile
[INFO] | | \- org.bouncycastle:bcpkix-jdk15on:jar:1.64:compile
[INFO] | | \- org.bouncycastle:bcprov-jdk15on:jar:1.64:compile
[INFO] | +- org.springframework.cloud:spring-cloud-netflix-hystrix:jar:2.2.6.RELEASE:compile
[INFO] | | \- org.springframework.boot:spring-boot-starter-aop:jar:2.3.7.RELEASE:compile
[INFO] | | \- org.aspectj:aspectjweaver:jar:1.9.6:compile
[INFO] | +- org.springframework.cloud:spring-cloud-netflix-eureka-client:jar:2.2.6.RELEASE:compile
[INFO] | +- com.netflix.eureka:eureka-client:jar:1.10.7:compile
[INFO] | | +- com.netflix.netflix-commons:netflix-eventbus:jar:0.3.0:compile
[INFO] | | | +- com.netflix.netflix-commons:netflix-infix:jar:0.3.0:runtime
[INFO] | | | | +- commons-jxpath:commons-jxpath:jar:1.3:runtime
[INFO] | | | | +- joda-time:joda-time:jar:2.3:runtime
[INFO] | | | | +- org.antlr:antlr-runtime:jar:3.4:runtime
[INFO] | | | | | +- org.antlr:stringtemplate:jar:3.2.1:runtime
[INFO] | | | | | \- antlr:antlr:jar:2.7.7:runtime
[INFO] | | | | \- com.google.code.gson:gson:jar:2.8.6:runtime
[INFO] | | | \- org.apache.commons:commons-math:jar:2.2:runtime
[INFO] | | +- com.netflix.archaius:archaius-core:jar:0.7.6:compile
[INFO] | | | \- com.google.guava:guava:jar:29.0-jre:compile
[INFO] | | | +- com.google.guava:failureaccess:jar:1.0.1:compile
[INFO] | | | +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
[INFO] | | | +- org.checkerframework:checker-qual:jar:2.11.1:compile
[INFO] | | | +- com.google.errorprone:error_prone_annotations:jar:2.3.4:compile
[INFO] | | | \- com.google.j2objc:j2objc-annotations:jar:1.3:compile
[INFO] | | +- javax.ws.rs:jsr311-api:jar:1.1.1:compile
[INFO] | | +- com.netflix.servo:servo-core:jar:0.12.21:compile
[INFO] | | +- com.sun.jersey:jersey-core:jar:1.19.1:compile
[INFO] | | +- com.sun.jersey:jersey-client:jar:1.19.1:compile
[INFO] | | +- com.sun.jersey.contribs:jersey-apache-client4:jar:1.19.1:compile
[INFO] | | +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile
[INFO] | | | +- org.apache.httpcomponents:httpcore:jar:4.4.14:compile
[INFO] | | | \- commons-codec:commons-codec:jar:1.14:compile
[INFO] | | +- commons-configuration:commons-configuration:jar:1.10:compile
[INFO] | | | \- commons-lang:commons-lang:jar:2.6:compile
[INFO] | | +- com.google.inject:guice:jar:4.1.0:compile
[INFO] | | | +- javax.inject:javax.inject:jar:1:compile
[INFO] | | | \- aopalliance:aopalliance:jar:1.0:compile
[INFO] | | +- com.fasterxml.jackson.core:jackson-annotations:jar:2.11.3:compile
[INFO] | | +- com.fasterxml.jackson.core:jackson-core:jar:2.11.3:compile
[INFO] | | \- org.codehaus.jettison:jettison:jar:1.3.7:runtime
[INFO] | | \- stax:stax-api:jar:1.0.1:runtime
[INFO] | +- com.netflix.eureka:eureka-core:jar:1.10.7:compile
[INFO] | | \- com.fasterxml.woodstox:woodstox-core:jar:5.3.0:compile
[INFO] | | \- org.codehaus.woodstox:stax2-api:jar:4.2:compile
[INFO] | +- org.springframework.cloud:spring-cloud-starter-netflix-archaius:jar:2.2.6.RELEASE:compile
[INFO] | | +- org.springframework.cloud:spring-cloud-netflix-ribbon:jar:2.2.6.RELEASE:compile
[INFO] | | \- org.springframework.cloud:spring-cloud-netflix-archaius:jar:2.2.6.RELEASE:compile
[INFO] | +- org.springframework.cloud:spring-cloud-starter-netflix-ribbon:jar:2.2.6.RELEASE:compile
[INFO] | | +- com.netflix.ribbon:ribbon:jar:2.3.0:compile
[INFO] | | | +- com.netflix.ribbon:ribbon-transport:jar:2.3.0:runtime
[INFO] | | | | +- io.reactivex:rxnetty-contexts:jar:0.4.9:runtime
[INFO] | | | | \- io.reactivex:rxnetty-servo:jar:0.4.9:runtime
[INFO] | | | +- com.netflix.hystrix:hystrix-core:jar:1.5.18:runtime
[INFO] | | | \- io.reactivex:rxnetty:jar:0.4.9:runtime
[INFO] | | +- com.netflix.ribbon:ribbon-core:jar:2.3.0:compile
[INFO] | | +- com.netflix.ribbon:ribbon-httpclient:jar:2.3.0:compile
[INFO] | | | +- commons-collections:commons-collections:jar:3.2.2:runtime
[INFO] | | | \- com.netflix.netflix-commons:netflix-commons-util:jar:0.3.0:runtime
[INFO] | | +- com.netflix.ribbon:ribbon-loadbalancer:jar:2.3.0:compile
[INFO] | | | \- com.netflix.netflix-commons:netflix-statistics:jar:0.1.1:runtime
[INFO] | | \- io.reactivex:rxjava:jar:1.3.8:compile
[INFO] | +- org.springframework.cloud:spring-cloud-starter-loadbalancer:jar:2.2.6.RELEASE:compile
[INFO] | | +- org.springframework.cloud:spring-cloud-loadbalancer:jar:2.2.6.RELEASE:compile
[INFO] | | | +- org.springframework.boot:spring-boot-starter-validation:jar:2.3.7.RELEASE:compile
[INFO] | | | | \- org.hibernate.validator:hibernate-validator:jar:6.1.6.Final:compile
[INFO] | | | | +- jakarta.validation:jakarta.validation-api:jar:2.0.2:compile
[INFO] | | | | +- org.jboss.logging:jboss-logging:jar:3.4.1.Final:compile
[INFO] | | | | \- com.fasterxml:classmate:jar:1.5.1:compile
[INFO] | | | +- io.projectreactor:reactor-core:jar:3.3.12.RELEASE:compile
[INFO] | | | | \- org.reactivestreams:reactive-streams:jar:1.0.3:compile
[INFO] | | | \- io.projectreactor.addons:reactor-extra:jar:3.3.4.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot-starter-cache:jar:2.3.7.RELEASE:compile
[INFO] | | | \- org.springframework:spring-context-support:jar:5.2.12.RELEASE:compile
[INFO] | | \- com.stoyanr:evictor:jar:1.0.0:compile
[INFO] | +- com.netflix.ribbon:ribbon-eureka:jar:2.3.0:compile
[INFO] | | \- org.slf4j:slf4j-api:jar:1.7.30:compile
[INFO] | \- com.thoughtworks.xstream:xstream:jar:1.4.13:compile
[INFO] | +- xmlpull:xmlpull:jar:1.1.3.1:compile
[INFO] | \- xpp3:xpp3_min:jar:1.1.4c:compile
[INFO] +- org.springframework.cloud:spring-cloud-starter-oauth2:jar:2.2.4.RELEASE:compile
[INFO] | \- org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure:jar:2.1.2.RELEASE:compile
[INFO] | +- com.sun.xml.bind:jaxb-core:jar:2.3.0.1:compile
[INFO] | +- com.sun.xml.bind:jaxb-impl:jar:2.3.0.1:compile
[INFO] | +- javax.xml.bind:jaxb-api:jar:2.3.1:compile
[INFO] | | \- javax.activation:javax.activation-api:jar:1.2.0:compile
[INFO] | +- org.springframework.security.oauth:spring-security-oauth2:jar:2.3.4.RELEASE:compile
[INFO] | | +- org.springframework.security:spring-security-core:jar:5.3.6.RELEASE:compile
[INFO] | | +- org.springframework.security:spring-security-config:jar:5.3.6.RELEASE:compile
[INFO] | | +- org.springframework.security:spring-security-web:jar:5.3.6.RELEASE:compile
[INFO] | | \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:compile
[INFO] | | \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:compile
[INFO] | \- org.springframework.security:spring-security-jwt:jar:1.0.9.RELEASE:compile
[INFO] +- org.springframework.cloud:spring-cloud-starter-security:jar:2.2.4.RELEASE:compile
[INFO] | \- org.springframework.cloud:spring-cloud-security:jar:2.2.4.RELEASE:compile
[INFO] | \- org.springframework.boot:spring-boot-starter-security:jar:2.3.7.RELEASE:compile
[INFO] \- org.springframework.boot:spring-boot-starter-test:jar:2.3.7.RELEASE:test
[INFO] +- org.springframework.boot:spring-boot-test:jar:2.3.7.RELEASE:test
[INFO] +- org.springframework.boot:spring-boot-test-autoconfigure:jar:2.3.7.RELEASE:test
[INFO] +- com.jayway.jsonpath:json-path:jar:2.4.0:test
[INFO] | \- net.minidev:json-smart:jar:2.3:test
[INFO] | \- net.minidev:accessors-smart:jar:1.2:test
[INFO] | \- org.ow2.asm:asm:jar:5.0.4:test
[INFO] +- jakarta.xml.bind:jakarta.xml.bind-api:jar:2.3.3:test
[INFO] | \- jakarta.activation:jakarta.activation-api:jar:1.2.2:test
[INFO] +- org.assertj:assertj-core:jar:3.16.1:test
[INFO] +- org.hamcrest:hamcrest:jar:2.2:test
[INFO] +- org.junit.jupiter:junit-jupiter:jar:5.6.3:test
[INFO] | +- org.junit.jupiter:junit-jupiter-api:jar:5.6.3:test
[INFO] | | +- org.apiguardian:apiguardian-api:jar:1.1.0:test
[INFO] | | +- org.opentest4j:opentest4j:jar:1.2.0:test
[INFO] | | \- org.junit.platform:junit-platform-commons:jar:1.6.3:test
[INFO] | +- org.junit.jupiter:junit-jupiter-params:jar:5.6.3:test
[INFO] | \- org.junit.jupiter:junit-jupiter-engine:jar:5.6.3:test
[INFO] | \- org.junit.platform:junit-platform-engine:jar:1.6.3:test
[INFO] +- org.mockito:mockito-core:jar:3.3.3:test
[INFO] | +- net.bytebuddy:byte-buddy:jar:1.10.18:test
[INFO] | +- net.bytebuddy:byte-buddy-agent:jar:1.10.18:test
[INFO] | \- org.objenesis:objenesis:jar:2.6:test
[INFO] +- org.mockito:mockito-junit-jupiter:jar:3.3.3:test
[INFO] +- org.skyscreamer:jsonassert:jar:1.5.0:test
[INFO] | \- com.vaadin.external.google:android-json:jar:0.0.20131108.vaadin1:test
[INFO] +- org.springframework:spring-core:jar:5.2.12.RELEASE:compile
[INFO] | \- org.springframework:spring-jcl:jar:5.2.12.RELEASE:compile
[INFO] +- org.springframework:spring-test:jar:5.2.12.RELEASE:test
[INFO] \- org.xmlunit:xmlunit-core:jar:2.7.0:test
Spring Dependencies
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
...
<properties>
<java.version>1.8</java.version>
<spring-cloud.version>Hoxton.SR9</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
...
</dependencies>
<dependencyManagement>
...
</dependencyManagement>
<build>
<plugins>
...
</plugins>
</build>
</project>
In My Root class
@SpringBootApplication
@EnableResourceServer // this is a protected resource
@EnableAuthorizationServer //acts as a OAuth2 service
public class SpringOauthServerApplication {
public static void main(String[] args) {
SpringApplication.run(SpringOauthServerApplication.class, args);
}
}
I do not see any Deprecated messages.
Upvotes: 1
Views: 8365
Answers (1)
Toerktumlare
Reputation: 14712
Well the correct term is that @EnableAuthorizationServer is in maintenance mode which basically means deprecated. As in there will be no added features or updates.
The story goes basically as follows.
During Spring 4 i believe there was a single person that maintained the oauth2 part of spring security. When Spring security 5 was launched the team at pivotal decided to do a major overhaul of spring security and the oauth2 parts. So what they did was to drop Authorisation server support, and instead focus on the Resource server support at first.
Spring announcement of dropping Authorisation server support
You have pulled in spring-cloud-starter-oauth2 which in turn har a peer dependency on spring-security-oauth2-autoconfigure which in turn pulls in spring-security-oauth2.
Here Spring clearly states that if you wish to use spring-security-oauth2 they will help you out, but it is in maintenance mode.
The choice to not support it was made because an authorization server is like owning a product. Spring doesn't maintain their own database, or own Ldap server etc. There are plenty of auth servers out there that can be used, okta, curity, github, fb, google, etc, etc.
But Spring has actually reevaluated that choice and decided to start a community developed open source authorisation server
So you have 3 choices:
- use the old, that is in maintenance mode
- use a 3rd party vendor, github, fb, google, okta, curity etc.
- try out the new open source authorisation server
Upvotes: 13
Related Questions
- @EnableResourceServer @EnableAuthorizationServer are deprecated?
- Deprecate spring-security-oauth as a client
- Spring Security Version
- Spring security userdetails: org.springframework.security.authentication.DisabledException
- AuthorizationServerConfigurerAdapter is deprecated
- EnableAuthorizationServer 2.4.0 migration
- OAuth2 | ClientCredentialsResourceDetails | deprecated
- Oauth2 doesn't work in Spring Boot
- Spring Oauth2 Authorization Server
- Error 403 after @EnableOAuth2Sso in Spring security