logo标签列表

为什么@EnableOAuth2Sso被弃用了?

javaspring-securityoauth-2.0
7
为什么在Spring Security中弃用了@EnableOAuth2Sso? 这是我使用OAuth2的唯一原因。
如果我删除@EnableOAuth2Sso,那么它就不会起作用。
@Configuration
@EnableOAuth2Client
@EnableOAuth2Sso <- Need to have this!
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .csrf().disable()
        .authorizeRequests()
        .antMatchers("/Intranet/Bokning").authenticated()
        .antMatchers("/**", "/Intranet**").permitAll()
        .anyRequest().authenticated()
        .and().logout().logoutSuccessUrl("/").permitAll();
    }

}

还有其他解决方案吗?

2
javadoc 链接到了 这个 Github 页面,那是一个迁移指南。看起来你需要做 这个 - Lino
这可能是一个有用的链接:https://spring.io/guides/tutorials/spring-boot-oauth2/ - Alwaysa Learner
Html = 无聊 :) - euraad
2个回答
5
这是最新的Spring Security与Facebook OAuth2.0的解决方案。
安全:
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Override
    public void configure(HttpSecurity http) throws Exception {

        http
        .csrf().disable()
        .authorizeRequests()
        .antMatchers("/Intranet/Bokning").authenticated() // Block this 
        .antMatchers("/**", "/Intranet**").permitAll() // Allow this for all
        .anyRequest().authenticated()
        .and().logout().logoutSuccessUrl("/").permitAll()
        .and()
        .oauth2Login();
    }
}

还有application.yml文件

spring:
  security:
    oauth2:
      client:
        registration:
           facebook:
              clientId: myID
              clientSecret: mySecret
              accessTokenUri: https://graph.facebook.com/oauth/access_token
              userAuthorizationUri: https://www.facebook.com/dialog/oauth
              tokenName: oauth_token
              authenticationScheme: query
              clientAuthenticationScheme: form
              resource:
                 userInfoUri: https://graph.facebook.com/me

server:
  port: 8080

还有pom.xml文件:

    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-security</artifactId>
    </dependency>

    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-oauth2-client</artifactId>
    </dependency>
4
WebSecurityConfigurerAdapter类现在已经过时。 - Joby Wilson Mathews
4
在Spring Security 5.2.x中,这些注释已经被弃用,我们需要使用DSL方法。
public class SecurityConf extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.oauth2Client(); //equivalent to @EnableOAuth2Client
    http.oauth2Login();  //equivalent to @EnableOAuth2Sso

}

Spring OAuth2 迁移指南 https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide

网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接