EnableAuthorizationServer正在运行且未弃用
我正在关注本指南,其中提到@EnableAuthorizationServer已弃用。但是当我创建一个具有以下依赖项的项目时,我没有收到不推荐使用的消息。有什么我在这里想念的吗。
依赖项 - 输出来自 mvn dependency:tree
[INFO] --- maven-dependency-plugin:3.1.2:tree (default-cli) @ spring-oauth-server ---
[INFO] com.classpath:spring-oauth-server:jar:0.0.1-SNAPSHOT
[INFO] +- org.springframework.boot:spring-boot-starter-actuator:jar:2.3.7.RELEASE:compile
[INFO] | +- org.springframework.boot:spring-boot-starter:jar:2.3.7.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot:jar:2.3.7.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot-autoconfigure:jar:2.3.7.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot-starter-logging:jar:2.3.7.RELEASE:compile
[INFO] | | | +- ch.qos.logback:logback-classic:jar:1.2.3:compile
[INFO] | | | | - ch.qos.logback:logback-core:jar:1.2.3:compile
[INFO] | | | +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.13.3:compile
[INFO] | | | | - org.apache.logging.log4j:log4j-api:jar:2.13.3:compile
[INFO] | | | - org.slf4j:jul-to-slf4j:jar:1.7.30:compile
[INFO] | | +- jakarta.annotation:jakarta.annotation-api:jar:1.3.5:compile
[INFO] | | - org.yaml:snakeyaml:jar:1.26:compile
[INFO] | +- org.springframework.boot:spring-boot-actuator-autoconfigure:jar:2.3.7.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot-actuator:jar:2.3.7.RELEASE:compile
[INFO] | | +- com.fasterxml.jackson.core:jackson-databind:jar:2.11.3:compile
[INFO] | | - com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.11.3:compile
[INFO] | - io.micrometer:micrometer-core:jar:1.5.9:compile
[INFO] | +- org.hdrhistogram:HdrHistogram:jar:2.1.12:compile
[INFO] | - org.latencyutils:LatencyUtils:jar:2.0.3:runtime
[INFO] +- org.springframework.boot:spring-boot-starter-web:jar:2.3.7.RELEASE:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-json:jar:2.3.7.RELEASE:compile
[INFO] | | +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.11.3:compile
[INFO] | | - com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.11.3:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-tomcat:jar:2.3.7.RELEASE:compile
[INFO] | | +- org.apache.tomcat.embed:tomcat-embed-core:jar:9.0.41:compile
[INFO] | | +- org.glassfish:jakarta.el:jar:3.0.3:compile
[INFO] | | - org.apache.tomcat.embed:tomcat-embed-websocket:jar:9.0.41:compile
[INFO] | +- org.springframework:spring-web:jar:5.2.12.RELEASE:compile
[INFO] | | - org.springframework:spring-beans:jar:5.2.12.RELEASE:compile
[INFO] | - org.springframework:spring-webmvc:jar:5.2.12.RELEASE:compile
[INFO] | +- org.springframework:spring-aop:jar:5.2.12.RELEASE:compile
[INFO] | +- org.springframework:spring-context:jar:5.2.12.RELEASE:compile
[INFO] | - org.springframework:spring-expression:jar:5.2.12.RELEASE:compile
[INFO] +- org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:jar:2.2.6.RELEASE:compile
[INFO] | +- org.springframework.cloud:spring-cloud-starter:jar:2.2.6.RELEASE:compile
[INFO] | | +- org.springframework.cloud:spring-cloud-context:jar:2.2.6.RELEASE:compile
[INFO] | | | - org.springframework.security:spring-security-crypto:jar:5.3.6.RELEASE:compile
[INFO] | | +- org.springframework.cloud:spring-cloud-commons:jar:2.2.6.RELEASE:compile
[INFO] | | - org.springframework.security:spring-security-rsa:jar:1.0.9.RELEASE:compile
[INFO] | | - org.bouncycastle:bcpkix-jdk15on:jar:1.64:compile
[INFO] | | - org.bouncycastle:bcprov-jdk15on:jar:1.64:compile
[INFO] | +- org.springframework.cloud:spring-cloud-netflix-hystrix:jar:2.2.6.RELEASE:compile
[INFO] | | - org.springframework.boot:spring-boot-starter-aop:jar:2.3.7.RELEASE:compile
[INFO] | | - org.aspectj:aspectjweaver:jar:1.9.6:compile
[INFO] | +- org.springframework.cloud:spring-cloud-netflix-eureka-client:jar:2.2.6.RELEASE:compile
[INFO] | +- com.netflix.eureka:eureka-client:jar:1.10.7:compile
[INFO] | | +- com.netflix.netflix-commons:netflix-eventbus:jar:0.3.0:compile
[INFO] | | | +- com.netflix.netflix-commons:netflix-infix:jar:0.3.0:runtime
[INFO] | | | | +- commons-jxpath:commons-jxpath:jar:1.3:runtime
[INFO] | | | | +- joda-time:joda-time:jar:2.3:runtime
[INFO] | | | | +- org.antlr:antlr-runtime:jar:3.4:runtime
[INFO] | | | | | +- org.antlr:stringtemplate:jar:3.2.1:runtime
[INFO] | | | | | - antlr:antlr:jar:2.7.7:runtime
[INFO] | | | | - com.google.code.gson:gson:jar:2.8.6:runtime
[INFO] | | | - org.apache.commons:commons-math:jar:2.2:runtime
[INFO] | | +- com.netflix.archaius:archaius-core:jar:0.7.6:compile
[INFO] | | | - com.google.guava:guava:jar:29.0-jre:compile
[INFO] | | | +- com.google.guava:failureaccess:jar:1.0.1:compile
[INFO] | | | +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
[INFO] | | | +- org.checkerframework:checker-qual:jar:2.11.1:compile
[INFO] | | | +- com.google.errorprone:error_prone_annotations:jar:2.3.4:compile
[INFO] | | | - com.google.j2objc:j2objc-annotations:jar:1.3:compile
[INFO] | | +- javax.ws.rs:jsr311-api:jar:1.1.1:compile
[INFO] | | +- com.netflix.servo:servo-core:jar:0.12.21:compile
[INFO] | | +- com.sun.jersey:jersey-core:jar:1.19.1:compile
[INFO] | | +- com.sun.jersey:jersey-client:jar:1.19.1:compile
[INFO] | | +- com.sun.jersey.contribs:jersey-apache-client4:jar:1.19.1:compile
[INFO] | | +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile
[INFO] | | | +- org.apache.httpcomponents:httpcore:jar:4.4.14:compile
[INFO] | | | - commons-codec:commons-codec:jar:1.14:compile
[INFO] | | +- commons-configuration:commons-configuration:jar:1.10:compile
[INFO] | | | - commons-lang:commons-lang:jar:2.6:compile
[INFO] | | +- com.google.inject:guice:jar:4.1.0:compile
[INFO] | | | +- javax.inject:javax.inject:jar:1:compile
[INFO] | | | - aopalliance:aopalliance:jar:1.0:compile
[INFO] | | +- com.fasterxml.jackson.core:jackson-annotations:jar:2.11.3:compile
[INFO] | | +- com.fasterxml.jackson.core:jackson-core:jar:2.11.3:compile
[INFO] | | - org.codehaus.jettison:jettison:jar:1.3.7:runtime
[INFO] | | - stax:stax-api:jar:1.0.1:runtime
[INFO] | +- com.netflix.eureka:eureka-core:jar:1.10.7:compile
[INFO] | | - com.fasterxml.woodstox:woodstox-core:jar:5.3.0:compile
[INFO] | | - org.codehaus.woodstox:stax2-api:jar:4.2:compile
[INFO] | +- org.springframework.cloud:spring-cloud-starter-netflix-archaius:jar:2.2.6.RELEASE:compile
[INFO] | | +- org.springframework.cloud:spring-cloud-netflix-ribbon:jar:2.2.6.RELEASE:compile
[INFO] | | - org.springframework.cloud:spring-cloud-netflix-archaius:jar:2.2.6.RELEASE:compile
[INFO] | +- org.springframework.cloud:spring-cloud-starter-netflix-ribbon:jar:2.2.6.RELEASE:compile
[INFO] | | +- com.netflix.ribbon:ribbon:jar:2.3.0:compile
[INFO] | | | +- com.netflix.ribbon:ribbon-transport:jar:2.3.0:runtime
[INFO] | | | | +- io.reactivex:rxnetty-contexts:jar:0.4.9:runtime
[INFO] | | | | - io.reactivex:rxnetty-servo:jar:0.4.9:runtime
[INFO] | | | +- com.netflix.hystrix:hystrix-core:jar:1.5.18:runtime
[INFO] | | | - io.reactivex:rxnetty:jar:0.4.9:runtime
[INFO] | | +- com.netflix.ribbon:ribbon-core:jar:2.3.0:compile
[INFO] | | +- com.netflix.ribbon:ribbon-httpclient:jar:2.3.0:compile
[INFO] | | | +- commons-collections:commons-collections:jar:3.2.2:runtime
[INFO] | | | - com.netflix.netflix-commons:netflix-commons-util:jar:0.3.0:runtime
[INFO] | | +- com.netflix.ribbon:ribbon-loadbalancer:jar:2.3.0:compile
[INFO] | | | - com.netflix.netflix-commons:netflix-statistics:jar:0.1.1:runtime
[INFO] | | - io.reactivex:rxjava:jar:1.3.8:compile
[INFO] | +- org.springframework.cloud:spring-cloud-starter-loadbalancer:jar:2.2.6.RELEASE:compile
[INFO] | | +- org.springframework.cloud:spring-cloud-loadbalancer:jar:2.2.6.RELEASE:compile
[INFO] | | | +- org.springframework.boot:spring-boot-starter-validation:jar:2.3.7.RELEASE:compile
[INFO] | | | | - org.hibernate.validator:hibernate-validator:jar:6.1.6.Final:compile
[INFO] | | | | +- jakarta.validation:jakarta.validation-api:jar:2.0.2:compile
[INFO] | | | | +- org.jboss.logging:jboss-logging:jar:3.4.1.Final:compile
[INFO] | | | | - com.fasterxml:classmate:jar:1.5.1:compile
[INFO] | | | +- io.projectreactor:reactor-core:jar:3.3.12.RELEASE:compile
[INFO] | | | | - org.reactivestreams:reactive-streams:jar:1.0.3:compile
[INFO] | | | - io.projectreactor.addons:reactor-extra:jar:3.3.4.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot-starter-cache:jar:2.3.7.RELEASE:compile
[INFO] | | | - org.springframework:spring-context-support:jar:5.2.12.RELEASE:compile
[INFO] | | - com.stoyanr:evictor:jar:1.0.0:compile
[INFO] | +- com.netflix.ribbon:ribbon-eureka:jar:2.3.0:compile
[INFO] | | - org.slf4j:slf4j-api:jar:1.7.30:compile
[INFO] | - com.thoughtworks.xstream:xstream:jar:1.4.13:compile
[INFO] | +- xmlpull:xmlpull:jar:1.1.3.1:compile
[INFO] | - xpp3:xpp3_min:jar:1.1.4c:compile
[INFO] +- org.springframework.cloud:spring-cloud-starter-oauth2:jar:2.2.4.RELEASE:compile
[INFO] | - org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure:jar:2.1.2.RELEASE:compile
[INFO] | +- com.sun.xml.bind:jaxb-core:jar:2.3.0.1:compile
[INFO] | +- com.sun.xml.bind:jaxb-impl:jar:2.3.0.1:compile
[INFO] | +- javax.xml.bind:jaxb-api:jar:2.3.1:compile
[INFO] | | - javax.activation:javax.activation-api:jar:1.2.0:compile
[INFO] | +- org.springframework.security.oauth:spring-security-oauth2:jar:2.3.4.RELEASE:compile
[INFO] | | +- org.springframework.security:spring-security-core:jar:5.3.6.RELEASE:compile
[INFO] | | +- org.springframework.security:spring-security-config:jar:5.3.6.RELEASE:compile
[INFO] | | +- org.springframework.security:spring-security-web:jar:5.3.6.RELEASE:compile
[INFO] | | - org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:compile
[INFO] | | - org.codehaus.jackson:jackson-core-asl:jar:1.9.13:compile
[INFO] | - org.springframework.security:spring-security-jwt:jar:1.0.9.RELEASE:compile
[INFO] +- org.springframework.cloud:spring-cloud-starter-security:jar:2.2.4.RELEASE:compile
[INFO] | - org.springframework.cloud:spring-cloud-security:jar:2.2.4.RELEASE:compile
[INFO] | - org.springframework.boot:spring-boot-starter-security:jar:2.3.7.RELEASE:compile
[INFO] - org.springframework.boot:spring-boot-starter-test:jar:2.3.7.RELEASE:test
[INFO] +- org.springframework.boot:spring-boot-test:jar:2.3.7.RELEASE:test
[INFO] +- org.springframework.boot:spring-boot-test-autoconfigure:jar:2.3.7.RELEASE:test
[INFO] +- com.jayway.jsonpath:json-path:jar:2.4.0:test
[INFO] | - net.minidev:json-smart:jar:2.3:test
[INFO] | - net.minidev:accessors-smart:jar:1.2:test
[INFO] | - org.ow2.asm:asm:jar:5.0.4:test
[INFO] +- jakarta.xml.bind:jakarta.xml.bind-api:jar:2.3.3:test
[INFO] | - jakarta.activation:jakarta.activation-api:jar:1.2.2:test
[INFO] +- org.assertj:assertj-core:jar:3.16.1:test
[INFO] +- org.hamcrest:hamcrest:jar:2.2:test
[INFO] +- org.junit.jupiter:junit-jupiter:jar:5.6.3:test
[INFO] | +- org.junit.jupiter:junit-jupiter-api:jar:5.6.3:test
[INFO] | | +- org.apiguardian:apiguardian-api:jar:1.1.0:test
[INFO] | | +- org.opentest4j:opentest4j:jar:1.2.0:test
[INFO] | | - org.junit.platform:junit-platform-commons:jar:1.6.3:test
[INFO] | +- org.junit.jupiter:junit-jupiter-params:jar:5.6.3:test
[INFO] | - org.junit.jupiter:junit-jupiter-engine:jar:5.6.3:test
[INFO] | - org.junit.platform:junit-platform-engine:jar:1.6.3:test
[INFO] +- org.mockito:mockito-core:jar:3.3.3:test
[INFO] | +- net.bytebuddy:byte-buddy:jar:1.10.18:test
[INFO] | +- net.bytebuddy:byte-buddy-agent:jar:1.10.18:test
[INFO] | - org.objenesis:objenesis:jar:2.6:test
[INFO] +- org.mockito:mockito-junit-jupiter:jar:3.3.3:test
[INFO] +- org.skyscreamer:jsonassert:jar:1.5.0:test
[INFO] | - com.vaadin.external.google:android-json:jar:0.0.20131108.vaadin1:test
[INFO] +- org.springframework:spring-core:jar:5.2.12.RELEASE:compile
[INFO] | - org.springframework:spring-jcl:jar:5.2.12.RELEASE:compile
[INFO] +- org.springframework:spring-test:jar:5.2.12.RELEASE:test
[INFO] - org.xmlunit:xmlunit-core:jar:2.7.0:test
弹簧依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
...
<properties>
<java.version>1.8</java.version>
<spring-cloud.version>Hoxton.SR9</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
...
</dependencies>
<dependencyManagement>
...
</dependencyManagement>
<build>
<plugins>
...
</plugins>
</build>
</project>
在我的根类
@SpringBootApplication
@EnableResourceServer // this is a protected resource
@EnableAuthorizationServer //acts as a OAuth2 service
public class SpringOauthServerApplication {
public static void main(String[] args) {
SpringApplication.run(SpringOauthServerApplication.class, args);
}
}
我没有看到任何已弃用的消息。
回答
那么,正确的说法是,@EnableAuthorizationServer在maintenance mode这基本上意味着过时。因为不会有任何添加的功能或更新。
故事大致如下。
在 Spring 4 期间,我相信只有一个人维护了 spring 安全性的 oauth2 部分。当 Spring security 5 发布时,pivotal 的团队决定对 Spring Security 和 oauth2 部分进行大修。所以他们所做的就是放弃对授权服务器的支持,转而首先关注资源服务器的支持。
Spring 宣布放弃授权服务器支持
您已经拉入spring-cloud-starter-oauth2其中,反过来spring-security-oauth2-autoconfigure又拉入对等依赖关系spring-security-oauth2。
Spring在这里明确指出,如果您想使用spring-security-oauth2它们,它们会帮助您解决问题,但它处于维护模式。
选择不支持它是因为授权服务器就像拥有一个产品。Spring 不维护自己的数据库,也不维护自己的 Ldap 服务器等。 有很多可以使用的身份验证服务器,okta、curity、github、fb、google 等。
但是 Spring 实际上已经重新评估了这个选择,并决定启动一个社区开发的开源授权服务器
所以你有3个选择:
- 使用旧的,即处于维护模式
- 使用第三方供应商、github、fb、google、okta、curity 等。
- 试用新的开源授权服务器