Spring-boot: 'org.springframework.security.oauth:spring-security-oauth2' disappeared from 2.0.0 ? Need new example and update documentation.

Created on 19 Mar 2018  路  2Comments  路  Source: spring-projects/spring-boot

I am trying to follow one of first basic ten examples OAuth2 available for search for spring boot release 2.0.0, it is very confusing. Not to mention that 2 times-referenced 'sample' of auth2 is not standalone project so its gradle build file is not useful to me.

All tutorials include following library which is absent for version 2.0.0 mavenCentral?
org.springframework.security.oauth:spring-security-oauth2

https://spring.io/guides/tutorials/spring-boot-oauth2/ lists:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.security.oauth</groupId>
    <artifactId>spring-security-oauth2</artifactId>
</dependency>

I can't resolve oauth with 2.0.0 but can resolve with 1.5.10?

my gradle snippet:

repositories {
    mavenCentral()
}


buildscript {
    ext {
        kotlinVersion = '1.2.30'
        springBootVersion = '2.0.0.RELEASE'
    }
    repositories {
        mavenCentral()
    }
    dependencies {
        classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
        classpath("org.jetbrains.kotlin:kotlin-gradle-plugin:${kotlinVersion}")
        classpath("org.jetbrains.kotlin:kotlin-allopen:${kotlinVersion}")
    }
}


dependencies {
    compile ('org.springframework.boot:spring-boot-starter-security')
    compile('org.springframework.boot:spring-boot-starter-cache')
    compile('org.springframework.boot:spring-boot-starter-thymeleaf')
    compile('org.springframework.boot:spring-boot-starter-web')
    compile('org.springframework.boot:spring-boot-starter-thymeleaf')
    compile('com.fasterxml.jackson.module:jackson-module-kotlin')
    compile("org.jetbrains.kotlin:kotlin-stdlib-jdk8")
    compile("org.jetbrains.kotlin:kotlin-reflect")
    compile ('org.springframework.security.oauth:spring-security-oauth2') // only this one fails...
    runtime('org.springframework.boot:spring-boot-devtools')
    testCompile('org.springframework.boot:spring-boot-starter-test')
}
picture ukimpact

Most helpful comment

Was confused by client and
compile ('org.springframework.security:spring-security-oauth2-client')of 2.0.0

and OAuth2 lib

compile ('org.springframework.security.oauth:spring-security-oauth2') 1.x.x

the later changed to:

compile ('org.springframework.security:spring-security-oauth2-core') for 2.0.0

If you are like myself, lost through old tutorials , to understand what spring team did with OAuth2 better ignore current boot doc and go straight to :

https://docs.spring.io/spring-security/site/docs/5.0.3.RELEASE/reference/htmlsingle

What needs to be improved:

https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-2.0-Release-Notes - does not list this change, oauth2 -> oauth2-core.

Also config has changed to contain registration from 1.x.x to 2.x.x , correct?

  oauth2:
    client:
      clientId: SampleClientId
      clientSecret: secret
      accessTokenUri: http://localhost:8081/auth/oauth/token
      userAuthorizationUri: http://localhost:8081/auth/oauth/authorize
    resource:
      userInfoUri: http://localhost:8081/auth/user/me

https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2login

the problem of such examples is that I have to checkout entire spring security project and waited 10 minutes to resolve all deps to run example. Because it is multimoduled project I need to figure out which dependencies are in use arising such questions like this one.

https://docs.spring.io/spring-boot/docs/2.0.0.RELEASE/reference/htmlsingle/#boot-features-security-oauth2 is not helpful as it is very cutdown version based on that example above, not listing dependencies config.

https://spring.io/guides/tutorials/spring-boot-oauth2/ - is for 1.x.x , tutorial needs to specify SB version, so those like myself who never played with 1.x.x and 2.x.x OAuth2 impls not confuse which is which. Alternatively, SB tutorials never list article publish date. If I saw date, I would have a clue whether is right/wrong example :-)

But fundamentally new example for Spring Boot 2.0.0 for OAuth2 needs to be created with updated documentation. Also for me the diff between client and core still not clear as I never done OAuth2 before and have just general idea. Will play with examples and security docs to figure out.

picture ukimpact on 19 Mar 2018
👍4

All 2 comments

Was confused by client and
compile ('org.springframework.security:spring-security-oauth2-client')of 2.0.0

and OAuth2 lib

compile ('org.springframework.security.oauth:spring-security-oauth2') 1.x.x

the later changed to:

compile ('org.springframework.security:spring-security-oauth2-core') for 2.0.0

If you are like myself, lost through old tutorials , to understand what spring team did with OAuth2 better ignore current boot doc and go straight to :

https://docs.spring.io/spring-security/site/docs/5.0.3.RELEASE/reference/htmlsingle

What needs to be improved:

https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-2.0-Release-Notes - does not list this change, oauth2 -> oauth2-core.

Also config has changed to contain registration from 1.x.x to 2.x.x , correct?

  oauth2:
    client:
      clientId: SampleClientId
      clientSecret: secret
      accessTokenUri: http://localhost:8081/auth/oauth/token
      userAuthorizationUri: http://localhost:8081/auth/oauth/authorize
    resource:
      userInfoUri: http://localhost:8081/auth/user/me

https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2login

the problem of such examples is that I have to checkout entire spring security project and waited 10 minutes to resolve all deps to run example. Because it is multimoduled project I need to figure out which dependencies are in use arising such questions like this one.

https://docs.spring.io/spring-boot/docs/2.0.0.RELEASE/reference/htmlsingle/#boot-features-security-oauth2 is not helpful as it is very cutdown version based on that example above, not listing dependencies config.

https://spring.io/guides/tutorials/spring-boot-oauth2/ - is for 1.x.x , tutorial needs to specify SB version, so those like myself who never played with 1.x.x and 2.x.x OAuth2 impls not confuse which is which. Alternatively, SB tutorials never list article publish date. If I saw date, I would have a clue whether is right/wrong example :-)

But fundamentally new example for Spring Boot 2.0.0 for OAuth2 needs to be created with updated documentation. Also for me the diff between client and core still not clear as I never done OAuth2 before and have just general idea. Will play with examples and security docs to figure out.

ukimpact picture ukimpact on 19 Mar 2018
👍4

I believe this is covered by the relevant section of the Boot 1.5 to 2.0 migration guide and the documentation to which it links. We will also have this addition to the Spring Boot reference documentation in 2.0.1.

wilkinsona picture wilkinsona on 19 Mar 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

hanusto picture hanusto  路  3Comments
snicoll picture snicoll  路  3Comments
developmentMLPN picture developmentMLPN  路  3Comments
ShawnTuatara picture ShawnTuatara  路  3Comments
wilkinsona picture wilkinsona  路  3Comments