I'm migrating a Spring Boot project from boot 1.5.x to 2.0.x.
In the 1.5.x project I see that the following dependency is being used:
dependencies {
...
compile("org.springframework.security:spring-security-jwt")
...
}
The version of the spring-security-jwt is managed by Spring and I can verify that here. Namely:
<spring-security-jwt.version>1.0.9.RELEASE</spring-security-jwt.version>
The same dependency fails to resolve when I move to Boot 2 because it is no longer managed by Spring. I can verify that here...
Is this a bug or it is removed and included in another lib? Somehow I can't find clues in the docs... Shall I manage the version manually now?
The spring-security-jwt (and OAuth as well I guess) are now obsolete. Spring Security 5 added that support to the core library instead of an extension of the framework.
See here for a list of tickets related to the core JWT and OAuth support.
So in short you don't need that dependency anymore, although if you have custom filters and functionality build around that it would require using different classes/packages and features.
Related
Suppose I've created spring boot project with version 2.3.5.RELEASE(Project_1) and other user utility library using spring-boot version 2.3.0.RELEASE(Project_2).
if I Project_2 as dependency in Project_1, will it cause any issues as both project uses different versions of spring-boot?
If the library has a hard dependency on version-specific spring boot functionality, then sure, it will cause an issue. Just like with any dependency.
We are trying upgrade SPringFox2.0 to 3.0 Open API Specification. But when we generate open doc using '' url it is showing version as 2.0. Not sure why the version still pointing to old version.
We are using Springboot application
I followed the below steps to upgrade as per spring fox documentation
[http://springfox.github.io/springfox/docs/current/][1]
"2.1.3. Migrating from existing 2.x version"
Spring Boot Applications
1.Remove library inclusions of earlier releases. Specifically remove springfox-swagger2 and springfox-swagger-ui inclusions.
2.Remove the #EnableSwagger2 annotations
3.Add the springfox-boot-starter
4.Springfox 3.x removes dependencies on guava and other 3rd party libraries (not zero dep yet! depends on spring plugin and open api libraries for annotations and models) so if you used guava predicates/functions those will need to transition to java 8 function interfaces
I followed all the steps above, 'http://localhost:XXXX/api/v1/api-docs?group=API_Version_1' it got generated but version is showing 2.0
{"swagger":"2.0","info":{ ........
And also I modified in SwaggerConfig: DocumentationType.SWAGGER_2 TO DocumentationType.OAS_30 (it is not mentioned documentation, I guess they missed it)
I believe still some thing is missing, Spring Fox documentation is still out of date and poor coverage of 3.0 aspects.
I am wondering any one having same problem?
Try to use /v3/api-docs or /api/v3/api-docs in your case.
That did not work.
As per Spring fox documentation:
"The /v2/api-docs URL is the default that SpringFox uses for documentation. The v2 does not refer to your API's documentation version (which can be changed in the Docket configuration), but the version of the Swagger specification being used..."
springfox.documentation.swagger.v2.path=/my/docs (path of yours)
What is the difference between spring-security-oauth2 and spring-security-oauth2-core in spring?
Is spring-security-oauth2 substituted by spring-security-oauth2-core?
spring-security-oauth2 release link :
http://repo.spring.io/release/org/springframework/security/oauth/spring-security-oauth2/
spring-security-oauth2-core release link
http://repo.spring.io/release/org/springframework/security/spring-security-oauth2-core/
Yes there is a big difference. spring-security-oauth2 (Spring Security OAuth Project) is no longer being actively developed.
Moving forward, it will be implemented in Spring Security 5 (in spring-security-oauth2-core). It's pretty confusing because many tutorials use the previous Spring Security OAuth (#EnableResourceServer, #EnableAuthorizationServer, and #EnableOAuth2Sso annotations usually give it away).
The first link is related to Spring 4 and it's matching Spring Security versions. You can verify this in the pom.xml files.
The second link is related to Spring 5 and Spring Security 5. Not only is this directly apparent from the version you see mentioned in that link but you can find the dependency directly named in the Spring Security 5 documentation.
The difference is described in the spring git repository
https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide
it is the old library: security/oauth/spring-security-oauth2/
As you see, the library is in the 'oauth' group of spring-security.
I don't recommend using the old library as a client because there are many unresolved issues including the issue about the storing of clientContext (the library use proxy instead of the plain entity for that reason you will have issues when you use MA with distributed cache ). Also, it doesn't allow to use several OAuth2.0 providers simultaneously (only one).
At the same time, that library provides a significant advantage, to use Authorization Server that doesn't implement in the new library.
I searched spring on maven, and I find it at this page :http://mvnrepository.com/artifact/org.springframework/spring. The problem is I want to download 4.0 version but there is no 4.0 version in the chart.
Newer version of Spring can be found under group id org.springframework - Spring 4+
There is no reason to include all features of Spring Framework in one .jar. Spring is huge and you will probably won't use every feature of Spring. Including everything will cause unnecessary overhead. Pick what components you need add them to pom.xml and Maven will download them. If you found out later you need additional dependency just add it on the fly...
As an alternative you can use Spring Boot which will generate project for you with default set up. You can generate such a project using Spring Initializr Spring Boot Initializr. At the bottom click Switch to the full version. Pick what you need and hit generate project.
According to you what are the risks of using Spring 4 with the jersey-spring3 integration module?
I have tried to use Spring 4.0 with the jersey spring example and the example still works but i'm unable to identify risks linked to this usage.
I have started using Jersey 2.7 and Spring 4.0.x recently in a project. I have setup a context hierarchy to inject beans, so far, I have discovered only one limitiation but that does not seem relate to Spring 4 but rather to the module itself or the HK2 Spring Bridge.
To give more insight about my use. I have a XJC/JAXB-backed which is consumed by a common service, repository and exposed through JAX-WS, and now hopefully through JAX-RS.
The multi-context stuff works now with #Autowiredwith 2.8-SNAPSHOT. I have applied my changes and the 2.8-SNAPSHOT to 2.7. Here is the diff.
Edit (Michael-O; 2014-10-17): Here is a modified Spring module based off 2.11 with multi-context support.
Not an answer to original question, just related information
This may be a little premature, but the new Major 3.0 version of Jersey will be using Spring 4, in the new jersey-spring4 module. The new Major version will be built with Java 8. Though a new Major version will be released, the 2.x line will still be actively developed to keep support for Java 7
I'll update this post once 3.0 has been release.
For anyone interested, you can see this mailing list to see what the Jersey team has to say about the new 3.x line.
Not sure if you came across any issues but I currently face one. It is described in other thread.
Simply, using jersey-spring3 2.12 and spring 4.1.0.RELEASE in one maven project leads to following class incompatibility:
2014-09-14 01:15:44.175:WARN:oejuc.AbstractLifeCycle:main: FAILED org.eclipse.jetty.server.handler.HandlerCollection#696
db620[org.eclipse.jetty.server.handler.ContextHandlerCollection#27abb6ca[o.e.j.m.p.JettyWebAppContext#737d100a{/,file:/C
:/Users/Josef/Workspace/TransitCenter/src/main/webapp/,STARTING}{file:/C:/Users/Josef/Workspace/TransitCenter/src/main/w
ebapp/}], org.eclipse.jetty.server.handler.DefaultHandler#6968c1d6, org.eclipse.jetty.server.handler.RequestLogHandler#7
d986d83]: java.lang.NoSuchMethodError: org.springframework.beans.factory.support.DefaultListableBeanFactory.getDependenc
yComparator()Ljava/util/Comparator;
java.lang.NoSuchMethodError: org.springframework.beans.factory.support.DefaultListableBeanFactory.getDependencyComparato
r()Ljava/util/Comparator;
at org.springframework.context.annotation.AnnotationConfigUtils.registerAnnotationConfigProcessors(AnnotationCon
figUtils.java:136)