You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@fineract.apache.org by "Petri Tuomola (Jira)" <ji...@apache.org> on 2021/12/28 03:00:00 UTC

[jira] [Resolved] (FINERACT-1012) Spring Security OAuth 2.x to Spring Security 5.2.x

     [ https://issues.apache.org/jira/browse/FINERACT-1012?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Petri Tuomola resolved FINERACT-1012.
-------------------------------------
    Resolution: Fixed

> Spring Security OAuth 2.x to Spring Security 5.2.x
> --------------------------------------------------
>
>                 Key: FINERACT-1012
>                 URL: https://issues.apache.org/jira/browse/FINERACT-1012
>             Project: Apache Fineract
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 1.4.0
>            Reporter: Michael Vorburger
>            Assignee: Petri Tuomola
>            Priority: Critical
>              Labels: beginner
>             Fix For: 1.6.0
>
>
> The bump of spring-security-oauth2 from 2.3.6.RELEASE to 2.4.1.RELEASE in https://github.com/apache/fineract/pull/863 as part of FINERACT-963 introduced usage of {{@Deprecated}} code, which we are trying to avoid (and which since FINERACT-959 we're intentionally making the build fail).
> I'm going to use a {{@SuppressWarnings("deprecation")}} to be able to do the upgrade anyway, because upgrading a security related library to its latest version seems like a sensible thing to do, but we really should remove the suppression and switch to using Spring's newer APIs.
> https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide
> affects {{UserDetailsApiResource}} and {{TwoFactorAuthenticationFilter.createUpdatedAuthentication()}}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)