Closed santoshkashyap closed 4 years ago
Hi @santoshkashyap
yes, in case you like to get rid of the deprecated sping-security-oauth2 lib and you have implemented a spring-boot application, this might fit best.
Please have also a look at this migration guide: https://github.com/SAP/cloud-security-xsuaa-integration/blob/master/spring-xsuaa/Migration_JavaContainerSecurityProjects.md
Best regards, Nena
Hi @nenaraab , Thank you for quick response. The link to migration guide is exactly what I was looking for 👍 However, I have a follow-up question
We currently use sap_java_buildpack in SCP (cloud foundry). For sap_java_buildpack, the note in the migration guide above links to a different migration guide for sap_build_pack - https://github.com/SAP/cloud-security-xsuaa-integration#token-validation-for-java-web-applications-using-sap-java-buildpack and the sample https://github.com/SAP/cloud-security-xsuaa-integration/blob/master/samples/sap-java-buildpack-api-usage. But, this is a Java servlet app.
For Spring boot application, can we still use the latest xsuaa-spring-boot-starter to check for scopes in SCP CF(application-to-application authorization) ? Basically our scenario is the following:
Regards, Santosh
Hi @santoshkashyap
The readme here provides an overview about all Java open-source client libraries, that are provided here: https://github.com/SAP/cloud-security-xsuaa-integration/blob/master/README.md
These migration guides supports you to migrate from
Recommended replacement for Spring 5 based and Spring Boot applications is spring-xsuaa.
Please check the Migration Guide.
Recommended replacement for J2EE applications is SAP Java Buildpack (>= version 1.26.1).
Please check the Migration Guide.
Recommended replacement for Java native applications is java-security.
If you like to have a smooth migration experience, and like to stick to the Spring Security OAuth (deprecated) you can follow this Migration Guide.
Best regards, Nena
Hi,
I have a question on maven dependencies for xsuaa. In our Spring boot project, we have the following dependency: `
and
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
@EnableWebSecurity @EnableResourceServer // deprecated public class WebSecurityConfig extends ResourceServerConfigurerAdapter { // ResourceServerConfigurerAdapter is also deprecated // rest of the code `
With this we also get spring-security-oauth2:2.5.0.RELEASE dependency as a transitive. Since, this is deprecated, is it now recommended to use the maven artifact - xsuaa-spring-boot-starter instead of java-container-security as above ? From the nice set of usage samples provided, I think sample fits our Spring boot app (MVC) Thank you
Regards, Santosh