search

jhipster / generator-jhipster

JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures.
https://www.jhipster.tech
Apache License 2.0
21.56k stars 4.02k forks source link

Fix deprecation warnings when selecting OAuth as auth mechanism #23140

Closed deepu105 closed 1 year ago

deepu105 commented 1 year ago

For a default app with Oauth2 authentication there are a lot of deprecation warnings. We need to rewrite security config to use newer methods from Spring security

mraible commented 1 year ago

Are you using a v8 beta? I thought I fixed most deprecation warnings.

deepu105 commented 1 year ago

Main branch. There is one more from the password method used in Oauthconfig

mshima commented 1 year ago

I could not find any deprecation warning. The steps I've used:

jhipster --defaults --auth oauth2
npm run services:up
./mvnw
deepu105 commented 1 year ago

For some reason not all deprecations show up on terminal unless you explicitly add showDeprecations to the maven compiler plugin on pom.xml. but on the IDE they do show up by default. Maybe we should add the configuration to pom.xml by default

On Mon, 14 Aug 2023, 8:09 pm Marcelo Shima, @.***> wrote:

I could not find any deprecation warning. The steps I've used:

jhipster --defaults --auth oauth2 npm run services:up ./mvnw

— Reply to this email directly, view it on GitHub https://github.com/jhipster/generator-jhipster/issues/23140#issuecomment-1677448341, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAIOKF3PWPYPYTTHCOXUFSTXVI2DHANCNFSM6AAAAAA3M4AEHA . You are receiving this because you authored the thread.Message ID: @.***>

mraible commented 1 year ago

@deepu105 Can you provide steps to reproduce so I can create a sample app and see the warnings in IntelliJ?

mshima commented 1 year ago

I've enabled showDeprecations at maven compiler plugin, no deprecation warning is shown.

deepu105 commented 1 year ago

I'm able to reproduce it with main branch. The deprecation shown up in vscode & intellij in the src/main/java/com/mycompany/myapp/config/OAuth2Configuration.java in line 31. 

    /**
     * Configures support for the {@code password} grant.
     * @return the {@link OAuth2AuthorizedClientProviderBuilder}
     * @deprecated The latest OAuth 2.0 Security Best Current Practice disallows the use
     * of the Resource Owner Password Credentials grant. See reference
     * <a target="_blank" href=
     * "https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-19#section-2.4">OAuth
     * 2.0 Security Best Current Practice.</a>
     */
    @Deprecated
    public OAuth2AuthorizedClientProviderBuilder password() {
        this.builders.computeIfAbsent(PasswordOAuth2AuthorizedClientProvider.class, (k) -> new PasswordGrantBuilder());
        return OAuth2AuthorizedClientProviderBuilder.this;
    }

image

If I run mvn clean compile with <showDeprecation>true</showDeprecation> in maven-compiler-plugin I see the below

[INFO] --- compiler:3.11.0:compile (default-compile) @ temptest ---
[INFO] Changes detected - recompiling the module! :source
[INFO] Compiling 59 source files with javac [debug deprecation target 17] to target/classes
[WARNING] unknown enum constant javax.annotation.meta.When.MAYBE
  reason: class file for javax.annotation.meta.When not found
[INFO] Hibernate JPA 2 Static-Metamodel Generator 6.2.5.Final
[WARNING] unknown enum constant javax.annotation.meta.When.MAYBE
  reason: class file for javax.annotation.meta.When not found
[WARNING] unknown enum constant javax.annotation.meta.When.MAYBE
  reason: class file for javax.annotation.meta.When not found
[WARNING] unknown enum constant javax.annotation.meta.When.MAYBE
  reason: class file for javax.annotation.meta.When not found
[WARNING] /home/deepu/Workspace/jhipster/temptest/src/main/java/com/mycompany/myapp/config/LocaleConfiguration.java:[16,29] setCookieName(java.lang.String) in org.springframework.web.servlet.i18n.CookieLocaleResolver has been deprecated
[WARNING] /home/deepu/Workspace/jhipster/temptest/src/main/java/com/mycompany/myapp/config/OAuth2Configuration.java:[31,17] password() in org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder has been deprecated
[INFO] 
[INFO] --- checksum:1.11:files (create-compiled-webapp-checksum) @ temptest ---
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  20.861 s
[INFO] Finished at: 2023-08-15T09:52:40+02:00
[INFO] ------------------------------------------------------------------------

Here is the .yo-rc I have

{
  "generator-jhipster": {
    "applicationType": "monolith",
    "authenticationType": "oauth2",
    "baseName": "temptest",
    "buildTool": "maven",
    "cacheProvider": "ehcache",
    "clientFramework": "angular",
    "clientTheme": "none",
    "creationTimestamp": 1692085601942,
    "databaseType": "sql",
    "devDatabaseType": "h2Disk",
    "devServerPort": 4200,
    "dtoSuffix": "DTO",
    "enableGradleEnterprise": null,
    "enableHibernateCache": true,
    "enableSwaggerCodegen": false,
    "enableTranslation": true,
    "entities": [],
    "entitySuffix": "",
    "gradleEnterpriseHost": null,
    "jhiPrefix": "jhi",
    "jhipsterVersion": "8.0.0-beta.2",
    "languages": ["en", "fr"],
    "messageBroker": false,
    "microfrontend": false,
    "microfrontends": [],
    "nativeLanguage": "en",
    "packageFolder": "com/mycompany/myapp",
    "packageName": "com.mycompany.myapp",
    "pages": [],
    "prodDatabaseType": "postgresql",
    "reactive": false,
    "searchEngine": false,
    "serverPort": null,
    "serverSideOptions": [],
    "serviceDiscoveryType": false,
    "skipCheckLengthOfIdentifier": false,
    "skipClient": false,
    "skipFakeData": false,
    "skipUserManagement": true,
    "testFrameworks": [],
    "websocket": false,
    "withAdminUi": true
  }
}