Upgrade to Spring Security 5.2

[sabbyanandan]

@sabbyanandan commented on Mon Aug 05 2019

Now that we have consumable milestones of Spring Security 5.2, let's study what is coming in the upcoming releases, so we can refactor and adapt to it for consistency.

Specifically, look out for whether:

• we can support JWT tokens
• we can switch to a cleaner OAuth/OIDC model
• migration from Spring Security OAuth to Spring Security is complete or not (if not, what is planned in 5.2 vs. 5.3?)
• from the backend service standpoint, can the UAA integration coexist or if it needs an update also
• we need to plan for deprecations

[jvalkeal]

I don't see JWT support happening for this release as it's rather complex topic as setup needs signing cert, etc. We could track it with a separate issue.

As far as I know only thing missing from 5.2 is resource server which we only use it tests(so for that it's ok to use old stuff).