Uploaded image for project: 'Apache Fineract'
  1. Apache Fineract
  2. FINERACT-1012

Spring Security OAuth 2.x to Spring Security 5.2.x

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 1.4.0
    • 1.6.0
    • Security

    Description

      The bump of spring-security-oauth2 from 2.3.6.RELEASE to 2.4.1.RELEASE in https://github.com/apache/fineract/pull/863 as part of FINERACT-963 introduced usage of @Deprecated code, which we are trying to avoid (and which since FINERACT-959 we're intentionally making the build fail).

      I'm going to use a @SuppressWarnings("deprecation") to be able to do the upgrade anyway, because upgrading a security related library to its latest version seems like a sensible thing to do, but we really should remove the suppression and switch to using Spring's newer APIs.

      https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide

      affects UserDetailsApiResource and TwoFactorAuthenticationFilter.createUpdatedAuthentication()

      Attachments

        Issue Links

          Blocked

          New Feature - A new feature of the product, which has yet to be developed. FINERACT-1305 Release Apache Fineract v1.5.0

          • Major - Major loss of function.
          • Resolved
          fixes

          Bug - A problem which impairs or prevents the functions of the product. FINERACT-1033 Fineract OAuth Token Change Bug

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. FINERACT-1282 Health actuator gives 404 when in oauth mode

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. FINERACT-1352 OAuth Bad credentials error

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. FINERACT-1261 support for external Oauth provider

          • Major - Major loss of function.
          • Resolved

          Test - A new unit, integration or system test. FINERACT-1143 Add Test Coverage for OAuth Support

          • Major - Major loss of function.
          • Resolved
          is fixed by

          Bug - A problem which impairs or prevents the functions of the product. FINERACT-1057 Running -Psecurity=oauth leads to memory leak issue

          • Major - Major loss of function.
          • Closed
          is required by

          Improvement - An improvement or enhancement to an existing feature or task. FINERACT-963 Upgrade about 15 of our 3rd-party libraries to their latest versions

          • Major - Major loss of function.
          • Resolved
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. FINERACT-1261 support for external Oauth provider

          • Major - Major loss of function.
          • Resolved
          requires

          Bug - A problem which impairs or prevents the functions of the product. FINERACT-1145 OAuth Support documentation is missing

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. FINERACT-1144 OAuth broken (or is it?)

          • Major - Major loss of function.
          • Closed

          Test - A new unit, integration or system test. FINERACT-1143 Add Test Coverage for OAuth Support

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #946

          Web Link GitHub Pull Request #1111

          Web Link GitHub Pull Request #1258

          Web Link GitHub Pull Request #2003

          Activity

            People

              ptuomola Petri Tuomola
              vorburger Michael Vorburger
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: