EnableAuthorizationServer 正在运行并且未被弃用

EnableAuthorizationServer is working and is not deprecated

我正在关注这个 guide,其中提到 @EnableAuthorizationServer 已被弃用。但是当我创建一个具有以下依赖项的项目时,我没有收到已弃用的消息。我在这里遗漏了什么吗?

依赖项 - 来自 mvn dependency:tree

的输出
[INFO] --- maven-dependency-plugin:3.1.2:tree (default-cli) @ spring-oauth-server ---
[INFO] com.classpath:spring-oauth-server:jar:0.0.1-SNAPSHOT
[INFO] +- org.springframework.boot:spring-boot-starter-actuator:jar:2.3.7.RELEASE:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter:jar:2.3.7.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot:jar:2.3.7.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot-autoconfigure:jar:2.3.7.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot-starter-logging:jar:2.3.7.RELEASE:compile
[INFO] |  |  |  +- ch.qos.logback:logback-classic:jar:1.2.3:compile
[INFO] |  |  |  |  \- ch.qos.logback:logback-core:jar:1.2.3:compile
[INFO] |  |  |  +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.13.3:compile
[INFO] |  |  |  |  \- org.apache.logging.log4j:log4j-api:jar:2.13.3:compile
[INFO] |  |  |  \- org.slf4j:jul-to-slf4j:jar:1.7.30:compile
[INFO] |  |  +- jakarta.annotation:jakarta.annotation-api:jar:1.3.5:compile
[INFO] |  |  \- org.yaml:snakeyaml:jar:1.26:compile
[INFO] |  +- org.springframework.boot:spring-boot-actuator-autoconfigure:jar:2.3.7.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot-actuator:jar:2.3.7.RELEASE:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.11.3:compile
[INFO] |  |  \- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.11.3:compile
[INFO] |  \- io.micrometer:micrometer-core:jar:1.5.9:compile
[INFO] |     +- org.hdrhistogram:HdrHistogram:jar:2.1.12:compile
[INFO] |     \- org.latencyutils:LatencyUtils:jar:2.0.3:runtime
[INFO] +- org.springframework.boot:spring-boot-starter-web:jar:2.3.7.RELEASE:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter-json:jar:2.3.7.RELEASE:compile
[INFO] |  |  +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.11.3:compile
[INFO] |  |  \- com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.11.3:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter-tomcat:jar:2.3.7.RELEASE:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-core:jar:9.0.41:compile
[INFO] |  |  +- org.glassfish:jakarta.el:jar:3.0.3:compile
[INFO] |  |  \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:9.0.41:compile
[INFO] |  +- org.springframework:spring-web:jar:5.2.12.RELEASE:compile
[INFO] |  |  \- org.springframework:spring-beans:jar:5.2.12.RELEASE:compile
[INFO] |  \- org.springframework:spring-webmvc:jar:5.2.12.RELEASE:compile
[INFO] |     +- org.springframework:spring-aop:jar:5.2.12.RELEASE:compile
[INFO] |     +- org.springframework:spring-context:jar:5.2.12.RELEASE:compile
[INFO] |     \- org.springframework:spring-expression:jar:5.2.12.RELEASE:compile
[INFO] +- org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:jar:2.2.6.RELEASE:compile
[INFO] |  +- org.springframework.cloud:spring-cloud-starter:jar:2.2.6.RELEASE:compile
[INFO] |  |  +- org.springframework.cloud:spring-cloud-context:jar:2.2.6.RELEASE:compile
[INFO] |  |  |  \- org.springframework.security:spring-security-crypto:jar:5.3.6.RELEASE:compile
[INFO] |  |  +- org.springframework.cloud:spring-cloud-commons:jar:2.2.6.RELEASE:compile
[INFO] |  |  \- org.springframework.security:spring-security-rsa:jar:1.0.9.RELEASE:compile
[INFO] |  |     \- org.bouncycastle:bcpkix-jdk15on:jar:1.64:compile
[INFO] |  |        \- org.bouncycastle:bcprov-jdk15on:jar:1.64:compile
[INFO] |  +- org.springframework.cloud:spring-cloud-netflix-hystrix:jar:2.2.6.RELEASE:compile
[INFO] |  |  \- org.springframework.boot:spring-boot-starter-aop:jar:2.3.7.RELEASE:compile
[INFO] |  |     \- org.aspectj:aspectjweaver:jar:1.9.6:compile
[INFO] |  +- org.springframework.cloud:spring-cloud-netflix-eureka-client:jar:2.2.6.RELEASE:compile
[INFO] |  +- com.netflix.eureka:eureka-client:jar:1.10.7:compile
[INFO] |  |  +- com.netflix.netflix-commons:netflix-eventbus:jar:0.3.0:compile
[INFO] |  |  |  +- com.netflix.netflix-commons:netflix-infix:jar:0.3.0:runtime
[INFO] |  |  |  |  +- commons-jxpath:commons-jxpath:jar:1.3:runtime
[INFO] |  |  |  |  +- joda-time:joda-time:jar:2.3:runtime
[INFO] |  |  |  |  +- org.antlr:antlr-runtime:jar:3.4:runtime
[INFO] |  |  |  |  |  +- org.antlr:stringtemplate:jar:3.2.1:runtime
[INFO] |  |  |  |  |  \- antlr:antlr:jar:2.7.7:runtime
[INFO] |  |  |  |  \- com.google.code.gson:gson:jar:2.8.6:runtime
[INFO] |  |  |  \- org.apache.commons:commons-math:jar:2.2:runtime
[INFO] |  |  +- com.netflix.archaius:archaius-core:jar:0.7.6:compile
[INFO] |  |  |  \- com.google.guava:guava:jar:29.0-jre:compile
[INFO] |  |  |     +- com.google.guava:failureaccess:jar:1.0.1:compile
[INFO] |  |  |     +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
[INFO] |  |  |     +- org.checkerframework:checker-qual:jar:2.11.1:compile
[INFO] |  |  |     +- com.google.errorprone:error_prone_annotations:jar:2.3.4:compile
[INFO] |  |  |     \- com.google.j2objc:j2objc-annotations:jar:1.3:compile
[INFO] |  |  +- javax.ws.rs:jsr311-api:jar:1.1.1:compile
[INFO] |  |  +- com.netflix.servo:servo-core:jar:0.12.21:compile
[INFO] |  |  +- com.sun.jersey:jersey-core:jar:1.19.1:compile
[INFO] |  |  +- com.sun.jersey:jersey-client:jar:1.19.1:compile
[INFO] |  |  +- com.sun.jersey.contribs:jersey-apache-client4:jar:1.19.1:compile
[INFO] |  |  +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile
[INFO] |  |  |  +- org.apache.httpcomponents:httpcore:jar:4.4.14:compile
[INFO] |  |  |  \- commons-codec:commons-codec:jar:1.14:compile
[INFO] |  |  +- commons-configuration:commons-configuration:jar:1.10:compile
[INFO] |  |  |  \- commons-lang:commons-lang:jar:2.6:compile
[INFO] |  |  +- com.google.inject:guice:jar:4.1.0:compile
[INFO] |  |  |  +- javax.inject:javax.inject:jar:1:compile
[INFO] |  |  |  \- aopalliance:aopalliance:jar:1.0:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.11.3:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-core:jar:2.11.3:compile
[INFO] |  |  \- org.codehaus.jettison:jettison:jar:1.3.7:runtime
[INFO] |  |     \- stax:stax-api:jar:1.0.1:runtime
[INFO] |  +- com.netflix.eureka:eureka-core:jar:1.10.7:compile
[INFO] |  |  \- com.fasterxml.woodstox:woodstox-core:jar:5.3.0:compile
[INFO] |  |     \- org.codehaus.woodstox:stax2-api:jar:4.2:compile
[INFO] |  +- org.springframework.cloud:spring-cloud-starter-netflix-archaius:jar:2.2.6.RELEASE:compile
[INFO] |  |  +- org.springframework.cloud:spring-cloud-netflix-ribbon:jar:2.2.6.RELEASE:compile
[INFO] |  |  \- org.springframework.cloud:spring-cloud-netflix-archaius:jar:2.2.6.RELEASE:compile
[INFO] |  +- org.springframework.cloud:spring-cloud-starter-netflix-ribbon:jar:2.2.6.RELEASE:compile
[INFO] |  |  +- com.netflix.ribbon:ribbon:jar:2.3.0:compile
[INFO] |  |  |  +- com.netflix.ribbon:ribbon-transport:jar:2.3.0:runtime
[INFO] |  |  |  |  +- io.reactivex:rxnetty-contexts:jar:0.4.9:runtime
[INFO] |  |  |  |  \- io.reactivex:rxnetty-servo:jar:0.4.9:runtime
[INFO] |  |  |  +- com.netflix.hystrix:hystrix-core:jar:1.5.18:runtime
[INFO] |  |  |  \- io.reactivex:rxnetty:jar:0.4.9:runtime
[INFO] |  |  +- com.netflix.ribbon:ribbon-core:jar:2.3.0:compile
[INFO] |  |  +- com.netflix.ribbon:ribbon-httpclient:jar:2.3.0:compile
[INFO] |  |  |  +- commons-collections:commons-collections:jar:3.2.2:runtime
[INFO] |  |  |  \- com.netflix.netflix-commons:netflix-commons-util:jar:0.3.0:runtime
[INFO] |  |  +- com.netflix.ribbon:ribbon-loadbalancer:jar:2.3.0:compile
[INFO] |  |  |  \- com.netflix.netflix-commons:netflix-statistics:jar:0.1.1:runtime
[INFO] |  |  \- io.reactivex:rxjava:jar:1.3.8:compile
[INFO] |  +- org.springframework.cloud:spring-cloud-starter-loadbalancer:jar:2.2.6.RELEASE:compile
[INFO] |  |  +- org.springframework.cloud:spring-cloud-loadbalancer:jar:2.2.6.RELEASE:compile
[INFO] |  |  |  +- org.springframework.boot:spring-boot-starter-validation:jar:2.3.7.RELEASE:compile
[INFO] |  |  |  |  \- org.hibernate.validator:hibernate-validator:jar:6.1.6.Final:compile
[INFO] |  |  |  |     +- jakarta.validation:jakarta.validation-api:jar:2.0.2:compile
[INFO] |  |  |  |     +- org.jboss.logging:jboss-logging:jar:3.4.1.Final:compile
[INFO] |  |  |  |     \- com.fasterxml:classmate:jar:1.5.1:compile
[INFO] |  |  |  +- io.projectreactor:reactor-core:jar:3.3.12.RELEASE:compile
[INFO] |  |  |  |  \- org.reactivestreams:reactive-streams:jar:1.0.3:compile
[INFO] |  |  |  \- io.projectreactor.addons:reactor-extra:jar:3.3.4.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot-starter-cache:jar:2.3.7.RELEASE:compile
[INFO] |  |  |  \- org.springframework:spring-context-support:jar:5.2.12.RELEASE:compile
[INFO] |  |  \- com.stoyanr:evictor:jar:1.0.0:compile
[INFO] |  +- com.netflix.ribbon:ribbon-eureka:jar:2.3.0:compile
[INFO] |  |  \- org.slf4j:slf4j-api:jar:1.7.30:compile
[INFO] |  \- com.thoughtworks.xstream:xstream:jar:1.4.13:compile
[INFO] |     +- xmlpull:xmlpull:jar:1.1.3.1:compile
[INFO] |     \- xpp3:xpp3_min:jar:1.1.4c:compile
[INFO] +- org.springframework.cloud:spring-cloud-starter-oauth2:jar:2.2.4.RELEASE:compile
[INFO] |  \- org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure:jar:2.1.2.RELEASE:compile
[INFO] |     +- com.sun.xml.bind:jaxb-core:jar:2.3.0.1:compile
[INFO] |     +- com.sun.xml.bind:jaxb-impl:jar:2.3.0.1:compile
[INFO] |     +- javax.xml.bind:jaxb-api:jar:2.3.1:compile
[INFO] |     |  \- javax.activation:javax.activation-api:jar:1.2.0:compile
[INFO] |     +- org.springframework.security.oauth:spring-security-oauth2:jar:2.3.4.RELEASE:compile
[INFO] |     |  +- org.springframework.security:spring-security-core:jar:5.3.6.RELEASE:compile
[INFO] |     |  +- org.springframework.security:spring-security-config:jar:5.3.6.RELEASE:compile
[INFO] |     |  +- org.springframework.security:spring-security-web:jar:5.3.6.RELEASE:compile
[INFO] |     |  \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:compile
[INFO] |     |     \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:compile
[INFO] |     \- org.springframework.security:spring-security-jwt:jar:1.0.9.RELEASE:compile
[INFO] +- org.springframework.cloud:spring-cloud-starter-security:jar:2.2.4.RELEASE:compile
[INFO] |  \- org.springframework.cloud:spring-cloud-security:jar:2.2.4.RELEASE:compile
[INFO] |     \- org.springframework.boot:spring-boot-starter-security:jar:2.3.7.RELEASE:compile
[INFO] \- org.springframework.boot:spring-boot-starter-test:jar:2.3.7.RELEASE:test
[INFO]    +- org.springframework.boot:spring-boot-test:jar:2.3.7.RELEASE:test
[INFO]    +- org.springframework.boot:spring-boot-test-autoconfigure:jar:2.3.7.RELEASE:test
[INFO]    +- com.jayway.jsonpath:json-path:jar:2.4.0:test
[INFO]    |  \- net.minidev:json-smart:jar:2.3:test
[INFO]    |     \- net.minidev:accessors-smart:jar:1.2:test
[INFO]    |        \- org.ow2.asm:asm:jar:5.0.4:test
[INFO]    +- jakarta.xml.bind:jakarta.xml.bind-api:jar:2.3.3:test
[INFO]    |  \- jakarta.activation:jakarta.activation-api:jar:1.2.2:test
[INFO]    +- org.assertj:assertj-core:jar:3.16.1:test
[INFO]    +- org.hamcrest:hamcrest:jar:2.2:test
[INFO]    +- org.junit.jupiter:junit-jupiter:jar:5.6.3:test
[INFO]    |  +- org.junit.jupiter:junit-jupiter-api:jar:5.6.3:test
[INFO]    |  |  +- org.apiguardian:apiguardian-api:jar:1.1.0:test
[INFO]    |  |  +- org.opentest4j:opentest4j:jar:1.2.0:test
[INFO]    |  |  \- org.junit.platform:junit-platform-commons:jar:1.6.3:test
[INFO]    |  +- org.junit.jupiter:junit-jupiter-params:jar:5.6.3:test
[INFO]    |  \- org.junit.jupiter:junit-jupiter-engine:jar:5.6.3:test
[INFO]    |     \- org.junit.platform:junit-platform-engine:jar:1.6.3:test
[INFO]    +- org.mockito:mockito-core:jar:3.3.3:test
[INFO]    |  +- net.bytebuddy:byte-buddy:jar:1.10.18:test
[INFO]    |  +- net.bytebuddy:byte-buddy-agent:jar:1.10.18:test
[INFO]    |  \- org.objenesis:objenesis:jar:2.6:test
[INFO]    +- org.mockito:mockito-junit-jupiter:jar:3.3.3:test
[INFO]    +- org.skyscreamer:jsonassert:jar:1.5.0:test
[INFO]    |  \- com.vaadin.external.google:android-json:jar:0.0.20131108.vaadin1:test
[INFO]    +- org.springframework:spring-core:jar:5.2.12.RELEASE:compile
[INFO]    |  \- org.springframework:spring-jcl:jar:5.2.12.RELEASE:compile
[INFO]    +- org.springframework:spring-test:jar:5.2.12.RELEASE:test
[INFO]    \- org.xmlunit:xmlunit-core:jar:2.7.0:test

Spring 依赖关系

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    ...
    <properties>
        <java.version>1.8</java.version>
        <spring-cloud.version>Hoxton.SR9</spring-cloud.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-oauth2</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-security</artifactId>
        </dependency>
      ...
    </dependencies>

    <dependencyManagement>
      ...
    </dependencyManagement>

    <build>
        <plugins>
             ...
        </plugins>
    </build>

</project>

我根class

@SpringBootApplication
@EnableResourceServer   // this is a protected resource
@EnableAuthorizationServer  //acts as a OAuth2 service
public class SpringOauthServerApplication {

    public static void main(String[] args) {
        SpringApplication.run(SpringOauthServerApplication.class, args);
    }

}

我没有看到任何已弃用的消息。

正确的说法是 @EnableAuthorizationServermaintenance mode 中,这基本上意味着已弃用。因为不会添加任何功能或更新。

故事大致如下。

在 Spring 4 期间,我相信只有一个人在维护 spring 安全性的 oauth2 部分。当 Spring security 5 发布时,pivotal 团队决定对 spring security 和 oauth2 部分进行重大改革。所以他们所做的就是放弃授权服务器支持,而是首先专注于资源服务器支持。

Spring announcement of dropping Authorisation server support

您引入了 spring-cloud-starter-oauth2,这反过来又对 spring-security-oauth2-autoconfigure 产生了对等依赖,而 spring-security-oauth2-autoconfigure 又引入了 spring-security-oauth2

Here Spring 明确表示,如果您想使用 spring-security-oauth2 他们会帮助您,但它处于维护模式。

之所以选择不支持它,是因为授权服务器就像拥有一个产品。 Spring 不维护自己的数据库,或自己的 Ldap 服务器等。有很多可以使用的身份验证服务器,okta,curity,github,fb,google,等等等等

但是 Spring 实际上重新评估了这个选择并决定开始开发一个社区 open source authorisation server

所以你有 3 个选择:

  • 使用旧的,即处于维护模式
  • 使用第 3 方供应商,github、fb、google、okta、curity 等
  • 试用新的开源授权服务器