diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java index d47727f08c..bda590ade0 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java @@ -233,7 +233,9 @@ public final class HttpSecurity extends * * * @return the {@link OpenIDLoginConfigurer} for further customizations. - * + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @throws Exception * @see OpenIDLoginConfigurer */ @@ -355,6 +357,9 @@ public final class HttpSecurity extends * * @param openidLoginCustomizer the {@link Customizer} to provide more options for * the {@link OpenIDLoginConfigurer} + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @return the {@link HttpSecurity} for further customizations * @throws Exception */ diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java index 76c24f7e0d..4fa74f0053 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java @@ -118,6 +118,9 @@ import org.springframework.security.web.util.matcher.RequestMatcher; * * * @author Rob Winch + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @since 3.2 */ public final class OpenIDLoginConfigurer> extends diff --git a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java index fcfcbb5af1..6de6a2f711 100644 --- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java +++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java @@ -350,51 +350,7 @@ final class AuthenticationConfigBuilder { RootBeanDefinition openIDFilter = null; if (openIDLoginElt != null) { - FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser( - "/login/openid", null, - OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS, requestCache, - sessionStrategy, allowSessionCreation, portMapper, portResolver); - - parser.parse(openIDLoginElt, pc); - openIDFilter = parser.getFilterBean(); - openIDEntryPoint = parser.getEntryPointBean(); - openidLoginProcessingUrl = parser.getLoginProcessingUrl(); - openIDLoginPage = parser.getLoginPage(); - - List attrExElts = DomUtils.getChildElementsByTagName(openIDLoginElt, - Elements.OPENID_ATTRIBUTE_EXCHANGE); - - if (!attrExElts.isEmpty()) { - // Set up the consumer with the required attribute list - BeanDefinitionBuilder consumerBldr = BeanDefinitionBuilder - .rootBeanDefinition(OPEN_ID_CONSUMER_CLASS); - BeanDefinitionBuilder axFactory = BeanDefinitionBuilder - .rootBeanDefinition(OPEN_ID_ATTRIBUTE_FACTORY_CLASS); - ManagedMap> axMap = new ManagedMap<>(); - - for (Element attrExElt : attrExElts) { - String identifierMatch = attrExElt.getAttribute("identifier-match"); - - if (!StringUtils.hasText(identifierMatch)) { - if (attrExElts.size() > 1) { - pc.getReaderContext().error( - "You must supply an identifier-match attribute if using more" - + " than one " - + Elements.OPENID_ATTRIBUTE_EXCHANGE - + " element", attrExElt); - } - // Match anything - identifierMatch = ".*"; - } - - axMap.put(identifierMatch, parseOpenIDAttributes(attrExElt)); - } - axFactory.addConstructorArgValue(axMap); - - consumerBldr.addConstructorArgValue(axFactory.getBeanDefinition()); - openIDFilter.getPropertyValues().addPropertyValue("consumer", - consumerBldr.getBeanDefinition()); - } + openIDFilter = parseOpenIDFilter(sessionStrategy, openIDLoginElt); } if (openIDFilter != null) { @@ -412,6 +368,65 @@ final class AuthenticationConfigBuilder { } } + /** + * Parses OpenID 1.0 and 2.0 - related parts of configuration xmls + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. + * @param sessionStrategy sessionStrategy + * @param openIDLoginElt the element from the xml file + * @return the parsed filter as rootBeanDefinition + */ + private RootBeanDefinition parseOpenIDFilter( BeanReference sessionStrategy, Element openIDLoginElt ) { + RootBeanDefinition openIDFilter; + FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser( + "/login/openid", null, + OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS, requestCache, + sessionStrategy, allowSessionCreation, portMapper, portResolver); + + parser.parse(openIDLoginElt, pc); + openIDFilter = parser.getFilterBean(); + openIDEntryPoint = parser.getEntryPointBean(); + openidLoginProcessingUrl = parser.getLoginProcessingUrl(); + openIDLoginPage = parser.getLoginPage(); + + List attrExElts = DomUtils.getChildElementsByTagName(openIDLoginElt, + Elements.OPENID_ATTRIBUTE_EXCHANGE); + + if (!attrExElts.isEmpty()) { + // Set up the consumer with the required attribute list + BeanDefinitionBuilder consumerBldr = BeanDefinitionBuilder + .rootBeanDefinition(OPEN_ID_CONSUMER_CLASS); + BeanDefinitionBuilder axFactory = BeanDefinitionBuilder + .rootBeanDefinition(OPEN_ID_ATTRIBUTE_FACTORY_CLASS); + ManagedMap> axMap = new ManagedMap<>(); + + for (Element attrExElt : attrExElts) { + String identifierMatch = attrExElt.getAttribute("identifier-match"); + + if (!StringUtils.hasText(identifierMatch)) { + if (attrExElts.size() > 1) { + pc.getReaderContext().error( + "You must supply an identifier-match attribute if using more" + + " than one " + + Elements.OPENID_ATTRIBUTE_EXCHANGE + + " element", attrExElt); + } + // Match anything + identifierMatch = ".*"; + } + + axMap.put(identifierMatch, parseOpenIDAttributes(attrExElt)); + } + axFactory.addConstructorArgValue(axMap); + + consumerBldr.addConstructorArgValue(axFactory.getBeanDefinition()); + openIDFilter.getPropertyValues().addPropertyValue("consumer", + consumerBldr.getBeanDefinition()); + } + return openIDFilter; + } + private ManagedList parseOpenIDAttributes(Element attrExElt) { ManagedList attributes = new ManagedList<>(); for (Element attElt : DomUtils.getChildElementsByTagName(attrExElt, diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-5.4.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-5.4.rnc index 86c6885a99..678318e0f8 100644 --- a/config/src/main/resources/org/springframework/security/config/spring-security-5.4.rnc +++ b/config/src/main/resources/org/springframework/security/config/spring-security-5.4.rnc @@ -615,7 +615,7 @@ opaque-token.attlist &= attribute introspector-ref {xsd:token}? openid-login = - ## Sets up form login for authentication with an Open ID identity + ## Sets up form login for authentication with an Open ID identity. NOTE: The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by spring-security-oauth2. element openid-login {form-login.attlist, user-service-ref?, attribute-exchange*} attribute-exchange = @@ -627,7 +627,7 @@ attribute-exchange.attlist &= attribute identifier-match {xsd:token}? openid-attribute = - ## Attributes used when making an OpenID AX Fetch Request + ## Attributes used when making an OpenID AX Fetch Request. NOTE: The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by spring-security-oauth2. element openid-attribute {openid-attribute.attlist} openid-attribute.attlist &= diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-5.4.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-5.4.xsd index 1e15988a9d..775697606e 100644 --- a/config/src/main/resources/org/springframework/security/config/spring-security-5.4.xsd +++ b/config/src/main/resources/org/springframework/security/config/spring-security-5.4.xsd @@ -960,7 +960,11 @@ - Sets up form login for authentication with an Open ID identity + Sets up form login for authentication with an Open ID identity. NOTE: The OpenID 1.0 and + 2.0 protocols have been deprecated and users are <a + href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to + migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is + supported by <code>spring-security-oauth2</code>. @@ -1905,7 +1909,11 @@ - Attributes used when making an OpenID AX Fetch Request + Attributes used when making an OpenID AX Fetch Request. NOTE: The OpenID 1.0 and 2.0 + protocols have been deprecated and users are <a + href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to + migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is + supported by <code>spring-security-oauth2</code>. diff --git a/docs/articles/src/docbook/codebase-structure.xml b/docs/articles/src/docbook/codebase-structure.xml index 3fe1dc8da8..5d55ba1db5 100644 --- a/docs/articles/src/docbook/codebase-structure.xml +++ b/docs/articles/src/docbook/codebase-structure.xml @@ -146,7 +146,7 @@ spring-security-openid OpenID web authentication support. If you need to authenticate users against an external OpenID - server. + server. (Deprecated) org.springframework.security.openid diff --git a/docs/manual/src/docs/asciidoc/_includes/about/modules.adoc b/docs/manual/src/docs/asciidoc/_includes/about/modules.adoc index 71e58801fd..ae976076fa 100644 --- a/docs/manual/src/docs/asciidoc/_includes/about/modules.adoc +++ b/docs/manual/src/docs/asciidoc/_includes/about/modules.adoc @@ -102,6 +102,9 @@ The top-level package is `org.springframework.security.cas`. [[spring-security-openid]] == OpenID -- `spring-security-openid.jar` +[NOTE] +The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by spring-security-oauth2. + This module contains OpenID web authentication support. It is used to authenticate users against an external OpenID server. The top-level package is `org.springframework.security.openid`. diff --git a/docs/manual/src/docs/asciidoc/_includes/servlet/authentication/openid.adoc b/docs/manual/src/docs/asciidoc/_includes/servlet/authentication/openid.adoc index e3d14137d3..01362127ff 100644 --- a/docs/manual/src/docs/asciidoc/_includes/servlet/authentication/openid.adoc +++ b/docs/manual/src/docs/asciidoc/_includes/servlet/authentication/openid.adoc @@ -1,5 +1,9 @@ [[servlet-openid]] == OpenID Support + +[NOTE] +The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by spring-security-oauth2. + The namespace supports https://openid.net/[OpenID] login either instead of, or in addition to normal form-based login, with a simple change: [source,xml] diff --git a/openid/spring-security-openid.gradle b/openid/spring-security-openid.gradle index a24719a6f6..8e3820d151 100644 --- a/openid/spring-security-openid.gradle +++ b/openid/spring-security-openid.gradle @@ -1,3 +1,7 @@ +// NOTE: The OpenID 1.0 and 2.0 protocols have been deprecated and users are +// encouraged to migrate +// to OpenID Connect, which is supported by spring-security-oauth2. + apply plugin: 'io.spring.convention.spring-module' dependencies { diff --git a/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java b/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java index 243bde56e9..e5e89d5e38 100644 --- a/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java +++ b/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java @@ -20,6 +20,9 @@ import org.springframework.security.core.AuthenticationException; /** * Indicates that OpenID authentication was cancelled * + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @author Robin Bramley, Opsera Ltd */ public class AuthenticationCancelledException extends AuthenticationException { diff --git a/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java b/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java index 16d1e64f59..3c99c94626 100644 --- a/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java +++ b/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java @@ -24,6 +24,9 @@ import java.util.List; * This allows the list of attributes for a fetch request to be tailored for different * OpenID providers, since they do not all support the same attributes. * + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @author Luke Taylor * @since 3.1 */ diff --git a/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java b/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java index 2a653ee132..75df033bac 100644 --- a/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java +++ b/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java @@ -19,6 +19,9 @@ import java.util.Collections; import java.util.List; /** + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @author Luke Taylor * @since 3.1 */ diff --git a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java index 2323f99985..7ab6f47615 100644 --- a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java +++ b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java @@ -41,6 +41,9 @@ import org.openid4java.message.ax.FetchResponse; import org.springframework.util.StringUtils; /** + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @author Ray Krueger * @author Luke Taylor */ diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java index 65a9774c8b..c15d45856d 100644 --- a/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java +++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java @@ -27,6 +27,9 @@ import org.springframework.util.Assert; * should be requested during a fetch request, or to hold values for an attribute which * are returned during the authentication process. * + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @author Luke Taylor * @since 3.0 */ diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java index 430c707800..9c3999d704 100644 --- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java +++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java @@ -59,6 +59,9 @@ import java.util.*; * where it should (normally) be processed by an OpenIDAuthenticationProvider in * order to load the authorities for the user. * + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @author Robin Bramley * @author Ray Krueger * @author Luke Taylor diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java index 6b9f723aac..e42baa6d1f 100644 --- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java +++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java @@ -44,6 +44,9 @@ import org.springframework.util.Assert; * {@code Authentication} token, so additional properties such as email addresses, * telephone numbers etc can easily be stored. * + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @author Robin Bramley, Opsera Ltd. * @author Luke Taylor */ diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java index b7a52a0aea..db2eee832b 100644 --- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java +++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java @@ -18,6 +18,9 @@ package org.springframework.security.openid; /** * Authentication status codes, based on JanRain status codes * + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @author JanRain Inc. * @author Robin Bramley, Opsera Ltd * @author Luke Taylor diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java index dc6f7fc466..0625e07727 100644 --- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java +++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java @@ -26,6 +26,9 @@ import org.springframework.security.core.SpringSecurityCoreVersion; /** * OpenID Authentication Token * + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @author Robin Bramley */ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken { diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java index ed57b1256c..303b143a9a 100644 --- a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java +++ b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java @@ -20,6 +20,9 @@ import javax.servlet.http.HttpServletRequest; /** * An interface for OpenID library implementations * + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @author Ray Krueger * @author Robin Bramley, Opsera Ltd */ diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java index e7bb4c3d0d..f184032c15 100644 --- a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java +++ b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java @@ -18,6 +18,9 @@ package org.springframework.security.openid; /** * Thrown by an OpenIDConsumer if it cannot process a request * + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @author Robin Bramley, Opsera Ltd */ public class OpenIDConsumerException extends Exception { diff --git a/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java b/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java index 9283419981..b59481bb38 100644 --- a/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java +++ b/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java @@ -22,7 +22,9 @@ import java.util.Map; import java.util.regex.Pattern; /** - * + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @author Luke Taylor * @since 3.1 */ diff --git a/openid/src/main/java/org/springframework/security/openid/package.html b/openid/src/main/java/org/springframework/security/openid/package.html index 80e7f0c0f4..f2417fd615 100644 --- a/openid/src/main/java/org/springframework/security/openid/package.html +++ b/openid/src/main/java/org/springframework/security/openid/package.html @@ -1,5 +1,9 @@ -Authenticates standard web browser users via OpenID. +

Authenticates standard web browser users via OpenID.

+ +

NOTE: The OpenID 1.0 and 2.0 protocols have been deprecated and users are + encouraged to migrate + to OpenID Connect, which is supported by spring-security-oauth2.

- \ No newline at end of file + diff --git a/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java b/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java index 7f22d587af..ce8f1a2382 100644 --- a/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java +++ b/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java @@ -15,12 +15,12 @@ */ package org.springframework.security.openid; -import org.springframework.security.openid.OpenIDAuthenticationToken; -import org.springframework.security.openid.OpenIDConsumer; - import javax.servlet.http.HttpServletRequest; /** + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @author Robin Bramley, Opsera Ltd */ public class MockOpenIDConsumer implements OpenIDConsumer { diff --git a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java index e87ce2fd2f..971c19a15f 100644 --- a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java +++ b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java @@ -40,6 +40,9 @@ import org.springframework.mock.web.MockHttpServletRequest; import java.util.*; /** + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @author Luke Taylor */ public class OpenID4JavaConsumerTests { diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java index 818698313a..dbaf2eeb68 100644 --- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java +++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java @@ -31,6 +31,11 @@ import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; +/** + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. + */ public class OpenIDAuthenticationFilterTests { OpenIDAuthenticationFilter filter; diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java index 8544cf68d5..902ca9b8fe 100644 --- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java +++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java @@ -35,6 +35,9 @@ import org.springframework.security.core.userdetails.UserDetailsService; /** * Tests {@link OpenIDAuthenticationProvider} * + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @author Robin Bramley, Opsera Ltd */ public class OpenIDAuthenticationProviderTests { diff --git a/openid/src/test/resources/logback-test.xml b/openid/src/test/resources/logback-test.xml index 2d51ba4180..cc1fc42b4e 100644 --- a/openid/src/test/resources/logback-test.xml +++ b/openid/src/test/resources/logback-test.xml @@ -1,3 +1,7 @@ + + diff --git a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java index 4ed43fc3cb..3a4ec0ad52 100644 --- a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java +++ b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java @@ -20,6 +20,9 @@ import org.springframework.security.web.context.AbstractSecurityWebApplicationIn /** * No customizations of {@link AbstractSecurityWebApplicationInitializer} are necessary. * + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @author Rob Winch */ public class MessageSecurityWebApplicationInitializer extends diff --git a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index dc9134832c..452a80bdd0 100644 --- a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -20,6 +20,11 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.samples.security.CustomUserDetailsService; +/** + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. + */ @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { // @formatter:off diff --git a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/mvc/UserController.java b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/mvc/UserController.java index ebed04dd9c..d700a3e832 100644 --- a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/mvc/UserController.java +++ b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/mvc/UserController.java @@ -21,6 +21,11 @@ import org.springframework.ui.Model; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +/** + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. + */ @Controller @RequestMapping("/user/") public class UserController { diff --git a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/security/CustomUserDetailsService.java b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/security/CustomUserDetailsService.java index fd421b880e..faaa81afbe 100644 --- a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/security/CustomUserDetailsService.java +++ b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/security/CustomUserDetailsService.java @@ -22,6 +22,11 @@ import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.openid.OpenIDAuthenticationToken; +/** + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. + */ public class CustomUserDetailsService implements AuthenticationUserDetailsService { public UserDetails loadUserDetails(OpenIDAuthenticationToken token) @@ -29,4 +34,4 @@ public class CustomUserDetailsService implements return new User(token.getName(), "", AuthorityUtils.createAuthorityList("ROLE_USER")); } -} \ No newline at end of file +} diff --git a/samples/javaconfig/openid/src/main/resources/views/login.html b/samples/javaconfig/openid/src/main/resources/views/login.html index 0d46e3b163..4c6f86c51a 100644 --- a/samples/javaconfig/openid/src/main/resources/views/login.html +++ b/samples/javaconfig/openid/src/main/resources/views/login.html @@ -7,6 +7,11 @@
+

+ NOTE: The OpenID 1.0 and 2.0 protocols have been deprecated and users are + encouraged to migrate + to OpenID Connect, which is supported by spring-security-oauth2. +

Sign-in or Create New Account @@ -43,4 +48,4 @@
- \ No newline at end of file + diff --git a/samples/xml/openid/src/main/java/org/springframework/security/samples/openid/CustomUserDetails.java b/samples/xml/openid/src/main/java/org/springframework/security/samples/openid/CustomUserDetails.java index f0b1bc4ee1..7a5e400ec2 100644 --- a/samples/xml/openid/src/main/java/org/springframework/security/samples/openid/CustomUserDetails.java +++ b/samples/xml/openid/src/main/java/org/springframework/security/samples/openid/CustomUserDetails.java @@ -23,6 +23,9 @@ import org.springframework.security.core.userdetails.User; /** * Customized {@code UserDetails} implementation. * + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @author Luke Taylor * @since 3.1 */ diff --git a/samples/xml/openid/src/main/java/org/springframework/security/samples/openid/CustomUserDetailsService.java b/samples/xml/openid/src/main/java/org/springframework/security/samples/openid/CustomUserDetailsService.java index ad23c3fc30..27a3bb409d 100644 --- a/samples/xml/openid/src/main/java/org/springframework/security/samples/openid/CustomUserDetailsService.java +++ b/samples/xml/openid/src/main/java/org/springframework/security/samples/openid/CustomUserDetailsService.java @@ -32,6 +32,9 @@ import org.springframework.security.openid.OpenIDAuthenticationToken; * Custom UserDetailsService which accepts any OpenID user, "registering" new users in a * map so they can be welcomed back to the site on subsequent logins. * + * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are + * encouraged to migrate + * to OpenID Connect, which is supported by spring-security-oauth2. * @author Luke Taylor * @since 3.1 */ diff --git a/samples/xml/openid/src/main/resources/logback.xml b/samples/xml/openid/src/main/resources/logback.xml index 3ebbcc0ddd..1f54c08753 100644 --- a/samples/xml/openid/src/main/resources/logback.xml +++ b/samples/xml/openid/src/main/resources/logback.xml @@ -1,3 +1,7 @@ + + diff --git a/samples/xml/openid/src/main/webapp/index.jsp b/samples/xml/openid/src/main/webapp/index.jsp index 1ea6bb94ce..f78494ccef 100644 --- a/samples/xml/openid/src/main/webapp/index.jsp +++ b/samples/xml/openid/src/main/webapp/index.jsp @@ -6,6 +6,12 @@

OpenID Sample Home Page

+

+NOTE: The OpenID 1.0 and 2.0 protocols have been deprecated and users are +encouraged to migrate +to OpenID Connect, which is supported by spring-security-oauth2. +

+

Welcome back, ! diff --git a/samples/xml/openid/src/main/webapp/openidlogin.jsp b/samples/xml/openid/src/main/webapp/openidlogin.jsp index 17fde568ff..e95a0fe453 100644 --- a/samples/xml/openid/src/main/webapp/openidlogin.jsp +++ b/samples/xml/openid/src/main/webapp/openidlogin.jsp @@ -29,6 +29,12 @@ +

+NOTE: The OpenID 1.0 and 2.0 protocols have been deprecated and users are +encouraged to migrate +to OpenID Connect, which is supported by spring-security-oauth2. +

+ Your login attempt was not successful, try again.