spring-security-oauth2.
* @throws Exception
* @see OpenIDLoginConfigurer
*/
@@ -355,6 +357,9 @@ public final class HttpSecurity extends
*
* @param openidLoginCustomizer the {@link Customizer} to provide more options for
* the {@link OpenIDLoginConfigurer}
+ * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
+ * encouraged to migrate
+ * to OpenID Connect, which is supported by spring-security-oauth2.
* @return the {@link HttpSecurity} for further customizations
* @throws Exception
*/
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
index 76c24f7e0d..4fa74f0053 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
@@ -118,6 +118,9 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
*
*
* @author Rob Winch
+ * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
+ * encouraged to migrate
+ * to OpenID Connect, which is supported by spring-security-oauth2.
* @since 3.2
*/
public final class OpenIDLoginConfigurerspring-security-oauth2.
+ * @param sessionStrategy sessionStrategy
+ * @param openIDLoginElt the element from the xml file
+ * @return the parsed filter as rootBeanDefinition
+ */
+ private RootBeanDefinition parseOpenIDFilter( BeanReference sessionStrategy, Element openIDLoginElt ) {
+ RootBeanDefinition openIDFilter;
+ FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser(
+ "/login/openid", null,
+ OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS, requestCache,
+ sessionStrategy, allowSessionCreation, portMapper, portResolver);
+
+ parser.parse(openIDLoginElt, pc);
+ openIDFilter = parser.getFilterBean();
+ openIDEntryPoint = parser.getEntryPointBean();
+ openidLoginProcessingUrl = parser.getLoginProcessingUrl();
+ openIDLoginPage = parser.getLoginPage();
+
+ Listspring-security-oauth2.
element openid-login {form-login.attlist, user-service-ref?, attribute-exchange*}
attribute-exchange =
@@ -627,7 +627,7 @@ attribute-exchange.attlist &=
attribute identifier-match {xsd:token}?
openid-attribute =
- ## Attributes used when making an OpenID AX Fetch Request
+ ## Attributes used when making an OpenID AX Fetch Request. NOTE: The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by spring-security-oauth2.
element openid-attribute {openid-attribute.attlist}
openid-attribute.attlist &=
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-5.4.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-5.4.xsd
index 1e15988a9d..775697606e 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-5.4.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-5.4.xsd
@@ -960,7 +960,11 @@
spring-security-oauth2.
+
apply plugin: 'io.spring.convention.spring-module'
dependencies {
diff --git a/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java b/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
index 243bde56e9..e5e89d5e38 100644
--- a/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
+++ b/openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
@@ -20,6 +20,9 @@ import org.springframework.security.core.AuthenticationException;
/**
* Indicates that OpenID authentication was cancelled
*
+ * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
+ * encouraged to migrate
+ * to OpenID Connect, which is supported by spring-security-oauth2.
* @author Robin Bramley, Opsera Ltd
*/
public class AuthenticationCancelledException extends AuthenticationException {
diff --git a/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java b/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java
index 16d1e64f59..3c99c94626 100644
--- a/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java
+++ b/openid/src/main/java/org/springframework/security/openid/AxFetchListFactory.java
@@ -24,6 +24,9 @@ import java.util.List;
* This allows the list of attributes for a fetch request to be tailored for different
* OpenID providers, since they do not all support the same attributes.
*
+ * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
+ * encouraged to migrate
+ * to OpenID Connect, which is supported by spring-security-oauth2.
* @author Luke Taylor
* @since 3.1
*/
diff --git a/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java b/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java
index 2a653ee132..75df033bac 100644
--- a/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java
+++ b/openid/src/main/java/org/springframework/security/openid/NullAxFetchListFactory.java
@@ -19,6 +19,9 @@ import java.util.Collections;
import java.util.List;
/**
+ * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
+ * encouraged to migrate
+ * to OpenID Connect, which is supported by spring-security-oauth2.
* @author Luke Taylor
* @since 3.1
*/
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
index 2323f99985..7ab6f47615 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
@@ -41,6 +41,9 @@ import org.openid4java.message.ax.FetchResponse;
import org.springframework.util.StringUtils;
/**
+ * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
+ * encouraged to migrate
+ * to OpenID Connect, which is supported by spring-security-oauth2.
* @author Ray Krueger
* @author Luke Taylor
*/
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java
index 65a9774c8b..c15d45856d 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAttribute.java
@@ -27,6 +27,9 @@ import org.springframework.util.Assert;
* should be requested during a fetch request, or to hold values for an attribute which
* are returned during the authentication process.
*
+ * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
+ * encouraged to migrate
+ * to OpenID Connect, which is supported by spring-security-oauth2.
* @author Luke Taylor
* @since 3.0
*/
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
index 430c707800..9c3999d704 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
@@ -59,6 +59,9 @@ import java.util.*;
* where it should (normally) be processed by an OpenIDAuthenticationProvider in
* order to load the authorities for the user.
*
+ * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
+ * encouraged to migrate
+ * to OpenID Connect, which is supported by spring-security-oauth2.
* @author Robin Bramley
* @author Ray Krueger
* @author Luke Taylor
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
index 6b9f723aac..e42baa6d1f 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
@@ -44,6 +44,9 @@ import org.springframework.util.Assert;
* {@code Authentication} token, so additional properties such as email addresses,
* telephone numbers etc can easily be stored.
*
+ * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
+ * encouraged to migrate
+ * to OpenID Connect, which is supported by spring-security-oauth2.
* @author Robin Bramley, Opsera Ltd.
* @author Luke Taylor
*/
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java
index b7a52a0aea..db2eee832b 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java
@@ -18,6 +18,9 @@ package org.springframework.security.openid;
/**
* Authentication status codes, based on JanRain status codes
*
+ * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
+ * encouraged to migrate
+ * to OpenID Connect, which is supported by spring-security-oauth2.
* @author JanRain Inc.
* @author Robin Bramley, Opsera Ltd
* @author Luke Taylor
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
index dc6f7fc466..0625e07727 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
@@ -26,6 +26,9 @@ import org.springframework.security.core.SpringSecurityCoreVersion;
/**
* OpenID Authentication Token
*
+ * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
+ * encouraged to migrate
+ * to OpenID Connect, which is supported by spring-security-oauth2.
* @author Robin Bramley
*/
public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java
index ed57b1256c..303b143a9a 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java
@@ -20,6 +20,9 @@ import javax.servlet.http.HttpServletRequest;
/**
* An interface for OpenID library implementations
*
+ * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
+ * encouraged to migrate
+ * to OpenID Connect, which is supported by spring-security-oauth2.
* @author Ray Krueger
* @author Robin Bramley, Opsera Ltd
*/
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
index e7bb4c3d0d..f184032c15 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
@@ -18,6 +18,9 @@ package org.springframework.security.openid;
/**
* Thrown by an OpenIDConsumer if it cannot process a request
*
+ * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
+ * encouraged to migrate
+ * to OpenID Connect, which is supported by spring-security-oauth2.
* @author Robin Bramley, Opsera Ltd
*/
public class OpenIDConsumerException extends Exception {
diff --git a/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java b/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
index 9283419981..b59481bb38 100644
--- a/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
+++ b/openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
@@ -22,7 +22,9 @@ import java.util.Map;
import java.util.regex.Pattern;
/**
- *
+ * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
+ * encouraged to migrate
+ * to OpenID Connect, which is supported by spring-security-oauth2.
* @author Luke Taylor
* @since 3.1
*/
diff --git a/openid/src/main/java/org/springframework/security/openid/package.html b/openid/src/main/java/org/springframework/security/openid/package.html
index 80e7f0c0f4..f2417fd615 100644
--- a/openid/src/main/java/org/springframework/security/openid/package.html
+++ b/openid/src/main/java/org/springframework/security/openid/package.html
@@ -1,5 +1,9 @@
-Authenticates standard web browser users via OpenID.
+Authenticates standard web browser users via OpenID.
+ +NOTE: The OpenID 1.0 and 2.0 protocols have been deprecated and users are
+ encouraged to migrate
+ to OpenID Connect, which is supported by spring-security-oauth2.