Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE REQ] Deprecate the implementations from WebSecurityConfigurerAdapter #32279

Open
moarychan opened this issue Nov 22, 2022 · 2 comments
Open

[FEATURE REQ] Deprecate the implementations from WebSecurityConfigurerAdapter #32279

moarychan opened this issue Nov 22, 2022 · 2 comments
Labels
azure-spring All azure-spring related issues azure-spring-aad Spring active directory related issues. azure-spring-aad-b2c Spring active directory b2c related issues. azure-spring-docs Client This issue points to a problem in the data-plane of the library. feature-request This issue requires a new behavior in the product in order be resolved.
Milestone
Backlog

Comments

@moarychan
Copy link
Member

Context

Since the WebSecurityConfigurerAdapter has been deprecated, then the below class should be updated to provide a new configurer for HTTP security,

azure-sdk-for-java/sdk/spring/spring-cloud-azure-autoconfigure/src/main/java/com/azure/spring/cloud/autoconfigure/aad/AadWebSecurityConfigurerAdapter.java

Line 38 in 2c884a4

public abstract class AadWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

azure-sdk-for-java/sdk/spring/spring-cloud-azure-autoconfigure/src/main/java/com/azure/spring/cloud/autoconfigure/aad/AadResourceServerWebSecurityConfigurerAdapter.java

Line 22 in 2c884a4

public abstract class AadResourceServerWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

We should refer to the new configuer from feature/spring-boot-3 branch,

azure-sdk-for-java/sdk/spring/spring-cloud-azure-autoconfigure/src/main/java/com/azure/spring/cloud/autoconfigure/aad/AadResourceServerHttpSecurityConfigurer.java

Line 24 in a77e4b3

public class AadResourceServerHttpSecurityConfigurer extends AbstractHttpConfigurer<AadResourceServerHttpSecurityConfigurer, HttpSecurity> {

azure-sdk-for-java/sdk/spring/spring-cloud-azure-autoconfigure/src/main/java/com/azure/spring/cloud/autoconfigure/aad/AadWebApplicationHttpSecurityConfigurer.java

Line 37 in a77e4b3

public class AadWebApplicationHttpSecurityConfigurer extends AbstractHttpConfigurer<AadWebApplicationHttpSecurityConfigurer, HttpSecurity> {

Goal

  • Marked the AadXXAdapter as deprecated APIs.
  • Provide the new way based on AbstractHttpConfigurer for Azure AD autoconfigure.
@moarychan moarychan added Client This issue points to a problem in the data-plane of the library. feature-request This issue requires a new behavior in the product in order be resolved. azure-spring All azure-spring related issues azure-spring-aad Spring active directory related issues. azure-spring-aad-b2c Spring active directory b2c related issues. azure-spring-docs labels Nov 22, 2022
@moarychan moarychan added this to the Backlog milestone Nov 22, 2022
@moarychan moarychan mentioned this issue Nov 22, 2022
Merged
6 tasks
@muralibasani muralibasani mentioned this issue Dec 5, 2022
Closed
1 task
@samhanes-fs
Copy link

While this is being worked on, would it be possible to add an @ConditionalOnMissingBean condition for org.springframework.security.web.SecurityFilterChain to the DefaultAadResourceServerWebSecurityConfigurerAdapter bean in AadResourceServerConfiguration so that projects using the starter can adopt Spring's recommendations?

Without that condition, attempting to use a SecurityFilterChain causes a bunch of Spring container wiring errors because many of the Spring Security beans are being created twice.

This was referenced Jul 27, 2023
Merged
Merged
@Netyyyy
Copy link
Member

Netyyyy commented Aug 3, 2023

Hi @samhanes-fs , the condition updated in the two PRs above.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
azure-spring All azure-spring related issues azure-spring-aad Spring active directory related issues. azure-spring-aad-b2c Spring active directory b2c related issues. azure-spring-docs Client This issue points to a problem in the data-plane of the library. feature-request This issue requires a new behavior in the product in order be resolved.
Projects
Spring Cloud Azure
Status: Todo
Milestone
Backlog
Development

No branches or pull requests
3 participants
@moarychan @samhanes-fs @Netyyyy