Deprecate OpenID 2.0 support #8450
Conversation
spring-projects-issues
added
the
status: waiting-for-triage
There was a problem hiding this comment.
Thanks for the PR @dadikovi! Could you please update it to also point to the respective OIDC related Spring Security code? In many cases the respective class won't be on the classpath, so you will likely need to use code rather than link to it.
In respect to #7153 (comment)
- Let's combine this as a single PR with multiple commits. Please preserve the original author's commit.
- Adding the deprecation is fine on the XML documentation. We should ensure that all the parsers related to the configuration are deprecated as well (this will trigger tooling to give deprecations)
rwinch
added
status: waiting-for-feedback
This commit puts deprecation notice on docs, sample applications and configurations (java and xml) Fixes spring-projectsgh-7153
Add deprecation notice to all files in the spring-security-openid module Fixes spring-projectsgh-7263
This commit adds link to spring code on the top of ThomasVitale's changes. Fixes spring-projectsgh-7153
|
Thanks for the feedback @rwinch!
I couldn't understand this part. I should modify the rnc files? |
spring-projects-issues
added
status: feedback-provided
There was a problem hiding this comment.
Thanks for the fast update. I responded to the FIXME comment inline.
You are right that only the rnc files need modified directly. The .xsd files are generated using ./gradlew rncToXsd What I was referring to is that the code that parses the OpenID attributes should include deprecation notifications. We should extract the code that parses openid xml into a separate method that is deprecated (only invoke the method if the openid xml is available). Tooling will notice if that code is entered and emit deprecation notifications.
| @@ -33,6 +33,7 @@ This also gives a good idea of the high level flow of authentication and how pie | |||
| * <<servlet-rememberme, Remember Me>> - How to remember a user past session expiration | |||
| * <<servlet-jaas, JAAS Authentication>> - Authenticate with JAAS | |||
| * <<servlet-openid,OpenID>> - OpenID Authentication (not to be confused with OpenID Connect) | |||
| // FIXME: The one above is deprecated. Should it be removed from here as well? | |||
There was a problem hiding this comment.
We do not need to remove it here. We still want users to find it and figure out it has been deprecated.
| // FIXME: The one above is deprecated. Should it be removed from here as well? |
This commit adds deprecation notice to xml schema, parser of the schema and removes fixme comments. Fixes spring-projectsgh-7153
|
Thanks @rwinch for your response, I sent another commit with the requested changes:
|
|
Thanks for the updated Pull Request! This is now merged into master 😄 |
This commit puts deprecation notice on docs, sample applications and configurations (java and xml).
Fixes gh-7153