Announcement Announcement Module
Collapse
No announcement yet.
Spring Security OAuth 1.0.0.RC2 released Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security OAuth 1.0.0.RC2 released

    Hi,

    #spring #security #oauth 1.0.0.RC2 is released today http://bit.ly/xfE5PM. Download via github or Maven (SpringSource milestone repository).

    Highlights:

    * Better error responses from the framework endpoints
    * Fixed some issues with validation and enhancement of token contents

    Enjoy!

    Dave.

  • #2
    Is this the same project

    http://mvnrepository.com/artifact/or...ity-oauth/3.19

    Which version should I be using?
    When will 1.0 be production ready?

    Comment


    • #3
      The codehaus project is a forerunner of this one (i.e. it's very old). 1.0.0 is pretty nearly ready. I know it's been a long time and that the milestones and realease candidiates are already in use in production environments - the main risk of using them is just that you have to make changes to your code when 1.0.0 is out.

      Comment


      • #4
        Dave, I don't find any RC2 tag in git repository.

        Comment


        • #5
          Should be there now.

          Comment


          • #6
            both oAuth1.0 and oAuth2.0 are included in this RC2?

            Comment


            • #7
              Yes. They are both in the same build from the root directory.

              Comment


              • #8
                Dave, It's about time that I upgrade my sources to use RC2a :-)
                After changing the pom.xml to use RC2a instead of M6, I get errors (I was expecting that though).
                some of them are easy to handle, but for example this one I cannot resolve; I get ClassNotFoundException on
                org.springframework.security.oauth2.provider.filte r.ClientCredentialsTokenEndpointFilter. This class (filter) was in use in M6; I declared this bean in my beans.xml, and directed my custom-filter to its ref:
                <http... <custom-filter ref=ClientCredentialsTokenEndpointFilter... > (as I saw in the tonr2 example ...)

                what replaces it now in RC2a?

                thanks

                Comment


                • #9
                  2. In addition, under "client" bean (in the client-side) there is no "resource-details-service-ref" anymore. in the docs I can still see
                  The client element is used to configure the OAuth 2.0 client mechanism. The following attributes can be applied to the client element:

                  token-services-ref: The reference to the bean that stores tokens on behalf of a user. Default value is an instance of InMemoryOAuth2ClientTokenServices.
                  resource-details-service-ref: The reference to the bean that services the known resource details.
                  what comes instead (if any)?

                  thanks again (PS I'd love to help and update the docs once I have a working project)

                  Comment


                  • #10
                    It's just in a different package (.client not .filter). Shouldn't be in tonr2 at all (it's a client app).

                    Comment


                    • #11
                      Originally posted by OhadR View Post
                      2. In addition, under "client" bean (in the client-side) there is no "resource-details-service-ref" anymore.
                      That service wasn't really adding much value. I think the provider-specific features of the filter were extracted out into the OAuth2RestTemplate (and friends).

                      thanks again (PS I'd love to help and update the docs once I have a working project)
                      That's brilliant. Please use the contributor's agreement form (link in README).

                      Comment


                      • #12
                        thanks.

                        what about the "client"? i guess that the XSD has changed... under "client" bean (in the client-side) there is no "resource-details-service-ref" anymore, yet in the docs I can still see
                        The client element is used to configure the OAuth 2.0 client mechanism. The following attributes can be applied to the client element:

                        token-services-ref: The reference to the bean that stores tokens on behalf of a user. Default value is an instance of InMemoryOAuth2ClientTokenServices.
                        resource-details-service-ref: The reference to the bean that services the known resource details.
                        what comes instead? redirect-strategy-ref is necessary? how do I bind the "resource" (oauth:resource in the XML) to the "client" (oauth:client)?

                        thanks again (PS I'd love to help and update the docs once I have a working project)
                        Last edited by OhadR; Oct 8th, 2012, 06:40 AM.

                        Comment


                        • #13
                          Why would you need to bind a resource to the client filter?

                          The XSD is the source of truth, not the wiki (but please feel free to update it). The only attribute in <oauth:client/> is redirect-strategy-ref and the XSD inline docs clearly say that it is optional with a default. Just look at tonr2 for a template.

                          Comment


                          • #14
                            Originally posted by Dave Syer View Post
                            Why would you need to bind a resource to the client filter?

                            The XSD is the source of truth, not the wiki (but please feel free to update it). The only attribute in <oauth:client/> is redirect-strategy-ref and the XSD inline docs clearly say that it is optional with a default. Just look at tonr2 for a template.
                            I'm asking, because in 1.0.0.M6 the client held map of the "resources". there was a property named "resource-details-service-ref" (it even shown in the "old" docs...). So in RC2a there is no need in this binding?

                            I've updated the wiki ...

                            Comment


                            • #15
                              Originally posted by OhadR View Post
                              So in RC2a there is no need in this binding?
                              I guess not. Like I said, it wasn't adding any value.

                              I've updated the wiki ...
                              Excellent, thanks!

                              Comment

                              Working...
                              X