Spring Security OAuth 1.0.0.RC1 released

**Dave Syer** · Jul 25th, 2012, 09:15 AM

Hi,

#spring #security #oauth 1.0.0.RC1 is released today http://bit.ly/xfE5PM. Download via github or Maven (SpringSource milestone repository).

Loads of new stuff since M6. OAuth2 is looking close to stable so it seemed like a good idea to go for a release candidate. Highlights:

* Lots of new extension points in the Authorization Server features
* XML goodness, e.g. <oauth2:rest-template/>
* Whitelabel UI for better out-of-box experience
* Improved support for expressions in security filters

Enjoy!

Dave.

**enkhchuluun** · Jul 29th, 2012, 09:57 PM

Great job guys~.
I can't be waitng first RC 1.0.0.

**OhadR** · Aug 13th, 2012, 09:31 AM

Originally Posted by Dave Syer

Hi,

#spring #security #oauth 1.0.0.RC1 is released today http://bit.ly/xfE5PM. Download via github or Maven (SpringSource milestone repository).

Loads of new stuff since M6. OAuth2 is looking close to stable so it seemed like a good idea to go for a release candidate. Highlights:

* Lots of new extension points in the Authorization Server features
* XML goodness, e.g. <oauth2:rest-template/>
* Whitelabel UI for better out-of-box experience
* Improved support for expressions in security filters

Enjoy!

Dave.

Congrats!

great job.

A question: I had a working project on milestone4, now I try to migrate it to the new RC1. Unfortunately, I find it difficult - many compilation error due to files that have been removed, etc. (
for example:
1. RandomValueTokenServices does not exist anymore,
2. the bean 'ClientCredentialsTokenEndpointFilter' is not found,
3. under "client" bean there cannot be "resource-details-service-ref" anymore, and more...

Do you have a documentation that might help me to find how to make it work? I really wanna make it work on the RC1, since I believe it suppose to be better than a milestone...

please advise...

thanks

**Dave Syer** · Aug 14th, 2012, 02:29 AM

Originally Posted by OhadR

1. RandomValueTokenServices does not exist anymore,

It evolved into DefaultTokenServices. But if you have an existing TokenServices that extends the old RVTS you should look at the TokenStore and other extension points in the DefaultTokenServices, rather than simply extending the new class.

2. the bean 'ClientCredentialsTokenEndpointFilter' is not found,

The class is still there. Maybe it was registered automatically in M4? You need to define it explicitly now.

3. under "client" bean there cannot be "resource-details-service-ref" anymore, and more...

Do you have an example config that you show to remind us what that was for (if it did anything)?

**OhadR** · Aug 14th, 2012, 02:40 AM

Originally Posted by Dave Syer

Do you have an example config that you show to remind us what that was for (if it did anything)?

yes, concerning the "resource-details-service-ref": first of all, it is described in the docs,

The client element is used to configure the OAuth 2.0 client mechanism. The following attributes can be applied to the client element:

token-services-ref: The reference to the bean that stores tokens on behalf of a user. Default value is an instance of InMemoryOAuth2ClientTokenServices.
resource-details-service-ref: The reference to the bean that services the known resource details.

-so I thought this is the way it should work. So my XML looks something like this:

Code:

    <!--apply the oauth client context -->
	<oauth:client id="oauth2ClientFilter" 
				resource-details-service-ref="resourceDetailsService"/>

    <bean id="resourceDetailsService" class="org.springframework.security.oauth2.client.resource.InMemoryOAuth2ProtectedResourceDetailsService">
        <property name="resourceDetailsStore">
            <map>
                <entry key="clientKey" value-ref="myClientResource"/>
            </map>
        </property>
    </bean>

Thread: Spring Security OAuth 1.0.0.RC1 released

Thread Tools

Display

Spring Security OAuth 1.0.0.RC1 released

Posting Permissions