[
https://issues.apache.org/jira/browse/FINERACT-1012?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17235012#comment-17235012
]
Vincent FUCHS commented on FINERACT-1012:
-----------------------------------------
Has anybody started looking into this one ? As part of FINERACT-1261 , I spent
some time on it today, but I am struggling a bit.. so if somebody has initiated
something somewhere, please let me know, maybe I can continue what has been
started.
> Spring Security OAuth 2.x to Spring Security 5.2.x
> --------------------------------------------------
>
> Key: FINERACT-1012
> URL: https://issues.apache.org/jira/browse/FINERACT-1012
> Project: Apache Fineract
> Issue Type: Bug
> Components: Security
> Affects Versions: 1.4.0
> Reporter: Michael Vorburger
> Assignee: Saransh Sharma
> Priority: Critical
> Labels: beginner
> Fix For: 1.5.0
>
>
> The bump of spring-security-oauth2 from 2.3.6.RELEASE to 2.4.1.RELEASE in
> https://github.com/apache/fineract/pull/863 as part of FINERACT-963
> introduced usage of {{@Deprecated}} code, which we are trying to avoid (and
> which since FINERACT-959 we're intentionally making the build fail).
> I'm going to use a {{@SuppressWarnings("deprecation")}} to be able to do the
> upgrade anyway, because upgrading a security related library to its latest
> version seems like a sensible thing to do, but we really should remove the
> suppression and switch to using Spring's newer APIs.
> https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide
> affects {{UserDetailsApiResource}} and
> {{TwoFactorAuthenticationFilter.createUpdatedAuthentication()}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
