Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resource Server Package Name Inconsistencies #7349

Closed
jzheaux opened this issue Sep 3, 2019 · 4 comments
Closed

Resource Server Package Name Inconsistencies #7349

jzheaux opened this issue Sep 3, 2019 · 4 comments
Assignees
@jzheaux
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
Milestone
6.0.0-RC1

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Sep 3, 2019
edited
Loading

Some of the classes in oauth2-resource-server could be better aligned with the whole.

For example, if XYZ represents the root package for that module, then:

  • authentication filters tend to be in XYZ.web.authentication, but BearerTokenAuthenticationFilter is only in XYZ.web
  • authentication tokens tend to be in XYZ.authentication, but BearerTokenAuthenticationToken is in XYZ

Since these have both GA'd already, they likely won't be adjusted on the 5.x release train, but I'm recording this for future reference.
@jzheaux jzheaux added type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels Sep 3, 2019
@jzheaux jzheaux added this to the 6.x milestone Sep 3, 2019
@jzheaux jzheaux changed the title Resource Server Inconsistencies Resource Server Package Name Inconsistencies Sep 4, 2019
@jgrandja
Copy link
Contributor

@jzheaux

BearerTokenAuthenticationFilter is in ...web sub-package, which is correct. I don't believe it should be moved to ...web.authentication?

@jzheaux
Copy link
Contributor Author

jzheaux commented Jul 7, 2020

@jgrandja, I see that AnonymousAuthenticationFilter, DefaultLoginPageGeneratingFilter, DefaultLogoutPageGeneratingFilter, and UsernamePasswordAuthenticationFilter are all in web.authentication.

BasicAuthenticationFilter is in web.authentication.www, AbstractPreAuthenticatedProcessingFilter is in web.authentication.preauth, and X509AuthenticationFilter is in web.authentication.preauth.x509.

By these it seems to me that authentication filters go into web.authentication or a subpackage of that, which is why I'm thinking BearerTokenAuthenticationFilter should go into web.authentication or a subpackage.

What am I missing regarding the packaging conventions?

@jgrandja
Copy link
Contributor

jgrandja commented Jul 9, 2020
edited
Loading

@jzheaux Thanks for providing references to existing authn Filter's. It looks like there is some inconsistency since OpenIDAuthenticationFilter, CasAuthenticationFilter and OAuth2LoginAuthenticationFilter are not in *.web.authentication package. Maybe @rwinch can confirm which sub-package it should be in?

@rwinch
Copy link
Member

rwinch commented Jul 10, 2020
edited
Loading

I'd have to give this some thought. At first glance I'd say that they should be in web.authentication. I'm trying to remember if there were any conscious decisions to make the packages less sparse by avoiding an authentication package.

It could be argued that cas in itself implies authentication, so perhaps that is reason enough to avoid another authentication package.

@rwinch rwinch added the type: breaks-passivity A change that breaks passivity with the previous release label Jun 13, 2022
@jzheaux jzheaux self-assigned this Jul 27, 2022
@jzheaux jzheaux modified the milestones: 6.0.x, 6.0.0-RC1 Sep 20, 2022
@jzheaux jzheaux mentioned this issue Sep 21, 2022
Closed
jzheaux added a commit that referenced this issue Sep 23, 2022
@jzheaux
Add Deprecated Versions of Original Classes
53dbcfd 
Issue gh-7349
jzheaux added a commit that referenced this issue Sep 23, 2022
@jzheaux
Adjust OAuth2 Resource Server packaging
37a1602 
Closes gh-7349
jzheaux added a commit that referenced this issue Sep 23, 2022
@jzheaux
Add Deprecated Versions of Original Classes
ae6fb8c 
Issue gh-7349
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
Projects
Spring Security Team
Status: Done
Milestone
6.0.0-RC1
Development

No branches or pull requests
3 participants
@rwinch @jzheaux @jgrandja