Remove unneeded oauth2Login config when upgrading to Spring Security 6
org.openrewrite.java.spring.security6.RemoveOauth2LoginConfig
_oauth2Login()
is a Spring Security feature that allows users to authenticate with an OAuth2 or OpenID Connect 1.0 provider. When a user is authenticated using this feature, they are granted a set of authorities that determines what actions they are allowed to perform within the application.
In Spring Security 5, the default authority given to a user authenticated with an OAuth2 or OpenID Connect 1.0 provider via oauth2Login()
is ROLE_USER
. This means that the user is allowed to access the application's resources as a regular user.
However, in Spring Security 6, the default authority given to a user authenticated with an OAuth2 provider is OAUTH2_USER
, and the default authority given to a user authenticated with an OpenID Connect 1.0 provider is OIDC_USER
. These authorities are more specific and allow for better customization of the user's permissions within the application.
If you are upgrading to Spring Security 6 and you have previously configured a GrantedAuthoritiesMapper
to handle the authorities of users authenticated via oauth2Login()
, you can remove it completely as the new default authorities should be sufficient._
Recipe source
GitHub, Issue Tracker, Maven Central
groupId: org.openrewrite.recipe
artifactId: rewrite-spring
version: 5.8.0
Usage
This recipe has no required configuration options. It can be activated by adding a dependency on org.openrewrite.recipe:rewrite-spring:5.8.0
in your build file or by running a shell command (in which case no build changes are needed):
Add the following to your
build.gradle
file:
Run
gradle rewriteRun
to run the recipe.
See how this recipe works across multiple open-source repositories
The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.
Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.
Contributors
Kun Li, Knut Wannheden
Last updated