Remove unneeded oauth2Login config when upgrading to Spring Security 6

org.openrewrite.java.spring.security6.RemoveOauth2LoginConfig

_oauth2Login() is a Spring Security feature that allows users to authenticate with an OAuth2 or OpenID Connect 1.0 provider. When a user is authenticated using this feature, they are granted a set of authorities that determines what actions they are allowed to perform within the application.

In Spring Security 5, the default authority given to a user authenticated with an OAuth2 or OpenID Connect 1.0 provider via oauth2Login() is ROLE_USER. This means that the user is allowed to access the application's resources as a regular user.

However, in Spring Security 6, the default authority given to a user authenticated with an OAuth2 provider is OAUTH2_USER, and the default authority given to a user authenticated with an OpenID Connect 1.0 provider is OIDC_USER. These authorities are more specific and allow for better customization of the user's permissions within the application.

If you are upgrading to Spring Security 6 and you have previously configured a GrantedAuthoritiesMapper to handle the authorities of users authenticated via oauth2Login(), you can remove it completely as the new default authorities should be sufficient._

Recipe source

GitHub, Issue Tracker, Maven Central

• groupId: org.openrewrite.recipe

• artifactId: rewrite-spring

• version: 5.7.0

Usage

This recipe has no required configuration options. It can be activated by adding a dependency on org.openrewrite.recipe:rewrite-spring:5.7.0 in your build file or by running a shell command (in which case no build changes are needed):

plugins {
    id("org.openrewrite.rewrite") version("6.11.2")
}

rewrite {
    activeRecipe("org.openrewrite.java.spring.security6.RemoveOauth2LoginConfig")
}

repositories {
    mavenCentral()
}

dependencies {
    rewrite("org.openrewrite.recipe:rewrite-spring:5.7.0")
}

initscript {
    repositories {
        maven { url "https://plugins.gradle.org/m2" }
    }
    dependencies { classpath("org.openrewrite:plugin:6.11.2") }
}
rootProject {
    plugins.apply(org.openrewrite.gradle.RewritePlugin)
    dependencies {
        rewrite("org.openrewrite.recipe:rewrite-spring:5.7.0")
    }
    rewrite {
        activeRecipe("org.openrewrite.java.spring.security6.RemoveOauth2LoginConfig")
    }
    afterEvaluate {
        if (repositories.isEmpty()) {
            repositories {
                mavenCentral()
            }
        }
    }
}

<project>
  <build>
    <plugins>
      <plugin>
        <groupId>org.openrewrite.maven</groupId>
        <artifactId>rewrite-maven-plugin</artifactId>
        <version>5.27.0</version>
        <configuration>
          <activeRecipes>
            <recipe>org.openrewrite.java.spring.security6.RemoveOauth2LoginConfig</recipe>
          </activeRecipes>
        </configuration>
        <dependencies>
          <dependency>
            <groupId>org.openrewrite.recipe</groupId>
            <artifactId>rewrite-spring</artifactId>
            <version>5.7.0</version>
          </dependency>
        </dependencies>
      </plugin>
    </plugins>
  </build>
</project>

mvn -U org.openrewrite.maven:rewrite-maven-plugin:run -Drewrite.recipeArtifactCoordinates=org.openrewrite.recipe:rewrite-spring:RELEASE -Drewrite.activeRecipes=org.openrewrite.java.spring.security6.RemoveOauth2LoginConfig

mod run . --recipe RemoveOauth2LoginConfig

See how this recipe works across multiple open-source repositories

The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.

Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.

Contributors

Kun Li, Knut Wannheden