问题
What is the difference between spring-security-oauth2 and spring-security-oauth2-core in spring? Is spring-security-oauth2 substituted by spring-security-oauth2-core?
spring-security-oauth2 release link : http://repo.spring.io/release/org/springframework/security/oauth/spring-security-oauth2/
spring-security-oauth2-core release link http://repo.spring.io/release/org/springframework/security/spring-security-oauth2-core/
回答1:
Yes there is a big difference. spring-security-oauth2 (Spring Security OAuth Project) is no longer being actively developed.
Moving forward, it will be implemented in Spring Security 5 (in spring-security-oauth2-core). It's pretty confusing because many tutorials use the previous Spring Security OAuth (@EnableResourceServer, @EnableAuthorizationServer, and @EnableOAuth2Sso annotations usually give it away).
回答2:
The first link is related to Spring 4 and it's matching Spring Security versions. You can verify this in the pom.xml files.
The second link is related to Spring 5 and Spring Security 5. Not only is this directly apparent from the version you see mentioned in that link but you can find the dependency directly named in the Spring Security 5 documentation.
回答3:
The difference is described in the spring git repository
https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide
it is the old library: security/oauth/spring-security-oauth2/ As you see, the library is in the 'oauth' group of spring-security.
I don't recommend using the old library as a client because there are many unresolved issues including the issue about the storing of clientContext (the library use proxy instead of the plain entity for that reason you will have issues when you use MA with distributed cache ). Also, it doesn't allow to use several OAuth2.0 providers simultaneously (only one).
At the same time, that library provides a significant advantage, to use Authorization Server that doesn't implement in the new library.
来源:https://stackoverflow.com/questions/56024206/spring-security-oauth2-vs-spring-security-oauth2-core-in-spring