Remove spring security oauth plugin
A number of popular community modules are built on spring-security-oauth plugin:
- OAuth2 google
- OAuth2 github
- OAuth2 geonode
- OAuth2 OpenID Connect
Support for OAuth2 in GeoServer is based on the deprecated spring-security-oauth library. The same functionality is now provided by spring-security itself, but exposing a different API, making the GeoServer plugin incompatible.
Our GeoServer security integrations will need to be rewritten to use the spring-security framework directly.
The good news is that this activity is available to be worked on immediately with spring-security 5.8 and then migrated to spring-security 6. Other projects such as GeoNetwork have already made the transition.
The use of spring-security 6 requires removing spring-security-oauth plugin.
In planning
©2022 Open Source Geospatial Foundation