From 4a494329544f8523804964818d8c9e23036f2696 Mon Sep 17 00:00:00 2001 From: Marc Becker Date: Fri, 23 Feb 2024 12:12:16 +0100 Subject: [PATCH] Clarify cds-feature-xsuaa to cds-feature-identity switch (#701) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: René Jeglinsky --- java/security.md | 49 +++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 5 deletions(-) diff --git a/java/security.md b/java/security.md index 4cea2b12c..817ad9d70 100644 --- a/java/security.md +++ b/java/security.md @@ -60,18 +60,57 @@ In addition, your application needs to be bound to corresponding service instanc * accept tokens issued by XSUAA and IAS --> bind your application to service instances of both types. ::: tip Specify Binding -CAP Java picks only a single binding of each type. If you have multiple XSUAA or IAS bindings, choose a specific binding with property `cds.security.xsuaa.binding`respectively `cds.security.identity.binding`. +CAP Java picks only a single binding of each type. If you have multiple XSUAA or IAS bindings, choose a specific binding with property `cds.security.xsuaa.binding` respectively `cds.security.identity.binding`. Choose an appropriate XSUAA service plan to fit the requirements. For instance, if your service should be exposed as technical reuse service, make use of plan `broker`. ::: ### Transition from `cds-feature-xsuaa` to `cds-feature-identity`{ #transition-xsuaa-ias} -CAP also provides support for XSUAA-based authentication via the maven dependency `cds-feature-xsuaa` which is based on the [spring-xsuaa library](https://github.com/SAP/cloud-security-services-integration-library/tree/main/spring-xsuaa). As the spring-xsuaa library is deprecated, it is recommended to move to `cds-feature-identity`. +CAP also provides support for XSUAA-based authentication via the maven dependency `cds-feature-xsuaa` which is based on the [spring-xsuaa library](https://github.com/SAP/cloud-security-services-integration-library/tree/main/spring-xsuaa). +We recommend to move to `cds-feature-identity`, as the spring-xsuaa library is deprecated. When moving to `cds-feature-identity`, please keep the following in mind: + +- As `cds-feature-xsuaa` still takes priority over `cds-feature-identity` for backward compatibility, remove all existing dependencies to `cds-feature-xsuaa` and `xsuaa-spring-boot-starter`. +- If you are using the `cds-starter-cloudfoundry` or the `cds-starter-k8s` starter bundle, make sure to **explicitly** exclude the mentioned dependencies using `...`. + +::: code-group + +```xml [srv/pom.xml (cds-starter-cloudfoundry)] + + com.sap.cds + cds-starter-cloudfoundry + + + com.sap.cds + cds-feature-xsuaa + + + com.sap.cloud.security.xsuaa + xsuaa-spring-boot-starter + + + +``` + +```xml [srv/pom.xml (cds-starter-k8s)] + + com.sap.cds + cds-starter-k8s + + + com.sap.cds + cds-feature-xsuaa + + + com.sap.cloud.security.xsuaa + xsuaa-spring-boot-starter + + + +``` -To do so, remove existing dependencies to `cds-feature-xsuaa` and `xsuaa-spring-boot-starter` and follow the description in [Configure XSUAA and IAS Authentication](#xsuaa-ias). -::: tip Backward Compatibility: Exclude Dependencies When Using Bundles -If you are using the `cds-starter-cloudfoundry` or the `cds-starter-k8s` starter bundle, make sure to **explicitly** exclude the mentioned dependencies using `...`. Otherwise, `cds-feature-xsuaa` will take priority over `cds-feature-identity` for backward compatibility. ::: +Now follow the description in [Configure XSUAA and IAS Authentication](#xsuaa-ias). + ### Automatic Spring Boot Security Configuration { #spring-boot} Only if **both, the library dependencies and an XSUAA/IAS service binding are in place**, the CAP Java SDK activates a Spring security configuration, which enforces authentication for all endpoints **automatically**: