springspring-bootspring-securityspring-security-oauth2

How to Migrate Spring security from 3.1.2 to 6


Existing Spring Boot project spring-boot-starter-parent version 1.5.3.RELEASE and spring-boot-starter-security version 3.1.2
I am upgrading the project from jdk 8 to jdk 21, Spring Boot to 3.1.4 and Spring Security to 6.

In the existing Spring Boot microservices project, using TokenStore (org.springframework.security.oauth2.provider.token.TokenStore), auth token and roles are stored in redis. Now TokenStore is not present in the latest Spring Security. There are more than 20 microservices running in old java version.
There is one gateway which store the token in the TokenStore.

How can I migrate the 20 Spring microservice project one by one? Or shall I do the migration together ? Is there any way that I can store the token as json in the redis and use it to validate in other microservices instead of Using Token store ?


Solution

  • As suggested by Mr. M Deinum, I upgraded the spring boot version to 2.7.16 and spring security to 5.7.11.

    Faced one issue local class incompatible: stream classdesc serialVersionUID = 420, local class serialVersionUID = 570 I copied the spring security classes UsernamePasswordAuthenticationToken and SimpleGrantedAuthority in their respective package in local and changing the serialVersionUID in the classes.