Add @Configuration providing default security configuration

Closes gh-91
6 years ago · 2cb6229300
2 changed files with 82 additions and 0 deletions
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/oauth2/server/authorization/OAuth2AuthorizationServerConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/oauth2/server/authorization/OAuth2AuthorizationServerConfiguration.java
@ -0,0 +1,37 @@
				@@ -0,0 +1,37 @@
+/*
+ * Copyright 2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.config.annotation.web.configuration.oauth2.server.authorization;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+
+/**
+ * {@link Configuration} for OAuth 2.0 Authorization Server support.
+ *
+ * @author Joe Grandja
+ * @since 0.0.1
+ */
+@Configuration
+public class OAuth2AuthorizationServerConfiguration {
+
+	@Bean
+	public WebSecurityConfigurer<WebSecurity> defaultOAuth2AuthorizationServerSecurity() {
+		return new OAuth2AuthorizationServerSecurity();
+	}
+
+}
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/oauth2/server/authorization/OAuth2AuthorizationServerSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/oauth2/server/authorization/OAuth2AuthorizationServerSecurity.java
@ -0,0 +1,45 @@
				@@ -0,0 +1,45 @@
+/*
+ * Copyright 2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.config.annotation.web.configuration.oauth2.server.authorization;
+
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer;
+
+import static org.springframework.security.config.Customizer.withDefaults;
+
+/**
+ * {@link WebSecurityConfigurerAdapter} providing default security configuration for OAuth 2.0 Authorization Server.
+ *
+ * @author Joe Grandja
+ * @since 0.0.1
+ */
+public class OAuth2AuthorizationServerSecurity extends WebSecurityConfigurerAdapter {
+
+	// @formatter:off
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		http
+			.authorizeRequests(authorizeRequests ->
+				authorizeRequests
+						.anyRequest().authenticated()
+			)
+			.formLogin(withDefaults())
+			.apply(new OAuth2AuthorizationServerConfigurer<>());
+	}
+	// @formatter:on
+
+}