diff --git a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/web/spring-security.adoc b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/web/spring-security.adoc index 302f79a222c..fa73844ef90 100644 --- a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/web/spring-security.adoc +++ b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/web/spring-security.adoc @@ -87,14 +87,24 @@ You can register multiple OAuth2 clients and providers under the `spring.securit oauth2: client: registration: + my-login-client: + client-id: "abcd" + client-secret: "password" + client-name: "Client for OpenID Connect" + provider: "my-oauth-provider" + scope: "openid,profile,email,phone,address" + redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}" + client-authentication-method: "client_secret_basic" + authorization-grant-type: "authorization_code" + my-client-1: client-id: "abcd" client-secret: "password" client-name: "Client for user scope" provider: "my-oauth-provider" scope: "user" - redirect-uri: "https://my-redirect-uri.com" - client-authentication-method: "basic" + redirect-uri: "{baseUrl}/authorized/user" + client-authentication-method: "client_secret_basic" authorization-grant-type: "authorization_code" my-client-2: @@ -103,17 +113,17 @@ You can register multiple OAuth2 clients and providers under the `spring.securit client-name: "Client for email scope" provider: "my-oauth-provider" scope: "email" - redirect-uri: "https://my-redirect-uri.com" - client-authentication-method: "basic" + redirect-uri: "{baseUrl}/authorized/email" + client-authentication-method: "client_secret_basic" authorization-grant-type: "authorization_code" provider: my-oauth-provider: - authorization-uri: "https://my-auth-server/oauth/authorize" - token-uri: "https://my-auth-server/oauth/token" - user-info-uri: "https://my-auth-server/userinfo" + authorization-uri: "https://my-auth-server.com/oauth2/authorize" + token-uri: "https://my-auth-server.com/oauth2/token" + user-info-uri: "https://my-auth-server.com/userinfo" user-info-authentication-method: "header" - jwk-set-uri: "https://my-auth-server/token_keys" + jwk-set-uri: "https://my-auth-server.com/oauth2/jwks" user-name-attribute: "name" ---- diff --git a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.java b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.java index ec814232edb..f91ccc1c5df 100644 --- a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.java +++ b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.java @@ -19,15 +19,26 @@ package org.springframework.boot.docs.web.security.oauth2.client; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.web.SecurityFilterChain; @Configuration(proxyBeanMethods = false) +@EnableWebSecurity public class MyOAuthClientConfiguration { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated()); - http.oauth2Login((login) -> login.redirectionEndpoint().baseUri("custom-callback")); + // @formatter:off + http + .authorizeHttpRequests((requests) -> requests + .anyRequest().authenticated() + ) + .oauth2Login((login) -> login + .redirectionEndpoint((endpoint) -> endpoint + .baseUri("/login/oauth2/callback/*") + ) + ); + // @formatter:on return http.build(); } diff --git a/spring-boot-project/spring-boot-docs/src/main/kotlin/org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.kt b/spring-boot-project/spring-boot-docs/src/main/kotlin/org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.kt index dfe75f4f101..ec35d85b4d9 100644 --- a/spring-boot-project/spring-boot-docs/src/main/kotlin/org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.kt +++ b/spring-boot-project/spring-boot-docs/src/main/kotlin/org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.kt @@ -19,15 +19,26 @@ package org.springframework.boot.docs.web.security.oauth2.client import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration import org.springframework.security.config.annotation.web.builders.HttpSecurity +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity +import org.springframework.security.config.annotation.web.invoke import org.springframework.security.web.SecurityFilterChain @Configuration(proxyBeanMethods = false) -class MyOAuthClientConfiguration { +@EnableWebSecurity +open class MyOAuthClientConfiguration { @Bean - fun securityFilterChain(http: HttpSecurity): SecurityFilterChain { - http.authorizeHttpRequests().anyRequest().authenticated() - http.oauth2Login().redirectionEndpoint().baseUri("custom-callback") + open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain { + http { + authorizeHttpRequests { + authorize(anyRequest, authenticated) + } + oauth2Login { + redirectionEndpoint { + baseUri = "/login/oauth2/callback/*" + } + } + } return http.build() }