GitHub-Spring
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge branch '4.0.x' 

Closes gh-49379
pull/49364/head
Andy Wilkinson 2 weeks ago
parent
b77b969ca5 42466e4776
commit
fd58b76f51
2 changed files with 31 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      module/spring-boot-security-oauth2-authorization-server/src/main/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java
  2. 31
      module/spring-boot-security-oauth2-authorization-server/src/test/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfigurationTests.java

9
module/spring-boot-security-oauth2-authorization-server/src/main/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java
Unescape View File

@ -27,7 +27,6 @@ import org.springframework.core.Ordered; @@ -27,7 +27,6 @@ import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.http.MediaType;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.web.SecurityFilterChain;
@ -50,11 +49,11 @@ class OAuth2AuthorizationServerWebSecurityConfiguration { @@ -50,11 +49,11 @@ class OAuth2AuthorizationServerWebSecurityConfiguration {
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) {
OAuth2AuthorizationServerConfigurer authorizationServer = new OAuth2AuthorizationServerConfigurer();
http.securityMatcher(authorizationServer.getEndpointsMatcher());
http.with(authorizationServer, withDefaults());
http.oauth2AuthorizationServer((authorizationServer) -> {
http.securityMatcher(authorizationServer.getEndpointsMatcher());
authorizationServer.oidc(withDefaults());
});
http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated());
http.getConfigurer(OAuth2AuthorizationServerConfigurer.class).oidc(withDefaults());
http.oauth2ResourceServer((resourceServer) -> resourceServer.jwt(withDefaults()));
http.exceptionHandling((exceptions) -> exceptions.defaultAuthenticationEntryPointFor(
new LoginUrlAuthenticationEntryPoint("/login"), createRequestMatcher()));

31
module/spring-boot-security-oauth2-authorization-server/src/test/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfigurationTests.java
Unescape View File

@ -32,7 +32,6 @@ import org.springframework.security.config.BeanIds; @@ -32,7 +32,6 @@ import org.springframework.security.config.BeanIds;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
@ -97,6 +96,19 @@ class OAuth2AuthorizationServerWebSecurityConfigurationTests { @@ -97,6 +96,19 @@ class OAuth2AuthorizationServerWebSecurityConfigurationTests {
});
}
@Test
void httpSecurityCustomizerCanRefineAuthorizationServerConfiguration() {
this.contextRunner.withUserConfiguration(TestOAuth2AuthorizationServerConfiguration.class)
.withPropertyValues(CLIENT_PREFIX + ".foo.registration.client-id=abcd",
CLIENT_PREFIX + ".foo.registration.client-secret=secret",
CLIENT_PREFIX + ".foo.registration.client-authentication-methods=client_secret_basic",
CLIENT_PREFIX + ".foo.registration.authorization-grant-types=client_credentials",
CLIENT_PREFIX + ".foo.registration.scopes=test")
.withUserConfiguration(OAuth2AuthorizationServerCustomizationConfiguration.class)
.run((context) -> assertThat(findFilter(context, OAuth2AuthorizationEndpointFilter.class, 0))
.hasFieldOrPropertyWithValue("consentPage", "https://example.com/custom-consent-page"));
}
@Test
void securityFilterChainsBackOffWhenSecurityFilterChainBeanPresent() {
this.contextRunner
@ -165,9 +177,8 @@ class OAuth2AuthorizationServerWebSecurityConfigurationTests { @@ -165,9 +177,8 @@ class OAuth2AuthorizationServerWebSecurityConfigurationTests {
@Bean
@Order(1)
SecurityFilterChain authServerSecurityFilterChain(HttpSecurity http) {
OAuth2AuthorizationServerConfigurer authorizationServer = new OAuth2AuthorizationServerConfigurer();
http.securityMatcher(authorizationServer.getEndpointsMatcher())
.with(authorizationServer, Customizer.withDefaults());
http.oauth2AuthorizationServer(
(authorizationServer) -> http.securityMatcher(authorizationServer.getEndpointsMatcher()));
http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated());
return http.build();
}
@ -176,6 +187,18 @@ class OAuth2AuthorizationServerWebSecurityConfigurationTests { @@ -176,6 +187,18 @@ class OAuth2AuthorizationServerWebSecurityConfigurationTests {
@Order(2)
SecurityFilterChain securityFilterChain(HttpSecurity http) {
return http.httpBasic(withDefaults()).build();
}
}
@Configuration(proxyBeanMethods = false)
static class OAuth2AuthorizationServerCustomizationConfiguration {
@Bean
Customizer<HttpSecurity> oauth2AuthorizationServiceCustomizer() {
return (http) -> http.oauth2AuthorizationServer((authorizationServer) -> authorizationServer
.authorizationEndpoint((endpoint) -> endpoint.consentPage("https://example.com/custom-consent-page")));
}
}

Write Preview
Loading…
Cancel
Save