diff --git a/module/spring-boot-security-oauth2-authorization-server/src/main/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java b/module/spring-boot-security-oauth2-authorization-server/src/main/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java index 7f040654108..8ad67e962df 100644 --- a/module/spring-boot-security-oauth2-authorization-server/src/main/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java +++ b/module/spring-boot-security-oauth2-authorization-server/src/main/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java @@ -27,7 +27,6 @@ import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; import org.springframework.http.MediaType; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.web.SecurityFilterChain; @@ -50,11 +49,11 @@ class OAuth2AuthorizationServerWebSecurityConfiguration { @Bean @Order(Ordered.HIGHEST_PRECEDENCE) SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) { - OAuth2AuthorizationServerConfigurer authorizationServer = new OAuth2AuthorizationServerConfigurer(); - http.securityMatcher(authorizationServer.getEndpointsMatcher()); - http.with(authorizationServer, withDefaults()); + http.oauth2AuthorizationServer((authorizationServer) -> { + http.securityMatcher(authorizationServer.getEndpointsMatcher()); + authorizationServer.oidc(withDefaults()); + }); http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()); - http.getConfigurer(OAuth2AuthorizationServerConfigurer.class).oidc(withDefaults()); http.oauth2ResourceServer((resourceServer) -> resourceServer.jwt(withDefaults())); http.exceptionHandling((exceptions) -> exceptions.defaultAuthenticationEntryPointFor( new LoginUrlAuthenticationEntryPoint("/login"), createRequestMatcher())); diff --git a/module/spring-boot-security-oauth2-authorization-server/src/test/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfigurationTests.java b/module/spring-boot-security-oauth2-authorization-server/src/test/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfigurationTests.java index 09f34444dd3..9d7485608f6 100644 --- a/module/spring-boot-security-oauth2-authorization-server/src/test/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfigurationTests.java +++ b/module/spring-boot-security-oauth2-authorization-server/src/test/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfigurationTests.java @@ -32,7 +32,6 @@ import org.springframework.security.config.BeanIds; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository; @@ -97,6 +96,19 @@ class OAuth2AuthorizationServerWebSecurityConfigurationTests { }); } + @Test + void httpSecurityCustomizerCanRefineAuthorizationServerConfiguration() { + this.contextRunner.withUserConfiguration(TestOAuth2AuthorizationServerConfiguration.class) + .withPropertyValues(CLIENT_PREFIX + ".foo.registration.client-id=abcd", + CLIENT_PREFIX + ".foo.registration.client-secret=secret", + CLIENT_PREFIX + ".foo.registration.client-authentication-methods=client_secret_basic", + CLIENT_PREFIX + ".foo.registration.authorization-grant-types=client_credentials", + CLIENT_PREFIX + ".foo.registration.scopes=test") + .withUserConfiguration(OAuth2AuthorizationServerCustomizationConfiguration.class) + .run((context) -> assertThat(findFilter(context, OAuth2AuthorizationEndpointFilter.class, 0)) + .hasFieldOrPropertyWithValue("consentPage", "https://example.com/custom-consent-page")); + } + @Test void securityFilterChainsBackOffWhenSecurityFilterChainBeanPresent() { this.contextRunner @@ -165,9 +177,8 @@ class OAuth2AuthorizationServerWebSecurityConfigurationTests { @Bean @Order(1) SecurityFilterChain authServerSecurityFilterChain(HttpSecurity http) { - OAuth2AuthorizationServerConfigurer authorizationServer = new OAuth2AuthorizationServerConfigurer(); - http.securityMatcher(authorizationServer.getEndpointsMatcher()) - .with(authorizationServer, Customizer.withDefaults()); + http.oauth2AuthorizationServer( + (authorizationServer) -> http.securityMatcher(authorizationServer.getEndpointsMatcher())); http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()); return http.build(); } @@ -176,6 +187,18 @@ class OAuth2AuthorizationServerWebSecurityConfigurationTests { @Order(2) SecurityFilterChain securityFilterChain(HttpSecurity http) { return http.httpBasic(withDefaults()).build(); + + } + + } + + @Configuration(proxyBeanMethods = false) + static class OAuth2AuthorizationServerCustomizationConfiguration { + + @Bean + Customizer oauth2AuthorizationServiceCustomizer() { + return (http) -> http.oauth2AuthorizationServer((authorizationServer) -> authorizationServer + .authorizationEndpoint((endpoint) -> endpoint.consentPage("https://example.com/custom-consent-page"))); } }