diff --git a/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/configuration-model.adoc b/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/configuration-model.adoc index c2bdea0b6b..47f0c3c7b3 100644 --- a/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/configuration-model.adoc +++ b/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/configuration-model.adoc @@ -95,24 +95,6 @@ public JwtDecoder jwtDecoder(JWKSource jwkSource) { The main intent of `OAuth2AuthorizationServerConfiguration` is to provide a convenient method to apply the minimal default configuration for an OAuth2 authorization server. However, in most cases, customizing the configuration will be required. -The following example shows how you can wire an authorization server with nothing more than an `HttpSecurity` builder while still re-using Spring Boot’s defaults for users and static resources: - -[source,java] ----- -@Bean -SecurityFilterChain springSecurity(HttpSecurity http) { - http - .authorizeHttpRequests(requests -> requests - .anyRequest().authenticated() - ) - .authorizationServer(auth -> auth - .oidc(Customizer.withDefaults()) - ) - .formLogin(Customizer.withDefaults()); - return http.build(); -} ----- - [[oauth2AuthorizationServer-customizing-the-configuration]] == Customizing the configuration diff --git a/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/getting-started.adoc b/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/getting-started.adoc index dacff440a3..8a3a88c8a3 100644 --- a/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/getting-started.adoc +++ b/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/getting-started.adoc @@ -108,6 +108,34 @@ spring: require-authorization-consent: true ---- +If you want to customize the default `HttpSecurity` configuration, you may override Spring Boot's auto-configuration with the following example: + +[[oauth2AuthorizationServer-minimal-sample-gettingstarted]] +.SecurityConfig.java +[source,java] +---- +@Configuration +@EnableWebSecurity +public class SecurityConfig { + + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) { + http + .authorizeHttpRequests((authorize) -> + authorize + .anyRequest().authenticated() + ) + .formLogin(Customizer.withDefaults()) + .oauth2AuthorizationServer((authorizationServer) -> + authorizationServer + .oidc(Customizer.withDefaults()) // Enable OpenID Connect 1.0 + ); + return http.build(); + } + +} +---- + TIP: Beyond the Getting Started experience, most users will want to customize the default configuration. The xref:servlet/oauth2/authorization-server/getting-started.adoc#oauth2AuthorizationServer-defining-required-components[next section] demonstrates providing all of the necessary beans yourself. [[oauth2AuthorizationServer-defining-required-components]]