GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Polish gh-18153 

Issue gh-18144
pull/18015/head
Joe Grandja 1 month ago
parent
e6db56ab4f
commit
b130e728b7
2 changed files with 28 additions and 18 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 18
      docs/modules/ROOT/pages/servlet/oauth2/authorization-server/configuration-model.adoc
  2. 28
      docs/modules/ROOT/pages/servlet/oauth2/authorization-server/getting-started.adoc

18
docs/modules/ROOT/pages/servlet/oauth2/authorization-server/configuration-model.adoc
Unescape View File

@ -95,24 +95,6 @@ public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) { @@ -95,24 +95,6 @@ public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
The main intent of `OAuth2AuthorizationServerConfiguration` is to provide a convenient method to apply the minimal default configuration for an OAuth2 authorization server. However, in most cases, customizing the configuration will be required.
The following example shows how you can wire an authorization server with nothing more than an `HttpSecurity` builder while still re-using Spring Boot’s defaults for users and static resources:
[source,java]
----
@Bean
SecurityFilterChain springSecurity(HttpSecurity http) {
http
.authorizeHttpRequests(requests -> requests
.anyRequest().authenticated()
)
.authorizationServer(auth -> auth
.oidc(Customizer.withDefaults())
)
.formLogin(Customizer.withDefaults());
return http.build();
}
----
[[oauth2AuthorizationServer-customizing-the-configuration]]
== Customizing the configuration

28
docs/modules/ROOT/pages/servlet/oauth2/authorization-server/getting-started.adoc
Unescape View File

@ -108,6 +108,34 @@ spring: @@ -108,6 +108,34 @@ spring:
require-authorization-consent: true
----
If you want to customize the default `HttpSecurity` configuration, you may override Spring Boot's auto-configuration with the following example:
[[oauth2AuthorizationServer-minimal-sample-gettingstarted]]
.SecurityConfig.java
[source,java]
----
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) {
http
.authorizeHttpRequests((authorize) ->
authorize
.anyRequest().authenticated()
)
.formLogin(Customizer.withDefaults())
.oauth2AuthorizationServer((authorizationServer) ->
authorizationServer
.oidc(Customizer.withDefaults()) // Enable OpenID Connect 1.0
);
return http.build();
}
}
----
TIP: Beyond the Getting Started experience, most users will want to customize the default configuration. The xref:servlet/oauth2/authorization-server/getting-started.adoc#oauth2AuthorizationServer-defining-required-components[next section] demonstrates providing all of the necessary beans yourself.
[[oauth2AuthorizationServer-defining-required-components]]

Write Preview
Loading…
Cancel
Save