Remove remaining usage of WebSecurityConfigurerAdapter
This commit is contained in:
parent
f1c448becc
commit
c5a2162b07
|
@ -20,10 +20,10 @@ import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
||||||
import org.springframework.security.core.userdetails.User;
|
import org.springframework.security.core.userdetails.User;
|
||||||
import org.springframework.security.core.userdetails.UserDetails;
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
|
||||||
import static org.springframework.security.config.Customizer.withDefaults;
|
import static org.springframework.security.config.Customizer.withDefaults;
|
||||||
|
|
||||||
|
@ -34,19 +34,20 @@ import static org.springframework.security.config.Customizer.withDefaults;
|
||||||
*/
|
*/
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
public class SecurityConfiguration {
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
|
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
|
||||||
http
|
http
|
||||||
.authorizeHttpRequests((authorize) -> authorize
|
.authorizeHttpRequests((authorize) -> authorize
|
||||||
.anyRequest().authenticated()
|
.anyRequest().authenticated()
|
||||||
)
|
)
|
||||||
.httpBasic(withDefaults())
|
.httpBasic(withDefaults())
|
||||||
.formLogin(withDefaults());
|
.formLogin(withDefaults());
|
||||||
}
|
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
|
return http.build();
|
||||||
|
}
|
||||||
|
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
@Bean
|
@Bean
|
||||||
|
|
|
@ -31,7 +31,6 @@ import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.security.config.Customizer;
|
import org.springframework.security.config.Customizer;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
||||||
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
|
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
|
||||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||||
import org.springframework.security.core.userdetails.User;
|
import org.springframework.security.core.userdetails.User;
|
||||||
|
@ -43,6 +42,7 @@ import org.springframework.security.oauth2.jwt.NimbusJwtEncoder;
|
||||||
import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint;
|
import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint;
|
||||||
import org.springframework.security.oauth2.server.resource.web.access.BearerTokenAccessDeniedHandler;
|
import org.springframework.security.oauth2.server.resource.web.access.BearerTokenAccessDeniedHandler;
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Security configuration for the main application.
|
* Security configuration for the main application.
|
||||||
|
@ -50,7 +50,7 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
* @author Josh Cummings
|
* @author Josh Cummings
|
||||||
*/
|
*/
|
||||||
@Configuration
|
@Configuration
|
||||||
public class RestConfig extends WebSecurityConfigurerAdapter {
|
public class RestConfig {
|
||||||
|
|
||||||
@Value("${jwt.public.key}")
|
@Value("${jwt.public.key}")
|
||||||
RSAPublicKey key;
|
RSAPublicKey key;
|
||||||
|
@ -58,8 +58,8 @@ public class RestConfig extends WebSecurityConfigurerAdapter {
|
||||||
@Value("${jwt.private.key}")
|
@Value("${jwt.private.key}")
|
||||||
RSAPrivateKey priv;
|
RSAPrivateKey priv;
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
http
|
http
|
||||||
.authorizeHttpRequests((authorize) -> authorize
|
.authorizeHttpRequests((authorize) -> authorize
|
||||||
|
@ -74,6 +74,7 @@ public class RestConfig extends WebSecurityConfigurerAdapter {
|
||||||
.accessDeniedHandler(new BearerTokenAccessDeniedHandler())
|
.accessDeniedHandler(new BearerTokenAccessDeniedHandler())
|
||||||
);
|
);
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
|
|
|
@ -16,10 +16,12 @@
|
||||||
|
|
||||||
package example.web;
|
package example.web;
|
||||||
|
|
||||||
|
import example.RestConfig;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
|
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
|
||||||
|
import org.springframework.context.annotation.Import;
|
||||||
import org.springframework.test.web.servlet.MockMvc;
|
import org.springframework.test.web.servlet.MockMvc;
|
||||||
import org.springframework.test.web.servlet.MvcResult;
|
import org.springframework.test.web.servlet.MvcResult;
|
||||||
|
|
||||||
|
@ -35,6 +37,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||||
* @author Josh Cummings
|
* @author Josh Cummings
|
||||||
*/
|
*/
|
||||||
@WebMvcTest({ HelloController.class, TokenController.class })
|
@WebMvcTest({ HelloController.class, TokenController.class })
|
||||||
|
@Import(RestConfig.class)
|
||||||
public class HelloControllerTests {
|
public class HelloControllerTests {
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
|
|
|
@ -44,7 +44,6 @@ import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.http.HttpStatus;
|
import org.springframework.http.HttpStatus;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
|
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
|
||||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
|
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
|
||||||
|
@ -63,6 +62,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
|
||||||
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
|
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
|
||||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||||
import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
|
import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
|
||||||
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
import org.springframework.test.web.servlet.MockMvc;
|
import org.springframework.test.web.servlet.MockMvc;
|
||||||
import org.springframework.web.util.UriComponents;
|
import org.springframework.web.util.UriComponents;
|
||||||
import org.springframework.web.util.UriComponentsBuilder;
|
import org.springframework.web.util.UriComponentsBuilder;
|
||||||
|
@ -328,11 +328,11 @@ public class OAuth2LoginApplicationTests {
|
||||||
}
|
}
|
||||||
|
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
public static class SecurityTestConfig extends WebSecurityConfigurerAdapter {
|
public static class SecurityTestConfig {
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
@Override
|
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
|
||||||
http
|
http
|
||||||
.authorizeHttpRequests((authorize) -> authorize
|
.authorizeHttpRequests((authorize) -> authorize
|
||||||
.anyRequest().authenticated()
|
.anyRequest().authenticated()
|
||||||
|
@ -341,8 +341,9 @@ public class OAuth2LoginApplicationTests {
|
||||||
.tokenEndpoint((token) -> token.accessTokenResponseClient(mockAccessTokenResponseClient()))
|
.tokenEndpoint((token) -> token.accessTokenResponseClient(mockAccessTokenResponseClient()))
|
||||||
.userInfoEndpoint((userInfo) -> userInfo.userService(mockUserService()))
|
.userInfoEndpoint((userInfo) -> userInfo.userService(mockUserService()))
|
||||||
);
|
);
|
||||||
}
|
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
|
return http.build();
|
||||||
|
}
|
||||||
|
|
||||||
private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> mockAccessTokenResponseClient() {
|
private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> mockAccessTokenResponseClient() {
|
||||||
OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
|
OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
|
||||||
|
|
|
@ -20,10 +20,10 @@ import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.http.HttpMethod;
|
import org.springframework.http.HttpMethod;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
||||||
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
|
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
|
||||||
import org.springframework.security.oauth2.jwt.JwtDecoder;
|
import org.springframework.security.oauth2.jwt.JwtDecoder;
|
||||||
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
|
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
|
||||||
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* OAuth resource configuration.
|
* OAuth resource configuration.
|
||||||
|
@ -31,13 +31,13 @@ import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
|
||||||
* @author Josh Cummings
|
* @author Josh Cummings
|
||||||
*/
|
*/
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
public class OAuth2ResourceServerSecurityConfiguration {
|
||||||
|
|
||||||
@Value("${spring.security.oauth2.resourceserver.jwt.jwk-set-uri}")
|
@Value("${spring.security.oauth2.resourceserver.jwt.jwk-set-uri}")
|
||||||
String jwkSetUri;
|
String jwkSetUri;
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
http
|
http
|
||||||
.authorizeHttpRequests((authorize) -> authorize
|
.authorizeHttpRequests((authorize) -> authorize
|
||||||
|
@ -47,6 +47,7 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
|
||||||
)
|
)
|
||||||
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
|
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
|
|
|
@ -19,6 +19,7 @@ import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
|
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
|
||||||
|
import org.springframework.context.annotation.Import;
|
||||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||||
import org.springframework.test.web.servlet.MockMvc;
|
import org.springframework.test.web.servlet.MockMvc;
|
||||||
|
|
||||||
|
@ -36,6 +37,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
@WebMvcTest(OAuth2ResourceServerController.class)
|
@WebMvcTest(OAuth2ResourceServerController.class)
|
||||||
|
@Import(OAuth2ResourceServerSecurityConfiguration.class)
|
||||||
public class OAuth2ResourceServerControllerTests {
|
public class OAuth2ResourceServerControllerTests {
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
|
|
|
@ -42,9 +42,9 @@ import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
||||||
import org.springframework.security.oauth2.jwt.JwtDecoder;
|
import org.springframework.security.oauth2.jwt.JwtDecoder;
|
||||||
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
|
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
|
||||||
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
|
||||||
import static org.springframework.security.config.Customizer.withDefaults;
|
import static org.springframework.security.config.Customizer.withDefaults;
|
||||||
|
|
||||||
|
@ -54,7 +54,7 @@ import static org.springframework.security.config.Customizer.withDefaults;
|
||||||
* @author Josh Cummings
|
* @author Josh Cummings
|
||||||
*/
|
*/
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
public class OAuth2ResourceServerSecurityConfiguration {
|
||||||
|
|
||||||
private final JWSAlgorithm jwsAlgorithm = JWSAlgorithm.RS256;
|
private final JWSAlgorithm jwsAlgorithm = JWSAlgorithm.RS256;
|
||||||
|
|
||||||
|
@ -68,8 +68,8 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
|
||||||
@Value("${sample.jwe-key-value}")
|
@Value("${sample.jwe-key-value}")
|
||||||
RSAPrivateKey key;
|
RSAPrivateKey key;
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
http
|
http
|
||||||
.authorizeHttpRequests((authorize) -> authorize
|
.authorizeHttpRequests((authorize) -> authorize
|
||||||
|
@ -78,6 +78,7 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
|
||||||
)
|
)
|
||||||
.oauth2ResourceServer((oauth2) -> oauth2.jwt(withDefaults()));
|
.oauth2ResourceServer((oauth2) -> oauth2.jwt(withDefaults()));
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
|
|
|
@ -16,10 +16,11 @@
|
||||||
package example;
|
package example;
|
||||||
|
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.http.HttpMethod;
|
import org.springframework.http.HttpMethod;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* OAuth2 Security Configuration.
|
* OAuth2 Security Configuration.
|
||||||
|
@ -27,7 +28,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
|
||||||
* @author Josh Cummings
|
* @author Josh Cummings
|
||||||
*/
|
*/
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
public class OAuth2ResourceServerSecurityConfiguration {
|
||||||
|
|
||||||
@Value("${spring.security.oauth2.resourceserver.opaque.introspection-uri}")
|
@Value("${spring.security.oauth2.resourceserver.opaque.introspection-uri}")
|
||||||
String introspectionUri;
|
String introspectionUri;
|
||||||
|
@ -38,8 +39,8 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
|
||||||
@Value("${spring.security.oauth2.resourceserver.opaque.introspection-client-secret}")
|
@Value("${spring.security.oauth2.resourceserver.opaque.introspection-client-secret}")
|
||||||
String clientSecret;
|
String clientSecret;
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
http
|
http
|
||||||
.authorizeHttpRequests((authorize) -> authorize
|
.authorizeHttpRequests((authorize) -> authorize
|
||||||
|
@ -54,6 +55,7 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,6 +19,7 @@ import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
|
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
|
||||||
|
import org.springframework.context.annotation.Import;
|
||||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||||
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
|
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
|
||||||
import org.springframework.test.web.servlet.MockMvc;
|
import org.springframework.test.web.servlet.MockMvc;
|
||||||
|
@ -36,6 +37,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||||
* @since 5.3
|
* @since 5.3
|
||||||
*/
|
*/
|
||||||
@WebMvcTest(OAuth2ResourceServerController.class)
|
@WebMvcTest(OAuth2ResourceServerController.class)
|
||||||
|
@Import(OAuth2ResourceServerSecurityConfiguration.class)
|
||||||
public class OAuth2ResourceServerControllerTests {
|
public class OAuth2ResourceServerControllerTests {
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
|
|
|
@ -18,11 +18,11 @@ package example;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
||||||
import org.springframework.security.core.userdetails.User;
|
import org.springframework.security.core.userdetails.User;
|
||||||
import org.springframework.security.core.userdetails.UserDetails;
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
|
||||||
import static org.springframework.security.config.Customizer.withDefaults;
|
import static org.springframework.security.config.Customizer.withDefaults;
|
||||||
|
|
||||||
|
@ -32,10 +32,10 @@ import static org.springframework.security.config.Customizer.withDefaults;
|
||||||
* @author Joe Grandja
|
* @author Joe Grandja
|
||||||
*/
|
*/
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
public class SecurityConfiguration {
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
http
|
http
|
||||||
.authorizeHttpRequests((authorize) -> authorize
|
.authorizeHttpRequests((authorize) -> authorize
|
||||||
|
@ -46,6 +46,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
||||||
.oauth2Login(withDefaults())
|
.oauth2Login(withDefaults())
|
||||||
.oauth2Client(withDefaults());
|
.oauth2Client(withDefaults());
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
|
|
|
@ -19,19 +19,20 @@ package org.springframework.security.samples.config
|
||||||
import org.springframework.context.annotation.Bean
|
import org.springframework.context.annotation.Bean
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
|
|
||||||
import org.springframework.security.config.web.servlet.invoke
|
import org.springframework.security.config.web.servlet.invoke
|
||||||
import org.springframework.security.core.userdetails.User
|
import org.springframework.security.core.userdetails.User
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService
|
import org.springframework.security.core.userdetails.UserDetailsService
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
||||||
|
import org.springframework.security.web.SecurityFilterChain
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Eleftheria Stein
|
* @author Eleftheria Stein
|
||||||
*/
|
*/
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
class SecurityConfig : WebSecurityConfigurerAdapter() {
|
class SecurityConfig {
|
||||||
|
|
||||||
override fun configure(http: HttpSecurity) {
|
@Bean
|
||||||
|
fun filterChain(http: HttpSecurity): SecurityFilterChain {
|
||||||
http {
|
http {
|
||||||
authorizeRequests {
|
authorizeRequests {
|
||||||
authorize("/css/**", permitAll)
|
authorize("/css/**", permitAll)
|
||||||
|
@ -41,10 +42,11 @@ class SecurityConfig : WebSecurityConfigurerAdapter() {
|
||||||
loginPage = "/log-in"
|
loginPage = "/log-in"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
return http.build()
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public override fun userDetailsService(): UserDetailsService {
|
fun userDetailsService(): UserDetailsService {
|
||||||
val userDetails = User.withDefaultPasswordEncoder()
|
val userDetails = User.withDefaultPasswordEncoder()
|
||||||
.username("user")
|
.username("user")
|
||||||
.password("password")
|
.password("password")
|
||||||
|
|
Loading…
Reference in New Issue