Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-22 10:18:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove default HttpSecurity.securityMatcher() for authorization server

Browse Source 
Closes gh-17965
This commit is contained in:
Joe Grandja 2025-10-01 11:45:09 -04:00
parent 7f10897de3
commit 681e166be8
2 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.java
View File

@ -396,8 +396,6 @@ public final class OAuth2AuthorizationServerConfigurer
new OrRequestMatcher(preferredMatchers));
}
httpSecurity.securityMatchers((securityMatchers) -> securityMatchers.requestMatchers(this.endpointsMatcher));
httpSecurity.csrf((csrf) -> csrf.ignoringRequestMatchers(this.endpointsMatcher));
if (getConfigurer(OAuth2ClientRegistrationEndpointConfigurer.class) != null) {

7
docs/modules/ROOT/pages/servlet/oauth2/authorization-server/getting-started.adoc
View File

@ -132,10 +132,11 @@ public class SecurityConfig {
// @formatter:off
http
.oauth2AuthorizationServer((authorizationServer) ->
.oauth2AuthorizationServer((authorizationServer) -> {
http.securityMatcher(authorizationServer.getEndpointsMatcher());
authorizationServer
.oidc(Customizer.withDefaults()) // Enable OpenID Connect 1.0
)
.oidc(Customizer.withDefaults()); // Enable OpenID Connect 1.0
})
.authorizeHttpRequests((authorize) ->
authorize
.anyRequest().authenticated()