Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-12-27 02:23:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Polish gh-18153

Browse Source 
Issue gh-18144
This commit is contained in:
Joe Grandja 2025-11-11 11:03:11 -05:00
parent e6db56ab4f
commit b130e728b7
2 changed files with 28 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
docs/modules/ROOT/pages/servlet/oauth2/authorization-server/configuration-model.adoc
View File

@ -95,24 +95,6 @@ public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
The main intent of `OAuth2AuthorizationServerConfiguration` is to provide a convenient method to apply the minimal default configuration for an OAuth2 authorization server. However, in most cases, customizing the configuration will be required.
The following example shows how you can wire an authorization server with nothing more than an `HttpSecurity` builder while still re-using Spring Boots defaults for users and static resources:
[source,java]
----
@Bean
SecurityFilterChain springSecurity(HttpSecurity http) {
http
.authorizeHttpRequests(requests -> requests
.anyRequest().authenticated()
)
.authorizationServer(auth -> auth
.oidc(Customizer.withDefaults())
)
.formLogin(Customizer.withDefaults());
return http.build();
}
----
[[oauth2AuthorizationServer-customizing-the-configuration]]
== Customizing the configuration

28
docs/modules/ROOT/pages/servlet/oauth2/authorization-server/getting-started.adoc
View File

@ -108,6 +108,34 @@ spring:
require-authorization-consent: true
----
If you want to customize the default `HttpSecurity` configuration, you may override Spring Boot's auto-configuration with the following example:
[[oauth2AuthorizationServer-minimal-sample-gettingstarted]]
.SecurityConfig.java
[source,java]
----
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) {
http
.authorizeHttpRequests((authorize) ->
authorize
.anyRequest().authenticated()
)
.formLogin(Customizer.withDefaults())
.oauth2AuthorizationServer((authorizationServer) ->
authorizationServer
.oidc(Customizer.withDefaults()) // Enable OpenID Connect 1.0
);
return http.build();
}
}
----
TIP: Beyond the Getting Started experience, most users will want to customize the default configuration. The xref:servlet/oauth2/authorization-server/getting-started.adoc#oauth2AuthorizationServer-defining-required-components[next section] demonstrates providing all of the necessary beans yourself.
[[oauth2AuthorizationServer-defining-required-components]]