JAVA-29296 Upgrade spring-security-oidc (#15966)
* JAVA-29296 Upgrade spring-security-oidc * JAVA-29296 Fix indentation --------- Co-authored-by: timis1 <noreplay@yahoo.com>
This commit is contained in:
parent
6416a60875
commit
19aab7c638
|
@ -10,7 +10,8 @@
|
||||||
|
|
||||||
<parent>
|
<parent>
|
||||||
<groupId>com.baeldung</groupId>
|
<groupId>com.baeldung</groupId>
|
||||||
<artifactId>spring-security-modules</artifactId>
|
<artifactId>parent-boot-3</artifactId>
|
||||||
|
<relativePath>../../parent-boot-3</relativePath>
|
||||||
<version>0.0.1-SNAPSHOT</version>
|
<version>0.0.1-SNAPSHOT</version>
|
||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
|
@ -29,4 +30,8 @@
|
||||||
</dependency>
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
|
|
||||||
|
<properties>
|
||||||
|
<start-class>com.baeldung.openid.oidc.sessionmanagement.SpringOidcSessionManagementApplication</start-class>
|
||||||
|
</properties>
|
||||||
|
|
||||||
</project>
|
</project>
|
|
@ -16,5 +16,4 @@ public class SpringOidcDiscoveryApplication {
|
||||||
application.addInitializers(yamlInitializer);
|
application.addInitializers(yamlInitializer);
|
||||||
application.run(args);
|
application.run(args);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -54,10 +54,10 @@ public class MappingJwtGrantedAuthoritiesConverter implements Converter<Jwt, Col
|
||||||
|
|
||||||
if ( this.authoritiesClaimName == null ) {
|
if ( this.authoritiesClaimName == null ) {
|
||||||
scopeClaim = WELL_KNOWN_AUTHORITIES_CLAIM_NAMES.stream()
|
scopeClaim = WELL_KNOWN_AUTHORITIES_CLAIM_NAMES.stream()
|
||||||
.filter( claim -> jwt.hasClaim(claim))
|
.filter(jwt::hasClaim)
|
||||||
.findFirst()
|
.findFirst()
|
||||||
.orElse(null);
|
.orElse(null);
|
||||||
|
|
||||||
if ( scopeClaim == null ) {
|
if ( scopeClaim == null ) {
|
||||||
return Collections.emptyList();
|
return Collections.emptyList();
|
||||||
}
|
}
|
||||||
|
@ -76,7 +76,7 @@ public class MappingJwtGrantedAuthoritiesConverter implements Converter<Jwt, Col
|
||||||
}
|
}
|
||||||
else if ( v instanceof Collection ) {
|
else if ( v instanceof Collection ) {
|
||||||
return ((Collection<?>)v).stream()
|
return ((Collection<?>)v).stream()
|
||||||
.map( s -> s.toString())
|
.map(Object::toString)
|
||||||
.collect(Collectors.toCollection(HashSet::new));
|
.collect(Collectors.toCollection(HashSet::new));
|
||||||
}
|
}
|
||||||
return Collections.emptyList();
|
return Collections.emptyList();
|
||||||
|
|
|
@ -64,12 +64,10 @@ public class SecurityConfig {
|
||||||
@Bean
|
@Bean
|
||||||
SecurityFilterChain customJwtSecurityChain(HttpSecurity http) throws Exception {
|
SecurityFilterChain customJwtSecurityChain(HttpSecurity http) throws Exception {
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
return http.oauth2ResourceServer(oauth2 -> {
|
return http.oauth2ResourceServer(oauth2 -> oauth2
|
||||||
oauth2.jwt()
|
.jwt(jwtConfigurer -> jwtConfigurer
|
||||||
.jwtAuthenticationConverter(customJwtAuthenticationConverter(accountService));
|
.jwtAuthenticationConverter(customJwtAuthenticationConverter(accountService))))
|
||||||
})
|
.build();
|
||||||
.build();
|
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,10 +21,9 @@ public class OAuth2LoginSecurityConfig {
|
||||||
OidcUserService googleUserService = new OidcUserService();
|
OidcUserService googleUserService = new OidcUserService();
|
||||||
googleUserService.setAccessibleScopes(googleScopes);
|
googleUserService.setAccessibleScopes(googleScopes);
|
||||||
|
|
||||||
http.authorizeRequests(authorizeRequests -> authorizeRequests.anyRequest()
|
http.authorizeHttpRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated())
|
||||||
.authenticated())
|
.oauth2Login(oauthLogin -> oauthLogin.userInfoEndpoint(userInfoEndpointConfig ->
|
||||||
.oauth2Login(oauthLogin -> oauthLogin.userInfoEndpoint()
|
userInfoEndpointConfig.oidcUserService(googleUserService)));
|
||||||
.oidcUserService(googleUserService));
|
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -1,11 +1,10 @@
|
||||||
package com.baeldung.openid.oidc.sessionmanagement.config;
|
package com.baeldung.openid.oidc.sessionmanagement.config;
|
||||||
|
|
||||||
import java.net.URI;
|
|
||||||
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
|
||||||
import org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler;
|
import org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler;
|
||||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||||
import org.springframework.security.web.SecurityFilterChain;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
@ -19,19 +18,18 @@ public class OAuth2SessionManagementSecurityConfig {
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
http.authorizeRequests(authorizeRequests -> authorizeRequests.mvcMatchers("/home")
|
http.authorizeHttpRequests(authorizeRequests -> authorizeRequests
|
||||||
.permitAll()
|
.requestMatchers("/home").permitAll()
|
||||||
.anyRequest()
|
.anyRequest().authenticated())
|
||||||
.authenticated())
|
.oauth2Login(AbstractAuthenticationFilterConfigurer::permitAll)
|
||||||
.oauth2Login(oauthLogin -> oauthLogin.permitAll())
|
.logout(logout -> logout.logoutSuccessHandler(oidcLogoutSuccessHandler()));
|
||||||
.logout(logout -> logout.logoutSuccessHandler(oidcLogoutSuccessHandler()));
|
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
private LogoutSuccessHandler oidcLogoutSuccessHandler() {
|
private LogoutSuccessHandler oidcLogoutSuccessHandler() {
|
||||||
OidcClientInitiatedLogoutSuccessHandler oidcLogoutSuccessHandler = new OidcClientInitiatedLogoutSuccessHandler(this.clientRegistrationRepository);
|
OidcClientInitiatedLogoutSuccessHandler oidcLogoutSuccessHandler = new OidcClientInitiatedLogoutSuccessHandler(this.clientRegistrationRepository);
|
||||||
|
|
||||||
oidcLogoutSuccessHandler.setPostLogoutRedirectUri(URI.create("http://localhost:8081/home"));
|
oidcLogoutSuccessHandler.setPostLogoutRedirectUri("http://localhost:8081/home");
|
||||||
|
|
||||||
return oidcLogoutSuccessHandler;
|
return oidcLogoutSuccessHandler;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue