diff --git a/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/jersey/SecurityConfig.java b/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/jersey/SecurityConfig.java index 5644856695..ff957d91b3 100644 --- a/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/jersey/SecurityConfig.java +++ b/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/jersey/SecurityConfig.java @@ -1,21 +1,23 @@ package com.baeldung.jersey; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.SecurityFilterChain; @Configuration -public class SecurityConfig extends WebSecurityConfigurerAdapter { - @Override - protected void configure(HttpSecurity http) throws Exception { - http - .authorizeRequests() - .antMatchers("/login") - .permitAll() - .anyRequest() - .authenticated() - .and() - .oauth2Login() - .loginPage("/login"); +public class SecurityConfig { + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/login") + .permitAll() + .anyRequest() + .authenticated() + .and() + .oauth2Login() + .loginPage("/login"); + return http.build(); } } diff --git a/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2/CustomRequestSecurityConfig.java b/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2/CustomRequestSecurityConfig.java index 2aba5a82ac..e0976a34b2 100644 --- a/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2/CustomRequestSecurityConfig.java +++ b/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2/CustomRequestSecurityConfig.java @@ -10,7 +10,6 @@ import org.springframework.context.annotation.PropertySource; import org.springframework.core.env.Environment; import org.springframework.http.converter.FormHttpMessageConverter; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.oauth2.client.CommonOAuth2Provider; import org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient; @@ -23,6 +22,7 @@ import org.springframework.security.oauth2.client.web.AuthorizationRequestReposi import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.web.client.RestTemplate; import com.baeldung.oauth2request.CustomAuthorizationRequestResolver; @@ -31,10 +31,10 @@ import com.baeldung.oauth2request.CustomTokenResponseConverter; //@Configuration @PropertySource("application-oauth2.properties") -public class CustomRequestSecurityConfig extends WebSecurityConfigurerAdapter { +public class CustomRequestSecurityConfig { - @Override - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/oauth_login", "/loginFailure", "/") .permitAll() @@ -44,8 +44,7 @@ public class CustomRequestSecurityConfig extends WebSecurityConfigurerAdapter { .oauth2Login() .loginPage("/oauth_login") .authorizationEndpoint() - .authorizationRequestResolver( new CustomAuthorizationRequestResolver(clientRegistrationRepository(),"/oauth2/authorize-client")) - + .authorizationRequestResolver(new CustomAuthorizationRequestResolver(clientRegistrationRepository(), "/oauth2/authorize-client")) .baseUri("/oauth2/authorize-client") .authorizationRequestRepository(authorizationRequestRepository()) .and() @@ -54,6 +53,7 @@ public class CustomRequestSecurityConfig extends WebSecurityConfigurerAdapter { .and() .defaultSuccessUrl("/loginSuccess") .failureUrl("/loginFailure"); + return http.build(); } @Bean diff --git a/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2/SecurityConfig.java b/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2/SecurityConfig.java index c9164e2215..a33ca5e4c1 100644 --- a/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2/SecurityConfig.java +++ b/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2/SecurityConfig.java @@ -10,7 +10,6 @@ import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; import org.springframework.core.env.Environment; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.oauth2.client.CommonOAuth2Provider; import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService; import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService; @@ -23,13 +22,14 @@ import org.springframework.security.oauth2.client.registration.InMemoryClientReg import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository; import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; +import org.springframework.security.web.SecurityFilterChain; @Configuration @PropertySource("application-oauth2.properties") -public class SecurityConfig extends WebSecurityConfigurerAdapter { +public class SecurityConfig { - @Override - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/oauth_login", "/loginFailure", "/") .permitAll() @@ -47,8 +47,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { .and() .defaultSuccessUrl("/loginSuccess") .failureUrl("/loginFailure"); + return http.build(); } - + @Bean public AuthorizationRequestRepository authorizationRequestRepository() { return new HttpSessionOAuth2AuthorizationRequestRepository(); diff --git a/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2extractors/configuration/SecurityConfig.java b/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2extractors/configuration/SecurityConfig.java index b2ea19c008..3347dd4fc2 100644 --- a/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2extractors/configuration/SecurityConfig.java +++ b/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2extractors/configuration/SecurityConfig.java @@ -4,29 +4,30 @@ import com.baeldung.oauth2extractors.extractor.custom.BaeldungAuthoritiesExtract import com.baeldung.oauth2extractors.extractor.custom.BaeldungPrincipalExtractor; import com.baeldung.oauth2extractors.extractor.github.GithubAuthoritiesExtractor; import com.baeldung.oauth2extractors.extractor.github.GithubPrincipalExtractor; -import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso; import org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor; import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.SecurityFilterChain; @Configuration -@EnableOAuth2Sso -public class SecurityConfig extends WebSecurityConfigurerAdapter { +public class SecurityConfig { - @Override - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.antMatcher("/**") - .authorizeRequests() - .antMatchers("/login**") - .permitAll() - .anyRequest() - .authenticated() - .and() - .formLogin().disable(); + .authorizeRequests() + .antMatchers("/login**") + .permitAll() + .anyRequest() + .authenticated() + .and() + .formLogin() + .disable() + .oauth2Login(); + return http.build(); } @Bean diff --git a/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2resttemplate/SecurityConfig.java b/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2resttemplate/SecurityConfig.java index fa274d1c9b..1fb9a6773a 100644 --- a/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2resttemplate/SecurityConfig.java +++ b/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2resttemplate/SecurityConfig.java @@ -15,25 +15,34 @@ import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticat import org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter; import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import javax.servlet.Filter; @Configuration @EnableOAuth2Client -public class SecurityConfig extends WebSecurityConfigurerAdapter { +public class SecurityConfig { OAuth2ClientContext oauth2ClientContext; public SecurityConfig(OAuth2ClientContext oauth2ClientContext) { this.oauth2ClientContext = oauth2ClientContext; } - @Override - protected void configure(HttpSecurity http) throws Exception { - http.authorizeRequests().antMatchers("/", "/login**", "/error**") - .permitAll().anyRequest().authenticated() - .and().logout().logoutUrl("/logout").logoutSuccessUrl("/") - .and().addFilterBefore(oauth2ClientFilter(), BasicAuthenticationFilter.class); + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/", "/login**", "/error**") + .permitAll() + .anyRequest() + .authenticated() + .and() + .logout() + .logoutUrl("/logout") + .logoutSuccessUrl("/") + .and() + .addFilterBefore(oauth2ClientFilter(), BasicAuthenticationFilter.class); + return http.build(); } @Bean diff --git a/spring-security-modules/spring-security-oauth2/src/main/resources/application-oauth2-extractors-baeldung.properties b/spring-security-modules/spring-security-oauth2/src/main/resources/application-oauth2-extractors-baeldung.properties index 6ef0f5000b..451d8f860e 100644 --- a/spring-security-modules/spring-security-oauth2/src/main/resources/application-oauth2-extractors-baeldung.properties +++ b/spring-security-modules/spring-security-oauth2/src/main/resources/application-oauth2-extractors-baeldung.properties @@ -1,6 +1,10 @@ server.port=8082 -security.oauth2.client.client-id=SampleClientId -security.oauth2.client.client-secret=secret -security.oauth2.client.access-token-uri=http://localhost:8081/auth/oauth/token -security.oauth2.client.user-authorization-uri=http://localhost:8081/auth/oauth/authorize -security.oauth2.resource.user-info-uri=http://localhost:8081/auth/user/me \ No newline at end of file + +spring.security.oauth2.client.registration.baeldung.client-id=SampleClientId +spring.security.oauth2.client.registration.baeldung.client-secret=secret +spring.security.oauth2.client.registration.baeldung.authorization-grant-type=authorization_code +spring.security.oauth2.client.registration.baeldung.redirect-uri={baseUrl}/login/oauth2/code/{registrationId} + +spring.security.oauth2.client.provider.baeldung.token-uri=http://localhost:8081/auth/oauth/token +spring.security.oauth2.client.provider.baeldung.authorization-uri=http://localhost:8081/auth/oauth/authorize +spring.security.oauth2.client.provider.baeldung.user-info-uri=http://localhost:8081/auth/user/me diff --git a/spring-security-modules/spring-security-oauth2/src/main/resources/application-oauth2-extractors-github.properties b/spring-security-modules/spring-security-oauth2/src/main/resources/application-oauth2-extractors-github.properties index 8a151dcb98..018d72bf0f 100644 --- a/spring-security-modules/spring-security-oauth2/src/main/resources/application-oauth2-extractors-github.properties +++ b/spring-security-modules/spring-security-oauth2/src/main/resources/application-oauth2-extractors-github.properties @@ -1,7 +1,9 @@ server.port=8082 -security.oauth2.client.client-id=89a7c4facbb3434d599d -security.oauth2.client.client-secret=9b3b08e4a340bd20e866787e4645b54f73d74b6a -security.oauth2.client.access-token-uri=https://github.com/login/oauth/access_token -security.oauth2.client.user-authorization-uri=https://github.com/login/oauth/authorize -security.oauth2.client.scope=read:user,user:email -security.oauth2.resource.user-info-uri=https://api.github.com/user \ No newline at end of file + +spring.security.oauth2.client.registration.github.client-id=368238083842-3d4gc7p54rs6bponn0qhn4nmf6apf24a.apps.googleusercontent.com +spring.security.oauth2.client.registration.github.client-secret=2RM2QkEaf3A8-iCNqSfdG8wP +spring.security.oauth2.client.registration.github.scope=read:user,user:email + +spring.security.oauth2.client.provider.github.token-uri=https://github.com/login/oauth/access_token +spring.security.oauth2.client.provider.github.authorization-uri=https://github.com/login/oauth/authorize +spring.security.oauth2.client.provider.github.user-info-uri=https://api.github.com/user