JAVA-29299 Upgrade spring-security-pkce (#16144)

* JAVA-29299 Upgrade spring-security-pkce module * Upgrade spring-security-pkce to boot-3
2024-03-18 04:07:40 +05:30 · 2024-03-18 04:07:40 +05:30 · 60d8998604
parent 35dcd94d8a
commit 60d8998604
4 changed files with 27 additions and 41 deletions
--- a/spring-security-modules/spring-security-pkce/pkce-auth-server/pom.xml
+++ b/spring-security-modules/spring-security-pkce/pkce-auth-server/pom.xml
@ -18,12 +18,7 @@
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-oauth2-authorization-server</artifactId>
-            <version>${spring-authorization-server.version}</version>
        </dependency>
    </dependencies>

-    <properties>
-        <spring-authorization-server.version>0.3.1</spring-authorization-server.version>
-    </properties>
-
 </project>
--- a/spring-security-modules/spring-security-pkce/pkce-auth-server/src/main/java/com/baeldung/security/pkce/authserver/conf/AuthServerConfiguration.java
+++ b/spring-security-modules/spring-security-pkce/pkce-auth-server/src/main/java/com/baeldung/security/pkce/authserver/conf/AuthServerConfiguration.java
@ -5,24 +5,22 @@ import java.util.UUID;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
+import org.springframework.http.MediaType;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
-import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer;
-import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
-import org.springframework.security.crypto.password.NoOpPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.core.oidc.OidcScopes;
 import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
-import org.springframework.security.oauth2.server.authorization.config.ClientSettings;
-import org.springframework.security.oauth2.server.authorization.config.ProviderSettings;
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
+import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
+import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
-import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;

@Configuration
 public class AuthServerConfiguration {
@ -30,38 +28,30 @@ public class AuthServerConfiguration {
    @Bean
    @Order(1)
    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-        
-        OAuth2AuthorizationServerConfigurer<HttpSecurity> authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer<>();

-        // @formatter:off
+        OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
+        http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
+            .oidc(Customizer.withDefaults());
        http
-          .requestMatcher(authorizationServerConfigurer.getEndpointsMatcher())
-            .authorizeRequests(authorize ->
-                authorize              
-                  .anyRequest()
-                  .authenticated());
-        http
-          .exceptionHandling(exceptions -> 
-              exceptions.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")))
-          .csrf( csrf -> 
-              csrf
-                .ignoringRequestMatchers(authorizationServerConfigurer.getEndpointsMatcher()))
-          .apply(authorizationServerConfigurer);
-         
-        // Required by /userinfo endpoint
-        http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
+            // Redirect to the login page when not authenticated from the
+            // authorization endpoint
+            .exceptionHandling((exceptions) -> exceptions.defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint("/login"),
+                new MediaTypeRequestMatcher(MediaType.TEXT_HTML)))
+            // Accept access tokens for User Info and/or Client Registration
+            .oauth2ResourceServer((resourceServer) -> resourceServer.jwt(Customizer.withDefaults()));
+
        return http.build();
-        // @formatter:on
    }
    
    @Bean 
    @Order(2)
    public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
-        // @formatter:off
-        return http
-          .formLogin(Customizer.withDefaults())
-          .build(); 
-        // @formatter:on
+        http
+        .authorizeHttpRequests((authorize) -> authorize
+                .anyRequest().authenticated()
+        )
+        .formLogin(Customizer.withDefaults());
+        return http.build();
    }
        
    @Bean 
@ -89,8 +79,8 @@ public class AuthServerConfiguration {
    }
    
    @Bean 
-    public ProviderSettings providerSettings() {
-        return ProviderSettings
+    public AuthorizationServerSettings authorizationServerSettings() {
+        return AuthorizationServerSettings
          .builder()
          .build();
    }
--- a/spring-security-modules/spring-security-pkce/pkce-auth-server/src/main/java/com/baeldung/security/pkce/authserver/conf/JwksConfiguration.java
+++ b/spring-security-modules/spring-security-pkce/pkce-auth-server/src/main/java/com/baeldung/security/pkce/authserver/conf/JwksConfiguration.java
@ -8,8 +8,8 @@ import java.util.UUID;

 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;

 import com.nimbusds.jose.jwk.JWKSet;
 import com.nimbusds.jose.jwk.RSAKey;
--- a/spring-security-modules/spring-security-pkce/pom.xml
+++ b/spring-security-modules/spring-security-pkce/pom.xml
@ -10,7 +10,8 @@

    <parent>
        <groupId>com.baeldung</groupId>
-        <artifactId>spring-security-modules</artifactId>
+        <artifactId>parent-boot-3</artifactId>
+        <relativePath>../../parent-boot-3</relativePath>
        <version>0.0.1-SNAPSHOT</version>
    </parent>