JAVA-29299 Upgrade spring-security-pkce (#16144)

* JAVA-29299 Upgrade spring-security-pkce module * Upgrade spring-security-pkce to boot-3
2024-03-18 04:07:40 +05:30 · 2024-03-18 04:07:40 +05:30 · 60d8998604
commit 60d8998604
parent 35dcd94d8a
4 changed files with 27 additions and 41 deletions
--- a/spring-security-modules/spring-security-pkce/pkce-auth-server/pom.xml
+++ b/spring-security-modules/spring-security-pkce/pkce-auth-server/pom.xml
@ -18,12 +18,7 @@
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-oauth2-authorization-server</artifactId>
            <version>${spring-authorization-server.version}</version>
        </dependency>
    </dependencies>
    <properties>
        <spring-authorization-server.version>0.3.1</spring-authorization-server.version>
    </properties>
 </project>
--- a/spring-security-modules/spring-security-pkce/pkce-auth-server/src/main/java/com/baeldung/security/pkce/authserver/conf/AuthServerConfiguration.java
+++ b/spring-security-modules/spring-security-pkce/pkce-auth-server/src/main/java/com/baeldung/security/pkce/authserver/conf/AuthServerConfiguration.java
@ -5,24 +5,22 @@ import java.util.UUID;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
 import org.springframework.http.MediaType;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
 import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer;
 import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
 import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.core.oidc.OidcScopes;
 import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
-import org.springframework.security.oauth2.server.authorization.config.ClientSettings;
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
-import org.springframework.security.oauth2.server.authorization.config.ProviderSettings;
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
 import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
 import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
-import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
@Configuration
 public class AuthServerConfiguration {
@ -30,38 +28,30 @@ public class AuthServerConfiguration {
    @Bean
    @Order(1)
    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
        OAuth2AuthorizationServerConfigurer<HttpSecurity> authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer<>();
-        // @formatter:off
+        OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
        http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
            .oidc(Customizer.withDefaults());
        http
-          .requestMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+            // Redirect to the login page when not authenticated from the
-            .authorizeRequests(authorize ->
+            // authorization endpoint
-                authorize              
+            .exceptionHandling((exceptions) -> exceptions.defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint("/login"),
-                  .anyRequest()
+                new MediaTypeRequestMatcher(MediaType.TEXT_HTML)))
-                  .authenticated());
+            // Accept access tokens for User Info and/or Client Registration
-        http
+            .oauth2ResourceServer((resourceServer) -> resourceServer.jwt(Customizer.withDefaults()));
-          .exceptionHandling(exceptions -> 
+
              exceptions.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")))
          .csrf( csrf -> 
              csrf
                .ignoringRequestMatchers(authorizationServerConfigurer.getEndpointsMatcher()))
          .apply(authorizationServerConfigurer);
        // Required by /userinfo endpoint
        http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
        return http.build();
        // @formatter:on
    }
    @Bean 
    @Order(2)
    public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
-        // @formatter:off
+        http
-        return http
+        .authorizeHttpRequests((authorize) -> authorize
-          .formLogin(Customizer.withDefaults())
+                .anyRequest().authenticated()
-          .build(); 
+        )
-        // @formatter:on
+        .formLogin(Customizer.withDefaults());
        return http.build();
    }
    @Bean 
@ -89,8 +79,8 @@ public class AuthServerConfiguration {
    }
    @Bean 
-    public ProviderSettings providerSettings() {
+    public AuthorizationServerSettings authorizationServerSettings() {
-        return ProviderSettings
+        return AuthorizationServerSettings
          .builder()
          .build();
    }
--- a/spring-security-modules/spring-security-pkce/pkce-auth-server/src/main/java/com/baeldung/security/pkce/authserver/conf/JwksConfiguration.java
+++ b/spring-security-modules/spring-security-pkce/pkce-auth-server/src/main/java/com/baeldung/security/pkce/authserver/conf/JwksConfiguration.java
@ -8,8 +8,8 @@ import java.util.UUID;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
 import com.nimbusds.jose.jwk.JWKSet;
 import com.nimbusds.jose.jwk.RSAKey;
--- a/spring-security-modules/spring-security-pkce/pom.xml
+++ b/spring-security-modules/spring-security-pkce/pom.xml
@ -10,7 +10,8 @@
    <parent>
        <groupId>com.baeldung</groupId>
-        <artifactId>spring-security-modules</artifactId>
+        <artifactId>parent-boot-3</artifactId>
        <relativePath>../../parent-boot-3</relativePath>
        <version>0.0.1-SNAPSHOT</version>
    </parent>