diff --git a/libraries-security/pom.xml b/libraries-security/pom.xml
index 8a6dad6da2..8957996bad 100644
--- a/libraries-security/pom.xml
+++ b/libraries-security/pom.xml
@@ -9,9 +9,9 @@
com.baeldung
- parent-boot-2
+ parent-boot-3
0.0.1-SNAPSHOT
- ../parent-boot-2
+ ../parent-boot-3
@@ -20,9 +20,8 @@
spring-boot-starter-web
- org.springframework.security.oauth
- spring-security-oauth2
- ${spring-security-oauth2.version}
+ org.springframework.boot
+ spring-boot-starter-oauth2-resource-server
org.springframework
@@ -68,6 +67,29 @@
jsch
${jsch.version}
+
+ com.sun.xml.bind
+ jaxb-core
+ 2.3.0.1
+ runtime
+
+
+ javax.xml.bind
+ jaxb-api
+ 2.3.1
+ runtime
+
+
+ com.sun.xml.bind
+ jaxb-impl
+ 2.3.1
+ runtime
+
+
+ org.springframework.security
+ spring-security-oauth2-authorization-server
+ 1.2.1
+
org.apache.sshd
sshd-core
@@ -125,7 +147,6 @@
1.68
0.1.55
2.5.1
- 2.4.0.RELEASE
1.4.0
diff --git a/libraries-security/src/main/java/com/baeldung/scribejava/ScribejavaApplication.java b/libraries-security/src/main/java/com/baeldung/scribejava/ScribejavaApplication.java
index 5b18567b2d..a5ff601ff5 100644
--- a/libraries-security/src/main/java/com/baeldung/scribejava/ScribejavaApplication.java
+++ b/libraries-security/src/main/java/com/baeldung/scribejava/ScribejavaApplication.java
@@ -4,7 +4,6 @@ import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.servlet.ServletComponentScan;
-
@SpringBootApplication
@ServletComponentScan
public class ScribejavaApplication {
@@ -13,5 +12,4 @@ public class ScribejavaApplication {
SpringApplication.run(ScribejavaApplication.class, args);
}
-
}
diff --git a/libraries-security/src/main/java/com/baeldung/scribejava/controller/GoogleController.java b/libraries-security/src/main/java/com/baeldung/scribejava/controller/GoogleController.java
index ffe4f0cc8a..4c63c70ef1 100644
--- a/libraries-security/src/main/java/com/baeldung/scribejava/controller/GoogleController.java
+++ b/libraries-security/src/main/java/com/baeldung/scribejava/controller/GoogleController.java
@@ -10,7 +10,7 @@ import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
@RestController
public class GoogleController {
diff --git a/libraries-security/src/main/java/com/baeldung/scribejava/controller/RBACController.java b/libraries-security/src/main/java/com/baeldung/scribejava/controller/RBACController.java
index 785f6228e8..0e747e2a22 100644
--- a/libraries-security/src/main/java/com/baeldung/scribejava/controller/RBACController.java
+++ b/libraries-security/src/main/java/com/baeldung/scribejava/controller/RBACController.java
@@ -2,15 +2,14 @@ package com.baeldung.scribejava.controller;
import java.io.IOException;
-import javax.annotation.security.DeclareRoles;
-import javax.annotation.security.RolesAllowed;
-import javax.servlet.ServletException;
-import javax.servlet.annotation.HttpConstraint;
-import javax.servlet.annotation.ServletSecurity;
-import javax.servlet.annotation.WebServlet;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.annotation.security.DeclareRoles;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.annotation.HttpConstraint;
+import jakarta.servlet.annotation.ServletSecurity;
+import jakarta.servlet.annotation.WebServlet;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
@WebServlet(name="rbac", urlPatterns = {"/protected"})
@DeclareRoles("USER")
diff --git a/libraries-security/src/main/java/com/baeldung/scribejava/controller/TwitterController.java b/libraries-security/src/main/java/com/baeldung/scribejava/controller/TwitterController.java
index bfcd6d960c..792b6f7020 100644
--- a/libraries-security/src/main/java/com/baeldung/scribejava/controller/TwitterController.java
+++ b/libraries-security/src/main/java/com/baeldung/scribejava/controller/TwitterController.java
@@ -6,7 +6,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Scanner;
import java.util.concurrent.ExecutionException;
diff --git a/libraries-security/src/main/java/com/baeldung/scribejava/controller/UserController.java b/libraries-security/src/main/java/com/baeldung/scribejava/controller/UserController.java
index 68a11250de..62aac896fc 100644
--- a/libraries-security/src/main/java/com/baeldung/scribejava/controller/UserController.java
+++ b/libraries-security/src/main/java/com/baeldung/scribejava/controller/UserController.java
@@ -10,7 +10,7 @@ import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
import java.security.Principal;
@RestController(value = "/user")
diff --git a/libraries-security/src/main/java/com/baeldung/scribejava/oauth/AuthServiceConfig.java b/libraries-security/src/main/java/com/baeldung/scribejava/oauth/AuthServiceConfig.java
index 2c7162399b..498b258011 100644
--- a/libraries-security/src/main/java/com/baeldung/scribejava/oauth/AuthServiceConfig.java
+++ b/libraries-security/src/main/java/com/baeldung/scribejava/oauth/AuthServiceConfig.java
@@ -1,45 +1,103 @@
package com.baeldung.scribejava.oauth;
+import java.util.UUID;
+
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpMethod;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
-import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
-import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
-import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
-import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
-
+import org.springframework.core.annotation.Order;
+import org.springframework.http.MediaType;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
+import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
+import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
@Configuration
-@EnableAuthorizationServer
-public class AuthServiceConfig extends AuthorizationServerConfigurerAdapter {
+@EnableWebSecurity
+public class AuthServiceConfig {
- @Autowired
- @Qualifier("authenticationManagerBean")
- private AuthenticationManager authenticationManager;
-
- @Override
- public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
- oauthServer.tokenKeyAccess("permitAll()")
- .checkTokenAccess("isAuthenticated()");
+ @Bean
+ public SecurityFilterChain securityFilter(HttpSecurity http) throws Exception {
+ http.headers( it -> it.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
+ .csrf(AbstractHttpConfigurer::disable);
+ return http.build();
}
- @Override
- public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
- clients.inMemory()
- .withClient("baeldung_api_key")
- .secret("baeldung_api_secret")
- .authorizedGrantTypes("password","refresh_token")
- .scopes("read","write").autoApprove(true);
+ @Bean
+ public InMemoryUserDetailsManager userDetailsService() {
+ UserDetails user = User.withUsername("baeldung")
+ .password("scribejava")
+ .roles("USER")
+ .build();
+
+ return new InMemoryUserDetailsManager(user);
+ }
+ @Bean
+ public RegisteredClientRepository registeredClientRepository() {
+ RegisteredClient oidcClient = RegisteredClient.withId(UUID.randomUUID().toString())
+ .clientId("baeldung_api_key")
+ .clientSecret("baeldung_api_secret")
+ .authorizationGrantType(AuthorizationGrantType.PASSWORD)
+ .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
+ .scope("read")
+ .scope("write")
+ .clientSettings(ClientSettings.builder().requireAuthorizationConsent(false).build())
+ .build();
+
+ return new InMemoryRegisteredClientRepository(oidcClient);
}
- @Override
- public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
- endpoints
- .authenticationManager(authenticationManager)
- .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
+ @Bean
+ @Order(1)
+ public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
+ OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
+ http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
+ .oidc(Customizer.withDefaults()); // Enable OpenID Connect 1.0
+ http
+ // Redirect to the login page when not authenticated from the
+ // authorization endpoint
+ .exceptionHandling((exceptions) -> exceptions
+ .defaultAuthenticationEntryPointFor(
+ new LoginUrlAuthenticationEntryPoint("/login"),
+ new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
+ )
+ )
+ // Accept access tokens for User Info and/or Client Registration
+ .oauth2ResourceServer((resourceServer) -> resourceServer
+ .jwt(Customizer.withDefaults()));
+
+ return http.build();
}
+ @Bean
+ @Order(2)
+ public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
+ throws Exception {
+ http
+ .authorizeHttpRequests((authorize) -> authorize
+ .anyRequest().authenticated()
+ )
+ // Form login handles the redirect to the login page from the
+ // authorization server filter chain
+ .formLogin(Customizer.withDefaults());
+
+ return http.build();
+ }
+
+
}
diff --git a/libraries-security/src/main/java/com/baeldung/scribejava/oauth/WebSecurityConfig.java b/libraries-security/src/main/java/com/baeldung/scribejava/oauth/WebSecurityConfig.java
deleted file mode 100644
index 7aa51400ea..0000000000
--- a/libraries-security/src/main/java/com/baeldung/scribejava/oauth/WebSecurityConfig.java
+++ /dev/null
@@ -1,53 +0,0 @@
-package com.baeldung.scribejava.oauth;
-
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
-import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
-
-@Configuration
-@EnableResourceServer
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
-
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http
- .headers().frameOptions().disable()
- .and()
- .csrf().disable();
- }
-
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- auth.inMemoryAuthentication()
- .withUser("baeldung")
- .password("scribejava")
- .roles("USER");
- }
-
- @Override
- @Bean
- public AuthenticationManager authenticationManagerBean() throws Exception {
- return super.authenticationManagerBean();
- }
-
-
- @EnableResourceServer
- @Configuration
- public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
-
- @Override
- public void configure(HttpSecurity http) throws Exception {
- http
- .authorizeRequests()
- .antMatchers("/user/me").authenticated()
- .and()
- .csrf().disable();
- }
- }
-
-}
diff --git a/libraries-security/src/main/java/com/baeldung/scribejava/service/GoogleService.java b/libraries-security/src/main/java/com/baeldung/scribejava/service/GoogleService.java
index fbcc39763c..497d6d469b 100644
--- a/libraries-security/src/main/java/com/baeldung/scribejava/service/GoogleService.java
+++ b/libraries-security/src/main/java/com/baeldung/scribejava/service/GoogleService.java
@@ -5,7 +5,7 @@ import com.github.scribejava.core.builder.ServiceBuilder;
import com.github.scribejava.core.oauth.OAuth20Service;
import org.springframework.stereotype.Component;
-import javax.annotation.PostConstruct;
+import jakarta.annotation.PostConstruct;
@Component
public class GoogleService {
diff --git a/libraries-security/src/main/java/com/baeldung/scribejava/service/MyService.java b/libraries-security/src/main/java/com/baeldung/scribejava/service/MyService.java
index 739c82172c..4397c8c7b6 100644
--- a/libraries-security/src/main/java/com/baeldung/scribejava/service/MyService.java
+++ b/libraries-security/src/main/java/com/baeldung/scribejava/service/MyService.java
@@ -5,7 +5,7 @@ import com.github.scribejava.core.builder.ServiceBuilder;
import com.github.scribejava.core.oauth.OAuth20Service;
import org.springframework.stereotype.Component;
-import javax.annotation.PostConstruct;
+import jakarta.annotation.PostConstruct;
@Component
public class MyService {
diff --git a/libraries-security/src/main/java/com/baeldung/scribejava/service/TwitterService.java b/libraries-security/src/main/java/com/baeldung/scribejava/service/TwitterService.java
index df49f74679..c09bdf98d3 100644
--- a/libraries-security/src/main/java/com/baeldung/scribejava/service/TwitterService.java
+++ b/libraries-security/src/main/java/com/baeldung/scribejava/service/TwitterService.java
@@ -5,7 +5,7 @@ import com.github.scribejava.core.builder.ServiceBuilder;
import com.github.scribejava.core.oauth.OAuth10aService;
import org.springframework.stereotype.Component;
-import javax.annotation.PostConstruct;
+import jakarta.annotation.PostConstruct;
@Component
public class TwitterService {