From 07c18ea9f158293b37959b61f76e06f7bacc6237 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Nicoll?= Date: Sun, 14 Sep 2025 06:43:54 +0200 Subject: [PATCH] Migrate dependency management for Spring Authorization Server With Spring Authorization Server migrating to Spring Security proper as of v7, this commit removes dependency management for it and adapt to changes in recent snapshots Closes gh-47174 --- .../reference/pages/web/spring-security.adoc | 2 +- ...AuthorizationServerJwtAutoConfiguration.java | 2 +- ...orizationServerWebSecurityConfiguration.java | 5 ++--- ...tionServerWebSecurityConfigurationTests.java | 5 ++--- platform/spring-boot-dependencies/build.gradle | 17 ----------------- 5 files changed, 6 insertions(+), 25 deletions(-) diff --git a/documentation/spring-boot-docs/src/docs/antora/modules/reference/pages/web/spring-security.adoc b/documentation/spring-boot-docs/src/docs/antora/modules/reference/pages/web/spring-security.adoc index 25188324c4b..0b2b323c5db 100644 --- a/documentation/spring-boot-docs/src/docs/antora/modules/reference/pages/web/spring-security.adoc +++ b/documentation/spring-boot-docs/src/docs/antora/modules/reference/pages/web/spring-security.adoc @@ -343,7 +343,7 @@ TIP: Spring Boot auto-configures an javadoc:org.springframework.security.oauth2. The javadoc:org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository[] has limited capabilities and we recommend using it only for development environments. For production environments, consider using a javadoc:org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository[] or creating your own implementation of javadoc:org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository[]. -Additional information can be found in the {url-spring-authorization-server-docs}/getting-started.html[Getting Started] chapter of the {url-spring-authorization-server-docs}[Spring Authorization Server Reference Guide]. +Additional information can be found in the {url-spring-security-docs}/servlet/oauth2/authorization-server/getting-started.html[Getting Started] chapter of Spring Security Reference Documentation. diff --git a/module/spring-boot-security-oauth2-authorization-server/src/main/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerJwtAutoConfiguration.java b/module/spring-boot-security-oauth2-authorization-server/src/main/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerJwtAutoConfiguration.java index 900ef596134..f7f867ec075 100644 --- a/module/spring-boot-security-oauth2-authorization-server/src/main/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerJwtAutoConfiguration.java +++ b/module/spring-boot-security-oauth2-authorization-server/src/main/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerJwtAutoConfiguration.java @@ -39,9 +39,9 @@ import org.springframework.boot.security.autoconfigure.servlet.UserDetailsServic import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Role; +import org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; import org.springframework.security.oauth2.jwt.JwtDecoder; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; -import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; /** * {@link EnableAutoConfiguration Auto-configuration} for JWT support for endpoints of the diff --git a/module/spring-boot-security-oauth2-authorization-server/src/main/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java b/module/spring-boot-security-oauth2-authorization-server/src/main/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java index f984573b36f..fb1fadabe65 100644 --- a/module/spring-boot-security-oauth2-authorization-server/src/main/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java +++ b/module/spring-boot-security-oauth2-authorization-server/src/main/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java @@ -27,8 +27,8 @@ import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; import org.springframework.http.MediaType; import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; -import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; @@ -50,8 +50,7 @@ class OAuth2AuthorizationServerWebSecurityConfiguration { @Bean @Order(Ordered.HIGHEST_PRECEDENCE) SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServer = OAuth2AuthorizationServerConfigurer - .authorizationServer(); + OAuth2AuthorizationServerConfigurer authorizationServer = new OAuth2AuthorizationServerConfigurer(); http.securityMatcher(authorizationServer.getEndpointsMatcher()); http.with(authorizationServer, withDefaults()); http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()); diff --git a/module/spring-boot-security-oauth2-authorization-server/src/test/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfigurationTests.java b/module/spring-boot-security-oauth2-authorization-server/src/test/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfigurationTests.java index e18a97cbc60..433ec142f48 100644 --- a/module/spring-boot-security-oauth2-authorization-server/src/test/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfigurationTests.java +++ b/module/spring-boot-security-oauth2-authorization-server/src/test/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfigurationTests.java @@ -31,12 +31,12 @@ import org.springframework.security.config.BeanIds; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; -import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer; import org.springframework.security.oauth2.server.authorization.oidc.web.OidcClientRegistrationEndpointFilter; import org.springframework.security.oauth2.server.authorization.oidc.web.OidcProviderConfigurationEndpointFilter; import org.springframework.security.oauth2.server.authorization.oidc.web.OidcUserInfoEndpointFilter; @@ -164,8 +164,7 @@ class OAuth2AuthorizationServerWebSecurityConfigurationTests { @Bean @Order(1) SecurityFilterChain authServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServer = OAuth2AuthorizationServerConfigurer - .authorizationServer(); + OAuth2AuthorizationServerConfigurer authorizationServer = new OAuth2AuthorizationServerConfigurer(); http.securityMatcher(authorizationServer.getEndpointsMatcher()) .with(authorizationServer, Customizer.withDefaults()); http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()); diff --git a/platform/spring-boot-dependencies/build.gradle b/platform/spring-boot-dependencies/build.gradle index bf5c723e4ea..fb15801b545 100644 --- a/platform/spring-boot-dependencies/build.gradle +++ b/platform/spring-boot-dependencies/build.gradle @@ -2279,23 +2279,6 @@ bom { releaseNotes("https://github.com/spring-projects/spring-amqp/releases/tag/v{version}") } } - library("Spring Authorization Server", "2.0.0-SNAPSHOT") { - considerSnapshots() - group("org.springframework.security") { - modules = [ - "spring-security-oauth2-authorization-server" - ] - } - links { - site("https://spring.io/projects/spring-authorization-server") - github("https://github.com/spring-projects/spring-authorization-server") - javadoc(version -> "https://docs.spring.io/spring-authorization-server/docs/%s/api" - .formatted(version.forMajorMinorGeneration()), "org.springframework.security.oauth2.server") - docs(version -> "https://docs.spring.io/spring-authorization-server/reference/%s" - .formatted(version.forAntora())) - releaseNotes("https://github.com/spring-projects/spring-authorization-server/releases/tag/{version}") - } - } library("Spring Batch", "6.0.0-M2") { considerSnapshots() group("org.springframework.batch") {