root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 12 Packages Projects Releases Wiki Activity

Migrate dependency management for Spring Authorization Server 

With Spring Authorization Server migrating to Spring Security proper as
of v7, this commit removes dependency management for it and adapt to
changes in recent snapshots

Closes gh-47174
This commit is contained in:
Stéphane Nicoll 2025-09-14 06:43:54 +02:00
parent b3c38a30ae
commit 07c18ea9f1
5 changed files with 6 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
documentation/spring-boot-docs/src/docs/antora/modules/reference/pages/web/spring-security.adoc
View File

@ -343,7 +343,7 @@ TIP: Spring Boot auto-configures an javadoc:org.springframework.security.oauth2.
The javadoc:org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository[] has limited capabilities and we recommend using it only for development environments.
For production environments, consider using a javadoc:org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository[] or creating your own implementation of javadoc:org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository[].
Additional information can be found in the {url-spring-authorization-server-docs}/getting-started.html[Getting Started] chapter of the {url-spring-authorization-server-docs}[Spring Authorization Server Reference Guide].
Additional information can be found in the {url-spring-security-docs}/servlet/oauth2/authorization-server/getting-started.html[Getting Started] chapter of Spring Security Reference Documentation.

2
module/spring-boot-security-oauth2-authorization-server/src/main/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerJwtAutoConfiguration.java
View File

@ -39,9 +39,9 @@ import org.springframework.boot.security.autoconfigure.servlet.UserDetailsServic
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Role;
import org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
/**
* {@link EnableAutoConfiguration Auto-configuration} for JWT support for endpoints of the

5
module/spring-boot-security-oauth2-authorization-server/src/main/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java
View File

@ -27,8 +27,8 @@ import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.http.MediaType;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
@ -50,8 +50,7 @@ class OAuth2AuthorizationServerWebSecurityConfiguration {
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
OAuth2AuthorizationServerConfigurer authorizationServer = OAuth2AuthorizationServerConfigurer
.authorizationServer();
OAuth2AuthorizationServerConfigurer authorizationServer = new OAuth2AuthorizationServerConfigurer();
http.securityMatcher(authorizationServer.getEndpointsMatcher());
http.with(authorizationServer, withDefaults());
http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated());

5
module/spring-boot-security-oauth2-authorization-server/src/test/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfigurationTests.java
View File

@ -31,12 +31,12 @@ import org.springframework.security.config.BeanIds;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
import org.springframework.security.oauth2.server.authorization.oidc.web.OidcClientRegistrationEndpointFilter;
import org.springframework.security.oauth2.server.authorization.oidc.web.OidcProviderConfigurationEndpointFilter;
import org.springframework.security.oauth2.server.authorization.oidc.web.OidcUserInfoEndpointFilter;
@ -164,8 +164,7 @@ class OAuth2AuthorizationServerWebSecurityConfigurationTests {
@Bean
@Order(1)
SecurityFilterChain authServerSecurityFilterChain(HttpSecurity http) throws Exception {
OAuth2AuthorizationServerConfigurer authorizationServer = OAuth2AuthorizationServerConfigurer
.authorizationServer();
OAuth2AuthorizationServerConfigurer authorizationServer = new OAuth2AuthorizationServerConfigurer();
http.securityMatcher(authorizationServer.getEndpointsMatcher())
.with(authorizationServer, Customizer.withDefaults());
http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated());

17
platform/spring-boot-dependencies/build.gradle
View File

@ -2279,23 +2279,6 @@ bom {
releaseNotes("https://github.com/spring-projects/spring-amqp/releases/tag/v{version}")
}
}
library("Spring Authorization Server", "2.0.0-SNAPSHOT") {
considerSnapshots()
group("org.springframework.security") {
modules = [
"spring-security-oauth2-authorization-server"
]
}
links {
site("https://spring.io/projects/spring-authorization-server")
github("https://github.com/spring-projects/spring-authorization-server")
javadoc(version -> "https://docs.spring.io/spring-authorization-server/docs/%s/api"
.formatted(version.forMajorMinorGeneration()), "org.springframework.security.oauth2.server")
docs(version -> "https://docs.spring.io/spring-authorization-server/reference/%s"
.formatted(version.forAntora()))
releaseNotes("https://github.com/spring-projects/spring-authorization-server/releases/tag/{version}")
}
}
library("Spring Batch", "6.0.0-M2") {
considerSnapshots()
group("org.springframework.batch") {