From 11960df595c0e456da64f537f09c8b6d1a6867f9 Mon Sep 17 00:00:00 2001
From: Andy Wilkinson <andy.wilkinson@broadcom.com>
Date: Wed, 9 Oct 2024 11:00:55 +0100
Subject: [PATCH] Start building against Spring Authorization Server 1.4.0
 snapshots

See gh-42559
---
 .../OAuth2AuthorizationServerWebSecurityConfiguration.java | 7 +++++--
 spring-boot-project/spring-boot-dependencies/build.gradle  | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java
index 5c36f2b4622..1fc587df59d 100644
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java
@@ -28,7 +28,6 @@ import org.springframework.core.annotation.Order;
 import org.springframework.http.MediaType;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
-import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
 import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
 import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
 import org.springframework.security.web.SecurityFilterChain;
@@ -51,7 +50,11 @@ class OAuth2AuthorizationServerWebSecurityConfiguration {
 	@Bean
 	@Order(Ordered.HIGHEST_PRECEDENCE)
 	SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-		OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
+		OAuth2AuthorizationServerConfigurer authorizationServer = OAuth2AuthorizationServerConfigurer
+			.authorizationServer();
+		http.securityMatcher(authorizationServer.getEndpointsMatcher());
+		http.with(authorizationServer, withDefaults());
+		http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated());
 		http.getConfigurer(OAuth2AuthorizationServerConfigurer.class).oidc(withDefaults());
 		http.oauth2ResourceServer((resourceServer) -> resourceServer.jwt(withDefaults()));
 		http.exceptionHandling((exceptions) -> exceptions.defaultAuthenticationEntryPointFor(
diff --git a/spring-boot-project/spring-boot-dependencies/build.gradle b/spring-boot-project/spring-boot-dependencies/build.gradle
index d19cd9ce580..3b99f72df31 100644
--- a/spring-boot-project/spring-boot-dependencies/build.gradle
+++ b/spring-boot-project/spring-boot-dependencies/build.gradle
@@ -1913,7 +1913,7 @@ bom {
 			releaseNotes("https://github.com/spring-projects/spring-amqp/releases/tag/v{version}")
 		}
 	}
-	library("Spring Authorization Server", "1.4.0-M2") {
+	library("Spring Authorization Server", "1.4.0-SNAPSHOT") {
 		considerSnapshots()
 		group("org.springframework.security") {
 			modules = [