root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Remove default HttpSecurity.securityMatcher() for authorization server 

Closes gh-17965
This commit is contained in:
Joe Grandja 2025-10-01 11:45:09 -04:00
parent 7f10897de3
commit 681e166be8
2 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.java
View File

@ -396,8 +396,6 @@ public final class OAuth2AuthorizationServerConfigurer
new OrRequestMatcher(preferredMatchers)); new OrRequestMatcher(preferredMatchers));
} }
httpSecurity.securityMatchers((securityMatchers) -> securityMatchers.requestMatchers(this.endpointsMatcher));
httpSecurity.csrf((csrf) -> csrf.ignoringRequestMatchers(this.endpointsMatcher)); httpSecurity.csrf((csrf) -> csrf.ignoringRequestMatchers(this.endpointsMatcher));
if (getConfigurer(OAuth2ClientRegistrationEndpointConfigurer.class) != null) { if (getConfigurer(OAuth2ClientRegistrationEndpointConfigurer.class) != null) {

7
docs/modules/ROOT/pages/servlet/oauth2/authorization-server/getting-started.adoc
View File

@ -132,10 +132,11 @@ public class SecurityConfig {
// @formatter:off // @formatter:off
http http
.oauth2AuthorizationServer((authorizationServer) -> .oauth2AuthorizationServer((authorizationServer) -> {
http.securityMatcher(authorizationServer.getEndpointsMatcher());
authorizationServer authorizationServer
.oidc(Customizer.withDefaults()) // Enable OpenID Connect 1.0 .oidc(Customizer.withDefaults()); // Enable OpenID Connect 1.0
) })
.authorizeHttpRequests((authorize) -> .authorizeHttpRequests((authorize) ->
authorize authorize
.anyRequest().authenticated() .anyRequest().authenticated()