diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java index 5a694abc6d..407c9b271b 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java @@ -71,6 +71,7 @@ import org.springframework.security.config.annotation.web.configurers.X509Config import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer; import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer; import org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer; +import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer; import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer; import org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer; import org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer; @@ -1552,6 +1553,23 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderOAuth 2.1 + * Authorization Framework + */ + public HttpSecurity oauth2AuthorizationServer( + Customizer oauth2AuthorizationServerCustomizer) throws Exception { + oauth2AuthorizationServerCustomizer.customize(getOrApply(new OAuth2AuthorizationServerConfigurer())); + return HttpSecurity.this; + } + /** * Configures One-Time Token Login Support. * diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java index f1923d419f..6a3afe41b4 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java @@ -40,7 +40,7 @@ import org.springframework.security.oauth2.server.authorization.settings.Authori import org.springframework.security.web.SecurityFilterChain; /** - * {@link Configuration} for OAuth 2.0 Authorization Server support. + * {@link Configuration} for OAuth 2.1 Authorization Server support. * * @author Joe Grandja * @since 7.0 @@ -53,11 +53,8 @@ public class OAuth2AuthorizationServerConfiguration { @Order(Ordered.HIGHEST_PRECEDENCE) public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { // @formatter:off - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, Customizer.withDefaults()) + .oauth2AuthorizationServer(Customizer.withDefaults()) .authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated() ); diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.java index ae7f7d4d7a..333a413d05 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.java @@ -60,7 +60,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; /** - * An {@link AbstractHttpConfigurer} for OAuth 2.0 Authorization Server support. + * An {@link AbstractHttpConfigurer} for OAuth 2.1 Authorization Server support. * * @author Joe Grandja * @author Daniel Garnier-Moiroux @@ -91,16 +91,6 @@ public final class OAuth2AuthorizationServerConfigurer private RequestMatcher endpointsMatcher; - /** - * Returns a new instance of {@link OAuth2AuthorizationServerConfigurer} for - * configuring. - * @return a new instance of {@link OAuth2AuthorizationServerConfigurer} for - * configuring - */ - public static OAuth2AuthorizationServerConfigurer authorizationServer() { - return new OAuth2AuthorizationServerConfigurer(); - } - /** * Sets the repository of registered clients. * @param registeredClientRepository the repository of registered clients @@ -383,6 +373,8 @@ public final class OAuth2AuthorizationServerConfigurer new OrRequestMatcher(preferredMatchers)); } + httpSecurity.securityMatchers((securityMatchers) -> securityMatchers.requestMatchers(this.endpointsMatcher)); + httpSecurity.csrf((csrf) -> csrf.ignoringRequestMatchers(this.endpointsMatcher)); OidcConfigurer oidcConfigurer = getConfigurer(OidcConfigurer.class); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationCodeGrantTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationCodeGrantTests.java index 8b3a72837e..4a41b1e2da 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationCodeGrantTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationCodeGrantTests.java @@ -1271,11 +1271,8 @@ public class OAuth2AuthorizationCodeGrantTests { // @formatter:off @Bean SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, Customizer.withDefaults()) + .oauth2AuthorizationServer(Customizer.withDefaults()) .authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated() ) @@ -1331,11 +1328,8 @@ public class OAuth2AuthorizationCodeGrantTests { // @formatter:off @Bean SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .authorizationEndpoint((authorizationEndpoint) -> authorizationEndpoint.consentPage(consentPage)) @@ -1359,11 +1353,8 @@ public class OAuth2AuthorizationCodeGrantTests { // @formatter:off @Bean SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .authorizationEndpoint((authorizationEndpoint) -> authorizationEndpoint.authenticationProviders(configureAuthenticationProviders())) @@ -1446,11 +1437,8 @@ public class OAuth2AuthorizationCodeGrantTests { // @formatter:off @Bean SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .authorizationEndpoint((authorizationEndpoint) -> authorizationEndpoint @@ -1490,11 +1478,8 @@ public class OAuth2AuthorizationCodeGrantTests { // @formatter:off @Bean SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .pushedAuthorizationRequestEndpoint(Customizer.withDefaults()) ) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerMetadataTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerMetadataTests.java index 89a9a4b490..5b57cdf4ef 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerMetadataTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerMetadataTests.java @@ -193,11 +193,8 @@ public class OAuth2AuthorizationServerMetadataTests { // @formatter:off @Bean SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .authorizationServerMetadataEndpoint((authorizationServerMetadataEndpoint) -> authorizationServerMetadataEndpoint diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2ClientCredentialsGrantTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2ClientCredentialsGrantTests.java index 895fd093a3..98e277bbff 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2ClientCredentialsGrantTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2ClientCredentialsGrantTests.java @@ -596,11 +596,8 @@ public class OAuth2ClientCredentialsGrantTests { // @formatter:off @Bean SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .tokenEndpoint((tokenEndpoint) -> tokenEndpoint @@ -640,11 +637,8 @@ public class OAuth2ClientCredentialsGrantTests { SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { authenticationSuccessHandler = spy(authenticationSuccessHandler()); - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .clientAuthentication((clientAuthentication) -> clientAuthentication diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2RefreshTokenGrantTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2RefreshTokenGrantTests.java index 99f7bf0532..b785ded4dc 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2RefreshTokenGrantTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2RefreshTokenGrantTests.java @@ -542,11 +542,8 @@ public class OAuth2RefreshTokenGrantTests { SecurityFilterChain authorizationServerSecurityFilterChain( HttpSecurity http, RegisteredClientRepository registeredClientRepository) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .clientAuthentication((clientAuthentication) -> clientAuthentication diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenIntrospectionTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenIntrospectionTests.java index c1ebc2cfef..22fab0395a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenIntrospectionTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenIntrospectionTests.java @@ -575,11 +575,8 @@ public class OAuth2TokenIntrospectionTests { // @formatter:off @Bean SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .tokenIntrospectionEndpoint((tokenIntrospectionEndpoint) -> tokenIntrospectionEndpoint diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenRevocationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenRevocationTests.java index a97ccc4331..5a910c2b0f 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenRevocationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenRevocationTests.java @@ -375,11 +375,8 @@ public class OAuth2TokenRevocationTests { // @formatter:off @Bean SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .tokenRevocationEndpoint((tokenRevocationEndpoint) -> tokenRevocationEndpoint diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcClientRegistrationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcClientRegistrationTests.java index dcc899a6fe..df1bd6da84 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcClientRegistrationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcClientRegistrationTests.java @@ -650,11 +650,8 @@ public class OidcClientRegistrationTests { @Bean @Override public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .oidc((oidc) -> oidc @@ -686,11 +683,8 @@ public class OidcClientRegistrationTests { @Bean @Override public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .oidc((oidc) -> oidc @@ -730,11 +724,8 @@ public class OidcClientRegistrationTests { @Bean @Override public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .oidc((oidc) -> oidc @@ -771,11 +762,8 @@ public class OidcClientRegistrationTests { // @formatter:off @Bean SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .oidc((oidc) -> oidc diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcProviderConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcProviderConfigurationTests.java index 9d570efdf3..815bc0534c 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcProviderConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcProviderConfigurationTests.java @@ -230,12 +230,9 @@ public class OidcProviderConfigurationTests { @Bean SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = OAuth2AuthorizationServerConfigurer - .authorizationServer(); // @formatter:off http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .oidc(Customizer.withDefaults()) // Enable OpenID Connect 1.0 ); @@ -285,11 +282,8 @@ public class OidcProviderConfigurationTests { // @formatter:off @Bean SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .oidc((oidc) -> oidc.providerConfigurationEndpoint((providerConfigurationEndpoint) -> @@ -317,11 +311,8 @@ public class OidcProviderConfigurationTests { // @formatter:off @Bean SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .oidc((oidc) -> oidc.clientRegistrationEndpoint(Customizer.withDefaults()) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcTests.java index cf6151a09e..edc0040de9 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcTests.java @@ -600,11 +600,8 @@ public class OidcTests { @Bean SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { // @formatter:off - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .oidc(Customizer.withDefaults()) // Enable OpenID Connect 1.0 ); @@ -702,11 +699,8 @@ public class OidcTests { // @formatter:off @Bean SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .tokenGenerator(tokenGenerator()) .oidc(Customizer.withDefaults()) @@ -743,11 +737,8 @@ public class OidcTests { // @formatter:off @Bean SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .tokenGenerator(tokenGenerator()) .oidc(Customizer.withDefaults()) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcUserInfoTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcUserInfoTests.java index e92c25948f..54195bdf90 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcUserInfoTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcUserInfoTests.java @@ -406,11 +406,8 @@ public class OidcUserInfoTests { @Override SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { // @formatter:off - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .oidc((oidc) -> oidc @@ -442,11 +439,8 @@ public class OidcUserInfoTests { @Override SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { // @formatter:off - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .oidc(Customizer.withDefaults()) ) @@ -469,11 +463,8 @@ public class OidcUserInfoTests { @Bean SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { // @formatter:off - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .oidc(Customizer.withDefaults()) ) diff --git a/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/configuration-model.adoc b/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/configuration-model.adoc index 9737db5898..eb65445664 100644 --- a/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/configuration-model.adoc +++ b/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/configuration-model.adoc @@ -55,11 +55,8 @@ https://openid.net/specs/openid-connect-core-1_0.html[OpenID Connect 1.0] is dis ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .oidc(Customizer.withDefaults()) // Initialize `OidcConfigurer` ); @@ -104,12 +101,8 @@ Furthermore, it lets you customize the request processing logic for the protocol ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .registeredClientRepository(registeredClientRepository) <1> .authorizationService(authorizationService) <2> @@ -238,12 +231,8 @@ It defines extension points that let you customize the pre-processing, main proc ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .clientAuthentication(clientAuthentication -> clientAuthentication @@ -297,12 +286,8 @@ The following example shows how to configure `JwtClientAssertionAuthenticationPr ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .clientAuthentication(clientAuthentication -> clientAuthentication @@ -351,12 +336,8 @@ If you need to verify another attribute of the client `X509Certificate`, for exa ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .clientAuthentication(clientAuthentication -> clientAuthentication diff --git a/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/core-model-components.adoc b/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/core-model-components.adoc index bf10a36a90..9bb03668ae 100644 --- a/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/core-model-components.adoc +++ b/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/core-model-components.adoc @@ -122,12 +122,8 @@ Alternatively, you can configure the `RegisteredClientRepository` through the xr ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .registeredClientRepository(registeredClientRepository) ) @@ -219,12 +215,8 @@ Alternatively, you can configure the `OAuth2AuthorizationService` through the xr ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .authorizationService(authorizationService) ) @@ -293,12 +285,8 @@ Alternatively, you can configure the `OAuth2AuthorizationConsentService` through ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .authorizationConsentService(authorizationConsentService) ) @@ -406,12 +394,8 @@ Alternatively, you can configure the `OAuth2TokenGenerator` through the xref:ser ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .tokenGenerator(tokenGenerator) ) diff --git a/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/getting-started.adoc b/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/getting-started.adoc index 427c9b731b..d0f22cef75 100644 --- a/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/getting-started.adoc +++ b/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/getting-started.adoc @@ -129,13 +129,10 @@ public class SecurityConfig { @Order(1) public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); // @formatter:off http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .oidc(Customizer.withDefaults()) // Enable OpenID Connect 1.0 ) diff --git a/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/protocol-endpoints.adoc b/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/protocol-endpoints.adoc index f74631d66b..82919e4ff6 100644 --- a/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/protocol-endpoints.adoc +++ b/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/protocol-endpoints.adoc @@ -13,12 +13,8 @@ It defines extension points that let you customize the pre-processing, main proc ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .authorizationEndpoint(authorizationEndpoint -> authorizationEndpoint @@ -76,12 +72,8 @@ The following example shows how to configure `OAuth2AuthorizationCodeRequestAuth ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .authorizationEndpoint(authorizationEndpoint -> authorizationEndpoint @@ -138,12 +130,8 @@ It defines extension points that let you customize the pre-processing, main proc ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .pushedAuthorizationRequestEndpoint(pushedAuthorizationRequestEndpoint -> pushedAuthorizationRequestEndpoint @@ -199,12 +187,8 @@ The following example shows how to configure `OAuth2PushedAuthorizationRequestAu ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .pushedAuthorizationRequestEndpoint(pushedAuthorizationRequestEndpoint -> pushedAuthorizationRequestEndpoint @@ -261,12 +245,8 @@ It defines extension points that let you customize the pre-processing, main proc ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .deviceAuthorizationEndpoint(deviceAuthorizationEndpoint -> deviceAuthorizationEndpoint @@ -313,12 +293,8 @@ It defines extension points that let you customize the pre-processing, main proc ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .deviceVerificationEndpoint(deviceVerificationEndpoint -> deviceVerificationEndpoint @@ -364,12 +340,8 @@ It defines extension points that let you customize the pre-processing, main proc ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .tokenEndpoint(tokenEndpoint -> tokenEndpoint @@ -425,12 +397,8 @@ The following example shows how to configure `OAuth2ClientCredentialsAuthenticat ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .tokenEndpoint(tokenEndpoint -> tokenEndpoint @@ -616,12 +584,8 @@ It defines extension points that let you customize the pre-processing, main proc ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .tokenIntrospectionEndpoint(tokenIntrospectionEndpoint -> tokenIntrospectionEndpoint @@ -666,12 +630,8 @@ It defines extension points that let you customize the pre-processing, main proc ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .tokenRevocationEndpoint(tokenRevocationEndpoint -> tokenRevocationEndpoint @@ -716,12 +676,8 @@ It defines an extension point that lets you customize the https://datatracker.ie ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .authorizationServerMetadataEndpoint(authorizationServerMetadataEndpoint -> authorizationServerMetadataEndpoint @@ -760,12 +716,8 @@ It defines an extension point that lets you customize the https://openid.net/spe ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .oidc(oidc -> oidc @@ -796,12 +748,8 @@ It defines extension points that let you customize the pre-processing, main proc ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .oidc(oidc -> oidc @@ -864,12 +812,8 @@ The following example shows how to configure `OidcLogoutAuthenticationProvider` ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .oidc(oidc -> oidc @@ -919,12 +863,8 @@ It defines extension points that let you customize the pre-processing, main proc ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .oidc(oidc -> oidc @@ -982,12 +922,8 @@ It defines extension points that let you customize the pre-processing, main proc ---- @Bean public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = - OAuth2AuthorizationServerConfigurer.authorizationServer(); - http - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) - .with(authorizationServerConfigurer, (authorizationServer) -> + .oauth2AuthorizationServer((authorizationServer) -> authorizationServer .oidc(oidc -> oidc