Add HttpSecurity.oauth2AuthorizationServer()

Issue gh-17880

config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java

@@ -71,6 +71,7 @@ import org.springframework.security.config.annotation.web.configurers.X509Config
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer;
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer;
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer;
+import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer;
 import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
 import org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer;
 import org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer;
@@ -1552,6 +1553,23 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 		return HttpSecurity.this;
 	}
 
+	/**
+	 * Configures OAuth 2.1 Authorization Server support.
+	 * @param oauth2AuthorizationServerCustomizer the {@link Customizer} providing access
+	 * to the {@link OAuth2AuthorizationServerConfigurer} for further customizations
+	 * @return the {@link HttpSecurity} for further customizations
+	 * @throws Exception
+	 * @since 7.0
+	 * @see <a target="_blank" href=
+	 * "https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-13.html">OAuth 2.1
+	 * Authorization Framework</a>
+	 */
+	public HttpSecurity oauth2AuthorizationServer(
+			Customizer<OAuth2AuthorizationServerConfigurer> oauth2AuthorizationServerCustomizer) throws Exception {
+		oauth2AuthorizationServerCustomizer.customize(getOrApply(new OAuth2AuthorizationServerConfigurer()));
+		return HttpSecurity.this;
+	}
+
 	/**
 	 * Configures One-Time Token Login Support.
 	 *

config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java

@@ -40,7 +40,7 @@ import org.springframework.security.oauth2.server.authorization.settings.Authori
 import org.springframework.security.web.SecurityFilterChain;
 
 /**
- * {@link Configuration} for OAuth 2.0 Authorization Server support.
+ * {@link Configuration} for OAuth 2.1 Authorization Server support.
  *
  * @author Joe Grandja
  * @since 7.0
@@ -53,11 +53,8 @@ public class OAuth2AuthorizationServerConfiguration {
 	@Order(Ordered.HIGHEST_PRECEDENCE)
 	public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
 		// @formatter:off
-		OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-				OAuth2AuthorizationServerConfigurer.authorizationServer();
 		http
-			.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+			.oauth2AuthorizationServer(Customizer.withDefaults())
-			.with(authorizationServerConfigurer, Customizer.withDefaults())
 			.authorizeHttpRequests((authorize) ->
 				authorize.anyRequest().authenticated()
 			);

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.java

@@ -60,7 +60,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
 /**
- * An {@link AbstractHttpConfigurer} for OAuth 2.0 Authorization Server support.
+ * An {@link AbstractHttpConfigurer} for OAuth 2.1 Authorization Server support.
  *
  * @author Joe Grandja
  * @author Daniel Garnier-Moiroux
@@ -91,16 +91,6 @@ public final class OAuth2AuthorizationServerConfigurer
 
 	private RequestMatcher endpointsMatcher;
 
-	/**
-	 * Returns a new instance of {@link OAuth2AuthorizationServerConfigurer} for
-	 * configuring.
-	 * @return a new instance of {@link OAuth2AuthorizationServerConfigurer} for
-	 * configuring
-	 */
-	public static OAuth2AuthorizationServerConfigurer authorizationServer() {
-		return new OAuth2AuthorizationServerConfigurer();
-	}
-
 	/**
 	 * Sets the repository of registered clients.
 	 * @param registeredClientRepository the repository of registered clients
@@ -383,6 +373,8 @@ public final class OAuth2AuthorizationServerConfigurer
 					new OrRequestMatcher(preferredMatchers));
 		}
 
+		httpSecurity.securityMatchers((securityMatchers) -> securityMatchers.requestMatchers(this.endpointsMatcher));
+
 		httpSecurity.csrf((csrf) -> csrf.ignoringRequestMatchers(this.endpointsMatcher));
 
 		OidcConfigurer oidcConfigurer = getConfigurer(OidcConfigurer.class);

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationCodeGrantTests.java

@@ -1271,11 +1271,8 @@ public class OAuth2AuthorizationCodeGrantTests {
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer(Customizer.withDefaults())
-					.with(authorizationServerConfigurer, Customizer.withDefaults())
 					.authorizeHttpRequests((authorize) ->
 							authorize.anyRequest().authenticated()
 					)
@@ -1331,11 +1328,8 @@ public class OAuth2AuthorizationCodeGrantTests {
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.authorizationEndpoint((authorizationEndpoint) ->
 											authorizationEndpoint.consentPage(consentPage))
@@ -1359,11 +1353,8 @@ public class OAuth2AuthorizationCodeGrantTests {
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.authorizationEndpoint((authorizationEndpoint) ->
 											authorizationEndpoint.authenticationProviders(configureAuthenticationProviders()))
@@ -1446,11 +1437,8 @@ public class OAuth2AuthorizationCodeGrantTests {
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.authorizationEndpoint((authorizationEndpoint) ->
 											authorizationEndpoint
@@ -1490,11 +1478,8 @@ public class OAuth2AuthorizationCodeGrantTests {
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.pushedAuthorizationRequestEndpoint(Customizer.withDefaults())
 					)

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerMetadataTests.java

@@ -193,11 +193,8 @@ public class OAuth2AuthorizationServerMetadataTests {
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.authorizationServerMetadataEndpoint((authorizationServerMetadataEndpoint) ->
 											authorizationServerMetadataEndpoint

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2ClientCredentialsGrantTests.java

@@ -596,11 +596,8 @@ public class OAuth2ClientCredentialsGrantTests {
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.tokenEndpoint((tokenEndpoint) ->
 											tokenEndpoint
@@ -640,11 +637,8 @@ public class OAuth2ClientCredentialsGrantTests {
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
 			authenticationSuccessHandler = spy(authenticationSuccessHandler());
 
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.clientAuthentication((clientAuthentication) ->
 											clientAuthentication

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2RefreshTokenGrantTests.java

@@ -542,11 +542,8 @@ public class OAuth2RefreshTokenGrantTests {
 		SecurityFilterChain authorizationServerSecurityFilterChain(
 				HttpSecurity http, RegisteredClientRepository registeredClientRepository) throws Exception {
 
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.clientAuthentication((clientAuthentication) ->
 											clientAuthentication

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenIntrospectionTests.java

@@ -575,11 +575,8 @@ public class OAuth2TokenIntrospectionTests {
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.tokenIntrospectionEndpoint((tokenIntrospectionEndpoint) ->
 											tokenIntrospectionEndpoint

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenRevocationTests.java

@@ -375,11 +375,8 @@ public class OAuth2TokenRevocationTests {
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.tokenRevocationEndpoint((tokenRevocationEndpoint) ->
 											tokenRevocationEndpoint

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcClientRegistrationTests.java

@@ -650,11 +650,8 @@ public class OidcClientRegistrationTests {
 		@Bean
 		@Override
 		public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.oidc((oidc) ->
 											oidc
@@ -686,11 +683,8 @@ public class OidcClientRegistrationTests {
 		@Bean
 		@Override
 		public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.oidc((oidc) ->
 											oidc
@@ -730,11 +724,8 @@ public class OidcClientRegistrationTests {
 		@Bean
 		@Override
 		public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.oidc((oidc) ->
 											oidc
@@ -771,11 +762,8 @@ public class OidcClientRegistrationTests {
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.oidc((oidc) ->
 											oidc

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcProviderConfigurationTests.java

@@ -230,12 +230,9 @@ public class OidcProviderConfigurationTests {
 
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = OAuth2AuthorizationServerConfigurer
-				.authorizationServer();
 			// @formatter:off
 			http
-				.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+				.oauth2AuthorizationServer((authorizationServer) ->
-				.with(authorizationServerConfigurer, (authorizationServer) ->
 					authorizationServer
 						.oidc(Customizer.withDefaults())	// Enable OpenID Connect 1.0
 				);
@@ -285,11 +282,8 @@ public class OidcProviderConfigurationTests {
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.oidc((oidc) ->
 											oidc.providerConfigurationEndpoint((providerConfigurationEndpoint) ->
@@ -317,11 +311,8 @@ public class OidcProviderConfigurationTests {
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.oidc((oidc) ->
 											oidc.clientRegistrationEndpoint(Customizer.withDefaults())

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcTests.java

@@ -600,11 +600,8 @@ public class OidcTests {
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-				.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+				.oauth2AuthorizationServer((authorizationServer) ->
-				.with(authorizationServerConfigurer, (authorizationServer) ->
 					authorizationServer
 						.oidc(Customizer.withDefaults())	// Enable OpenID Connect 1.0
 				);
@@ -702,11 +699,8 @@ public class OidcTests {
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.tokenGenerator(tokenGenerator())
 									.oidc(Customizer.withDefaults())
@@ -743,11 +737,8 @@ public class OidcTests {
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.tokenGenerator(tokenGenerator())
 									.oidc(Customizer.withDefaults())

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcUserInfoTests.java

@@ -406,11 +406,8 @@ public class OidcUserInfoTests {
 		@Override
 		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.oidc((oidc) ->
 											oidc
@@ -442,11 +439,8 @@ public class OidcUserInfoTests {
 		@Override
 		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.oidc(Customizer.withDefaults())
 					)
@@ -469,11 +463,8 @@ public class OidcUserInfoTests {
 		@Bean
 		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.oauth2AuthorizationServer((authorizationServer) ->
-					.with(authorizationServerConfigurer, (authorizationServer) ->
 							authorizationServer
 									.oidc(Customizer.withDefaults())
 					)

docs/modules/ROOT/pages/servlet/oauth2/authorization-server/configuration-model.adoc

@@ -55,11 +55,8 @@ https://openid.net/specs/openid-connect-core-1_0.html[OpenID Connect 1.0] is dis
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
 				.oidc(Customizer.withDefaults())	// Initialize `OidcConfigurer`
 		);
@@ -104,12 +101,8 @@ Furthermore, it lets you customize the request processing logic for the protocol
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
 				.registeredClientRepository(registeredClientRepository)	<1>
 				.authorizationService(authorizationService)	<2>
@@ -238,12 +231,8 @@ It defines extension points that let you customize the pre-processing, main proc
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
 				.clientAuthentication(clientAuthentication ->
 					clientAuthentication
@@ -297,12 +286,8 @@ The following example shows how to configure `JwtClientAssertionAuthenticationPr
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
 				.clientAuthentication(clientAuthentication ->
 					clientAuthentication
@@ -351,12 +336,8 @@ If you need to verify another attribute of the client `X509Certificate`, for exa
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
 				.clientAuthentication(clientAuthentication ->
 					clientAuthentication

docs/modules/ROOT/pages/servlet/oauth2/authorization-server/core-model-components.adoc

@@ -122,12 +122,8 @@ Alternatively, you can configure the `RegisteredClientRepository` through the xr
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
 				.registeredClientRepository(registeredClientRepository)
 		)
@@ -219,12 +215,8 @@ Alternatively, you can configure the `OAuth2AuthorizationService` through the xr
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
 				.authorizationService(authorizationService)
 		)
@@ -293,12 +285,8 @@ Alternatively, you can configure the `OAuth2AuthorizationConsentService` through
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
 				.authorizationConsentService(authorizationConsentService)
 		)
@@ -406,12 +394,8 @@ Alternatively, you can configure the `OAuth2TokenGenerator` through the xref:ser
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
 				.tokenGenerator(tokenGenerator)
 		)

docs/modules/ROOT/pages/servlet/oauth2/authorization-server/getting-started.adoc

@@ -129,13 +129,10 @@ public class SecurityConfig {
 	@Order(1)
 	public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
 			throws Exception {
-		OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-				OAuth2AuthorizationServerConfigurer.authorizationServer();
 
 		// @formatter:off
 		http
-			.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+			.oauth2AuthorizationServer((authorizationServer) ->
-			.with(authorizationServerConfigurer, (authorizationServer) ->
 				authorizationServer
 					.oidc(Customizer.withDefaults())	// Enable OpenID Connect 1.0
 			)

docs/modules/ROOT/pages/servlet/oauth2/authorization-server/protocol-endpoints.adoc

@@ -13,12 +13,8 @@ It defines extension points that let you customize the pre-processing, main proc
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
 				.authorizationEndpoint(authorizationEndpoint ->
 					authorizationEndpoint
@@ -76,12 +72,8 @@ The following example shows how to configure `OAuth2AuthorizationCodeRequestAuth
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
 				.authorizationEndpoint(authorizationEndpoint ->
 					authorizationEndpoint
@@ -138,12 +130,8 @@ It defines extension points that let you customize the pre-processing, main proc
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
 				.pushedAuthorizationRequestEndpoint(pushedAuthorizationRequestEndpoint ->
 					pushedAuthorizationRequestEndpoint
@@ -199,12 +187,8 @@ The following example shows how to configure `OAuth2PushedAuthorizationRequestAu
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
 				.pushedAuthorizationRequestEndpoint(pushedAuthorizationRequestEndpoint ->
 					pushedAuthorizationRequestEndpoint
@@ -261,12 +245,8 @@ It defines extension points that let you customize the pre-processing, main proc
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
 				.deviceAuthorizationEndpoint(deviceAuthorizationEndpoint ->
                     deviceAuthorizationEndpoint
@@ -313,12 +293,8 @@ It defines extension points that let you customize the pre-processing, main proc
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
 				.deviceVerificationEndpoint(deviceVerificationEndpoint ->
                     deviceVerificationEndpoint
@@ -364,12 +340,8 @@ It defines extension points that let you customize the pre-processing, main proc
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
 				.tokenEndpoint(tokenEndpoint ->
                     tokenEndpoint
@@ -425,12 +397,8 @@ The following example shows how to configure `OAuth2ClientCredentialsAuthenticat
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
 				.tokenEndpoint(tokenEndpoint ->
                     tokenEndpoint
@@ -616,12 +584,8 @@ It defines extension points that let you customize the pre-processing, main proc
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
 				.tokenIntrospectionEndpoint(tokenIntrospectionEndpoint ->
                     tokenIntrospectionEndpoint
@@ -666,12 +630,8 @@ It defines extension points that let you customize the pre-processing, main proc
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
 				.tokenRevocationEndpoint(tokenRevocationEndpoint ->
                     tokenRevocationEndpoint
@@ -716,12 +676,8 @@ It defines an extension point that lets you customize the https://datatracker.ie
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
 				.authorizationServerMetadataEndpoint(authorizationServerMetadataEndpoint ->
                     authorizationServerMetadataEndpoint
@@ -760,12 +716,8 @@ It defines an extension point that lets you customize the https://openid.net/spe
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
                 .oidc(oidc ->
                     oidc
@@ -796,12 +748,8 @@ It defines extension points that let you customize the pre-processing, main proc
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
                 .oidc(oidc ->
                     oidc
@@ -864,12 +812,8 @@ The following example shows how to configure `OidcLogoutAuthenticationProvider`
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
                 .oidc(oidc ->
                     oidc
@@ -919,12 +863,8 @@ It defines extension points that let you customize the pre-processing, main proc
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
                 .oidc(oidc ->
                     oidc
@@ -982,12 +922,8 @@ It defines extension points that let you customize the pre-processing, main proc
 ----
 @Bean
 public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-	OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-			OAuth2AuthorizationServerConfigurer.authorizationServer();
-
 	http
-		.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+		.oauth2AuthorizationServer((authorizationServer) ->
-		.with(authorizationServerConfigurer, (authorizationServer) ->
 			authorizationServer
                 .oidc(oidc ->
                     oidc