5353import java .security .interfaces .RSAPublicKey ;
5454import java .util .UUID ;
5555
56+ import static org .springframework .security .oauth2 .server .authorization .config .annotation .web .configurers .OAuth2AuthorizationServerConfigurer .authorizationServer ;
57+
5658@ Configuration
5759@ EnableWebSecurity
5860public class SecurityConfig {
@@ -61,21 +63,23 @@ public class SecurityConfig {
6163 @ Order (1 )
6264 public SecurityFilterChain authorizationServerSecurityFilterChain (HttpSecurity http )
6365 throws Exception {
64- OAuth2AuthorizationServerConfiguration .applyDefaultSecurity (http );
65- http .getConfigurer (OAuth2AuthorizationServerConfigurer .class )
66- .oidc (Customizer .withDefaults ()); // Enable OpenID Connect 1.0
66+ OAuth2AuthorizationServerConfigurer authzServer = authorizationServer ();
6767 http
68- // Redirect to the login page when not authenticated from the
69- // authorization endpoint
70- .exceptionHandling ((exceptions ) -> exceptions
71- .defaultAuthenticationEntryPointFor (
72- new LoginUrlAuthenticationEntryPoint ("/login" ),
73- new MediaTypeRequestMatcher (MediaType .TEXT_HTML )
74- )
75- )
76- // Accept access tokens for User Info and/or Client Registration
77- .oauth2ResourceServer ((resourceServer ) -> resourceServer
78- .jwt (Customizer .withDefaults ()));
68+ .securityMatcher (authzServer .getEndpointsMatcher ())
69+ .with (authzServer , (authz ) -> authz
70+ .oidc (Customizer .withDefaults ())
71+ )
72+ // Redirect to the login page when not authenticated from the
73+ // authorization endpoint
74+ .exceptionHandling ((exceptions ) -> exceptions
75+ .defaultAuthenticationEntryPointFor (
76+ new LoginUrlAuthenticationEntryPoint ("/login" ),
77+ new MediaTypeRequestMatcher (MediaType .TEXT_HTML )
78+ )
79+ )
80+ // Accept access tokens for User Info and/or Client Registration
81+ .oauth2ResourceServer ((resourceServer ) -> resourceServer
82+ .jwt (Customizer .withDefaults ()));
7983
8084 return http .build ();
8185 }
0 commit comments