Examples with OAuth2ResourceServerConfigurer org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer used on opensource projects

Search in sources :

Example 1 with OAuth2ResourceServerConfigurer

use of org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer in project okta-spring-boot by okta.

the class OktaOAuth2Configurer method init.

@SuppressWarnings("rawtypes")
@Override
public void init(HttpSecurity http) throws Exception {
    ApplicationContext context = http.getSharedObject(ApplicationContext.class);
    // make sure OktaOAuth2Properties are available
    if (!context.getBeansOfType(OktaOAuth2Properties.class).isEmpty()) {
        OktaOAuth2Properties oktaOAuth2Properties = context.getBean(OktaOAuth2Properties.class);
        // Auth Code Flow Config
        // if OAuth2ClientProperties bean is not available do NOT configure
        OAuth2ClientProperties.Provider propertiesProvider;
        OAuth2ClientProperties.Registration propertiesRegistration;
        if (!context.getBeansOfType(OAuth2ClientProperties.class).isEmpty() && (propertiesProvider = context.getBean(OAuth2ClientProperties.class).getProvider().get("okta")) != null && (propertiesRegistration = context.getBean(OAuth2ClientProperties.class).getRegistration().get("okta")) != null && !isEmpty(propertiesProvider.getIssuerUri()) && !isEmpty(propertiesRegistration.getClientId())) {
            // configure Okta user services
            configureLogin(http, oktaOAuth2Properties, context.getBean(Environment.class));
            // check for RP-Initiated logout
            if (!context.getBeansOfType(OidcClientInitiatedLogoutSuccessHandler.class).isEmpty()) {
                http.logout().logoutSuccessHandler(context.getBean(OidcClientInitiatedLogoutSuccessHandler.class));
            }
            // if issuer is root org, use opaque token validation
            if (TokenUtil.isRootOrgIssuer(propertiesProvider.getIssuerUri())) {
                log.debug("Opaque Token validation/introspection will be configured.");
                configureResourceServerForOpaqueTokenValidation(http, oktaOAuth2Properties);
                return;
            }
            OAuth2ResourceServerConfigurer oAuth2ResourceServerConfigurer = http.getConfigurer(OAuth2ResourceServerConfigurer.class);
            if (getJwtConfigurer(oAuth2ResourceServerConfigurer).isPresent()) {
                log.debug("JWT configurer is set in OAuth resource server configuration. " + "JWT validation will be configured.");
                configureResourceServerForJwtValidation(http, oktaOAuth2Properties);
            } else if (getOpaqueTokenConfigurer(oAuth2ResourceServerConfigurer).isPresent()) {
                log.debug("Opaque Token configurer is set in OAuth resource server configuration. " + "Opaque Token validation/introspection will be configured.");
                configureResourceServerForOpaqueTokenValidation(http, oktaOAuth2Properties);
            } else {
                log.debug("OAuth2ResourceServerConfigurer bean not configured, Resource Server support will not be enabled.");
            }
        } else {
            log.debug("OAuth/OIDC Login not configured due to missing issuer, client-id, or client-secret property");
        }
    }
}
Also used : ApplicationContext(org.springframework.context.ApplicationContext) OidcClientInitiatedLogoutSuccessHandler(org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler) OAuth2ResourceServerConfigurer(org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer) Environment(org.springframework.core.env.Environment) OktaOAuth2Properties(com.okta.spring.boot.oauth.config.OktaOAuth2Properties) OAuth2ClientProperties(org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties)

Example 2 with OAuth2ResourceServerConfigurer

use of org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer in project custom-spring-authorization-server by andifalk.

the class AuthorizationServerConfig method authorizationServerSecurityFilterChain.

/*
     * Security config for all authz server endpoints.
     */
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
    OAuth2AuthorizationServerConfigurer<HttpSecurity> authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer<>();
    RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
    authorizationServerConfigurer.oidc(oidcConfigurer -> oidcConfigurer.userInfoEndpoint(oidcUserInfoEndpointConfigurer -> oidcUserInfoEndpointConfigurer.userInfoMapper(ac -> {
        Map<String, Object> claims = new HashMap<>();
        JwtAuthenticationToken jwtAuthenticationToken = (JwtAuthenticationToken) ac.getAuthentication().getPrincipal();
        claims.put("sub", jwtAuthenticationToken.getToken().getSubject());
        claims.put("name", jwtAuthenticationToken.getToken().getClaim("given_name") + " " + jwtAuthenticationToken.getToken().getClaim("family_name"));
        claims.put("family_name", jwtAuthenticationToken.getToken().getClaim("family_name"));
        claims.put("given_name", jwtAuthenticationToken.getToken().getClaim("given_name"));
        claims.put("email", jwtAuthenticationToken.getToken().getClaim("email"));
        claims.put("roles", jwtAuthenticationToken.getToken().getClaim("roles"));
        return new OidcUserInfo(claims);
    })));
    http.requestMatcher(endpointsMatcher).authorizeRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated()).csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher)).apply(authorizationServerConfigurer);
    http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
    return http.formLogin(Customizer.withDefaults()).build();
}
Also used : SecurityContext(com.nimbusds.jose.proc.SecurityContext) Ordered(org.springframework.core.Ordered) OAuth2AuthorizationServerConfigurer(org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer) RegisteredClientRepository(org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository) LoggerFactory(org.slf4j.LoggerFactory) JdbcRegisteredClientRepository(org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository) JWKSet(com.nimbusds.jose.jwk.JWKSet) HashMap(java.util.HashMap) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) TokenSettings(org.springframework.security.oauth2.server.authorization.config.TokenSettings) JdbcTemplate(org.springframework.jdbc.core.JdbcTemplate) ClientAuthenticationMethod(org.springframework.security.oauth2.core.ClientAuthenticationMethod) Map(java.util.Map) EmbeddedDatabaseBuilder(org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseBuilder) OidcScopes(org.springframework.security.oauth2.core.oidc.OidcScopes) OAuth2ResourceServerConfigurer(org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer) EmbeddedDatabase(org.springframework.jdbc.datasource.embedded.EmbeddedDatabase) OidcUserInfo(org.springframework.security.oauth2.core.oidc.OidcUserInfo) ClientSettings(org.springframework.security.oauth2.server.authorization.config.ClientSettings) User(com.example.spring.authorizationserver.user.User) ProviderSettings(org.springframework.security.oauth2.server.authorization.config.ProviderSettings) JwtAuthenticationToken(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken) Order(org.springframework.core.annotation.Order) JWKSource(com.nimbusds.jose.jwk.source.JWKSource) Logger(org.slf4j.Logger) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Customizer(org.springframework.security.config.Customizer) Jwks(com.example.spring.authorizationserver.jose.Jwks) UUID(java.util.UUID) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) Configuration(org.springframework.context.annotation.Configuration) org.springframework.security.oauth2.server.authorization(org.springframework.security.oauth2.server.authorization) List(java.util.List) EmbeddedDatabaseType(org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseType) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) RSAKey(com.nimbusds.jose.jwk.RSAKey) OAuth2TokenType(org.springframework.security.oauth2.core.OAuth2TokenType) Bean(org.springframework.context.annotation.Bean) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) OAuth2TokenFormat(org.springframework.security.oauth2.core.OAuth2TokenFormat) AuthorizationGrantType(org.springframework.security.oauth2.core.AuthorizationGrantType) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) OAuth2AuthorizationServerConfigurer(org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer) JwtAuthenticationToken(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) HashMap(java.util.HashMap) OAuth2ResourceServerConfigurer(org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer) OidcUserInfo(org.springframework.security.oauth2.core.oidc.OidcUserInfo) Order(org.springframework.core.annotation.Order) Bean(org.springframework.context.annotation.Bean)

Aggregations

OAuth2ResourceServerConfigurer (org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer)2 Jwks (com.example.spring.authorizationserver.jose.Jwks)1 User (com.example.spring.authorizationserver.user.User)1 JWKSet (com.nimbusds.jose.jwk.JWKSet)1 RSAKey (com.nimbusds.jose.jwk.RSAKey)1 JWKSource (com.nimbusds.jose.jwk.source.JWKSource)1 SecurityContext (com.nimbusds.jose.proc.SecurityContext)1 OktaOAuth2Properties (com.okta.spring.boot.oauth.config.OktaOAuth2Properties)1 HashMap (java.util.HashMap)1 List (java.util.List)1 Map (java.util.Map)1 UUID (java.util.UUID)1 Logger (org.slf4j.Logger)1 LoggerFactory (org.slf4j.LoggerFactory)1 OAuth2ClientProperties (org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties)1 ApplicationContext (org.springframework.context.ApplicationContext)1 Bean (org.springframework.context.annotation.Bean)1 Configuration (org.springframework.context.annotation.Configuration)1 Ordered (org.springframework.core.Ordered)1 Order (org.springframework.core.annotation.Order)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial