Class AuthorizationServerConfiguration
java.lang.Object
org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter
com.broadleafcommerce.auth.user.autoconfigure.AuthorizationServerConfiguration
- All Implemented Interfaces:
org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration
extends org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter
Set up OAuth specific items. Specifically, register known oauth clients and their explicit
redirect url(s). Also, configure conversion of standard OAuth access tokens into JWT tokens.
- Author:
- Jeff Fischer, Samarth Dhruva (samarthd)
-
Constructor Summary
ConstructorDescriptionAuthorizationServerConfiguration
(OAuth2SessionAuthenticationFilter sessionAuthenticationFilter, OAuth2TokenEndpointAuthenticationFilter tokenEndpointAuthenticationFilter, Optional<EmbeddedLoginTokenEndpointAuthenticationFilter> embeddedLoginTokenEndpointAuthenticationFilter, AuthorizedClientService<AuthorizedClient> authorizedClientService, SecurityService securityService, org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter tokenConverter, List<org.springframework.security.oauth2.provider.token.TokenEnhancer> tokenEnhancers, org.springframework.security.oauth2.provider.token.store.JwtTokenStore tokenStore, org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver, TokenProperties properties, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration authenticationConfiguration, ClientIdFilter clientIdFilter, TokenProperties tokenProperties) -
Method Summary
Modifier and TypeMethodDescriptionvoid
configure
(org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer clients) void
configure
(org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer endpoints) void
configure
(org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer security) protected org.springframework.security.oauth2.provider.CompositeTokenGranter
embeddedLoginTokenGranter
(SecurityServiceOAuth2RequestFactory factory, DefaultRotatingTokenServices tokenServices, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, org.springframework.security.oauth2.provider.TokenGranter defaultTokenGranters) Deprecated, for removal: This API element is subject to removal in a future version.protected EmbeddedLoginTokenGranter
getEmbeddedLoginTokenGranter
(SecurityServiceOAuth2RequestFactory factory, org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices tokenServices) protected AuthorizationCodeWithPkceTokenGranter
getPkceTokenGranter
(org.springframework.security.oauth2.provider.code.AuthorizationCodeServices authorizationCodeServices, org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices tokenServices, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, org.springframework.security.oauth2.provider.OAuth2RequestFactory requestFactory) protected org.springframework.security.oauth2.provider.TokenGranter
getTokenGranter
(org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer endpoints, org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices tokenServices, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, SecurityServiceOAuth2RequestFactory factory) Create aCompositeTokenGranter
with anEmbeddedLoginTokenGranter
followed byAuthorizationCodeWithPkceTokenGranter
and the default token granters from theAuthorizationServerEndpointsConfigurer
.tokenServices
(org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer endpoints, org.springframework.security.oauth2.provider.token.TokenEnhancerChain enhancerChain)
-
Constructor Details
-
AuthorizationServerConfiguration
public AuthorizationServerConfiguration(OAuth2SessionAuthenticationFilter sessionAuthenticationFilter, OAuth2TokenEndpointAuthenticationFilter tokenEndpointAuthenticationFilter, Optional<EmbeddedLoginTokenEndpointAuthenticationFilter> embeddedLoginTokenEndpointAuthenticationFilter, AuthorizedClientService<AuthorizedClient> authorizedClientService, SecurityService securityService, org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter tokenConverter, @Nullable List<org.springframework.security.oauth2.provider.token.TokenEnhancer> tokenEnhancers, org.springframework.security.oauth2.provider.token.store.JwtTokenStore tokenStore, org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver, TokenProperties properties, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration authenticationConfiguration, ClientIdFilter clientIdFilter, TokenProperties tokenProperties) throws Exception - Throws:
Exception
-
-
Method Details
-
configure
public void configure(org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer endpoints) - Specified by:
configure
in interfaceorg.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer
- Overrides:
configure
in classorg.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter
-
getTokenGranter
protected org.springframework.security.oauth2.provider.TokenGranter getTokenGranter(org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer endpoints, org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices tokenServices, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, SecurityServiceOAuth2RequestFactory factory) Create aCompositeTokenGranter
with anEmbeddedLoginTokenGranter
followed byAuthorizationCodeWithPkceTokenGranter
and the default token granters from theAuthorizationServerEndpointsConfigurer
. -
getEmbeddedLoginTokenGranter
protected EmbeddedLoginTokenGranter getEmbeddedLoginTokenGranter(SecurityServiceOAuth2RequestFactory factory, org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices tokenServices) -
getPkceTokenGranter
protected AuthorizationCodeWithPkceTokenGranter getPkceTokenGranter(org.springframework.security.oauth2.provider.code.AuthorizationCodeServices authorizationCodeServices, org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices tokenServices, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, org.springframework.security.oauth2.provider.OAuth2RequestFactory requestFactory) -
embeddedLoginTokenGranter
@Deprecated(forRemoval=true, since="1.8.2-GA") protected org.springframework.security.oauth2.provider.CompositeTokenGranter embeddedLoginTokenGranter(SecurityServiceOAuth2RequestFactory factory, DefaultRotatingTokenServices tokenServices, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, org.springframework.security.oauth2.provider.TokenGranter defaultTokenGranters) Deprecated, for removal: This API element is subject to removal in a future version.Create aCompositeTokenGranter
with anEmbeddedLoginTokenGranter
followed by the default token granters from theAuthorizationServerEndpointsConfigurer
. -
tokenServices
@Bean @ConditionalOnMissingBean public DefaultRotatingTokenServices tokenServices(org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer endpoints, org.springframework.security.oauth2.provider.token.TokenEnhancerChain enhancerChain) -
configure
public void configure(org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer clients) throws Exception - Specified by:
configure
in interfaceorg.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer
- Overrides:
configure
in classorg.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter
- Throws:
Exception
-
configure
public void configure(org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer security) - Specified by:
configure
in interfaceorg.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer
- Overrides:
configure
in classorg.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter
-
getTokenGranter(org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer, org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices, org.springframework.security.oauth2.provider.ClientDetailsService, com.broadleafcommerce.auth.security.service.SecurityServiceOAuth2RequestFactory)
.