Class SpringAuthorizationServerComponentsConfiguration
java.lang.Object
com.broadleafcommerce.auth.authorization.security.autoconfigure.SpringAuthorizationServerComponentsConfiguration
@Configuration(proxyBeanMethods=false)
public class SpringAuthorizationServerComponentsConfiguration
extends Object
Configuration for components related to Spring Authorization Server. This is engaged by
SecurityAutoConfiguration.SpringAuthorizationServerSecurityConfiguration
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
Setup components for dealing withOAuth2Authorization
persistence. -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionauthorizationServerAuthenticationFilterConfigurationCustomizer
(OAuth2SessionAuthenticationFilter oAuth2SessionAuthenticationFilter) org.springframework.security.web.SecurityFilterChain
authorizationServerSecurityFilterChain
(org.springframework.security.config.annotation.web.builders.HttpSecurity http, org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer oAuth2AuthorizationServerConfigurer, List<EarlyAuthorizationServerSecurityChainCustomizer> earlyAuthorizationServerSecurityCustomizers, List<LateAuthorizationServerSecurityChainCustomizer> lateAuthorizationServerSecurityCustomizers, org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint, org.springframework.security.web.savedrequest.RequestCache requestCache, ClientIdFilter clientIdFilter, DefaultOAuth2ParamFilter oauth2ParamFilter, AuthorizationServerTokenGeneratorConfigurationCustomizer authorizationServerTokenGeneratorConfigurationCustomizer, AuthorizationServerAuthenticationFilterConfigurationCustomizer authorizationServerAuthenticationFilterConfigurationCustomizer, OAuth2AuthorizationServerConfigurerCustomizer oAuth2AuthorizationServerConfigurerCustomizer) This security filter chain is intentionally separate and only applies for the 'protocol endpoints' that Spring Authorization Server deals with.org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings
org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer
oAuth2AuthorizationServerConfigurerCustomizer
(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService authorizationService, SecurityService securityService, org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository registeredClientRepository, DefaultClientScopeAuthorizationCodeRequestConverter defaultClientScopeAuthorizationCodeRequestConverter, DefaultClientScopeClientCredentialsRequestConverter defaultClientScopeClientCredentialsRequestConverter, Consumer<org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationContext> oAuth2AuthorizationCodeRequestAuthenticationValidator, TokenProperties tokenProperties, EmbeddedLoginProperties embeddedLoginProperties, EmbeddedLoginCodeAuthenticationConverter embeddedLoginCodeAuthenticationConverter, PasscodeService<PasswordToken, User> passcodeService, OAuth2UserDetailsService userDetailsService, UserService<User> userService, PublicRefreshPublicClientAuthenticationConverter authenticationConverter) org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository
registeredClientRepository
(AuthorizedClientService<AuthorizedClient> authorizedClientService)
-
Constructor Details
-
SpringAuthorizationServerComponentsConfiguration
public SpringAuthorizationServerComponentsConfiguration()
-
-
Method Details
-
authorizationServerSecurityFilterChain
@Bean("authorizationServerSecurityFilterChain") @ConditionalOnMissingBean(name="authorizationServerSecurityFilterChain") @Order(-2147473648) public org.springframework.security.web.SecurityFilterChain authorizationServerSecurityFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http, @Qualifier("oAuth2AuthorizationServerConfigurer") org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer oAuth2AuthorizationServerConfigurer, @Autowired(required=false) @Nullable List<EarlyAuthorizationServerSecurityChainCustomizer> earlyAuthorizationServerSecurityCustomizers, @Autowired(required=false) @Nullable List<LateAuthorizationServerSecurityChainCustomizer> lateAuthorizationServerSecurityCustomizers, org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint, org.springframework.security.web.savedrequest.RequestCache requestCache, ClientIdFilter clientIdFilter, DefaultOAuth2ParamFilter oauth2ParamFilter, AuthorizationServerTokenGeneratorConfigurationCustomizer authorizationServerTokenGeneratorConfigurationCustomizer, AuthorizationServerAuthenticationFilterConfigurationCustomizer authorizationServerAuthenticationFilterConfigurationCustomizer, OAuth2AuthorizationServerConfigurerCustomizer oAuth2AuthorizationServerConfigurerCustomizer) throws Exception This security filter chain is intentionally separate and only applies for the 'protocol endpoints' that Spring Authorization Server deals with.This applies to a very narrow, targeted set of paths, so we assign the bean a higher precedence.
See
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(HttpSecurity)
for reference on some of the configuration here.- Parameters:
http
- the security filter chain builder- Returns:
- a security filter chain engaging Spring Authorization Server support
- Throws:
Exception
- if something fails- See Also:
-
authorizationServerAuthenticationFilterConfigurationCustomizer
@Bean @ConditionalOnMissingBean public AuthorizationServerAuthenticationFilterConfigurationCustomizer authorizationServerAuthenticationFilterConfigurationCustomizer(OAuth2SessionAuthenticationFilter oAuth2SessionAuthenticationFilter) -
registeredClientRepository
@Bean @ConditionalOnMissingBean public org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository registeredClientRepository(AuthorizedClientService<AuthorizedClient> authorizedClientService) -
authorizationServerSettings
@Bean @ConditionalOnMissingBean public org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings authorizationServerSettings() -
oAuth2AuthorizationCodeRequestAuthenticationValidator
@Bean(name="oAuth2AuthorizationCodeRequestAuthenticationValidator") @ConditionalOnMissingBean(name="oAuth2AuthorizationCodeRequestAuthenticationValidator") public DefaultOAuth2AuthorizationCodeRequestAuthenticationValidator oAuth2AuthorizationCodeRequestAuthenticationValidator() -
authorizationServerTokenGeneratorConfigurationCustomizer
@Bean @ConditionalOnMissingBean public AuthorizationServerTokenGeneratorConfigurationCustomizer authorizationServerTokenGeneratorConfigurationCustomizer() -
publicRefreshPublicClientAuthenticationConverter
@Bean @ConditionalOnMissingBean protected PublicRefreshPublicClientAuthenticationConverter publicRefreshPublicClientAuthenticationConverter() -
oAuth2AuthorizationServerConfigurer
@Bean(name="oAuth2AuthorizationServerConfigurer") @ConditionalOnMissingBean(name="oAuth2AuthorizationServerConfigurer") public org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer oAuth2AuthorizationServerConfigurer() -
oAuth2AuthorizationServerConfigurerCustomizer
@Bean @ConditionalOnMissingBean public OAuth2AuthorizationServerConfigurerCustomizer oAuth2AuthorizationServerConfigurerCustomizer(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService authorizationService, SecurityService securityService, org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository registeredClientRepository, DefaultClientScopeAuthorizationCodeRequestConverter defaultClientScopeAuthorizationCodeRequestConverter, DefaultClientScopeClientCredentialsRequestConverter defaultClientScopeClientCredentialsRequestConverter, @Qualifier("oAuth2AuthorizationCodeRequestAuthenticationValidator") Consumer<org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationContext> oAuth2AuthorizationCodeRequestAuthenticationValidator, TokenProperties tokenProperties, @Nullable EmbeddedLoginProperties embeddedLoginProperties, @Nullable EmbeddedLoginCodeAuthenticationConverter embeddedLoginCodeAuthenticationConverter, PasscodeService<PasswordToken, User> passcodeService, OAuth2UserDetailsService userDetailsService, UserService<User> userService, PublicRefreshPublicClientAuthenticationConverter authenticationConverter)
-