Package com.broadleafcommerce.auth.authorization.security.autoconfigure

Class SpringAuthorizationServerComponentsConfiguration

java.lang.Object

com.broadleafcommerce.auth.authorization.security.autoconfigure.SpringAuthorizationServerComponentsConfiguration

@Configuration(proxyBeanMethods=false)
public class SpringAuthorizationServerComponentsConfiguration
extends Object

Configuration for components related to Spring Authorization Server. This is engaged by SecurityAutoConfiguration.SpringAuthorizationServerSecurityConfiguration

See Also:

• SecurityAutoConfiguration.SpringAuthorizationServerSecurityConfiguration

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	SpringAuthorizationServerComponentsConfiguration.OAuth2AuthorizationConfiguration	Setup components for dealing with OAuth2Authorization persistence.

Constructor Summary

Constructors

Constructor	Description
SpringAuthorizationServerComponentsConfiguration()

Method Summary

Modifier and Type	Method	Description
AuthorizationServerAuthenticationFilterConfigurationCustomizer	authorizationServerAuthenticationFilterConfigurationCustomizer(OAuth2SessionAuthenticationFilter oAuth2SessionAuthenticationFilter)
org.springframework.security.web.SecurityFilterChain	authorizationServerSecurityFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http, org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer oAuth2AuthorizationServerConfigurer, List<EarlyAuthorizationServerSecurityChainCustomizer> earlyAuthorizationServerSecurityCustomizers, List<LateAuthorizationServerSecurityChainCustomizer> lateAuthorizationServerSecurityCustomizers, org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint, org.springframework.security.web.savedrequest.RequestCache requestCache, ClientIdFilter clientIdFilter, DefaultOAuth2ParamFilter oauth2ParamFilter, AuthorizationServerTokenGeneratorConfigurationCustomizer authorizationServerTokenGeneratorConfigurationCustomizer, AuthorizationServerAuthenticationFilterConfigurationCustomizer authorizationServerAuthenticationFilterConfigurationCustomizer, OAuth2AuthorizationServerConfigurerCustomizer oAuth2AuthorizationServerConfigurerCustomizer)	This security filter chain is intentionally separate and only applies for the 'protocol endpoints' that Spring Authorization Server deals with.
org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings	authorizationServerSettings()
AuthorizationServerTokenGeneratorConfigurationCustomizer	authorizationServerTokenGeneratorConfigurationCustomizer()
DefaultOAuth2AuthorizationCodeRequestAuthenticationValidator	oAuth2AuthorizationCodeRequestAuthenticationValidator()
org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer	oAuth2AuthorizationServerConfigurer()
OAuth2AuthorizationServerConfigurerCustomizer	oAuth2AuthorizationServerConfigurerCustomizer(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService authorizationService, SecurityService securityService, org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository registeredClientRepository, DefaultClientScopeAuthorizationCodeRequestConverter defaultClientScopeAuthorizationCodeRequestConverter, DefaultClientScopeClientCredentialsRequestConverter defaultClientScopeClientCredentialsRequestConverter, Consumer<org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationContext> oAuth2AuthorizationCodeRequestAuthenticationValidator, TokenProperties tokenProperties, EmbeddedLoginProperties embeddedLoginProperties, EmbeddedLoginCodeAuthenticationConverter embeddedLoginCodeAuthenticationConverter, PasscodeService<PasswordToken,User> passcodeService, OAuth2UserDetailsService userDetailsService, UserService<User> userService, PublicRefreshPublicClientAuthenticationConverter authenticationConverter)
protected PublicRefreshPublicClientAuthenticationConverter	publicRefreshPublicClientAuthenticationConverter()
org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository	registeredClientRepository(AuthorizedClientService<AuthorizedClient> authorizedClientService)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SpringAuthorizationServerComponentsConfiguration

public SpringAuthorizationServerComponentsConfiguration()

Method Details

authorizationServerSecurityFilterChain

@Bean("authorizationServerSecurityFilterChain")
@ConditionalOnMissingBean(name="authorizationServerSecurityFilterChain")
@Order(-2147473648)
public org.springframework.security.web.SecurityFilterChain authorizationServerSecurityFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http,
 @Qualifier("oAuth2AuthorizationServerConfigurer")
 org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer oAuth2AuthorizationServerConfigurer,
 @Autowired(required=false) @Nullable
 List<EarlyAuthorizationServerSecurityChainCustomizer> earlyAuthorizationServerSecurityCustomizers,
 @Autowired(required=false) @Nullable
 List<LateAuthorizationServerSecurityChainCustomizer> lateAuthorizationServerSecurityCustomizers,
 org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint,
 org.springframework.security.web.savedrequest.RequestCache requestCache,
 ClientIdFilter clientIdFilter,
 DefaultOAuth2ParamFilter oauth2ParamFilter,
 AuthorizationServerTokenGeneratorConfigurationCustomizer authorizationServerTokenGeneratorConfigurationCustomizer,
 AuthorizationServerAuthenticationFilterConfigurationCustomizer authorizationServerAuthenticationFilterConfigurationCustomizer,
 OAuth2AuthorizationServerConfigurerCustomizer oAuth2AuthorizationServerConfigurerCustomizer)
                                                                                            throws Exception

This security filter chain is intentionally separate and only applies for the 'protocol endpoints' that Spring Authorization Server deals with.

This applies to a very narrow, targeted set of paths, so we assign the bean a higher precedence.

See OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(HttpSecurity) for reference on some of the configuration here.

Parameters:

http - the security filter chain builder

Returns:

a security filter chain engaging Spring Authorization Server support

Throws:

Exception - if something fails

See Also:

• EarlyAuthorizationServerSecurityChainCustomizer
• LateAuthorizationServerSecurityChainCustomizer

authorizationServerAuthenticationFilterConfigurationCustomizer

@Bean
@ConditionalOnMissingBean
public AuthorizationServerAuthenticationFilterConfigurationCustomizer authorizationServerAuthenticationFilterConfigurationCustomizer(OAuth2SessionAuthenticationFilter oAuth2SessionAuthenticationFilter)

registeredClientRepository

@Bean
@ConditionalOnMissingBean
public org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository registeredClientRepository(AuthorizedClientService<AuthorizedClient> authorizedClientService)

authorizationServerSettings

@Bean
@ConditionalOnMissingBean
public org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings authorizationServerSettings()

oAuth2AuthorizationCodeRequestAuthenticationValidator

@Bean(name="oAuth2AuthorizationCodeRequestAuthenticationValidator")
@ConditionalOnMissingBean(name="oAuth2AuthorizationCodeRequestAuthenticationValidator")
public DefaultOAuth2AuthorizationCodeRequestAuthenticationValidator oAuth2AuthorizationCodeRequestAuthenticationValidator()

authorizationServerTokenGeneratorConfigurationCustomizer

@Bean
@ConditionalOnMissingBean
public AuthorizationServerTokenGeneratorConfigurationCustomizer authorizationServerTokenGeneratorConfigurationCustomizer()

publicRefreshPublicClientAuthenticationConverter

@Bean
@ConditionalOnMissingBean
protected PublicRefreshPublicClientAuthenticationConverter publicRefreshPublicClientAuthenticationConverter()

oAuth2AuthorizationServerConfigurer

@Bean(name="oAuth2AuthorizationServerConfigurer")
@ConditionalOnMissingBean(name="oAuth2AuthorizationServerConfigurer")
public org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer oAuth2AuthorizationServerConfigurer()

oAuth2AuthorizationServerConfigurerCustomizer

@Bean
@ConditionalOnMissingBean
public OAuth2AuthorizationServerConfigurerCustomizer oAuth2AuthorizationServerConfigurerCustomizer(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService authorizationService,
 SecurityService securityService,
 org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository registeredClientRepository,
 DefaultClientScopeAuthorizationCodeRequestConverter defaultClientScopeAuthorizationCodeRequestConverter,
 DefaultClientScopeClientCredentialsRequestConverter defaultClientScopeClientCredentialsRequestConverter,
 @Qualifier("oAuth2AuthorizationCodeRequestAuthenticationValidator")
 Consumer<org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationContext> oAuth2AuthorizationCodeRequestAuthenticationValidator,
 TokenProperties tokenProperties,
 @Nullable
 EmbeddedLoginProperties embeddedLoginProperties,
 @Nullable
 EmbeddedLoginCodeAuthenticationConverter embeddedLoginCodeAuthenticationConverter,
 PasscodeService<PasswordToken,User> passcodeService,
 OAuth2UserDetailsService userDetailsService,
 UserService<User> userService,
 PublicRefreshPublicClientAuthenticationConverter authenticationConverter)