Class ResourceSecurityDsl
java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<ResourceSecurityDsl,org.springframework.security.config.annotation.web.builders.HttpSecurity>
com.broadleafcommerce.oauth2.resource.security.configurers.ResourceSecurityDsl
- All Implemented Interfaces:
org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,org.springframework.security.config.annotation.web.builders.HttpSecurity>
public class ResourceSecurityDsl
extends org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<ResourceSecurityDsl,org.springframework.security.config.annotation.web.builders.HttpSecurity>
Custom DSL used to initialize the Spring Security configuration with resource server security
compatible with Broadleaf's Authorization Service.
This DSL should be utilized explicitly within a SecurityFilterChain using
resourceSecurity(), for example:
@Configuration
@EnableWebSecurity
public class MyWebSecurity {
@Bean
public SecurityFilterChain mySecurityFilterChain(HttpSecurity http) throws Exception {
http.apply(resourceSecurity());
http.authorizeHttpRequests(authorize -> authorize
.requestMatchers("/secured").authenticated()
.requestMatchers("/**").permitAll());
return http.build();
}
}
This DSL makes use of HttpSecurity.oauth2ResourceServer(Customizer) under the covers to
configure the resource security. This configuration can be modified to extend or override the
out-of-box configuration provided by this DSL, for example:
@Configuration
@EnableWebSecurity
public class MyWebSecurity {
@Bean
public SecurityFilterChain mySecurityFilterChain(HttpSecurity http) throws Exception {
http.apply(resourceSecurity());
http.oauth2ResourceServer(oauth2 -> oauth2
.jwt(jwt -> jwt
.decoder(new MySpecialJwtDecoder())));
return http.build();
}
}
An alternative extension pattern one can use it to simply register a `JwtDecoder` bean. If registered, this bean will be used instead of the default JWT decoder, for example:
@Configuration
@EnableWebSecurity
public class MyWebSecurity {
@Bean
public SecurityFilterChain mySecurityFilterChain(HttpSecurity http) throws Exception {
http.apply(resourceSecurity());
return http.build();
}
@Bean
public JwtDecoder mySpecialJwtDecoder() {
return new MySpecialJwtDecoder();
}
@Bean
public OAuth2TokenValidator mySpecialJwtValidator() {
return new MySpecialJwtValidator();
}
@Bean
public Converter<Jwt, BearerTokenAuthentication> mySpecialAuthenticationConverter() {
return new MySpecialJwtAuthenticationConverter();
}
}
- Author:
- Nick Crum (ncrum)
-
Method Summary
Modifier and TypeMethodDescriptionvoidinit(org.springframework.security.config.annotation.web.builders.HttpSecurity http) static ResourceSecurityDslMethods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, getSecurityContextHolderStrategy, withObjectPostProcessorMethods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, configure, getBuilder, postProcess, setBuilder
-
Method Details
-
resourceSecurity
-
init
public void init(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception - Specified by:
initin interfaceorg.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,org.springframework.security.config.annotation.web.builders.HttpSecurity> - Overrides:
initin classorg.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,org.springframework.security.config.annotation.web.builders.HttpSecurity> - Throws:
Exception
-