Class ResourceSecurityDsl
java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<ResourceSecurityDsl,org.springframework.security.config.annotation.web.builders.HttpSecurity>
com.broadleafcommerce.oauth2.resource.security.configurers.ResourceSecurityDsl
- All Implemented Interfaces:
org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,
org.springframework.security.config.annotation.web.builders.HttpSecurity>
public class ResourceSecurityDsl
extends org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<ResourceSecurityDsl,org.springframework.security.config.annotation.web.builders.HttpSecurity>
Custom DSL used to initialize the Spring Security configuration with resource server security
compatible with Broadleaf's Authorization Service.
This DSL should be utilized explicitly within a SecurityFilterChain
using
resourceSecurity()
, for example:
@Configuration @EnableWebSecurity public class MyWebSecurity { @Bean public SecurityFilterChain mySecurityFilterChain(HttpSecurity http) throws Exception { http.apply(resourceSecurity()); http.authorizeHttpRequests(authorize -> authorize .requestMatchers("/secured").authenticated() .requestMatchers("/**").permitAll()); return http.build(); } }
This DSL makes use of HttpSecurity.oauth2ResourceServer(Customizer)
under the covers to
configure the resource security. This configuration can be modified to extend or override the
out-of-box configuration provided by this DSL, for example:
@Configuration @EnableWebSecurity public class MyWebSecurity { @Bean public SecurityFilterChain mySecurityFilterChain(HttpSecurity http) throws Exception { http.apply(resourceSecurity()); http.oauth2ResourceServer(oauth2 -> oauth2 .jwt(jwt -> jwt .decoder(new MySpecialJwtDecoder()))); return http.build(); } }
An alternative extension pattern one can use it to simply register a `JwtDecoder` bean. If registered, this bean will be used instead of the default JWT decoder, for example:
@Configuration @EnableWebSecurity public class MyWebSecurity { @Bean public SecurityFilterChain mySecurityFilterChain(HttpSecurity http) throws Exception { http.apply(resourceSecurity()); return http.build(); } @Bean public JwtDecoder mySpecialJwtDecoder() { return new MySpecialJwtDecoder(); } @Bean public OAuth2TokenValidatormySpecialJwtValidator() { return new MySpecialJwtValidator(); } @Bean public Converter<Jwt, BearerTokenAuthentication> mySpecialAuthenticationConverter() { return new MySpecialJwtAuthenticationConverter(); } }
- Author:
- Nick Crum (ncrum)
-
Method Summary
Modifier and TypeMethodDescriptionvoid
init
(org.springframework.security.config.annotation.web.builders.HttpSecurity http) static ResourceSecurityDsl
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, getSecurityContextHolderStrategy, withObjectPostProcessor
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, configure, getBuilder, postProcess, setBuilder
-
Method Details
-
resourceSecurity
-
init
public void init(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception - Specified by:
init
in interfaceorg.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,
org.springframework.security.config.annotation.web.builders.HttpSecurity> - Overrides:
init
in classorg.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,
org.springframework.security.config.annotation.web.builders.HttpSecurity> - Throws:
Exception
-