I am trying to make sense of Spring Authorization Server.
Following various tutorials, and the original documentation, pretty much the first step after configuring dependencies –
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-webflux'
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.springframework.security:spring-security-oauth2-authorization-server:0.2.1'
// other db/test stuff
}
– is to add the @EnableAuthorizationServer annotation to the main class.
Except my IDE (NetBeans) doesn't have a clue, from the imports, what that refers to.
So: what's the import path supposed to be for @EnableAuthorizationServer? (And, logically, is there some other dependency needed that to have it recognised?)
In the new Spring Authorization Server, you don't need the @EnableAuthorizationServer. This annotation is from the old spring-security-oauth module, which is deprecated.
The key is the SecurityFilterChain, which should have a higher precedence, like so:
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
return http.formLogin(Customizer.withDefaults()).build();
}
I recommend you to take a look at the samples in the official repository.