spring-securityspring-authorization-server
How to remove usage of http.apply(new OAuth2AuthorizationServerConfigurer())?
As per the documentation for customizing the configuration. Following can be used:
@Bean
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
new OAuth2AuthorizationServerConfigurer();
http.apply(authorizationServerConfigurer);
authorizationServerConfigurer
.registeredClientRepository(registeredClientRepository)
But http.apply() is deprecated (Spring security v6.2) and hence cannot be used. The document is also not updated. How to use http.apply() in such a scenario?
Solution
The example code in the Getting Started section of the Spring Authorization Server documentation invokes:
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
The operations performed by this method includes the effect of:
OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
new OAuth2AuthorizationServerConfigurer();
http.apply(authorizationServerConfigurer);
Your security filter chain can invoke the getConfigurer method to get the OAuth2AuthorizationServerConfigurer instance to configure the authorization server:
http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
.registeredClientRepository(registeredClientRepository)
- How to read value of SAML attribute received from the IdP?
- Spring Boot keeps asking for login credentials
- The type org.springframework.security.authentication.AuthenticationManager cannot be resolved. It is indirectly referenced from required .class files
- Springboot not triggering custom authentication for my loaduserbyusername method
- Spring Security form don't want to login
- Update spring-boot 3.4.1 Spring Security Error: A filter chain that matches any request has already been configured
- Spring security JWT without OAuth
- Modify Cas overlay 7.1.3 to add custom RestController
- Configuring SAML2: Bypassing 'InResponseTo' Validation While Retaining Default Settings in OpenSaml4AuthenticationProvider
- Callback github URI with Oauth2 and Spring Boot 3.4.0 not found after authentication
- spring oauth client (v6.4.2): does not redirect to oauth-server
- use spring-boot-starter-oauth2-client to pass the token to Spring Framework release 6 HttpInterface @HttpExchange @GetExchange
- Spring-websockets : Spring security authorization not working inside websockets
- How to Route Spring Cloud Gateway with Spring Authorization Server Downstream
- Can't use Google Login in Spring Security
- How to resolve CORS issue without using Spring Security
- How to write unit test for SecurityConfig for spring security
- Issue sending grant_type with spring-boot-starter-oauth2-client and RestClient
- Spring Security - redirecting to another .html page
- How to generate and pass CSRF token for a route in spring cloud gateway with Spring Security
- How to write custom Spring Security PreAuthorize annotation
- Why I received an Error 403 with MockMvc and JUnit?
- Spring - Exposing public endpoints when using JWT authorization server with WebFlux
- How do I implement token based authentication on a spring webflux api?
- Postman unable access post api in Spring boot ( permitAll() not working in spring-security)
- Configuring spring-boot-starter-oauth2-client to authenticate with Azure AD
- Replacing default RememberMeAuthenticationProvider added by spring-security
- Disable SpringSecurity's SavedRequest storing logic
- Can't set custom values in server metadata in spring oauth authentication sever
- Error while using a RSA keys with Springboot and JJWT