Remove usage of WebSecurityConfigurerAdapter

Switch to expose a SecurityFilterChain Bean

Closes gh-52
This commit is contained in:
Marcus Da Coregio
2021-12-10 09:53:33 -03:00
parent 0bf72c4580
commit c7ee163bdc
11 changed files with 109 additions and 111 deletions

View File

@@ -19,37 +19,36 @@ import java.security.interfaces.RSAPublicKey;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.web.SecurityFilterChain;
/**
* OAuth2 Resource Server Configuration.
*
* @author Josh Cummings
*/
@EnableWebSecurity
public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Configuration
public class OAuth2ResourceServerSecurityConfiguration {
@Value("${spring.security.oauth2.resourceserver.jwt.key-value}")
RSAPublicKey key;
@Override
protected void configure(HttpSecurity http) throws Exception {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests((requests) -> requests
.mvcMatchers("/message/**").hasAuthority("SCOPE_message:read")
.anyRequest().authenticated()
)
.oauth2ResourceServer((resourceServer) -> resourceServer
.jwt((jwt) -> jwt
.decoder(jwtDecoder())
)
);
.authorizeHttpRequests((authorize) -> authorize
.mvcMatchers("/message/**").hasAuthority("SCOPE_message:read")
.anyRequest().authenticated()
)
.oauth2ResourceServer((oauth2) -> oauth2
.jwt((jwt) -> jwt.decoder(jwtDecoder()))
);
// @formatter:on
return http.build();
}
@Bean