From a02614e82ef6581add1133ec773297c023945971 Mon Sep 17 00:00:00 2001 From: ch4mpy Date: Sat, 10 Feb 2024 02:50:09 -1000 Subject: [PATCH] conditional OAuth2AuthorizedClientBeans --- .../src/main/resources/application.yml | 17 ++------ ...OAuth2RegistrationPropertiesCondition.java | 8 ++++ ...n.java => HasPropertyPrefixCondition.java} | 11 +++-- ...nEdpointParametersPropertiesCondition.java | 8 ++++ ...Auth2AuthorizedClientManagerCondition.java | 2 + ...uth2AuthorizedClientProviderCondition.java | 2 + ...Auth2AuthorizedClientManagerCondition.java | 2 + ...uth2AuthorizedClientProviderCondition.java | 2 + ...ringAddonsOAuth2AuthorizedClientBeans.java | 43 ++++++++++--------- ...veSpringAddonsOidcResourceServerBeans.java | 6 +++ ...ctiveJwtAuthenticationManagerResolver.java | 3 +- ...ringAddonsOAuth2AuthorizedClientBeans.java | 42 +++++++++--------- .../SpringAddonsOidcResourceServerBeans.java | 10 ++++- 13 files changed, 94 insertions(+), 62 deletions(-) create mode 100644 spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/HasOAuth2RegistrationPropertiesCondition.java rename spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/{bean/HasOAuth2RegistrationPropertiesCondition.java => HasPropertyPrefixCondition.java} (85%) create mode 100644 spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/HasTokenEdpointParametersPropertiesCondition.java diff --git a/samples/tutorials/resource-server_with_ui/src/main/resources/application.yml b/samples/tutorials/resource-server_with_ui/src/main/resources/application.yml index 41d038525..cd8a220ba 100644 --- a/samples/tutorials/resource-server_with_ui/src/main/resources/application.yml +++ b/samples/tutorials/resource-server_with_ui/src/main/resources/application.yml @@ -34,8 +34,6 @@ spring: provider: keycloak: issuer-uri: ${keycloak-issuer} - cognito: - issuer-uri: ${cognito-issuer} auth0: issuer-uri: ${auth0-issuer} registration: @@ -52,13 +50,6 @@ spring: client-secret: ${keycloak-secret} provider: keycloak scope: openid,offline_access - cognito-confidential-user: - authorization-grant-type: authorization_code - client-name: Amazon Cognito - client-id: 12olioff63qklfe9nio746es9f - client-secret: ${cognito-secret} - provider: cognito - scope: openid,profile,email auth0-confidential-user: authorization-grant-type: authorization_code client-name: Auth0 @@ -77,10 +68,6 @@ com: authorities: - path: $.realm_access.roles - path: $.resource_access.*.roles - - iss: ${cognito-issuer} - username-claim: $.username - authorities: - - path: $.cognito:groups - iss: ${auth0-issuer} aud: demo.c4-soft.com username-claim: $['https://c4-soft.com/user']['name'] @@ -127,6 +114,10 @@ com: auth0-confidential-user: - name: audience value: demo.c4-soft.com + token-request-params: + auth0-confidential-user: + - name: audience + value: demo.c4-soft.com logging: level: diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/HasOAuth2RegistrationPropertiesCondition.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/HasOAuth2RegistrationPropertiesCondition.java new file mode 100644 index 000000000..6a32f5184 --- /dev/null +++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/HasOAuth2RegistrationPropertiesCondition.java @@ -0,0 +1,8 @@ +package com.c4_soft.springaddons.security.oidc.starter.properties.condition; + +public class HasOAuth2RegistrationPropertiesCondition extends HasPropertyPrefixCondition { + + public HasOAuth2RegistrationPropertiesCondition() { + super("spring.security.oauth2.client.registration"); + } +} diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/HasOAuth2RegistrationPropertiesCondition.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/HasPropertyPrefixCondition.java similarity index 85% rename from spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/HasOAuth2RegistrationPropertiesCondition.java rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/HasPropertyPrefixCondition.java index c0992ff85..460f0843f 100644 --- a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/HasOAuth2RegistrationPropertiesCondition.java +++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/HasPropertyPrefixCondition.java @@ -1,4 +1,4 @@ -package com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean; +package com.c4_soft.springaddons.security.oidc.starter.properties.condition; import org.springframework.context.annotation.Condition; import org.springframework.context.annotation.ConditionContext; @@ -7,11 +7,14 @@ import org.springframework.core.env.PropertySource; import org.springframework.core.type.AnnotatedTypeMetadata; -public class HasOAuth2RegistrationPropertiesCondition implements Condition { +import lombok.RequiredArgsConstructor; + +@RequiredArgsConstructor +public class HasPropertyPrefixCondition implements Condition { + private final String prefix; @Override public boolean matches(ConditionContext context, AnnotatedTypeMetadata metadata) { - final String prefix = "spring.security.oauth2.client.registration"; if (context.getEnvironment() instanceof ConfigurableEnvironment env) { for (PropertySource propertySource : env.getPropertySources()) { if (propertySource instanceof EnumerablePropertySource enumerablePropertySource) { @@ -25,4 +28,4 @@ public boolean matches(ConditionContext context, AnnotatedTypeMetadata metadata) } return false; } -} \ No newline at end of file +} diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/HasTokenEdpointParametersPropertiesCondition.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/HasTokenEdpointParametersPropertiesCondition.java new file mode 100644 index 000000000..511d8e0ab --- /dev/null +++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/HasTokenEdpointParametersPropertiesCondition.java @@ -0,0 +1,8 @@ +package com.c4_soft.springaddons.security.oidc.starter.properties.condition; + +public class HasTokenEdpointParametersPropertiesCondition extends HasPropertyPrefixCondition { + + public HasTokenEdpointParametersPropertiesCondition() { + super("com.c4-soft.springaddons.oidc.client.token-request-params"); + } +} diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultOAuth2AuthorizedClientManagerCondition.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultOAuth2AuthorizedClientManagerCondition.java index a4dce4b14..c6f4351f4 100644 --- a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultOAuth2AuthorizedClientManagerCondition.java +++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultOAuth2AuthorizedClientManagerCondition.java @@ -5,6 +5,8 @@ import org.springframework.context.annotation.Conditional; import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager; +import com.c4_soft.springaddons.security.oidc.starter.properties.condition.HasOAuth2RegistrationPropertiesCondition; + public class DefaultOAuth2AuthorizedClientManagerCondition extends AllNestedConditions { public DefaultOAuth2AuthorizedClientManagerCondition() { diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultOAuth2AuthorizedClientProviderCondition.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultOAuth2AuthorizedClientProviderCondition.java index 833aefe69..e04a7c628 100644 --- a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultOAuth2AuthorizedClientProviderCondition.java +++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultOAuth2AuthorizedClientProviderCondition.java @@ -5,6 +5,8 @@ import org.springframework.context.annotation.Conditional; import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider; +import com.c4_soft.springaddons.security.oidc.starter.properties.condition.HasOAuth2RegistrationPropertiesCondition; + public class DefaultOAuth2AuthorizedClientProviderCondition extends AllNestedConditions { public DefaultOAuth2AuthorizedClientProviderCondition() { diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultReactiveOAuth2AuthorizedClientManagerCondition.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultReactiveOAuth2AuthorizedClientManagerCondition.java index 2998b400f..6944ffdff 100644 --- a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultReactiveOAuth2AuthorizedClientManagerCondition.java +++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultReactiveOAuth2AuthorizedClientManagerCondition.java @@ -5,6 +5,8 @@ import org.springframework.context.annotation.Conditional; import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientManager; +import com.c4_soft.springaddons.security.oidc.starter.properties.condition.HasOAuth2RegistrationPropertiesCondition; + public class DefaultReactiveOAuth2AuthorizedClientManagerCondition extends AllNestedConditions { public DefaultReactiveOAuth2AuthorizedClientManagerCondition() { diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultReactiveOAuth2AuthorizedClientProviderCondition.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultReactiveOAuth2AuthorizedClientProviderCondition.java index c6363d09d..0113eba7d 100644 --- a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultReactiveOAuth2AuthorizedClientProviderCondition.java +++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultReactiveOAuth2AuthorizedClientProviderCondition.java @@ -5,6 +5,8 @@ import org.springframework.context.annotation.Conditional; import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProvider; +import com.c4_soft.springaddons.security.oidc.starter.properties.condition.HasOAuth2RegistrationPropertiesCondition; + public class DefaultReactiveOAuth2AuthorizedClientProviderCondition extends AllNestedConditions { public DefaultReactiveOAuth2AuthorizedClientProviderCondition() { diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/ReactiveSpringAddonsOAuth2AuthorizedClientBeans.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/ReactiveSpringAddonsOAuth2AuthorizedClientBeans.java index 9f75fd289..9d1ea0ef0 100644 --- a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/ReactiveSpringAddonsOAuth2AuthorizedClientBeans.java +++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/ReactiveSpringAddonsOAuth2AuthorizedClientBeans.java @@ -13,33 +13,34 @@ import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository; import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties; +import com.c4_soft.springaddons.security.oidc.starter.properties.condition.HasTokenEdpointParametersPropertiesCondition; import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultReactiveOAuth2AuthorizedClientManagerCondition; import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultReactiveOAuth2AuthorizedClientProviderCondition; import com.c4_soft.springaddons.security.oidc.starter.properties.condition.configuration.IsReactiveOauth2ClientCondition; -@Conditional(IsReactiveOauth2ClientCondition.class) +@Conditional({ IsReactiveOauth2ClientCondition.class, HasTokenEdpointParametersPropertiesCondition.class }) @AutoConfiguration public class ReactiveSpringAddonsOAuth2AuthorizedClientBeans { - @Conditional(DefaultReactiveOAuth2AuthorizedClientManagerCondition.class) - @Bean - ReactiveOAuth2AuthorizedClientManager authorizedClientManager( - ReactiveClientRegistrationRepository clientRegistrationRepository, - ServerOAuth2AuthorizedClientRepository authorizedClientRepository, - ReactiveOAuth2AuthorizedClientProvider oauth2AuthorizedClientProvider) { - - final var authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(clientRegistrationRepository, authorizedClientRepository); - authorizedClientManager.setAuthorizedClientProvider(oauth2AuthorizedClientProvider); - - return authorizedClientManager; - } - - @Conditional(DefaultReactiveOAuth2AuthorizedClientProviderCondition.class) - @Bean - ReactiveOAuth2AuthorizedClientProvider oauth2AuthorizedClientProvider( - SpringAddonsOidcProperties addonsProperties, - InMemoryReactiveClientRegistrationRepository clientRegistrationRepository) { - return new PerRegistrationReactiveOAuth2AuthorizedClientProvider(clientRegistrationRepository, addonsProperties, Map.of()); - } + @Conditional(DefaultReactiveOAuth2AuthorizedClientManagerCondition.class) + @Bean + ReactiveOAuth2AuthorizedClientManager authorizedClientManager( + ReactiveClientRegistrationRepository clientRegistrationRepository, + ServerOAuth2AuthorizedClientRepository authorizedClientRepository, + ReactiveOAuth2AuthorizedClientProvider oauth2AuthorizedClientProvider) { + + final var authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(clientRegistrationRepository, authorizedClientRepository); + authorizedClientManager.setAuthorizedClientProvider(oauth2AuthorizedClientProvider); + + return authorizedClientManager; + } + + @Conditional(DefaultReactiveOAuth2AuthorizedClientProviderCondition.class) + @Bean + ReactiveOAuth2AuthorizedClientProvider oauth2AuthorizedClientProvider( + SpringAddonsOidcProperties addonsProperties, + InMemoryReactiveClientRegistrationRepository clientRegistrationRepository) { + return new PerRegistrationReactiveOAuth2AuthorizedClientProvider(clientRegistrationRepository, addonsProperties, Map.of()); + } } diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/ReactiveSpringAddonsOidcResourceServerBeans.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/ReactiveSpringAddonsOidcResourceServerBeans.java index de379ca7e..49c0ac234 100644 --- a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/ReactiveSpringAddonsOidcResourceServerBeans.java +++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/ReactiveSpringAddonsOidcResourceServerBeans.java @@ -201,6 +201,12 @@ ResourceServerReactiveHttpSecurityPostProcessor httpPostProcessor() { return serverHttpSecurity -> serverHttpSecurity; } + @ConditionalOnMissingBean + @Bean + SpringAddonsReactiveJwtDecoderFactory springAddonsJwtDecoderFactory() { + return new DefaultSpringAddonsReactiveJwtDecoderFactory(); + } + /** * Provides with multi-tenancy: builds a ReactiveAuthenticationManagerResolver per provided OIDC issuer URI * diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/SpringAddonsReactiveJwtAuthenticationManagerResolver.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/SpringAddonsReactiveJwtAuthenticationManagerResolver.java index 2e531e8e7..c35bbf64b 100644 --- a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/SpringAddonsReactiveJwtAuthenticationManagerResolver.java +++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/SpringAddonsReactiveJwtAuthenticationManagerResolver.java @@ -9,14 +9,13 @@ import com.c4_soft.springaddons.security.oidc.starter.OpenidProviderPropertiesResolver; import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.JWTClaimsSetAuthenticationManager.JWTClaimsSetAuthenticationManagerResolver; -import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.SpringAddonsJwtDecoderFactory; import reactor.core.publisher.Mono; /** *

* An {@link ReactiveAuthenticationManagerResolver} always resolving the same {@link ReactiveJWTClaimsSetAuthenticationManager} which relies on - * {@link JWTClaimsSetAuthenticationManagerResolver}, itself using {@link SpringAddonsJwtDecoderFactory} and a {@link Converter Converter@lt;Jwt, + * {@link JWTClaimsSetAuthenticationManagerResolver}, itself using {@link SpringAddonsReactiveJwtDecoderFactory} and a {@link Converter Converter@lt;Jwt, * AbstractAuthenticationToken>}. *

*

diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOAuth2AuthorizedClientBeans.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOAuth2AuthorizedClientBeans.java index 68f3a6431..d3b2da5ba 100644 --- a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOAuth2AuthorizedClientBeans.java +++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOAuth2AuthorizedClientBeans.java @@ -13,31 +13,33 @@ import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository; import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties; +import com.c4_soft.springaddons.security.oidc.starter.properties.condition.HasTokenEdpointParametersPropertiesCondition; import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultOAuth2AuthorizedClientManagerCondition; import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultOAuth2AuthorizedClientProviderCondition; import com.c4_soft.springaddons.security.oidc.starter.properties.condition.configuration.IsServletOauth2ClientCondition; -@Conditional(IsServletOauth2ClientCondition.class) +@Conditional({ IsServletOauth2ClientCondition.class, HasTokenEdpointParametersPropertiesCondition.class }) @AutoConfiguration public class SpringAddonsOAuth2AuthorizedClientBeans { - @Conditional(DefaultOAuth2AuthorizedClientManagerCondition.class) - @Bean - OAuth2AuthorizedClientManager authorizedClientManager( - ClientRegistrationRepository clientRegistrationRepository, - OAuth2AuthorizedClientRepository authorizedClientRepository, - OAuth2AuthorizedClientProvider oauth2AuthorizedClientProvider) { - - final var authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(clientRegistrationRepository, authorizedClientRepository); - authorizedClientManager.setAuthorizedClientProvider(oauth2AuthorizedClientProvider); - - return authorizedClientManager; - } - - @Conditional(DefaultOAuth2AuthorizedClientProviderCondition.class) - @Bean - OAuth2AuthorizedClientProvider - oauth2AuthorizedClientProvider(SpringAddonsOidcProperties addonsProperties, InMemoryClientRegistrationRepository clientRegistrationRepository) { - return new PerRegistrationOAuth2AuthorizedClientProvider(clientRegistrationRepository, addonsProperties, Map.of()); - } + @Conditional(DefaultOAuth2AuthorizedClientManagerCondition.class) + @Bean + OAuth2AuthorizedClientManager authorizedClientManager( + ClientRegistrationRepository clientRegistrationRepository, + OAuth2AuthorizedClientRepository authorizedClientRepository, + OAuth2AuthorizedClientProvider oauth2AuthorizedClientProvider) { + + final var authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(clientRegistrationRepository, authorizedClientRepository); + authorizedClientManager.setAuthorizedClientProvider(oauth2AuthorizedClientProvider); + + return authorizedClientManager; + } + + @Conditional(DefaultOAuth2AuthorizedClientProviderCondition.class) + @Bean + OAuth2AuthorizedClientProvider oauth2AuthorizedClientProvider( + SpringAddonsOidcProperties addonsProperties, + InMemoryClientRegistrationRepository clientRegistrationRepository) { + return new PerRegistrationOAuth2AuthorizedClientProvider(clientRegistrationRepository, addonsProperties, Map.of()); + } } diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/resourceserver/SpringAddonsOidcResourceServerBeans.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/resourceserver/SpringAddonsOidcResourceServerBeans.java index df55e1a11..39a6d78d9 100644 --- a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/resourceserver/SpringAddonsOidcResourceServerBeans.java +++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/resourceserver/SpringAddonsOidcResourceServerBeans.java @@ -59,8 +59,8 @@ * configuration. It applies to all routes not listed in "permit-all" property configuration. Default requires users to be authenticated. This is a bean to * provide in your application configuration if you prefer to define fine-grained access control rules with Java configuration rather than methods * security. - *

  • httpPostProcessor: a bean of type {@link ResourceServerSynchronizedHttpSecurityPostProcessor} to override anything from above auto-configuration. It is called just - * before the security filter-chain is returned. Default is a no-op.
    • + *
  • httpPostProcessor: a bean of type {@link ResourceServerSynchronizedHttpSecurityPostProcessor} to override anything from above auto-configuration. It is + * called just before the security filter-chain is returned. Default is a no-op.
    • *
  • jwtAuthenticationConverter: a converter from a {@link Jwt} to something inheriting from {@link AbstractAuthenticationToken}. The default instantiate a * {@link JwtAuthenticationToken} with username and authorities as configured for the issuer of thi token. The easiest to override the type of * {@link AbstractAuthenticationToken}, is to provide with an Converter<Jwt, ? extends AbstractAuthenticationToken> bean.
    • @@ -183,6 +183,12 @@ ResourceServerSynchronizedHttpSecurityPostProcessor httpPostProcessor() { return httpSecurity -> httpSecurity; } + @ConditionalOnMissingBean + @Bean + SpringAddonsJwtDecoderFactory springAddonsJwtDecoderFactory() { + return new DefaultSpringAddonsJwtDecoderFactory(); + } + /** * Provides with multi-tenancy: builds a AuthenticationManagerResolver per provided OIDC issuer URI *