diff --git a/spring-cloud/spring-cloud-security/auth-client/pom.xml b/spring-cloud/spring-cloud-security/auth-client/pom.xml
index 4f64f470f043..415255264048 100644
--- a/spring-cloud/spring-cloud-security/auth-client/pom.xml
+++ b/spring-cloud/spring-cloud-security/auth-client/pom.xml
@@ -24,7 +24,7 @@
org.springframework.cloud
- spring-cloud-starter-zuul
+ spring-cloud-starter-netflix-zuul
org.springframework.boot
@@ -34,14 +34,16 @@
org.webjars
jquery
+ ${jquery.version}
org.webjars
bootstrap
+ ${bootstrap.version}
org.webjars
- webjars-locator
+ webjars-locator-core
org.springframework.boot
@@ -62,8 +64,8 @@
spring-boot-starter-thymeleaf
- org.springframework.security.oauth
- spring-security-oauth2
+ org.springframework.security.oauth.boot
+ spring-security-oauth2-autoconfigure
@@ -89,8 +91,10 @@
- 2.1.0
- Dalston.SR4
+ 2.2.0
+ Greenwich.SR1
+ 3.4.1
+ 4.3.1
diff --git a/spring-cloud/spring-cloud-security/auth-client/src/main/resources/application.properties b/spring-cloud/spring-cloud-security/auth-client/src/main/resources/application.properties
deleted file mode 100644
index e69de29bb2d1..000000000000
diff --git a/spring-cloud/spring-cloud-security/auth-client/src/main/resources/application.yml b/spring-cloud/spring-cloud-security/auth-client/src/main/resources/application.yml
index 2a758faeae97..69617555d9f4 100644
--- a/spring-cloud/spring-cloud-security/auth-client/src/main/resources/application.yml
+++ b/spring-cloud/spring-cloud-security/auth-client/src/main/resources/application.yml
@@ -2,7 +2,8 @@
# These are default settings, but we add them for clarity.
server:
port: 8080
- contextPath: /
+ servlet:
+ context-path: /
# Configure the Authorization Server and User Info Resource Server details
security:
@@ -21,6 +22,7 @@ person:
# Proxies the calls to http://localhost:8080/api/* to our REST service at http://localhost:8081/*
# and automatically includes our OAuth2 token in the request headers
zuul:
+ sensitiveHeaders: Cookie,Set-Cookie
routes:
resource:
path: /api/**
diff --git a/spring-cloud/spring-cloud-security/auth-resource/pom.xml b/spring-cloud/spring-cloud-security/auth-resource/pom.xml
index 22ee0528c304..a60eca740cef 100644
--- a/spring-cloud/spring-cloud-security/auth-resource/pom.xml
+++ b/spring-cloud/spring-cloud-security/auth-resource/pom.xml
@@ -19,8 +19,8 @@
spring-boot-starter-web
- org.springframework.security.oauth
- spring-security-oauth2
+ org.springframework.security.oauth.boot
+ spring-security-oauth2-autoconfigure
org.springframework.boot
@@ -30,6 +30,7 @@
org.springframework.security
spring-security-jwt
+ ${spring-jwt.version}
@@ -55,7 +56,8 @@
- Edgware.RELEASE
+ Greenwich.SR1
+ 1.0.10.RELEASE
diff --git a/spring-cloud/spring-cloud-security/auth-resource/src/main/java/com/baeldung/config/ResourceConfigurer.java b/spring-cloud/spring-cloud-security/auth-resource/src/main/java/com/baeldung/config/ResourceConfigurer.java
index 977d74093ab6..abe942325fd5 100644
--- a/spring-cloud/spring-cloud-security/auth-resource/src/main/java/com/baeldung/config/ResourceConfigurer.java
+++ b/spring-cloud/spring-cloud-security/auth-resource/src/main/java/com/baeldung/config/ResourceConfigurer.java
@@ -3,7 +3,7 @@
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
@@ -11,15 +11,18 @@
* REST API Resource Server.
*/
@Configuration
-@EnableWebSecurity
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true) // Allow method annotations like @PreAuthorize
public class ResourceConfigurer extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
- http.httpBasic().disable();
- http.authorizeRequests().anyRequest().authenticated();
+ http.sessionManagement()
+ .sessionCreationPolicy(SessionCreationPolicy.NEVER)
+ .and()
+ .authorizeRequests()
+ .anyRequest().authenticated();
+
}
}
diff --git a/spring-cloud/spring-cloud-security/auth-resource/src/main/resources/application.yml b/spring-cloud/spring-cloud-security/auth-resource/src/main/resources/application.yml
index 52e02ba41b17..35063a787959 100644
--- a/spring-cloud/spring-cloud-security/auth-resource/src/main/resources/application.yml
+++ b/spring-cloud/spring-cloud-security/auth-resource/src/main/resources/application.yml
@@ -5,7 +5,6 @@ server:
# Configure the public key to use for verifying the incoming JWT tokens
security:
- sessions: NEVER
oauth2:
resource:
jwt:
diff --git a/spring-cloud/spring-cloud-security/auth-server/pom.xml b/spring-cloud/spring-cloud-security/auth-server/pom.xml
index 4b3f94b82586..afd8dbef4479 100644
--- a/spring-cloud/spring-cloud-security/auth-server/pom.xml
+++ b/spring-cloud/spring-cloud-security/auth-server/pom.xml
@@ -38,7 +38,7 @@
- 1.1.2.RELEASE
+ 2.1.2.RELEASE
\ No newline at end of file
diff --git a/spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/AuthServerConfigurer.java b/spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/AuthServerConfigurer.java
index 32e445f998db..7c9ee9ae1866 100644
--- a/spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/AuthServerConfigurer.java
+++ b/spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/AuthServerConfigurer.java
@@ -9,6 +9,7 @@
import org.springframework.core.annotation.Order;
import org.springframework.core.io.Resource;
import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
@@ -19,9 +20,7 @@
@Configuration
@EnableAuthorizationServer
@Order(6)
-public class AuthServerConfigurer
- extends
- AuthorizationServerConfigurerAdapter {
+public class AuthServerConfigurer extends AuthorizationServerConfigurerAdapter {
@Value("${jwt.certificate.store.file}")
private Resource keystore;
@@ -37,6 +36,9 @@ public class AuthServerConfigurer
@Autowired
private UserDetailsService userDetailsService;
+
+ @Autowired
+ private BCryptPasswordEncoder passwordEncoder;
@Override
public void configure(
@@ -45,8 +47,8 @@ public void configure(
clients
.inMemory()
.withClient("authserver")
- .secret("passwordforauthserver")
- .redirectUris("http://localhost:8080/")
+ .secret(passwordEncoder.encode("passwordforauthserver"))
+ .redirectUris("http://localhost:8080/login")
.authorizedGrantTypes("authorization_code",
"refresh_token")
.scopes("myscope")
diff --git a/spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/WebMvcConfigurer.java b/spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/WebMvcConfig.java
similarity index 83%
rename from spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/WebMvcConfigurer.java
rename to spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/WebMvcConfig.java
index 23b56151e71d..3cefd323b392 100644
--- a/spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/WebMvcConfigurer.java
+++ b/spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/WebMvcConfig.java
@@ -2,10 +2,10 @@
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
-public class WebMvcConfigurer extends WebMvcConfigurerAdapter {
+public class WebMvcConfig implements WebMvcConfigurer {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
diff --git a/spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/WebSecurityConfigurer.java b/spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/WebSecurityConfigurer.java
index 44406b8fa09b..6a48c62097b0 100644
--- a/spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/WebSecurityConfigurer.java
+++ b/spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/WebSecurityConfigurer.java
@@ -6,8 +6,8 @@
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-
import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
@Configuration
@@ -34,7 +34,7 @@ protected void configure(
AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
- .withUser("user").password("user")
+ .withUser("user").password(passwordEncoder().encode("user"))
.roles("USER")
.and()
.withUser("admin").password("admin")
@@ -48,5 +48,9 @@ public UserDetailsService userDetailsServiceBean()
return super.userDetailsServiceBean();
}
+ @Bean
+ public BCryptPasswordEncoder passwordEncoder() {
+ return new BCryptPasswordEncoder();
+ }
}
diff --git a/spring-cloud/spring-cloud-security/auth-server/src/main/resources/application.yml b/spring-cloud/spring-cloud-security/auth-server/src/main/resources/application.yml
index 1dc63d3f0ee7..b6e385e5c76d 100644
--- a/spring-cloud/spring-cloud-security/auth-server/src/main/resources/application.yml
+++ b/spring-cloud/spring-cloud-security/auth-server/src/main/resources/application.yml
@@ -1,7 +1,8 @@
# Make the application available at http://localhost:7070/authserver
server:
port: 7070
- contextPath: /authserver
+ servlet:
+ context-path: /authserver
# Our certificate settings for enabling JWT tokens
jwt:
@@ -11,11 +12,4 @@ jwt:
password: abirkhan04
key:
alias: myauthkey
- password: abirkhan04
-
-
-security:
- oauth2:
- resource:
- filter-order: 3
-
\ No newline at end of file
+ password: abirkhan04
\ No newline at end of file
diff --git a/spring-cloud/spring-cloud-security/pom.xml b/spring-cloud/spring-cloud-security/pom.xml
index 2eecf579a50d..d65fd6520bc0 100644
--- a/spring-cloud/spring-cloud-security/pom.xml
+++ b/spring-cloud/spring-cloud-security/pom.xml
@@ -8,10 +8,10 @@
pom
- parent-boot-1
+ parent-boot-2
com.baeldung
0.0.1-SNAPSHOT
- ../../parent-boot-1
+ ../../parent-boot-2