|
|
@@ -15,12 +15,15 @@
|
|
|
*/
|
|
|
package sample;
|
|
|
|
|
|
+import org.springframework.beans.factory.annotation.Value;
|
|
|
+import org.springframework.context.annotation.Bean;
|
|
|
+import org.springframework.http.HttpMethod;
|
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
|
-import org.springframework.http.HttpMethod;
|
|
|
-
|
|
|
-import static org.springframework.security.config.Customizer.withDefaults;
|
|
|
+import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
|
|
|
+import org.springframework.security.oauth2.jwt.JwtDecoder;
|
|
|
+import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
|
|
|
|
|
|
/**
|
|
|
* @author Josh Cummings
|
|
|
@@ -28,6 +31,8 @@ import static org.springframework.security.config.Customizer.withDefaults;
|
|
|
@EnableWebSecurity
|
|
|
public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|
|
|
|
|
+ @Value("${spring.security.oauth2.resourceserver.jwt.jwk-set-uri}") String jwkSetUri;
|
|
|
+
|
|
|
@Override
|
|
|
protected void configure(HttpSecurity http) throws Exception {
|
|
|
// @formatter:off
|
|
|
@@ -38,10 +43,12 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
|
|
|
.antMatchers(HttpMethod.POST, "/message/**").hasAuthority("SCOPE_message:write")
|
|
|
.anyRequest().authenticated()
|
|
|
)
|
|
|
- .oauth2ResourceServer(oauth2ResourceServer ->
|
|
|
- oauth2ResourceServer
|
|
|
- .jwt(withDefaults())
|
|
|
- );
|
|
|
+ .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
|
|
|
// @formatter:on
|
|
|
}
|
|
|
+
|
|
|
+ @Bean
|
|
|
+ JwtDecoder jwtDecoder() {
|
|
|
+ return NimbusJwtDecoder.withJwkSetUri(this.jwkSetUri).build();
|
|
|
+ }
|
|
|
}
|
Josh Cummings