Merge branch '3.0.x'

Closes gh-35767
spring-projects · Jun 7, 2023 · 0cf93f1 · 0cf93f1
2 parents 28a3cee + c2f5a77
commit 0cf93f1
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 15 deletions.
diff --git a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/web/spring-security.adoc b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/web/spring-security.adoc
@@ -87,14 +87,24 @@ You can register multiple OAuth2 clients and providers under the `spring.securit
 	    oauth2:
 	      client:
 	        registration:
+	          my-login-client:
+	            client-id: "abcd"
+	            client-secret: "password"
+	            client-name: "Client for OpenID Connect"
+	            provider: "my-oauth-provider"
+	            scope: "openid,profile,email,phone,address"
+	            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
+	            client-authentication-method: "client_secret_basic"
+	            authorization-grant-type: "authorization_code"
+
 	          my-client-1:
 	            client-id: "abcd"
 	            client-secret: "password"
 	            client-name: "Client for user scope"
 	            provider: "my-oauth-provider"
 	            scope: "user"
-	            redirect-uri: "https://my-redirect-uri.com"
-	            client-authentication-method: "basic"
+	            redirect-uri: "{baseUrl}/authorized/user"
+	            client-authentication-method: "client_secret_basic"
 	            authorization-grant-type: "authorization_code"
 
 	          my-client-2:
@@ -103,17 +113,17 @@ You can register multiple OAuth2 clients and providers under the `spring.securit
 	            client-name: "Client for email scope"
 	            provider: "my-oauth-provider"
 	            scope: "email"
-	            redirect-uri: "https://my-redirect-uri.com"
-	            client-authentication-method: "basic"
+	            redirect-uri: "{baseUrl}/authorized/email"
+	            client-authentication-method: "client_secret_basic"
 	            authorization-grant-type: "authorization_code"
 
 	        provider:
 	          my-oauth-provider:
-	            authorization-uri: "https://my-auth-server/oauth/authorize"
-	            token-uri: "https://my-auth-server/oauth/token"
-	            user-info-uri: "https://my-auth-server/userinfo"
+	            authorization-uri: "https://my-auth-server.com/oauth2/authorize"
+	            token-uri: "https://my-auth-server.com/oauth2/token"
+	            user-info-uri: "https://my-auth-server.com/userinfo"
 	            user-info-authentication-method: "header"
-	            jwk-set-uri: "https://my-auth-server/token_keys"
+	            jwk-set-uri: "https://my-auth-server.com/oauth2/jwks"
 	            user-name-attribute: "name"
 ----
 

diff --git a/.../org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.java b/.../org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2023 the original author or authors.
+ * Copyright 2012-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,15 +19,26 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration(proxyBeanMethods = false)
+@EnableWebSecurity
 public class MyOAuthClientConfiguration {
 
 	@Bean
 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-		http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
-		http.oauth2Login((login) -> login.redirectionEndpoint((endpoint) -> endpoint.baseUri("custom-callback")));
+		// @formatter:off
+		http
+			.authorizeHttpRequests((requests) -> requests
+				.anyRequest().authenticated()
+			)
+			.oauth2Login((login) -> login
+				.redirectionEndpoint((endpoint) -> endpoint
+					.baseUri("/login/oauth2/callback/*")
+				)
+			);
+		// @formatter:on
 		return http.build();
 	}
 

diff --git a/...in/org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.kt b/...in/org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.kt
@@ -19,15 +19,26 @@ package org.springframework.boot.docs.web.security.oauth2.client
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.annotation.web.invoke
 import org.springframework.security.web.SecurityFilterChain
 
 @Configuration(proxyBeanMethods = false)
-class MyOAuthClientConfiguration {
+@EnableWebSecurity
+open class MyOAuthClientConfiguration {
 
 	@Bean
-	fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
-		http.authorizeHttpRequests { requests -> requests.anyRequest().authenticated() }
-		http.oauth2Login { login -> login.redirectionEndpoint { redirectionEndpoint -> redirectionEndpoint.baseUri("custom-callback") } }
+	open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
+		http {
+			authorizeHttpRequests {
+				authorize(anyRequest, authenticated)
+			}
+			oauth2Login {
+				redirectionEndpoint {
+					baseUri = "/login/oauth2/callback/*"
+				}
+			}
+		}
 		return http.build()
 	}