Configure demo-authorizationserver sample with one SecurityFilterChain

Author: jgrandja

samples/demo-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java

@@ -22,21 +22,25 @@
 import com.nimbusds.jose.jwk.source.JWKSource;
 import com.nimbusds.jose.proc.SecurityContext;
 import sample.authentication.DeviceClientAuthenticationProvider;
+import sample.federation.FederatedIdentityAuthenticationSuccessHandler;
 import sample.federation.FederatedIdentityIdTokenCustomizer;
 import sample.jose.Jwks;
 import sample.web.authentication.DeviceClientAuthenticationConverter;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.core.Ordered;
-import org.springframework.core.annotation.Order;
-import org.springframework.http.MediaType;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.jdbc.datasource.embedded.EmbeddedDatabase;
 import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseBuilder;
 import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseType;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.session.SessionRegistry;
+import org.springframework.security.core.session.SessionRegistryImpl;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.core.oidc.OidcScopes;
@@ -47,15 +51,14 @@
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
 import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
-import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
 import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
 import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
 import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
 import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
-import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
+import org.springframework.security.web.session.HttpSessionEventPublisher;
 
 import static org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer.authorizationServer;
 
@@ -65,12 +68,12 @@
  * @author Steve Riesenberg
  * @since 1.1
  */
+@EnableWebSecurity
 @Configuration(proxyBeanMethods = false)
 public class AuthorizationServerConfig {
 	private static final String CUSTOM_CONSENT_PAGE_URI = "/oauth2/consent";
 
 	@Bean
-	@Order(Ordered.HIGHEST_PRECEDENCE)
 	public SecurityFilterChain authorizationServerSecurityFilterChain(
 			HttpSecurity http, RegisteredClientRepository registeredClientRepository,
 			AuthorizationServerSettings authorizationServerSettings) throws Exception {
@@ -97,43 +100,65 @@ public SecurityFilterChain authorizationServerSecurityFilterChain(
 		DeviceClientAuthenticationProvider deviceClientAuthenticationProvider =
 				new DeviceClientAuthenticationProvider(registeredClientRepository);
 
-		OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = authorizationServer();
-
 		// @formatter:off
 		http
-			.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
-			.with(authorizationServerConfigurer, (authorizationServer) ->
+			.with(authorizationServer(), (authorizationServer) ->
 				authorizationServer
-					.deviceAuthorizationEndpoint(deviceAuthorizationEndpoint ->
+					.deviceAuthorizationEndpoint((deviceAuthorizationEndpoint) ->
 						deviceAuthorizationEndpoint.verificationUri("/activate")
 					)
-					.deviceVerificationEndpoint(deviceVerificationEndpoint ->
+					.deviceVerificationEndpoint((deviceVerificationEndpoint) ->
 						deviceVerificationEndpoint.consentPage(CUSTOM_CONSENT_PAGE_URI)
 					)
-					.clientAuthentication(clientAuthentication ->
+					.clientAuthentication((clientAuthentication) ->
 						clientAuthentication
 							.authenticationConverter(deviceClientAuthenticationConverter)
 							.authenticationProvider(deviceClientAuthenticationProvider)
 					)
-					.authorizationEndpoint(authorizationEndpoint ->
+					.authorizationEndpoint((authorizationEndpoint) ->
 						authorizationEndpoint.consentPage(CUSTOM_CONSENT_PAGE_URI))
 					.oidc(Customizer.withDefaults())	// Enable OpenID Connect 1.0
 			)
 			.authorizeHttpRequests((authorize) ->
-				authorize.anyRequest().authenticated()
+				authorize
+					.requestMatchers("/assets/**", "/login").permitAll()
+					.anyRequest().authenticated()
 			)
-			// Redirect to the /login page when not authenticated from the authorization endpoint
-			// NOTE: DefaultSecurityConfig is configured with formLogin.loginPage("/login")
-			.exceptionHandling((exceptions) -> exceptions
-				.defaultAuthenticationEntryPointFor(
-					new LoginUrlAuthenticationEntryPoint("/login"),
-					new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
-				)
+			.formLogin((formLogin) ->
+				formLogin
+					.loginPage("/login")
+			)
+			.oauth2Login((oauth2Login) ->
+				oauth2Login
+					.loginPage("/login")
+					.successHandler(new FederatedIdentityAuthenticationSuccessHandler())
 			);
 		// @formatter:on
 		return http.build();
 	}
 
+	// @formatter:off
+	@Bean
+	public UserDetailsService users() {
+		UserDetails user = User.withDefaultPasswordEncoder()
+				.username("user1")
+				.password("password")
+				.roles("USER")
+				.build();
+		return new InMemoryUserDetailsManager(user);
+	}
+	// @formatter:on
+
+	@Bean
+	public SessionRegistry sessionRegistry() {
+		return new SessionRegistryImpl();
+	}
+
+	@Bean
+	public HttpSessionEventPublisher httpSessionEventPublisher() {
+		return new HttpSessionEventPublisher();
+	}
+
 	// @formatter:off
 	@Bean
 	public JdbcRegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {