Issue
I am trying to make sense of Spring Authorization Server.
Following various tutorials, and the original documentation, pretty much the first step after configuring dependencies –
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-webflux'
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.springframework.security:spring-security-oauth2-authorization-server:0.2.1'
// other db/test stuff
}
– is to add the @EnableAuthorizationServer
annotation to the main class.
Except my IDE (NetBeans) doesn't have a clue, from the imports, what that refers to.
So: what's the import path supposed to be for @EnableAuthorizationServer
? (And, logically, is there some other dependency needed that to have it recognised?)
Solution
In the new Spring Authorization Server, you don't need the @EnableAuthorizationServer
. This annotation is from the old spring-security-oauth
module, which is deprecated.
The key is the SecurityFilterChain
, which should have a higher precedence, like so:
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
return http.formLogin(Customizer.withDefaults()).build();
}
I recommend you to take a look at the samples in the official repository.
Answered By - Marcus Hert da Coregio
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.