@Override protected void configure(HttpSecurity http) throws Exception { http .oauth2Login() .clientRegistrationRepository( new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION)) .userInfoEndpoint() .userAuthoritiesMapper(createGrantedAuthoritiesMapper()); super.configure(http); } }
@Override protected void configure(HttpSecurity http) throws Exception { http .oauth2Login() .clientRegistrationRepository( new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION)) .loginPage("/custom-login"); super.configure(http); } }
return getOrApply(new OAuth2LoginConfigurer<>());
private GrantedAuthoritiesMapper getGrantedAuthoritiesMapper() { GrantedAuthoritiesMapper grantedAuthoritiesMapper = this.getBuilder().getSharedObject(GrantedAuthoritiesMapper.class); if (grantedAuthoritiesMapper == null) { grantedAuthoritiesMapper = this.getGrantedAuthoritiesMapperBean(); if (grantedAuthoritiesMapper != null) { this.getBuilder().setSharedObject(GrantedAuthoritiesMapper.class, grantedAuthoritiesMapper); } } return grantedAuthoritiesMapper; }
private AuthenticationEntryPoint getLoginEntryPoint(B http, String providerLoginPage) { RequestMatcher loginPageMatcher = new AntPathRequestMatcher(this.getLoginPage()); RequestMatcher faviconMatcher = new AntPathRequestMatcher("/favicon.ico"); RequestMatcher defaultEntryPointMatcher = this.getAuthenticationEntryPointMatcher(http); RequestMatcher defaultLoginPageMatcher = new AndRequestMatcher( new OrRequestMatcher(loginPageMatcher, faviconMatcher), defaultEntryPointMatcher); LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints = new LinkedHashMap<>(); entryPoints.put(new NegatedRequestMatcher(defaultLoginPageMatcher), new LoginUrlAuthenticationEntryPoint(providerLoginPage)); DelegatingAuthenticationEntryPoint loginEntryPoint = new DelegatingAuthenticationEntryPoint(entryPoints); loginEntryPoint.setDefaultEntryPoint(this.getAuthenticationEntryPoint()); return loginEntryPoint; }
OAuth2LoginAuthenticationFilter authenticationFilter = new OAuth2LoginAuthenticationFilter( OAuth2ClientConfigurerUtils.getClientRegistrationRepository(this.getBuilder()), OAuth2ClientConfigurerUtils.getAuthorizedClientRepository(this.getBuilder()), this.loginProcessingUrl); this.setAuthenticationFilter(authenticationFilter); super.loginProcessingUrl(this.loginProcessingUrl); RequestMatcher authenticationNullMatcher = request -> SecurityContextHolder.getContext().getAuthentication() == null; authenticationFilter.setRequiresAuthenticationRequestMatcher(new AndRequestMatcher(createLoginProcessingUrlMatcher(this.loginProcessingUrl), authenticationNullMatcher)); super.init(http); } else { Map<String, String> loginUrlToClientName = this.getLoginLinks(); if (loginUrlToClientName.size() == 1) { this.updateAuthenticationDefaults(); this.updateAccessDefaults(http); String providerLoginPage = loginUrlToClientName.keySet().iterator().next(); this.registerAuthenticationEntryPoint(http, this.getLoginEntryPoint(http, providerLoginPage)); } else { super.init(http); GrantedAuthoritiesMapper userAuthoritiesMapper = this.getGrantedAuthoritiesMapper(); if (userAuthoritiesMapper != null) { oauth2LoginAuthenticationProvider.setAuthoritiesMapper(userAuthoritiesMapper); http.authenticationProvider(this.postProcess(oauth2LoginAuthenticationProvider));
.and() .oauth2Login() .clientRegistrationRepository(clientRegistrationRepository()) .authorizedClientService(authorizedClientService()) .loginPage(MolgenisLoginController.URI) .failureUrl(MolgenisLoginController.URI) .userInfoEndpoint() .oidcUserService(oidcUserService()) .and() .and() .logout() .deleteCookies("JSESSIONID")
OAuth2ClientConfigurerUtils.getClientRegistrationRepository(this.getBuilder()), authorizationRequestBaseUri); authorizationRequestFilter.setRequestCache(requestCache); http.addFilter(this.postProcess(authorizationRequestFilter)); OAuth2LoginAuthenticationFilter authenticationFilter = this.getAuthenticationFilter(); if (this.redirectionEndpointConfig.authorizationResponseBaseUri != null) { authenticationFilter.setFilterProcessesUrl(this.redirectionEndpointConfig.authorizationResponseBaseUri);
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/oauth_login", "/loginFailure", "/") .permitAll() .anyRequest() .authenticated() .and() .oauth2Login() .loginPage("/oauth_login") .authorizationEndpoint() .baseUri("/oauth2/authorize-client") .authorizationRequestRepository(authorizationRequestRepository()) .and() .tokenEndpoint() .accessTokenResponseClient(accessTokenResponseClient()) .and() .defaultSuccessUrl("/loginSuccess") .failureUrl("/loginFailure"); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .securityContext() .securityContextRepository(securityContextRepository()) .and() .oauth2Login() .tokenEndpoint() .accessTokenResponseClient(createOauth2AccessTokenResponseClient()) .and() .userInfoEndpoint() .userService(createOauth2UserService()) .oidcUserService(createOidcUserService()); }
protected void oauth2Client(HttpSecurity http) throws Exception { http.oauth2Login() .authorizationEndpoint() .authorizationRequestRepository(new HttpCookieOAuth2AuthorizationRequestRepository(properties)).and() .successHandler(oauth2AuthenticationSuccessHandler) .failureHandler(oauth2AuthenticationFailureHandler) .userInfoEndpoint() .oidcUserService(oidcUserService) .userService(oauth2UserService); }
@Override public void configure(HttpSecurity http) throws Exception { http // Configure session management to your needs. // I need this as a basis for a classic, server side rendered application .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).and() // Depends on your taste. You can configure single paths here // or allow everything a I did and then use method based security // like in the controller below .authorizeRequests().anyRequest().permitAll().and() // Propagate logouts via /logout to Keycloak .logout().addLogoutHandler(keycloakLogoutHandler).and() // This is the point where OAuth2 login of Spring 5 gets enabled .oauth2Login().userInfoEndpoint().oidcUserService(keycloakOidcUserService).and() // I don't want a page with different clients as login options // So i use the constant from OAuth2AuthorizationRequestRedirectFilter // plus the configured realm as immediate redirect to Keycloak .loginPage(DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/" + realm); } };
private void configureLogin(HttpSecurity http, OktaOAuth2Properties oktaOAuth2Properties) throws Exception { http.oauth2Login() .userInfoEndpoint() .userService(new OktaOAuth2UserService(oktaOAuth2Properties.getGroupsClaim())) .oidcUserService(new OktaOidcUserService(oktaOAuth2Properties.getGroupsClaim())) .and() .tokenEndpoint() .accessTokenResponseClient(accessTokenResponseClient()); if (oktaOAuth2Properties.getRedirectUri() != null) { http.oauth2Login().redirectionEndpoint().baseUri(oktaOAuth2Properties.getRedirectUri()); } }
/** * Sets the repository for authorized client(s). * * @since 5.1 * @param authorizedClientRepository the authorized client repository * @return the {@link OAuth2LoginConfigurer} for further configuration */ public OAuth2LoginConfigurer<B> authorizedClientRepository(OAuth2AuthorizedClientRepository authorizedClientRepository) { Assert.notNull(authorizedClientRepository, "authorizedClientRepository cannot be null"); this.getBuilder().setSharedObject(OAuth2AuthorizedClientRepository.class, authorizedClientRepository); return this; }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .oauth2Login() .userInfoEndpoint() .oidcUserService(oidcUserService); } }
@Override protected void configure(HttpSecurity http) throws Exception { http .oauth2Login() .clientRegistrationRepository(this.clientRegistrationRepository) .authorizationEndpoint() .authorizationRequestResolver(this.resolver); super.configure(http); } }
/** * Sets the service for authorized client(s). * * @param authorizedClientService the authorized client service * @return the {@link OAuth2LoginConfigurer} for further configuration */ public OAuth2LoginConfigurer<B> authorizedClientService(OAuth2AuthorizedClientService authorizedClientService) { Assert.notNull(authorizedClientService, "authorizedClientService cannot be null"); this.authorizedClientRepository(new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(authorizedClientService)); return this; }
OAuth2LoginAuthenticationFilter authenticationFilter = new OAuth2LoginAuthenticationFilter( OAuth2ClientConfigurerUtils.getClientRegistrationRepository(this.getBuilder()), OAuth2ClientConfigurerUtils.getAuthorizedClientRepository(this.getBuilder()), this.loginProcessingUrl); this.setAuthenticationFilter(authenticationFilter); super.loginProcessingUrl(this.loginProcessingUrl); RequestMatcher authenticationNullMatcher = request -> SecurityContextHolder.getContext().getAuthentication() == null; authenticationFilter.setRequiresAuthenticationRequestMatcher(new AndRequestMatcher(createLoginProcessingUrlMatcher(this.loginProcessingUrl), authenticationNullMatcher)); super.init(http); } else { Map<String, String> loginUrlToClientName = this.getLoginLinks(); if (loginUrlToClientName.size() == 1) { this.updateAuthenticationDefaults(); this.updateAccessDefaults(http); String providerLoginPage = loginUrlToClientName.keySet().iterator().next(); this.registerAuthenticationEntryPoint(http, this.getLoginEntryPoint(http, providerLoginPage)); } else { super.init(http); GrantedAuthoritiesMapper userAuthoritiesMapper = this.getGrantedAuthoritiesMapper(); if (userAuthoritiesMapper != null) { oauth2LoginAuthenticationProvider.setAuthoritiesMapper(userAuthoritiesMapper); http.authenticationProvider(this.postProcess(oauth2LoginAuthenticationProvider));
private AuthenticationEntryPoint getLoginEntryPoint(B http, String providerLoginPage) { RequestMatcher loginPageMatcher = new AntPathRequestMatcher(this.getLoginPage()); RequestMatcher faviconMatcher = new AntPathRequestMatcher("/favicon.ico"); RequestMatcher defaultEntryPointMatcher = this.getAuthenticationEntryPointMatcher(http); RequestMatcher defaultLoginPageMatcher = new AndRequestMatcher( new OrRequestMatcher(loginPageMatcher, faviconMatcher), defaultEntryPointMatcher); LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints = new LinkedHashMap<>(); entryPoints.put(new NegatedRequestMatcher(defaultLoginPageMatcher), new LoginUrlAuthenticationEntryPoint(providerLoginPage)); DelegatingAuthenticationEntryPoint loginEntryPoint = new DelegatingAuthenticationEntryPoint(entryPoints); loginEntryPoint.setDefaultEntryPoint(this.getAuthenticationEntryPoint()); return loginEntryPoint; }
OAuth2ClientConfigurerUtils.getClientRegistrationRepository(this.getBuilder()), authorizationRequestBaseUri); authorizationRequestFilter.setRequestCache(requestCache); http.addFilter(this.postProcess(authorizationRequestFilter)); OAuth2LoginAuthenticationFilter authenticationFilter = this.getAuthenticationFilter(); if (this.redirectionEndpointConfig.authorizationResponseBaseUri != null) { authenticationFilter.setFilterProcessesUrl(this.redirectionEndpointConfig.authorizationResponseBaseUri);