@Override protected void configure(HttpSecurity http) throws Exception { http .oauth2Login() .clientRegistrationRepository( new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION)) .userInfoEndpoint() .userAuthoritiesMapper(createGrantedAuthoritiesMapper()); super.configure(http); } }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .securityContext() .securityContextRepository(securityContextRepository()) .and() .oauth2Login() .tokenEndpoint() .accessTokenResponseClient(createOauth2AccessTokenResponseClient()) .and() .userInfoEndpoint() .userService(createOauth2UserService()) .oidcUserService(createOidcUserService()); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .oauth2Login() .userInfoEndpoint() .oidcUserService(oidcUserService); } }
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() // .anyRequest().authenticated() // .and() // .oauth2Login() // .userInfoEndpoint() // .customUserType(HomeOAuth2User.class, "home"); }
@Override public void configure(HttpSecurity http) throws Exception { http // Configure session management to your needs. // I need this as a basis for a classic, server side rendered application .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).and() // Depends on your taste. You can configure single paths here // or allow everything a I did and then use method based security // like in the controller below .authorizeRequests().anyRequest().permitAll().and() // Propagate logouts via /logout to Keycloak .logout().addLogoutHandler(keycloakLogoutHandler).and() // This is the point where OAuth2 login of Spring 5 gets enabled .oauth2Login().userInfoEndpoint().oidcUserService(keycloakOidcUserService).and() // I don't want a page with different clients as login options // So i use the constant from OAuth2AuthorizationRequestRedirectFilter // plus the configured realm as immediate redirect to Keycloak .loginPage(DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/" + realm); } };
.loginPage(MolgenisLoginController.URI) .failureUrl(MolgenisLoginController.URI) .userInfoEndpoint() .oidcUserService(oidcUserService()) .and()
protected void oauth2Client(HttpSecurity http) throws Exception { http.oauth2Login() .authorizationEndpoint() .authorizationRequestRepository(new HttpCookieOAuth2AuthorizationRequestRepository(properties)).and() .successHandler(oauth2AuthenticationSuccessHandler) .failureHandler(oauth2AuthenticationFailureHandler) .userInfoEndpoint() .oidcUserService(oidcUserService) .userService(oauth2UserService); }
private void configureLogin(HttpSecurity http, OktaOAuth2Properties oktaOAuth2Properties) throws Exception { http.oauth2Login() .userInfoEndpoint() .userService(new OktaOAuth2UserService(oktaOAuth2Properties.getGroupsClaim())) .oidcUserService(new OktaOidcUserService(oktaOAuth2Properties.getGroupsClaim())) .and() .tokenEndpoint() .accessTokenResponseClient(accessTokenResponseClient()); if (oktaOAuth2Properties.getRedirectUri() != null) { http.oauth2Login().redirectionEndpoint().baseUri(oktaOAuth2Properties.getRedirectUri()); } }