@Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) { // @formatter:off http .oauth2ResourceServer() .jwt(); // @formatter:on return http.build(); }
@Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) { String jwkSetUri = mockWebServer().url("/.well-known/jwks.json").toString(); // @formatter:off http .oauth2ResourceServer() .jwt() .jwkSetUri(jwkSetUri); // @formatter:on return http.build(); }
@Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) { // @formatter:off http .oauth2ResourceServer() .jwt() .authenticationManager(authenticationManager()); // @formatter:on return http.build(); }
@Test public void getJwtDecoderWhenBeanWiredAndDslWiredThenDslTakesPrecedence() { GenericWebApplicationContext context = autowireWebServerGenericWebApplicationContext(); ServerHttpSecurity http = new ServerHttpSecurity(); http.setApplicationContext(context); ReactiveJwtDecoder beanWiredJwtDecoder = mock(ReactiveJwtDecoder.class); ReactiveJwtDecoder dslWiredJwtDecoder = mock(ReactiveJwtDecoder.class); context.registerBean(ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder); ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwt = http.oauth2ResourceServer().jwt(); jwt.jwtDecoder(dslWiredJwtDecoder); assertThat(jwt.getJwtDecoder()).isEqualTo(dslWiredJwtDecoder); }
@Test public void getJwtDecoderWhenTwoBeansWiredAndDslWiredThenDslTakesPrecedence() { GenericWebApplicationContext context = autowireWebServerGenericWebApplicationContext(); ServerHttpSecurity http = new ServerHttpSecurity(); http.setApplicationContext(context); ReactiveJwtDecoder beanWiredJwtDecoder = mock(ReactiveJwtDecoder.class); ReactiveJwtDecoder dslWiredJwtDecoder = mock(ReactiveJwtDecoder.class); context.registerBean("firstJwtDecoder", ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder); context.registerBean("secondJwtDecoder", ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder); ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwt = http.oauth2ResourceServer().jwt(); jwt.jwtDecoder(dslWiredJwtDecoder); assertThat(jwt.getJwtDecoder()).isEqualTo(dslWiredJwtDecoder); }
@Test public void getJwtDecoderWhenTwoBeansWiredThenThrowsWiringException() { GenericWebApplicationContext context = autowireWebServerGenericWebApplicationContext(); ServerHttpSecurity http = new ServerHttpSecurity(); http.setApplicationContext(context); ReactiveJwtDecoder beanWiredJwtDecoder = mock(ReactiveJwtDecoder.class); context.registerBean("firstJwtDecoder", ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder); context.registerBean("secondJwtDecoder", ReactiveJwtDecoder.class, () -> beanWiredJwtDecoder); ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwt = http.oauth2ResourceServer().jwt(); assertThatCode(() -> jwt.getJwtDecoder()) .isInstanceOf(NoUniqueBeanDefinitionException.class); }
@Test public void getJwtDecoderWhenNoBeansAndNoDslWiredThenWiringException() { GenericWebApplicationContext context = autowireWebServerGenericWebApplicationContext(); ServerHttpSecurity http = new ServerHttpSecurity(); http.setApplicationContext(context); ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwt = http.oauth2ResourceServer().jwt(); assertThatCode(() -> jwt.getJwtDecoder()) .isInstanceOf(NoSuchBeanDefinitionException.class); }
@Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) throws Exception { // @formatter:off http .authorizeExchange() .anyExchange().hasAuthority("SCOPE_message:read") .and() .oauth2ResourceServer() .jwt() .publicKey(publicKey()); // @formatter:on return http.build(); } }
@Bean SecurityWebFilterChain authorization(ServerHttpSecurity http) throws Exception { // @formatter:off http .authorizeExchange() .anyExchange().denyAll() .and() .oauth2ResourceServer() .jwt() .publicKey(publicKey()); // @formatter:on return http.build(); } }
@Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) throws Exception { // @formatter:off http .authorizeExchange() .anyExchange().hasAuthority("SCOPE_message:read") .and() .oauth2ResourceServer() .bearerTokenConverter(bearerTokenAuthenticationConverter()) .jwt() .publicKey(publicKey()); // @formatter:on return http.build(); }
@Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) throws Exception { // @formatter:off http .authorizeExchange() .anyExchange().hasAuthority("message:read") .and() .oauth2ResourceServer() .jwt() .jwtAuthenticationConverter(jwtAuthenticationConverter()) .publicKey(publicKey()); // @formatter:on return http.build(); }
@Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) throws Exception { // @formatter:off http .authorizeExchange() .pathMatchers("/authenticated").authenticated() .pathMatchers("/unobtainable").hasAuthority("unobtainable") .and() .oauth2ResourceServer() .accessDeniedHandler(new HttpStatusServerAccessDeniedHandler(HttpStatus.BANDWIDTH_LIMIT_EXCEEDED)) .authenticationEntryPoint(new HttpStatusServerEntryPoint(HttpStatus.I_AM_A_TEAPOT)) .jwt() .publicKey(publicKey()); // @formatter:on return http.build(); } }
@Bean public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity httpSecurity) { httpSecurity .authorizeExchange() .anyExchange() .authenticated() .and().oauth2Login() .and() .oauth2ResourceServer() .jwt(); return httpSecurity.build(); } }