Package com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver

Class SpringAddonsOidcResourceServerBeans

java.lang.Object

com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.SpringAddonsOidcResourceServerBeans

@ConditionalOnWebApplication(type=SERVLET)
@Conditional(IsOidcResourceServerCondition.class)
@EnableWebSecurity
@AutoConfiguration
@ImportAutoConfiguration(SpringAddonsOidcBeans.class)
public class SpringAddonsOidcResourceServerBeans
extends Object

Usage
If not using spring-boot, @Import or @ComponentScan this class. All beans defined here are @ConditionalOnMissingBean => just define your own @Beans to override.

Provided @Beans

• springAddonsResourceServerSecurityFilterChain: applies CORS, CSRF, anonymous, sessionCreationPolicy, SSL, redirect and 401 instead of redirect to login as defined in SpringAddonsSecurityProperties
• authorizePostProcessor: a bean of type ResourceServerExpressionInterceptUrlRegistryPostProcessor to fine tune access control from java configuration. It applies to all routes not listed in "permit-all" property configuration. Default requires users to be authenticated. This is a bean to provide in your application configuration if you prefer to define fine-grained access control rules with Java configuration rather than methods security.
• httpPostProcessor: a bean of type ResourceServerSynchronizedHttpSecurityPostProcessor to override anything from above auto-configuration. It is called just before the security filter-chain is returned. Default is a no-op.
• jwtAuthenticationConverter: a converter from a Jwt to something inheriting from AbstractAuthenticationToken. The default instantiate a JwtAuthenticationToken with username and authorities as configured for the issuer of thi token. The easiest to override the type of AbstractAuthenticationToken, is to provide with an Converter<Jwt, ? extends AbstractAuthenticationToken> bean.
• authenticationManagerResolver: to accept authorities from more than one issuer, the recommended way is to provide an org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> supporting it. Default keeps a JwtAuthenticationProvider with its own JwtDecoder for each issuer.

Author:

Jerome Wacongne ch4mp@c4-soft.com

Constructor Summary

Constructors

Constructor	Description
SpringAddonsOidcResourceServerBeans()

Method Summary

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SpringAddonsOidcResourceServerBeans

public SpringAddonsOidcResourceServerBeans()