• Home
• org.springframework.security
• spring-security-config
• 6.2.3
• source code
• OAuth2ResourceServerDsl.kt

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.springframework.security.config.annotation.web.OAuth2ResourceServerDsl.kt Maven / Gradle / Ivy

/*
 * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.springframework.security.config.annotation.web

import org.springframework.security.authentication.AuthenticationManagerResolver
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.oauth2.resourceserver.JwtDsl
import org.springframework.security.config.annotation.web.oauth2.resourceserver.OpaqueTokenDsl
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver
import org.springframework.security.web.AuthenticationEntryPoint
import org.springframework.security.web.access.AccessDeniedHandler
import jakarta.servlet.http.HttpServletRequest

/**
 * A Kotlin DSL to configure [HttpSecurity] OAuth 2.0 resource server support using
 * idiomatic Kotlin code.
 *
 * @author Eleftheria Stein
 * @since 5.3
 * @property accessDeniedHandler the [AccessDeniedHandler] to use for requests authenticating
 * with Bearer Tokens.
 * @property authenticationEntryPoint the [AuthenticationEntryPoint] to use for requests authenticating
 * with Bearer Tokens.
 * @property bearerTokenResolver the [BearerTokenResolver] to use for requests authenticating
 * with Bearer Tokens.
 */
@SecurityMarker
class OAuth2ResourceServerDsl {
    var accessDeniedHandler: AccessDeniedHandler? = null
    var authenticationEntryPoint: AuthenticationEntryPoint? = null
    var bearerTokenResolver: BearerTokenResolver? = null
    var authenticationManagerResolver: AuthenticationManagerResolver? = null

    private var jwt: ((OAuth2ResourceServerConfigurer.JwtConfigurer) -> Unit)? = null
    private var opaqueToken: ((OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer) -> Unit)? = null

    /**
     * Enables JWT-encoded bearer token support.
     *
     * Example:
     *
     * ```
     * @Configuration
     * @EnableWebSecurity
     * class SecurityConfig {
     *
     *     @Bean
     *     fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
     *         http {
     *             oauth2ResourceServer {
     *                 jwt {
     *                     jwkSetUri = "https://example.com/oauth2/jwk"
     *                 }
     *             }
     *         }
     *         return http.build()
     *     }
     * }
     * ```
     *
     * @param jwtConfig custom configurations to configure JWT resource server support
     * @see [JwtDsl]
     */
    fun jwt(jwtConfig: JwtDsl.() -> Unit) {
        this.jwt = JwtDsl().apply(jwtConfig).get()
    }

    /**
     * Enables opaque token support.
     *
     * Example:
     *
     * ```
     * @Configuration
     * @EnableWebSecurity
     * class SecurityConfig {
     *
     *     @Bean
     *     fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
     *         http {
     *             oauth2ResourceServer {
     *                 opaqueToken { }
     *             }
     *         }
     *         return http.build()
     *     }
     * }
     * ```
     *
     * @param opaqueTokenConfig custom configurations to configure opaque token resource server support
     * @see [OpaqueTokenDsl]
     */
    fun opaqueToken(opaqueTokenConfig: OpaqueTokenDsl.() -> Unit) {
        this.opaqueToken = OpaqueTokenDsl().apply(opaqueTokenConfig).get()
    }

    internal fun get(): (OAuth2ResourceServerConfigurer) -> Unit {
        return { oauth2ResourceServer ->
            accessDeniedHandler?.also { oauth2ResourceServer.accessDeniedHandler(accessDeniedHandler) }
            authenticationEntryPoint?.also { oauth2ResourceServer.authenticationEntryPoint(authenticationEntryPoint) }
            bearerTokenResolver?.also { oauth2ResourceServer.bearerTokenResolver(bearerTokenResolver) }
            authenticationManagerResolver?.also { oauth2ResourceServer.authenticationManagerResolver(authenticationManagerResolver) }
            jwt?.also { oauth2ResourceServer.jwt(jwt) }
            opaqueToken?.also { oauth2ResourceServer.opaqueToken(opaqueToken) }
        }
    }
}