DEVHIDE
Login Or Sign up

Spring Security: Purpose of .oauth2Client(withDefaults()); in HttpSecurity

1.8k Views Asked by At

This is from the doc

public HttpSecurity oauth2Client​(Customizer<OAuth2ClientConfigurer> oauth2ClientCustomizer) throws java.lang.Exception

Configures OAuth 2.0 Client support.

Example Configuration

The following example demonstrates how to enable OAuth 2.0 Client support for all endpoints.

 @Configuration
 @EnableWebSecurity
 public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests((authorizeRequests) ->
                                authorizeRequests
                                        .anyRequest().authenticated()
                        )
                        .oauth2Client(withDefaults());
        }
 }

Parameters: auth2ClientCustomizer - the Customizer to provide more options for the OAuth2ClientConfigurer

Returns: the HttpSecurity for further customizations

The thing I understood is any requests coming to this server should be authenticated.

How does .oauth2Client(withDefaults()); help in this case?

If I'm not wrong, an oAuth2 client is the one sending the requet, what can we actually configure about this? The documentation doesnt really explain much.

java spring-boot spring-security oauth-2.0 spring-boot-starter-oauth2-client
Original Q&A
2

There are 2 best solutions below

0
sigur On BEST ANSWER

The http instance of HttpSecurity is a "bean settings server/application side".

Its method oauth2Client is not related to client configurations, but how and where the server/application should handle them.

Example:

  • Which clients have been authorized
  • Where to store authorized clients
  • How to authorize clients
  • How to remove an old authorized client
0
George On

I think here , you can find more details about oauth2Client defaults .

@EnableWebSecurity
public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .oauth2Client(oauth2Client ->
                oauth2Client
                    .clientRegistrationRepository(this.clientRegistrationRepository())
                    .authorizedClientRepository(this.authorizedClientRepository())
                    .authorizedClientService(this.authorizedClientService())
                    .authorizationCodeGrant(authorizationCodeGrant ->
                        authorizationCodeGrant
                            .authorizationRequestRepository(this.authorizationRequestRepository())
                            .authorizationRequestResolver(this.authorizationRequestResolver())
                            .accessTokenResponseClient(this.accessTokenResponseClient())
                    )
            );
    }
}

Related Questions in JAVA

Related Questions in SPRING-BOOT

Related Questions in SPRING-SECURITY

Related Questions in OAUTH-2.0

Related Questions in SPRING-BOOT-STARTER-OAUTH2-CLIENT

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.