Comments (4)
Overloaded method oauth2ResourceServer() of org.springframework.security.config.annotation.web.builders.HttpSecurity with parameter org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties
Unfortunately, we can't do that as it would require Spring Security to depend on Spring Boot and we already have a dependency in the other direction.
Can you please take a step back and describe your goal in more detail? It would be very useful to see the code that you currently have to write to achieve your goal. From that we can then see what, if anything, Spring Boot may be able to do to make it easier.
from spring-boot.
I'm not sure it will works correctly, but I would like something like that:
properties.yaml
security:
tenants:
cat:
jwt:
issuer-uri: https://keycloak/auth/realms/cat
jwk-set-uri: https://keycloak/auth/realms/cat/protocol/openid-connect/certs
dog:
jwt:
issuer-uri: https://keycloak/auth/realms/dog
jwk-set-uri: https://keycloak/auth/realms/dog/protocol/openid-connect/certs
Properties class
@Value
@ConfigurationProperties("spring.security")
public class SecurityProperties {
public SecurityProperties(
String[] permitAll,
String[] denyAll,
User basic,
Map<String, OAuth2ResourceServerProperties> tenants
) {
this.permitAll = Optional.ofNullable(permitAll).orElse(new String[0]);
this.denyAll = Optional.ofNullable(denyAll).orElse(new String[0]);
this.basic= Optional.ofNullable(tech).orElse(new User("user", "password", List.of()));
this.tenants = Optional.ofNullable(tenants).orElse(Map.of());
}
String[] permitAll;
String[] denyAll;
User basic;
Map<String, OAuth2ResourceServerProperties> tenants;
}
Configuration
@Configuration
@RequiredArgsConstructor
public class SecurityConfiguration {
private final SecurityProperties properties;
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class);
authenticationManagerBuilder.inMemoryAuthentication().withUser(properties.getTech());
http
.cors(withDefaults())
.authorizeHttpRequests(config -> {
config
.requestMatchers(properties.getPermitAll()).permitAll()
.requestMatchers(properties.getDenyAll()).denyAll()
.anyRequest().authenticated();
}
)
.securityMatcher("/tech/**").authenticationManager(authenticationManagerBuilder.build())
.securityMatcher("**").oauth2ResourceServer(config -> config.jwt(withDefaults()));
properties.getTenants().forEach((tenant, config) -> http
.securityMatcher("/%s/**".formatted(tenant))
.oauth2ResourceServer(config)
);
return http.build();
}
}
from spring-boot.
As I said above, we can't have a Spring Security method (oauth2ResourceServer
in this case) that depends on a Spring Boot type.
At this point, I'm afraid that a possible solution such as the one that you have sketched out above isn't what we're looking for. What I would like to see is the code that you have to write today to solve your problem. That will, hopefully, help us to understand what you're trying to do and we can then consider if it's something that we want to make easier and, if we do, start thinking about how we could do it.
from spring-boot.
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.
from spring-boot.
Related Issues (20)
- JDK22 and GraalVM spring-boot:3.2.4:build-image failed: Builder lifecycle 'creator' failed with status code 51 HOT 1
- Graceful Shutdown behavior ambiguity in Reference Guide
- Clarify that all named properties must match for @ConditionalOnProperty to match HOT 2
- Getting 500 instead of 404 with integration tests when updating from Spring Boot 3.1.x to to 3.2.4 HOT 6
- Bump gradle/wrapper-validation-action from 2.1.1 to 2.1.2
- Bump gradle/wrapper-validation-action from 2.1.1 to 2.1.2
- Remove redundant Regex escapes
- Remove redundant Regex escapes
- Remove redundant Regex escapes
- Verify snapshots once they have been deployed
- Verify snapshots once they have been deployed
- Verify snapshots once they have been deployed
- Upgrade to Gradle Enterprise Conventions 0.0.16
- Reference Guides breadcrumb in page headers is not hyperlinked HOT 1
- Make it harder to misconfigure logging.threshold.console in yaml HOT 3
- Executable JAR application startup is much slower after 3.2.0 HOT 5
- bootBuildImage with Podman results in socket connection error HOT 11
- Problem with prometheus metrics and mongodb HOT 4
- Upgrade to Gradle Enterprise Conventions 0.0.16
- Upgrade to Gradle Enterprise Conventions 0.0.16
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-boot.