Add HttpSecurity.oauth2AuthorizationServer()

Issue gh-17880

Author: jgrandja

config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java

@@ -71,6 +71,7 @@
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer;
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer;
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer;
+import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer;
 import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
 import org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer;
 import org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer;
@@ -1552,6 +1553,23 @@ public HttpSecurity oauth2ResourceServer(
 		return HttpSecurity.this;
 	}
 
+	/**
+	 * Configures OAuth 2.1 Authorization Server support.
+	 * @param oauth2AuthorizationServerCustomizer the {@link Customizer} providing access
+	 * to the {@link OAuth2AuthorizationServerConfigurer} for further customizations
+	 * @return the {@link HttpSecurity} for further customizations
+	 * @throws Exception
+	 * @since 7.0
+	 * @see <a target="_blank" href=
+	 * "https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-13.html">OAuth 2.1
+	 * Authorization Framework</a>
+	 */
+	public HttpSecurity oauth2AuthorizationServer(
+			Customizer<OAuth2AuthorizationServerConfigurer> oauth2AuthorizationServerCustomizer) throws Exception {
+		oauth2AuthorizationServerCustomizer.customize(getOrApply(new OAuth2AuthorizationServerConfigurer()));
+		return HttpSecurity.this;
+	}
+
 	/**
 	 * Configures One-Time Token Login Support.
 	 *

config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java

@@ -40,7 +40,7 @@
 import org.springframework.security.web.SecurityFilterChain;
 
 /**
- * {@link Configuration} for OAuth 2.0 Authorization Server support.
+ * {@link Configuration} for OAuth 2.1 Authorization Server support.
  *
  * @author Joe Grandja
  * @since 7.0
@@ -53,11 +53,8 @@ public class OAuth2AuthorizationServerConfiguration {
 	@Order(Ordered.HIGHEST_PRECEDENCE)
 	public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
 		// @formatter:off
-		OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-				OAuth2AuthorizationServerConfigurer.authorizationServer();
 		http
-			.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
-			.with(authorizationServerConfigurer, Customizer.withDefaults())
+			.oauth2AuthorizationServer(Customizer.withDefaults())
 			.authorizeHttpRequests((authorize) ->
 				authorize.anyRequest().authenticated()
 			);

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.java

@@ -60,7 +60,7 @@
 import org.springframework.util.Assert;
 
 /**
- * An {@link AbstractHttpConfigurer} for OAuth 2.0 Authorization Server support.
+ * An {@link AbstractHttpConfigurer} for OAuth 2.1 Authorization Server support.
  *
  * @author Joe Grandja
  * @author Daniel Garnier-Moiroux
@@ -91,16 +91,6 @@ public final class OAuth2AuthorizationServerConfigurer
 
 	private RequestMatcher endpointsMatcher;
 
-	/**
-	 * Returns a new instance of {@link OAuth2AuthorizationServerConfigurer} for
-	 * configuring.
-	 * @return a new instance of {@link OAuth2AuthorizationServerConfigurer} for
-	 * configuring
-	 */
-	public static OAuth2AuthorizationServerConfigurer authorizationServer() {
-		return new OAuth2AuthorizationServerConfigurer();
-	}
-
 	/**
 	 * Sets the repository of registered clients.
 	 * @param registeredClientRepository the repository of registered clients
@@ -383,6 +373,8 @@ public void init(HttpSecurity httpSecurity) throws Exception {
 					new OrRequestMatcher(preferredMatchers));
 		}
 
+		httpSecurity.securityMatchers((securityMatchers) -> securityMatchers.requestMatchers(this.endpointsMatcher));
+
 		httpSecurity.csrf((csrf) -> csrf.ignoringRequestMatchers(this.endpointsMatcher));
 
 		OidcConfigurer oidcConfigurer = getConfigurer(OidcConfigurer.class);

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationCodeGrantTests.java

@@ -1271,11 +1271,8 @@ static class AuthorizationServerConfigurationWithSecurityContextRepository
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
-					.with(authorizationServerConfigurer, Customizer.withDefaults())
+					.oauth2AuthorizationServer(Customizer.withDefaults())
 					.authorizeHttpRequests((authorize) ->
 							authorize.anyRequest().authenticated()
 					)
@@ -1331,11 +1328,8 @@ static class AuthorizationServerConfigurationCustomConsentPage extends Authoriza
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
-					.with(authorizationServerConfigurer, (authorizationServer) ->
+					.oauth2AuthorizationServer((authorizationServer) ->
 							authorizationServer
 									.authorizationEndpoint((authorizationEndpoint) ->
 											authorizationEndpoint.consentPage(consentPage))
@@ -1359,11 +1353,8 @@ static class AuthorizationServerConfigurationCustomConsentRequest extends Author
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
-					.with(authorizationServerConfigurer, (authorizationServer) ->
+					.oauth2AuthorizationServer((authorizationServer) ->
 							authorizationServer
 									.authorizationEndpoint((authorizationEndpoint) ->
 											authorizationEndpoint.authenticationProviders(configureAuthenticationProviders()))
@@ -1446,11 +1437,8 @@ static class AuthorizationServerConfigurationCustomAuthorizationEndpoint extends
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
-					.with(authorizationServerConfigurer, (authorizationServer) ->
+					.oauth2AuthorizationServer((authorizationServer) ->
 							authorizationServer
 									.authorizationEndpoint((authorizationEndpoint) ->
 											authorizationEndpoint
@@ -1490,11 +1478,8 @@ static class AuthorizationServerConfigurationWithPushedAuthorizationRequests
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
-					.with(authorizationServerConfigurer, (authorizationServer) ->
+					.oauth2AuthorizationServer((authorizationServer) ->
 							authorizationServer
 									.pushedAuthorizationRequestEndpoint(Customizer.withDefaults())
 					)

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerMetadataTests.java

@@ -193,11 +193,8 @@ static class AuthorizationServerConfigurationWithMetadataCustomizer extends Auth
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
-					.with(authorizationServerConfigurer, (authorizationServer) ->
+					.oauth2AuthorizationServer((authorizationServer) ->
 							authorizationServer
 									.authorizationServerMetadataEndpoint((authorizationServerMetadataEndpoint) ->
 											authorizationServerMetadataEndpoint

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2ClientCredentialsGrantTests.java

@@ -596,11 +596,8 @@ static class AuthorizationServerConfigurationCustomTokenEndpoint extends Authori
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
-					.with(authorizationServerConfigurer, (authorizationServer) ->
+					.oauth2AuthorizationServer((authorizationServer) ->
 							authorizationServer
 									.tokenEndpoint((tokenEndpoint) ->
 											tokenEndpoint
@@ -640,11 +637,8 @@ static class AuthorizationServerConfigurationCustomClientAuthentication extends
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
 			authenticationSuccessHandler = spy(authenticationSuccessHandler());
 
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
-					.with(authorizationServerConfigurer, (authorizationServer) ->
+					.oauth2AuthorizationServer((authorizationServer) ->
 							authorizationServer
 									.clientAuthentication((clientAuthentication) ->
 											clientAuthentication

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2RefreshTokenGrantTests.java

@@ -542,11 +542,8 @@ static class AuthorizationServerConfigurationWithPublicClientAuthentication
 		SecurityFilterChain authorizationServerSecurityFilterChain(
 				HttpSecurity http, RegisteredClientRepository registeredClientRepository) throws Exception {
 
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
-					.with(authorizationServerConfigurer, (authorizationServer) ->
+					.oauth2AuthorizationServer((authorizationServer) ->
 							authorizationServer
 									.clientAuthentication((clientAuthentication) ->
 											clientAuthentication

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenIntrospectionTests.java

@@ -575,11 +575,8 @@ static class AuthorizationServerConfigurationCustomTokenIntrospectionEndpoint
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
-					.with(authorizationServerConfigurer, (authorizationServer) ->
+					.oauth2AuthorizationServer((authorizationServer) ->
 							authorizationServer
 									.tokenIntrospectionEndpoint((tokenIntrospectionEndpoint) ->
 											tokenIntrospectionEndpoint

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenRevocationTests.java

@@ -375,11 +375,8 @@ static class AuthorizationServerConfigurationCustomTokenRevocationEndpoint
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
-					.with(authorizationServerConfigurer, (authorizationServer) ->
+					.oauth2AuthorizationServer((authorizationServer) ->
 							authorizationServer
 									.tokenRevocationEndpoint((tokenRevocationEndpoint) ->
 											tokenRevocationEndpoint

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcClientRegistrationTests.java

@@ -650,11 +650,8 @@ static class CustomClientRegistrationConfiguration extends AuthorizationServerCo
 		@Bean
 		@Override
 		public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
-					.with(authorizationServerConfigurer, (authorizationServer) ->
+					.oauth2AuthorizationServer((authorizationServer) ->
 							authorizationServer
 									.oidc((oidc) ->
 											oidc
@@ -686,11 +683,8 @@ static class CustomClientMetadataConfiguration extends AuthorizationServerConfig
 		@Bean
 		@Override
 		public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
-					.with(authorizationServerConfigurer, (authorizationServer) ->
+					.oauth2AuthorizationServer((authorizationServer) ->
 							authorizationServer
 									.oidc((oidc) ->
 											oidc
@@ -730,11 +724,8 @@ static class ClientSecretExpirationConfiguration extends AuthorizationServerConf
 		@Bean
 		@Override
 		public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
-					.with(authorizationServerConfigurer, (authorizationServer) ->
+					.oauth2AuthorizationServer((authorizationServer) ->
 							authorizationServer
 									.oidc((oidc) ->
 											oidc
@@ -771,11 +762,8 @@ static class AuthorizationServerConfiguration {
 		// @formatter:off
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-					OAuth2AuthorizationServerConfigurer.authorizationServer();
 			http
-					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
-					.with(authorizationServerConfigurer, (authorizationServer) ->
+					.oauth2AuthorizationServer((authorizationServer) ->
 							authorizationServer
 									.oidc((oidc) ->
 											oidc