reactive impl for gh-151

ch4mpy · Nov 5, 2023 · 075c08f · 075c08f
1 parent 139339c
commit 075c08f
Show file tree

Hide file tree

Showing 4 changed files with 91 additions and 62 deletions.
diff --git a/README.MD b/README.MD
@@ -2,7 +2,7 @@ You can now **test your OAuth2 / OpenID knowledge with a dedicated quiz** availa
 
 7.x is a break through in usability: all 6 `spring-addons` Boot starters are merged into a single one: [`com.c4-soft.springaddons:spring-addons-starter-oidc`](https://repo1.maven.org/maven2/com/c4-soft/springaddons/spring-addons-starter-oidc/), and so are 4 of the test libs: [`com.c4-soft.springaddons:spring-addons-starter-oidc-test`](https://repo1.maven.org/maven2/com/c4-soft/springaddons/spring-addons-starter-oidc-test/). To use the test annotations without the starter, the dependency is unchanged: [`com.c4-soft.springaddons:spring-addons-oauth2-test`](https://repo1.maven.org/maven2/com/c4-soft/springaddons/spring-addons-oauth2-test/).
 
-Please follow the [migration guide](https://github.com/ch4mpy/spring-addons/blob/master/7.0.0-migration-guide.md) to move from `6.x` to `7.1.9`. There is no urge to do so on existing projects as 6.2.x patches should be published untill the end of 2023.
+Please follow the [migration guide](https://github.com/ch4mpy/spring-addons/blob/master/7.0.0-migration-guide.md) to move from `6.x` to `7.1.10`. There is no urge to do so on existing projects as 6.2.x patches should be published untill the end of 2023.
 
 All samples and tutorials sources are migrated to latest starter and test annotations, but some READMEs might still need a refresh. Please make sure you refer to source code for up to date configuration.
 
@@ -426,7 +426,7 @@ This starters are designed to push auto-configuration one step further. In most
 I could forget to update README before releasing, so please refer to [maven central](https://repo1.maven.org/maven2/com/c4-soft/springaddons/spring-addons/) to pick latest available release
 ```xml
     <properties>
-        <springaddons.version>7.1.9</springaddons.version>
+        <springaddons.version>7.1.10</springaddons.version>
     </properties>
     <dependencies>
 
@@ -462,6 +462,10 @@ I could forget to update README before releasing, so please refer to [maven cent
 
 ### 5.1. <a name="release-notes-7"/>`7.x` Branch
 
+#### `7.1.10`
+- Spring boot `3.1.5` as transcient dependency
+- [gh-151](https://github.com/ch4mpy/spring-addons/issues/151) scan application context for `authenticationEntryPoint` and `accessDeniedHandler` to auto-configure resource servers (default returns `401` for unauthorized requests instead of `302 redirect to login`).
+
 #### `7.1.9`
 - Spring boot `3.1.4` as transcient dependency
 - [gh-147](https://github.com/ch4mpy/spring-addons/issues/147) prevent addons test security conf to be auto-configured (complicates integration testing with test containers)

diff --git a/pom.xml b/pom.xml
@@ -62,7 +62,7 @@
 
 		<sonar-maven-plugin.version>3.9.1.2184</sonar-maven-plugin.version>
 
-		<spring-boot.version>3.1.4</spring-boot.version>
+		<spring-boot.version>3.1.5</spring-boot.version>
 
 		<hibernate.version>6.3.1.Final</hibernate.version>
 		<hibernate-enhance-maven-plugin.version>6.2.7.Final</hibernate-enhance-maven-plugin.version>

diff --git a/...com/c4_soft/springaddons/security/oidc/starter/reactive/ReactiveConfigurationSupport.java b/...com/c4_soft/springaddons/security/oidc/starter/reactive/ReactiveConfigurationSupport.java
@@ -3,9 +3,11 @@
 import static org.springframework.security.config.Customizer.withDefaults;
 
 import java.util.Arrays;
+import java.util.Optional;
 
 import org.springframework.boot.autoconfigure.web.ServerProperties;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
 import org.springframework.security.web.server.authorization.ServerAccessDeniedHandler;
 import org.springframework.security.web.server.context.NoOpServerSecurityContextRepository;
 import org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository;
@@ -28,15 +30,19 @@ public static ServerHttpSecurity configureResourceServer(
 			ServerHttpSecurity http,
 			ServerProperties serverProperties,
 			SpringAddonsOidcResourceServerProperties addonsResourceServerProperties,
-			ServerAccessDeniedHandler accessDeniedHandler,
+			ServerAuthenticationEntryPoint authenticationEntryPoint,
+			Optional<ServerAccessDeniedHandler> accessDeniedHandler,
 			ResourceServerAuthorizeExchangeSpecPostProcessor authorizePostProcessor,
 			ResourceServerHttpSecurityPostProcessor httpPostProcessor) {
 
 		ReactiveConfigurationSupport.configureCors(http, addonsResourceServerProperties.getCors());
 		ReactiveConfigurationSupport.configureState(http, addonsResourceServerProperties.isStatlessSessions(), addonsResourceServerProperties.getCsrf());
 		ReactiveConfigurationSupport.configureAccess(http, addonsResourceServerProperties.getPermitAll());
 
-		http.exceptionHandling(handling -> handling.accessDeniedHandler(accessDeniedHandler));
+		http.exceptionHandling(handling -> {
+			handling.authenticationEntryPoint(authenticationEntryPoint);
+			accessDeniedHandler.ifPresent(handling::accessDeniedHandler);
+		});
 
 		if (serverProperties.getSsl() != null && serverProperties.getSsl().isEnabled()) {
 			http.redirectToHttps(withDefaults());