From 7fc3ee95e48eba2009beb135c5fbec0e7c2a10e1 Mon Sep 17 00:00:00 2001
From: anuragkumawat <anuragkumawat7@gmail.com>
Date: Thu, 17 Nov 2022 23:43:42 +0530
Subject: [PATCH] JAVA-15686 Update spring-cloud-security module under
 spring-cloud-modules to remove usage of deprecated
 WebSecurityConfigurerAdapter (#12987)

---
 .../spring-cloud-security/auth-client/pom.xml |  4 ++
 .../config/SiteSecurityConfigurer.java        | 48 +++++++++++--------
 .../src/main/resources/application.yml        | 24 ++++++----
 3 files changed, 46 insertions(+), 30 deletions(-)

diff --git a/spring-cloud-modules/spring-cloud-security/auth-client/pom.xml b/spring-cloud-modules/spring-cloud-security/auth-client/pom.xml
index 1ec56ce9ef..e8a0a1666e 100644
--- a/spring-cloud-modules/spring-cloud-security/auth-client/pom.xml
+++ b/spring-cloud-modules/spring-cloud-security/auth-client/pom.xml
@@ -65,6 +65,10 @@
             <groupId>org.springframework.security.oauth.boot</groupId>
             <artifactId>spring-security-oauth2-autoconfigure</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-client</artifactId>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/spring-cloud-modules/spring-cloud-security/auth-client/src/main/java/com/baeldung/config/SiteSecurityConfigurer.java b/spring-cloud-modules/spring-cloud-security/auth-client/src/main/java/com/baeldung/config/SiteSecurityConfigurer.java
index 217edb22fb..33cac65b11 100644
--- a/spring-cloud-modules/spring-cloud-security/auth-client/src/main/java/com/baeldung/config/SiteSecurityConfigurer.java
+++ b/spring-cloud-modules/spring-cloud-security/auth-client/src/main/java/com/baeldung/config/SiteSecurityConfigurer.java
@@ -1,27 +1,26 @@
 package com.baeldung.config;
 
-import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.boot.web.client.RestTemplateBuilder;
 import org.springframework.cloud.netflix.zuul.EnableZuulProxy;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.client.ClientHttpRequestInterceptor;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.oauth2.client.OAuth2ClientContext;
-import org.springframework.security.oauth2.client.OAuth2RestOperations;
-import org.springframework.security.oauth2.client.OAuth2RestTemplate;
-import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
+import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
+import org.springframework.web.client.RestOperations;
 
 @EnableZuulProxy
 @Configuration
-@EnableOAuth2Sso
-public class SiteSecurityConfigurer
-    extends
-        WebSecurityConfigurerAdapter {
+public class SiteSecurityConfigurer {
 
-    @Override
-    protected void configure(HttpSecurity http)
-        throws Exception {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.antMatcher("/**")
             .authorizeRequests()
             .antMatchers("/", "/webjars/**")
@@ -34,16 +33,23 @@ public class SiteSecurityConfigurer
             .permitAll()
             .and()
             .csrf()
-            .csrfTokenRepository(
-                CookieCsrfTokenRepository
-                    .withHttpOnlyFalse());
+            .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
+            .and()
+            .oauth2Login();
+        return http.build();
     }
 
     @Bean
-    public OAuth2RestOperations restOperations(
-        OAuth2ProtectedResourceDetails resource,
-        OAuth2ClientContext context) {
-        return new OAuth2RestTemplate(resource, context);
+    public RestOperations restTemplate(OAuth2AuthorizedClientService clientService) {
+        return new RestTemplateBuilder().interceptors((ClientHttpRequestInterceptor) (httpRequest, bytes, execution) -> {
+            OAuth2AuthenticationToken token = OAuth2AuthenticationToken.class.cast(SecurityContextHolder.getContext()
+                .getAuthentication());
+            OAuth2AuthorizedClient client = clientService.loadAuthorizedClient(token.getAuthorizedClientRegistrationId(), token.getName());
+            httpRequest.getHeaders()
+                .add(HttpHeaders.AUTHORIZATION, "Bearer " + client.getAccessToken()
+                    .getTokenValue());
+            return execution.execute(httpRequest, bytes);
+        })
+            .build();
     }
-
 }
diff --git a/spring-cloud-modules/spring-cloud-security/auth-client/src/main/resources/application.yml b/spring-cloud-modules/spring-cloud-security/auth-client/src/main/resources/application.yml
index 69617555d9..f3aae6bef0 100644
--- a/spring-cloud-modules/spring-cloud-security/auth-client/src/main/resources/application.yml
+++ b/spring-cloud-modules/spring-cloud-security/auth-client/src/main/resources/application.yml
@@ -6,15 +6,21 @@ server:
     context-path: /
 
 # Configure the Authorization Server and User Info Resource Server details
-security:
-  oauth2:
-    client:
-      accessTokenUri: http://localhost:7070/authserver/oauth/token
-      userAuthorizationUri: http://localhost:7070/authserver/oauth/authorize
-      clientId: authserver
-      clientSecret: passwordforauthserver
-    resource:
-      userInfoUri: http://localhost:9000/user
+spring:
+  security:
+    oauth2:
+      client:
+        registration:
+          baeldung:
+            client-id: authserver
+            client-secret: passwordforauthserver
+            authorization-grant-type: authorization_code
+            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
+        provider:
+          baeldung:
+            token-uri: http://localhost:7070/authserver/oauth/token
+            authorization-uri: http://localhost:7070/authserver/oauth/authorize
+            user-info-uri: http://localhost:9000/user
 
 person:
   url: http://localhost:9000/person