Order highest precedence for OAuth2AuthorizationServerSecurity

Closes gh-103
2020-09-03 06:05:42 -04:00 · 2020-09-03 06:05:42 -04:00 · 5a030568ce
commit 5a030568ce
parent 72ec2633f8
2 changed files with 42 additions and 0 deletions
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2AuthorizationServerSecurity.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2AuthorizationServerSecurity.java
@ -15,6 +15,8 @@
 */
 package org.springframework.security.config.annotation.web.configuration;

+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer;
@ -31,6 +33,7 @@ import static org.springframework.security.config.Customizer.withDefaults;
 * @author Joe Grandja
 * @since 0.0.1
 */
+@Order(Ordered.HIGHEST_PRECEDENCE)
 public class OAuth2AuthorizationServerSecurity extends WebSecurityConfigurerAdapter {

 	// @formatter:off
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2AuthorizationServerSecurityTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2AuthorizationServerSecurityTests.java
@ -0,0 +1,39 @@
+/*
+ * Copyright 2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.config.annotation.web.configuration;
+
+import org.junit.Test;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.OrderUtils;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * Tests for {@link OAuth2AuthorizationServerSecurity}.
+ *
+ * @author Joe Grandja
+ */
+public class OAuth2AuthorizationServerSecurityTests {
+
+	@Test
+	public void assertOrderHighestPrecedence() {
+		Integer authorizationServerSecurityOrder = OrderUtils.getOrder(OAuth2AuthorizationServerSecurity.class);
+		Integer defaultSecurityOrder = OrderUtils.getOrder(WebSecurityConfigurerAdapter.class);
+		assertThat(authorizationServerSecurityOrder).isNotEqualTo(defaultSecurityOrder);
+		assertThat(authorizationServerSecurityOrder).isEqualTo(Ordered.HIGHEST_PRECEDENCE);
+	}
+
+}