search

Azure / azure-sdk-for-java

This repository is for active development of the Azure SDK for Java. For consumers of the SDK we recommend visiting our public developer docs at https://docs.microsoft.com/java/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-java.
MIT License
2.35k stars 1.98k forks source link

[FEATURE REQ] Improve AadAuthenticationFilterAutoConfiguration dependencies #32509

Open moarychan opened 1 year ago

moarychan commented 1 year ago

Context

Currently, SCA provides the configuration AadAuthenticationFilterAutoConfiguration to support resource server scenarios, but there's a condition @ConditionalOnMissingClass({ "org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken" }) to block using the resource server dependencies, SCA should improve this limitation.

Goal

Make the configuration AadAuthenticationFilterAutoConfiguration enabled when the resource server dependencies exist.

chenrujun commented 1 year ago

but there's a condition @ConditionalOnMissingClass({ "org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken" }) to block using the resource server

IMU, it's designed by purpose. When using spring-security-oauth2-resource-server (BearerTokenAuthenticationToken), AadAuthenticationFilterAutoConfiguration should not be enabled.

AadAuthenticationFilterAutoConfiguration is a method to implement resource-server, spring-security-oauth2-resource-server is another way to implement resource-server. The 2 methods should not work at the same time.

This is first added in this commit by @moarychan .