Some OAuthLogin configuration improvements

Author: naturalprogrammer

spring-lemon-commons-reactive/src/main/java/com/naturalprogrammer/spring/lemon/commonsreactive/security/LemonCommonsReactiveSecurityConfig.java

@@ -8,8 +8,10 @@
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
+import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
 import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
 import org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler;
@@ -44,8 +46,8 @@ public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http)
 		return http
 			.securityContextRepository(NoOpServerSecurityContextRepository.getInstance())
 			.exceptionHandling()
-				.accessDeniedHandler(accessDeniedHandler())
-				.authenticationEntryPoint(authenticationEntryPoint())
+				.accessDeniedHandler((exchange, exception) -> Mono.error(exception))
+				.authenticationEntryPoint((exchange, exception) -> Mono.error(exception))
 			.and()
 				.cors()
 			.and()
@@ -86,7 +88,7 @@ protected AuthenticationWebFilter tokenAuthenticationFilter() {
 
 		AuthenticationWebFilter filter = new AuthenticationWebFilter(tokenAuthenticationManager());		
 		filter.setServerAuthenticationConverter(tokenAuthenticationConverter());
-		filter.setAuthenticationFailureHandler(authenticationFailureHandler());
+		filter.setAuthenticationFailureHandler((exchange, exception) -> Mono.error(exception));
 
 		return filter;
 	}
@@ -136,20 +138,4 @@ protected ServerAuthenticationConverter tokenAuthenticationConverter() {
 			return Mono.just(new UsernamePasswordAuthenticationToken(null, authorization.substring(LecUtils.TOKEN_PREFIX_LENGTH)));		
 		};
 	}
-	
-	protected ServerAuthenticationFailureHandler authenticationFailureHandler() {
-		
-		return (webFilterExchange, exception) -> Mono.error(exception);		
-	}
-	
-	protected ServerAccessDeniedHandler accessDeniedHandler() {
-		
-		return (exchange, exception) -> Mono.error(exception);
-	}
-	
-	protected ServerAuthenticationEntryPoint authenticationEntryPoint() {
-		
-		return (exchange, exception) -> Mono.error(exception);
-	}
-	
 }

spring-lemon-jpa/src/main/java/com/naturalprogrammer/spring/lemon/security/LemonJpaSecurityConfig.java

@@ -4,6 +4,7 @@
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 

spring-lemon-reactive/src/main/java/com/naturalprogrammer/spring/lemonreactive/security/LemonReactiveSecurityConfig.java

@@ -9,6 +9,7 @@
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.security.web.server.authentication.WebFilterChainServerAuthenticationSuccessHandler;
+import org.springframework.security.web.server.context.NoOpServerSecurityContextRepository;
 
 import com.naturalprogrammer.spring.lemon.commons.LemonProperties;
 import com.naturalprogrammer.spring.lemon.commons.security.BlueTokenService;
@@ -49,8 +50,9 @@ public LemonReactiveSecurityConfig(BlueTokenService blueTokenService,
 	protected void formLogin(ServerHttpSecurity http) {
 
 		http.formLogin()
+			.securityContextRepository(NoOpServerSecurityContextRepository.getInstance())
 			.loginPage(loginPage()) // Should be "/login" by default, but not providing that overwrites our AuthenticationFailureHandler, because this is called later 
-			.authenticationFailureHandler(authenticationFailureHandler())
+			.authenticationFailureHandler((exchange, exception) -> Mono.error(exception))
 			.authenticationSuccessHandler(new WebFilterChainServerAuthenticationSuccessHandler());
 	}
 
@@ -69,9 +71,10 @@ protected String loginPage() {
 	protected void oauth2Login(ServerHttpSecurity http) {
 
 		http.oauth2Login()
+			.securityContextRepository(NoOpServerSecurityContextRepository.getInstance())
 			.authorizedClientRepository(new ReactiveCookieServerOAuth2AuthorizedClientRepository(properties))
 			.authenticationSuccessHandler(reactiveOAuth2AuthenticationSuccessHandler)
-			.authenticationFailureHandler(this::onAuthenticationFailure);
+			.authenticationFailureHandler(this::onOauth2AuthenticationFailure);
 	}
 
 	@Override
@@ -88,7 +91,7 @@ protected Mono<UserDto> fetchUserDto(JWTClaimsSet claims) {
 			.map(AbstractMongoUser::toUserDto);
 	}
 
-	protected Mono<Void> onAuthenticationFailure(WebFilterExchange webFilterExchange, AuthenticationException exception) {
+	protected Mono<Void> onOauth2AuthenticationFailure(WebFilterExchange webFilterExchange, AuthenticationException exception) {
 
 		ReactiveCookieServerOAuth2AuthorizedClientRepository.deleteCookies(webFilterExchange.getExchange(),
 				LecUtils.AUTHORIZATION_REQUEST_COOKIE_NAME,