Coderic
diff --git a/‎pom.xml
Lines changed: 1 addition & 2 deletions b/‎pom.xml
Lines changed: 1 addition & 2 deletions
diff --git a/‎src/main/java/net/coderic/core/api/config/ClientRegistrationIdResolverConfiguration.java
Lines changed: 0 additions & 89 deletions b/‎src/main/java/net/coderic/core/api/config/ClientRegistrationIdResolverConfiguration.java
Lines changed: 0 additions & 89 deletions
diff --git a/‎src/main/java/net/coderic/core/api/config/PrincipalResolverConfiguration.java
Lines changed: 0 additions & 35 deletions b/‎src/main/java/net/coderic/core/api/config/PrincipalResolverConfiguration.java
Lines changed: 0 additions & 35 deletions
diff --git a/‎src/main/java/net/coderic/core/api/config/RestClientConfiguration.java
Lines changed: 0 additions & 77 deletions b/‎src/main/java/net/coderic/core/api/config/RestClientConfiguration.java
Lines changed: 0 additions & 77 deletions
diff --git a/‎src/main/java/net/coderic/core/api/config/SecurityConfiguration.java
Lines changed: 23 additions & 8 deletions b/‎src/main/java/net/coderic/core/api/config/SecurityConfiguration.java
Lines changed: 23 additions & 8 deletions
diff --git a/‎src/main/java/net/coderic/core/api/controllers/TestController.java
Lines changed: 20 additions & 0 deletions b/‎src/main/java/net/coderic/core/api/controllers/TestController.java
Lines changed: 20 additions & 0 deletions
@@ -34,8 +34,7 @@
 	<dependencies>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-oauth2-client</artifactId>
-			<version>3.4.1</version>
+			<artifactId>spring-boot-starter-security</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 
@@ -8,6 +8,9 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.oauth2.jwt.JwtDecoder;
+import org.springframework.security.oauth2.jwt.JwtDecoders;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
 import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
@@ -53,15 +56,15 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                         .sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
                         .maximumSessions(10)
                 )
-
+/*
                 .oauth2Client(Customizer.withDefaults())
 
         .oauth2Login((oauth2Login) -> oauth2Login
                 //.loginPage()
                         .loginProcessingUrl("/swagger-ui/index.html")
 
                 //.loginPage(this.loginPage)
-        )
+        )*/
                 /*
         .logout((logout) -> logout
                 .logoutUrl("/logout")
@@ -84,12 +87,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                 .deleteCookies()
                 .permitAll()
         )*/
-        .formLogin(httpSecurityFormLoginConfigurer -> httpSecurityFormLoginConfigurer
-                        .loginPage("/login").permitAll()
-                        .defaultSuccessUrl("/index"))
-        .logout(httpSecurityLogoutConfigurer -> httpSecurityLogoutConfigurer.permitAll()
-                .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
-                .logoutSuccessUrl("/login"))
+
         .headers(headers -> headers
             .httpStrictTransportSecurity((hsts) -> hsts
                     .includeSubDomains(true)
@@ -99,6 +97,13 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
             .addHeaderWriter(
                     new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.DENY)
             )
+        )
+            .oauth2ResourceServer(oauth2 -> oauth2
+                    .jwt(jwt -> jwt
+                            .jwkSetUri("https://auth.coderic.org/.well-known/jwks.json")
+                            .jwtAuthenticationConverter(jwtAuthenticationConverter()
+                    )
+            )
         )
         .requiresChannel(
                 channel -> channel
@@ -120,4 +125,14 @@ public CorsConfigurationSource corsConfigurationSource() {
         source.registerCorsConfiguration("/**", configuration); // allow all paths
         return source;
     }
+
+    private JwtAuthenticationConverter jwtAuthenticationConverter() {
+        JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
+        // Configura cómo deseas mapear los claims del token JWT a roles/autorizaciones
+        return converter;
+    }
+    @Bean
+    public JwtDecoder jwtDecoder() {
+        return JwtDecoders.fromIssuerLocation("https://auth.coderic.org/");
+    }
 }
@@ -0,0 +1,20 @@
+package net.coderic.core.api.controllers;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("")
+public class TestController {
+
+    @GetMapping("/protected")
+    public String protectedEndpoint() {
+        return "¡Acceso permitido! Este endpoint está protegido por OAuth2.";
+    }
+
+    @GetMapping("/public")
+    public String publicEndpoint() {
+        return "Este endpoint es público.";
+    }
+}