diff --git a/hideout/hideout-core/src/main/kotlin/dev/usbharu/hideout/core/config/SecurityConfig.kt b/hideout/hideout-core/src/main/kotlin/dev/usbharu/hideout/core/config/SecurityConfig.kt
index d0b071ca..81f3e808 100644
--- a/hideout/hideout-core/src/main/kotlin/dev/usbharu/hideout/core/config/SecurityConfig.kt
+++ b/hideout/hideout-core/src/main/kotlin/dev/usbharu/hideout/core/config/SecurityConfig.kt
@@ -45,7 +45,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType
import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository
-import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer
@@ -65,8 +65,16 @@ class SecurityConfig {
@Bean
@Order(1)
fun oauth2Provider(http: HttpSecurity): SecurityFilterChain {
- OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http)
+ val authorizationServer = OAuth2AuthorizationServerConfigurer.authorizationServer()
http {
+ securityMatcher(authorizationServer.endpointsMatcher)
+ with(authorizationServer) {
+ authorizationEndpoint {
+ }
+ }
+ authorizeHttpRequests {
+ authorize(anyRequest, authenticated)
+ }
exceptionHandling {
authenticationEntryPoint = LoginUrlAuthenticationEntryPoint("/auth/sign_in")
}