From 71f22ca16efa350002662b754e91e3b34803f3dd Mon Sep 17 00:00:00 2001
From: henkej <joerg.henke@uni-greifswald.de>
Date: Thu, 18 Dec 2025 09:21:30 +0100
Subject: [PATCH] upgrade to spring boot 4

---
 build.gradle                                          |  3 +++
 .../timetrack/config/SecurityConfiguration.java       | 11 +++++++++++
 2 files changed, 14 insertions(+)

diff --git a/build.gradle b/build.gradle
index 752b167..cce98d4 100644
--- a/build.gradle
+++ b/build.gradle
@@ -40,11 +40,14 @@ dependencies {
   implementation 'org.springframework.boot:spring-boot-starter-security'
   implementation "org.springframework.boot:spring-boot-starter-oauth2-client"
   implementation 'org.springframework.security:spring-security-oauth2-authorization-server'
+  implementation 'org.springframework.security:spring-security-oauth2-jose'
   implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
   implementation 'org.springframework.boot:spring-boot-starter-web'
   implementation 'org.springframework.boot:spring-boot-starter-test'
   implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity6'
 
+  implementation 'commons-logging:commons-logging'
+
   implementation 'nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect:latest.release'
 
   runtimeOnly 'org.postgresql:postgresql'
diff --git a/src/main/java/de/jottyfan/timetrack/config/SecurityConfiguration.java b/src/main/java/de/jottyfan/timetrack/config/SecurityConfiguration.java
index e18cbb1..d0a7b6f 100644
--- a/src/main/java/de/jottyfan/timetrack/config/SecurityConfiguration.java
+++ b/src/main/java/de/jottyfan/timetrack/config/SecurityConfiguration.java
@@ -1,5 +1,6 @@
 package de.jottyfan.timetrack.config;
 
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.Customizer;
@@ -8,6 +9,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler;
 import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
+import org.springframework.security.oauth2.jwt.JwtDecoder;
+import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
 import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
@@ -21,7 +24,15 @@ import org.springframework.security.web.authentication.session.SessionAuthentica
 @EnableWebSecurity
 @EnableMethodSecurity
 public class SecurityConfiguration {
+  
+  @Value("${spring.security.oauth2.client.provider.keycloak.jwk-set-uri}")
+  private String jwkSetUri;
 
+  @Bean
+  public JwtDecoder jwtDecoder() {
+    return NimbusJwtDecoder.withJwkSetUri(jwkSetUri).build();
+  }
+  
 	@Bean
 	protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
 		return new NullAuthenticatedSessionStrategy();