Add support for oauth2Login().securityContextRepository(...)

Fixes gh-7222
2019-08-09 10:18:37 +02:00 · 2019-08-09 10:18:37 +02:00 · 0410bac559
parent bbefc491b2
commit 0410bac559
2 changed files with 24 additions and 2 deletions
--- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@ -972,6 +972,8 @@ public class ServerHttpSecurity {

 		private ReactiveAuthenticationManager authenticationManager;

+		private ServerSecurityContextRepository securityContextRepository = new WebSessionServerSecurityContextRepository();
+
 		private ServerAuthenticationConverter authenticationConverter;

 		private ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver;
@ -993,6 +995,19 @@ public class ServerHttpSecurity {
 			return this;
 		}

+		/**
+		 * The {@link ServerSecurityContextRepository} used to save the {@code Authentication}. Defaults to
+		 * {@link WebSessionServerSecurityContextRepository}.
+		 *
+		 * @since 5.2
+		 * @param securityContextRepository the repository to use
+		 * @return the {@link OAuth2LoginSpec} to continue configuring
+		 */
+		public OAuth2LoginSpec securityContextRepository(ServerSecurityContextRepository securityContextRepository) {
+			this.securityContextRepository = securityContextRepository;
+			return this;
+		}
+
 		/**
 		 * The {@link ServerAuthenticationSuccessHandler} used after authentication success. Defaults to
 		 * {@link RedirectServerAuthenticationSuccessHandler} redirecting to "/".
@ -1138,7 +1153,7 @@ public class ServerHttpSecurity {

 			authenticationFilter.setAuthenticationSuccessHandler(this.authenticationSuccessHandler);
 			authenticationFilter.setAuthenticationFailureHandler(this.authenticationFailureHandler);
-			authenticationFilter.setSecurityContextRepository(new WebSessionServerSecurityContextRepository());
+			authenticationFilter.setSecurityContextRepository(this.securityContextRepository);

 			MediaTypeServerWebExchangeMatcher htmlMatcher = new MediaTypeServerWebExchangeMatcher(
 					MediaType.TEXT_HTML);
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
@ -426,6 +426,9 @@ public class OAuth2LoginTests {
 		ServerAuthenticationConverter converter = config.authenticationConverter;
 		when(converter.convert(any())).thenReturn(Mono.just(token));

+		ServerSecurityContextRepository securityContextRepository = config.securityContextRepository;
+		when(securityContextRepository.save(any(), any())).thenReturn(Mono.empty());
+
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token");
 		OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken(accessToken.getTokenValue())
@ -447,6 +450,7 @@ public class OAuth2LoginTests {

 		verify(config.jwtDecoderFactory).createDecoder(any());
 		verify(tokenResponseClient).getTokenResponse(any());
+		verify(securityContextRepository).save(any(), any());
 	}

 	@Configuration
@ -461,6 +465,8 @@ public class OAuth2LoginTests {

 		ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory = spy(new JwtDecoderFactory());

+		ServerSecurityContextRepository securityContextRepository = mock(ServerSecurityContextRepository.class);
+
 		@Bean
 		public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
 			// @formatter:off
@ -470,7 +476,8 @@ public class OAuth2LoginTests {
 					.and()
 				.oauth2Login()
 					.authenticationConverter(authenticationConverter)
-					.authenticationManager(authenticationManager());
+					.authenticationManager(authenticationManager())
+					.securityContextRepository(securityContextRepository);
 			return http.build();
 			// @formatter:on
 		}