Joe Grandja
parent
d7dde707a2
commit
0f89e59707
|
|
@ -42,7 +42,7 @@ import org.springframework.util.Assert;
|
|||
* The following configuration options are available:
|
||||
*
|
||||
* <ul>
|
||||
* <li>{@link #authorizationCodeGrant()} - enables the OAuth 2.0 Authorization Code Grant</li>
|
||||
* <li>{@link #authorizationCodeGrant()} - support for the OAuth 2.0 Authorization Code Grant</li>
|
||||
* </ul>
|
||||
*
|
||||
* <p>
|
||||
|
|
@ -52,7 +52,7 @@ import org.springframework.util.Assert;
|
|||
*
|
||||
* <h2>Security Filters</h2>
|
||||
*
|
||||
* The following {@code Filter}'s are populated when {@link #authorizationCodeGrant()} is configured:
|
||||
* The following {@code Filter}'s are populated for {@link #authorizationCodeGrant()}:
|
||||
*
|
||||
* <ul>
|
||||
* <li>{@link OAuth2AuthorizationRequestRedirectFilter}</li>
|
||||
|
|
@ -88,7 +88,7 @@ import org.springframework.util.Assert;
|
|||
public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> extends
|
||||
AbstractHttpConfigurer<OAuth2ClientConfigurer<B>, B> {
|
||||
|
||||
private AuthorizationCodeGrantConfigurer authorizationCodeGrantConfigurer;
|
||||
private AuthorizationCodeGrantConfigurer authorizationCodeGrantConfigurer = new AuthorizationCodeGrantConfigurer();
|
||||
|
||||
/**
|
||||
* Sets the repository of client registrations.
|
||||
|
|
@ -132,9 +132,6 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> exte
|
|||
* @return the {@link AuthorizationCodeGrantConfigurer}
|
||||
*/
|
||||
public AuthorizationCodeGrantConfigurer authorizationCodeGrant() {
|
||||
if (this.authorizationCodeGrantConfigurer == null) {
|
||||
this.authorizationCodeGrantConfigurer = new AuthorizationCodeGrantConfigurer();
|
||||
}
|
||||
return this.authorizationCodeGrantConfigurer;
|
||||
}
|
||||
|
||||
|
|
@ -142,153 +139,51 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> exte
|
|||
* Configuration options for the OAuth 2.0 Authorization Code Grant.
|
||||
*/
|
||||
public class AuthorizationCodeGrantConfigurer {
|
||||
private final AuthorizationEndpointConfig authorizationEndpointConfig = new AuthorizationEndpointConfig();
|
||||
private final TokenEndpointConfig tokenEndpointConfig = new TokenEndpointConfig();
|
||||
private OAuth2AuthorizationRequestResolver authorizationRequestResolver;
|
||||
private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
|
||||
private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
|
||||
|
||||
private AuthorizationCodeGrantConfigurer() {
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the {@link AuthorizationEndpointConfig} for configuring the Authorization Server's Authorization Endpoint.
|
||||
* Sets the resolver used for resolving {@link OAuth2AuthorizationRequest}'s.
|
||||
*
|
||||
* @return the {@link AuthorizationEndpointConfig}
|
||||
* @param authorizationRequestResolver the resolver used for resolving {@link OAuth2AuthorizationRequest}'s
|
||||
* @return the {@link AuthorizationCodeGrantConfigurer} for further configuration
|
||||
*/
|
||||
public AuthorizationEndpointConfig authorizationEndpoint() {
|
||||
return this.authorizationEndpointConfig;
|
||||
public AuthorizationCodeGrantConfigurer authorizationRequestResolver(OAuth2AuthorizationRequestResolver authorizationRequestResolver) {
|
||||
Assert.notNull(authorizationRequestResolver, "authorizationRequestResolver cannot be null");
|
||||
this.authorizationRequestResolver = authorizationRequestResolver;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Configuration options for the Authorization Server's Authorization Endpoint.
|
||||
* Sets the repository used for storing {@link OAuth2AuthorizationRequest}'s.
|
||||
*
|
||||
* @param authorizationRequestRepository the repository used for storing {@link OAuth2AuthorizationRequest}'s
|
||||
* @return the {@link AuthorizationCodeGrantConfigurer} for further configuration
|
||||
*/
|
||||
public class AuthorizationEndpointConfig {
|
||||
private OAuth2AuthorizationRequestResolver authorizationRequestResolver;
|
||||
private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
|
||||
|
||||
private AuthorizationEndpointConfig() {
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the resolver used for resolving {@link OAuth2AuthorizationRequest}'s.
|
||||
*
|
||||
* @param authorizationRequestResolver the resolver used for resolving {@link OAuth2AuthorizationRequest}'s
|
||||
* @return the {@link AuthorizationEndpointConfig} for further configuration
|
||||
*/
|
||||
public AuthorizationEndpointConfig authorizationRequestResolver(OAuth2AuthorizationRequestResolver authorizationRequestResolver) {
|
||||
Assert.notNull(authorizationRequestResolver, "authorizationRequestResolver cannot be null");
|
||||
this.authorizationRequestResolver = authorizationRequestResolver;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the repository used for storing {@link OAuth2AuthorizationRequest}'s.
|
||||
*
|
||||
* @param authorizationRequestRepository the repository used for storing {@link OAuth2AuthorizationRequest}'s
|
||||
* @return the {@link AuthorizationEndpointConfig} for further configuration
|
||||
*/
|
||||
public AuthorizationEndpointConfig authorizationRequestRepository(
|
||||
public AuthorizationCodeGrantConfigurer authorizationRequestRepository(
|
||||
AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
|
||||
|
||||
Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
|
||||
this.authorizationRequestRepository = authorizationRequestRepository;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the {@link AuthorizationCodeGrantConfigurer} for further configuration.
|
||||
*
|
||||
* @return the {@link AuthorizationCodeGrantConfigurer}
|
||||
*/
|
||||
public AuthorizationCodeGrantConfigurer and() {
|
||||
return AuthorizationCodeGrantConfigurer.this;
|
||||
}
|
||||
|
||||
private OAuth2AuthorizationRequestResolver getAuthorizationRequestResolver() {
|
||||
if (this.authorizationRequestResolver != null) {
|
||||
return this.authorizationRequestResolver;
|
||||
}
|
||||
ClientRegistrationRepository clientRegistrationRepository = OAuth2ClientConfigurerUtils
|
||||
.getClientRegistrationRepository(getBuilder());
|
||||
return new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository,
|
||||
OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI);
|
||||
}
|
||||
|
||||
private OAuth2AuthorizationRequestRedirectFilter createAuthorizationRequestRedirectFilter(B builder) {
|
||||
OAuth2AuthorizationRequestResolver resolver = getAuthorizationRequestResolver();
|
||||
OAuth2AuthorizationRequestRedirectFilter authorizationRequestFilter = new OAuth2AuthorizationRequestRedirectFilter(resolver);
|
||||
|
||||
if (this.authorizationRequestRepository != null) {
|
||||
authorizationRequestFilter.setAuthorizationRequestRepository(
|
||||
this.authorizationRequestRepository);
|
||||
}
|
||||
RequestCache requestCache = builder.getSharedObject(RequestCache.class);
|
||||
if (requestCache != null) {
|
||||
authorizationRequestFilter.setRequestCache(requestCache);
|
||||
}
|
||||
return authorizationRequestFilter;
|
||||
}
|
||||
|
||||
private OAuth2AuthorizationCodeGrantFilter createAuthorizationCodeGrantFilter(B builder) {
|
||||
AuthenticationManager authenticationManager = builder.getSharedObject(AuthenticationManager.class);
|
||||
OAuth2AuthorizationCodeGrantFilter authorizationCodeGrantFilter = new OAuth2AuthorizationCodeGrantFilter(
|
||||
OAuth2ClientConfigurerUtils.getClientRegistrationRepository(builder),
|
||||
OAuth2ClientConfigurerUtils.getAuthorizedClientRepository(builder),
|
||||
authenticationManager);
|
||||
|
||||
if (this.authorizationRequestRepository != null) {
|
||||
authorizationCodeGrantFilter.setAuthorizationRequestRepository(
|
||||
this.authorizationRequestRepository);
|
||||
}
|
||||
return authorizationCodeGrantFilter;
|
||||
}
|
||||
|
||||
private void configure(B builder) {
|
||||
OAuth2AuthorizationRequestRedirectFilter authorizationRequestFilter = createAuthorizationRequestRedirectFilter(builder);
|
||||
builder.addFilter(postProcess(authorizationRequestFilter));
|
||||
OAuth2AuthorizationCodeGrantFilter authorizationCodeGrantFilter = createAuthorizationCodeGrantFilter(builder);
|
||||
builder.addFilter(postProcess(authorizationCodeGrantFilter));
|
||||
}
|
||||
Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
|
||||
this.authorizationRequestRepository = authorizationRequestRepository;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the {@link TokenEndpointConfig} for configuring the Authorization Server's Token Endpoint.
|
||||
* Sets the client used for requesting the access token credential from the Token Endpoint.
|
||||
*
|
||||
* @return the {@link TokenEndpointConfig}
|
||||
* @param accessTokenResponseClient the client used for requesting the access token credential from the Token Endpoint
|
||||
* @return the {@link AuthorizationCodeGrantConfigurer} for further configuration
|
||||
*/
|
||||
public TokenEndpointConfig tokenEndpoint() {
|
||||
return this.tokenEndpointConfig;
|
||||
}
|
||||
|
||||
/**
|
||||
* Configuration options for the Authorization Server's Token Endpoint.
|
||||
*/
|
||||
public class TokenEndpointConfig {
|
||||
private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
|
||||
|
||||
private TokenEndpointConfig() {
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the client used for requesting the access token credential from the Token Endpoint.
|
||||
*
|
||||
* @param accessTokenResponseClient the client used for requesting the access token credential from the Token Endpoint
|
||||
* @return the {@link TokenEndpointConfig} for further configuration
|
||||
*/
|
||||
public TokenEndpointConfig accessTokenResponseClient(
|
||||
public AuthorizationCodeGrantConfigurer accessTokenResponseClient(
|
||||
OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient) {
|
||||
|
||||
Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
|
||||
this.accessTokenResponseClient = accessTokenResponseClient;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the {@link AuthorizationCodeGrantConfigurer} for further configuration.
|
||||
*
|
||||
* @return the {@link AuthorizationCodeGrantConfigurer}
|
||||
*/
|
||||
public AuthorizationCodeGrantConfigurer and() {
|
||||
return AuthorizationCodeGrantConfigurer.this;
|
||||
}
|
||||
Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
|
||||
this.accessTokenResponseClient = accessTokenResponseClient;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -300,34 +195,72 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> exte
|
|||
return OAuth2ClientConfigurer.this;
|
||||
}
|
||||
|
||||
private void init(B builder) {
|
||||
OAuth2AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider =
|
||||
new OAuth2AuthorizationCodeAuthenticationProvider(getAccessTokenResponseClient());
|
||||
builder.authenticationProvider(postProcess(authorizationCodeAuthenticationProvider));
|
||||
}
|
||||
|
||||
private void configure(B builder) {
|
||||
this.authorizationEndpointConfig.configure(builder);
|
||||
OAuth2AuthorizationRequestRedirectFilter authorizationRequestRedirectFilter = createAuthorizationRequestRedirectFilter(builder);
|
||||
builder.addFilter(postProcess(authorizationRequestRedirectFilter));
|
||||
OAuth2AuthorizationCodeGrantFilter authorizationCodeGrantFilter = createAuthorizationCodeGrantFilter(builder);
|
||||
builder.addFilter(postProcess(authorizationCodeGrantFilter));
|
||||
}
|
||||
|
||||
private OAuth2AuthorizationRequestRedirectFilter createAuthorizationRequestRedirectFilter(B builder) {
|
||||
OAuth2AuthorizationRequestResolver resolver = getAuthorizationRequestResolver();
|
||||
OAuth2AuthorizationRequestRedirectFilter authorizationRequestRedirectFilter =
|
||||
new OAuth2AuthorizationRequestRedirectFilter(resolver);
|
||||
|
||||
if (this.authorizationRequestRepository != null) {
|
||||
authorizationRequestRedirectFilter.setAuthorizationRequestRepository(this.authorizationRequestRepository);
|
||||
}
|
||||
RequestCache requestCache = builder.getSharedObject(RequestCache.class);
|
||||
if (requestCache != null) {
|
||||
authorizationRequestRedirectFilter.setRequestCache(requestCache);
|
||||
}
|
||||
return authorizationRequestRedirectFilter;
|
||||
}
|
||||
|
||||
private OAuth2AuthorizationRequestResolver getAuthorizationRequestResolver() {
|
||||
if (this.authorizationRequestResolver != null) {
|
||||
return this.authorizationRequestResolver;
|
||||
}
|
||||
ClientRegistrationRepository clientRegistrationRepository = OAuth2ClientConfigurerUtils
|
||||
.getClientRegistrationRepository(getBuilder());
|
||||
return new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository,
|
||||
OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI);
|
||||
}
|
||||
|
||||
private OAuth2AuthorizationCodeGrantFilter createAuthorizationCodeGrantFilter(B builder) {
|
||||
AuthenticationManager authenticationManager = builder.getSharedObject(AuthenticationManager.class);
|
||||
OAuth2AuthorizationCodeGrantFilter authorizationCodeGrantFilter = new OAuth2AuthorizationCodeGrantFilter(
|
||||
OAuth2ClientConfigurerUtils.getClientRegistrationRepository(builder),
|
||||
OAuth2ClientConfigurerUtils.getAuthorizedClientRepository(builder),
|
||||
authenticationManager);
|
||||
|
||||
if (this.authorizationRequestRepository != null) {
|
||||
authorizationCodeGrantFilter.setAuthorizationRequestRepository(this.authorizationRequestRepository);
|
||||
}
|
||||
return authorizationCodeGrantFilter;
|
||||
}
|
||||
|
||||
private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> getAccessTokenResponseClient() {
|
||||
if (this.accessTokenResponseClient != null) {
|
||||
return this.accessTokenResponseClient;
|
||||
}
|
||||
return new NimbusAuthorizationCodeTokenResponseClient();
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void init(B builder) throws Exception {
|
||||
if (this.authorizationCodeGrantConfigurer != null) {
|
||||
this.init(builder, this.authorizationCodeGrantConfigurer);
|
||||
}
|
||||
this.authorizationCodeGrantConfigurer.init(builder);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void configure(B builder) throws Exception {
|
||||
if (this.authorizationCodeGrantConfigurer != null) {
|
||||
this.authorizationCodeGrantConfigurer.configure(builder);
|
||||
}
|
||||
}
|
||||
|
||||
private void init(B builder, AuthorizationCodeGrantConfigurer authorizationCodeGrantConfigurer) throws Exception {
|
||||
OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient =
|
||||
authorizationCodeGrantConfigurer.tokenEndpointConfig.accessTokenResponseClient;
|
||||
if (accessTokenResponseClient == null) {
|
||||
accessTokenResponseClient = new NimbusAuthorizationCodeTokenResponseClient();
|
||||
}
|
||||
|
||||
OAuth2AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider =
|
||||
new OAuth2AuthorizationCodeAuthenticationProvider(accessTokenResponseClient);
|
||||
builder.authenticationProvider(this.postProcess(authorizationCodeAuthenticationProvider));
|
||||
this.authorizationCodeGrantConfigurer.configure(builder);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -221,11 +221,8 @@ public class OAuth2ClientConfigurerTests {
|
|||
.oauth2()
|
||||
.client()
|
||||
.authorizationCodeGrant()
|
||||
.authorizationEndpoint()
|
||||
.authorizationRequestResolver(authorizationRequestResolver)
|
||||
.and()
|
||||
.tokenEndpoint()
|
||||
.accessTokenResponseClient(accessTokenResponseClient);
|
||||
.authorizationRequestResolver(authorizationRequestResolver)
|
||||
.accessTokenResponseClient(accessTokenResponseClient);
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
|
|
|||
|
|
@ -150,8 +150,7 @@ public class OAuth2AuthorizationCodeGrantApplicationTests {
|
|||
.oauth2()
|
||||
.client()
|
||||
.authorizationCodeGrant()
|
||||
.tokenEndpoint()
|
||||
.accessTokenResponseClient(this.accessTokenResponseClient());
|
||||
.accessTokenResponseClient(this.accessTokenResponseClient());
|
||||
}
|
||||
// @formatter:on
|
||||
|
||||
|
|
|
|||
|
|
@ -42,8 +42,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
.formLogin()
|
||||
.and()
|
||||
.oauth2()
|
||||
.client()
|
||||
.authorizationCodeGrant();
|
||||
.client();
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
|
|
|||
Loading…
Reference in New Issue