Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

OAuth2LoginAuthenticationFilter processes uri /login/oauth2/* 

Fixes gh-4687
This commit is contained in:
Joe Grandja 2017-10-24 13:49:31 -04:00
parent 4ae24f2fbe
commit 0fb32a052e
6 changed files with 20 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
View File

@ -35,9 +35,9 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
import org.springframework.security.oauth2.client.web.AuthorizationRequestRedirectFilter;
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
import org.springframework.security.oauth2.core.AccessToken;
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestUriBuilder;
import org.springframework.security.oauth2.core.user.OAuth2User;
@ -65,14 +65,15 @@ import java.util.Map;
public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> extends
AbstractAuthenticationFilterConfigurer<B, OAuth2LoginConfigurer<B>, OAuth2LoginAuthenticationFilter> {
private static final String DEFAULT_LOGIN_PROCESSING_URI = "/login/oauth2/authorize/code/*";
private final AuthorizationEndpointConfig authorizationEndpointConfig = new AuthorizationEndpointConfig();
private final TokenEndpointConfig tokenEndpointConfig = new TokenEndpointConfig();
private final RedirectionEndpointConfig redirectionEndpointConfig = new RedirectionEndpointConfig();
private final UserInfoEndpointConfig userInfoEndpointConfig = new UserInfoEndpointConfig();
public OAuth2LoginConfigurer() {
super(new OAuth2LoginAuthenticationFilter(DEFAULT_LOGIN_PROCESSING_URI), DEFAULT_LOGIN_PROCESSING_URI);
super(new OAuth2LoginAuthenticationFilter(
OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI),
OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
}
public OAuth2LoginConfigurer<B> clients(ClientRegistration... clientRegistrations) {

10
config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java
View File

@ -36,7 +36,7 @@ public enum CommonOAuth2Provider {
@Override
public Builder getBuilder(String registrationId) {
ClientRegistration.Builder builder = getBuilder(registrationId,
ClientAuthenticationMethod.BASIC, DEFAULT_REDIRECT_URL);
ClientAuthenticationMethod.BASIC, DEFAULT_LOGIN_REDIRECT_URL);
builder.scope("openid", "profile", "email", "address", "phone");
builder.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth");
builder.tokenUri("https://www.googleapis.com/oauth2/v4/token");
@ -53,7 +53,7 @@ public enum CommonOAuth2Provider {
@Override
public Builder getBuilder(String registrationId) {
ClientRegistration.Builder builder = getBuilder(registrationId,
ClientAuthenticationMethod.BASIC, DEFAULT_REDIRECT_URL);
ClientAuthenticationMethod.BASIC, DEFAULT_LOGIN_REDIRECT_URL);
builder.scope("user");
builder.authorizationUri("https://github.com/login/oauth/authorize");
builder.tokenUri("https://github.com/login/oauth/access_token");
@ -69,7 +69,7 @@ public enum CommonOAuth2Provider {
@Override
public Builder getBuilder(String registrationId) {
ClientRegistration.Builder builder = getBuilder(registrationId,
ClientAuthenticationMethod.POST, DEFAULT_REDIRECT_URL);
ClientAuthenticationMethod.POST, DEFAULT_LOGIN_REDIRECT_URL);
builder.scope("public_profile", "email");
builder.authorizationUri("https://www.facebook.com/v2.8/dialog/oauth");
builder.tokenUri("https://graph.facebook.com/v2.8/oauth/access_token");
@ -85,7 +85,7 @@ public enum CommonOAuth2Provider {
@Override
public Builder getBuilder(String registrationId) {
ClientRegistration.Builder builder = getBuilder(registrationId,
ClientAuthenticationMethod.BASIC, DEFAULT_REDIRECT_URL);
ClientAuthenticationMethod.BASIC, DEFAULT_LOGIN_REDIRECT_URL);
builder.scope("openid", "profile", "email", "address", "phone");
builder.userNameAttributeName(IdTokenClaim.SUB);
builder.clientName("Okta");
@ -93,7 +93,7 @@ public enum CommonOAuth2Provider {
}
};
private static final String DEFAULT_REDIRECT_URL = "{scheme}://{serverName}:{serverPort}{contextPath}/login/oauth2/authorize/code/{registrationId}";
private static final String DEFAULT_LOGIN_REDIRECT_URL = "{scheme}://{serverName}:{serverPort}{contextPath}/login/oauth2/{registrationId}";
protected final ClientRegistration.Builder getBuilder(String registrationId,
ClientAuthenticationMethod method, String redirectUri) {

10
config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java
View File

@ -31,7 +31,7 @@ import static org.assertj.core.api.Assertions.assertThat;
*/
public class CommonOAuth2ProviderTests {
private static final String DEFAULT_REDIRECT_URL = "{scheme}://{serverName}:{serverPort}{contextPath}/login/oauth2/authorize/code/{registrationId}";
private static final String DEFAULT_LOGIN_REDIRECT_URL = "{scheme}://{serverName}:{serverPort}{contextPath}/login/oauth2/{registrationId}";
@Test
public void getBuilderWhenGoogleShouldHaveGoogleSettings() throws Exception {
@ -51,7 +51,7 @@ public class CommonOAuth2ProviderTests {
.isEqualTo(ClientAuthenticationMethod.BASIC);
assertThat(registration.getAuthorizationGrantType())
.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_LOGIN_REDIRECT_URL);
assertThat(registration.getScopes()).containsOnly("openid", "profile", "email",
"address", "phone");
assertThat(registration.getClientName()).isEqualTo("Google");
@ -75,7 +75,7 @@ public class CommonOAuth2ProviderTests {
.isEqualTo(ClientAuthenticationMethod.BASIC);
assertThat(registration.getAuthorizationGrantType())
.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_LOGIN_REDIRECT_URL);
assertThat(registration.getScopes()).containsOnly("user");
assertThat(registration.getClientName()).isEqualTo("GitHub");
assertThat(registration.getRegistrationId()).isEqualTo("123");
@ -98,7 +98,7 @@ public class CommonOAuth2ProviderTests {
.isEqualTo(ClientAuthenticationMethod.POST);
assertThat(registration.getAuthorizationGrantType())
.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_LOGIN_REDIRECT_URL);
assertThat(registration.getScopes()).containsOnly("public_profile", "email");
assertThat(registration.getClientName()).isEqualTo("Facebook");
assertThat(registration.getRegistrationId()).isEqualTo("123");
@ -123,7 +123,7 @@ public class CommonOAuth2ProviderTests {
.isEqualTo(ClientAuthenticationMethod.BASIC);
assertThat(registration.getAuthorizationGrantType())
.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_LOGIN_REDIRECT_URL);
assertThat(registration.getScopes()).containsOnly("openid", "profile", "email",
"address", "phone");
assertThat(registration.getClientName()).isEqualTo("Okta");

8
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
View File

@ -74,17 +74,17 @@ import java.io.IOException;
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization Response</a>
*/
public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
public static final String DEFAULT_AUTHORIZATION_RESPONSE_BASE_URI = "/oauth2/authorize/code/*";
public static final String DEFAULT_FILTER_PROCESSES_URI = "/login/oauth2/*";
private static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found";
private ClientRegistrationRepository clientRegistrationRepository;
private AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository();
public OAuth2LoginAuthenticationFilter() {
this(DEFAULT_AUTHORIZATION_RESPONSE_BASE_URI);
this(DEFAULT_FILTER_PROCESSES_URI);
}
public OAuth2LoginAuthenticationFilter(String authorizationResponseBaseUri) {
super(authorizationResponseBaseUri);
public OAuth2LoginAuthenticationFilter(String filterProcessesUrl) {
super(filterProcessesUrl);
}
@Override

2
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/TestUtil.java
View File

@ -31,7 +31,7 @@ class TestUtil {
static final int DEFAULT_SERVER_PORT = 8080;
static final String DEFAULT_SERVER_URL = DEFAULT_SCHEME + "://" + DEFAULT_SERVER_NAME + ":" + DEFAULT_SERVER_PORT;
static final String AUTHORIZATION_BASE_URI = "/oauth2/authorization";
static final String AUTHORIZE_BASE_URI = "/oauth2/authorize/code";
static final String AUTHORIZE_BASE_URI = "/login/oauth2";
static final String GOOGLE_REGISTRATION_ID = "google";
static final String GITHUB_REGISTRATION_ID = "github";

2
samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java
View File

@ -81,7 +81,7 @@ import static org.mockito.Mockito.when;
@AutoConfigureMockMvc
public class OAuth2LoginApplicationTests {
private static final String AUTHORIZATION_BASE_URI = "/oauth2/authorization";
private static final String AUTHORIZE_BASE_URL = "http://localhost:8080/login/oauth2/authorize/code";
private static final String AUTHORIZE_BASE_URL = "http://localhost:8080/login/oauth2";
@Autowired
private WebClient webClient;