Move config AuthorizationCodeGrantConfigurer -> OAuth2LoginConfigurer
This commit is contained in:
Joe Grandja
parent
ca5b62abb5
commit
18df9a869e
|
|
@ -19,39 +19,28 @@ import org.springframework.context.ApplicationContext;
|
|||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProvider;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticator;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationGrantAuthenticator;
|
||||
import org.springframework.security.oauth2.client.authentication.DelegatingAuthorizationGrantAuthenticator;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2UserAuthenticationProvider;
|
||||
import org.springframework.security.oauth2.client.authentication.jwt.JwtDecoderRegistry;
|
||||
import org.springframework.security.oauth2.client.authentication.jwt.nimbus.NimbusJwtDecoderRegistry;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
|
||||
import org.springframework.security.oauth2.client.user.CustomUserTypesOAuth2UserService;
|
||||
import org.springframework.security.oauth2.client.user.DefaultOAuth2UserService;
|
||||
import org.springframework.security.oauth2.client.user.DelegatingOAuth2UserService;
|
||||
import org.springframework.security.oauth2.client.user.OAuth2UserService;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationFilter;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationRequestRedirectFilter;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationRequestRedirectFilter;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder;
|
||||
import org.springframework.security.oauth2.client.web.nimbus.NimbusAuthorizationCodeTokenExchanger;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.security.oauth2.oidc.client.authentication.OidcAuthorizationCodeAuthenticator;
|
||||
import org.springframework.security.oauth2.oidc.client.user.OidcUserService;
|
||||
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* A security configurer for the Authorization Code Grant type.
|
||||
|
|
@ -75,9 +64,6 @@ public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
private AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger;
|
||||
private SecurityTokenRepository<AccessToken> accessTokenRepository;
|
||||
private JwtDecoderRegistry jwtDecoderRegistry;
|
||||
private OAuth2UserService userService;
|
||||
private Map<URI, Class<? extends OAuth2User>> customUserTypes = new HashMap<>();
|
||||
private GrantedAuthoritiesMapper userAuthoritiesMapper;
|
||||
|
||||
public AuthorizationCodeGrantConfigurer<B> authorizationRequestBaseUri(String authorizationRequestBaseUri) {
|
||||
Assert.hasText(authorizationRequestBaseUri, "authorizationRequestBaseUri cannot be empty");
|
||||
|
|
@ -131,25 +117,6 @@ public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
return this;
|
||||
}
|
||||
|
||||
public AuthorizationCodeGrantConfigurer<B> userService(OAuth2UserService userService) {
|
||||
Assert.notNull(userService, "userService cannot be null");
|
||||
this.userService = userService;
|
||||
return this;
|
||||
}
|
||||
|
||||
public AuthorizationCodeGrantConfigurer<B> customUserType(Class<? extends OAuth2User> customUserType, URI userInfoUri) {
|
||||
Assert.notNull(customUserType, "customUserType cannot be null");
|
||||
Assert.notNull(userInfoUri, "userInfoUri cannot be null");
|
||||
this.customUserTypes.put(userInfoUri, customUserType);
|
||||
return this;
|
||||
}
|
||||
|
||||
public AuthorizationCodeGrantConfigurer<B> userAuthoritiesMapper(GrantedAuthoritiesMapper userAuthoritiesMapper) {
|
||||
Assert.notNull(userAuthoritiesMapper, "userAuthoritiesMapper cannot be null");
|
||||
this.userAuthoritiesMapper = userAuthoritiesMapper;
|
||||
return this;
|
||||
}
|
||||
|
||||
public AuthorizationCodeGrantConfigurer<B> clientRegistrationRepository(ClientRegistrationRepository clientRegistrationRepository) {
|
||||
Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
|
||||
this.getBuilder().setSharedObject(ClientRegistrationRepository.class, clientRegistrationRepository);
|
||||
|
|
@ -158,10 +125,6 @@ public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
|
||||
@Override
|
||||
public final void init(B http) throws Exception {
|
||||
// *****************************************
|
||||
// ***** Initialize AuthenticationProvider's
|
||||
//
|
||||
// -> AuthorizationCodeAuthenticationProvider
|
||||
AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider =
|
||||
new AuthorizationCodeAuthenticationProvider(this.getAuthorizationCodeAuthenticator());
|
||||
if (this.accessTokenRepository != null) {
|
||||
|
|
@ -169,18 +132,6 @@ public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
}
|
||||
http.authenticationProvider(this.postProcess(authorizationCodeAuthenticationProvider));
|
||||
|
||||
// -> OAuth2UserAuthenticationProvider
|
||||
OAuth2UserAuthenticationProvider oauth2UserAuthenticationProvider =
|
||||
new OAuth2UserAuthenticationProvider(this.getUserService());
|
||||
if (this.userAuthoritiesMapper != null) {
|
||||
oauth2UserAuthenticationProvider.setAuthoritiesMapper(this.userAuthoritiesMapper);
|
||||
}
|
||||
http.authenticationProvider(this.postProcess(oauth2UserAuthenticationProvider));
|
||||
|
||||
// *************************
|
||||
// ***** Initialize Filter's
|
||||
//
|
||||
// -> AuthorizationRequestRedirectFilter
|
||||
this.authorizationRequestFilter = new AuthorizationRequestRedirectFilter(
|
||||
this.getAuthorizationRequestBaseUri(), this.getClientRegistrationRepository());
|
||||
if (this.authorizationRequestBuilder != null) {
|
||||
|
|
@ -190,7 +141,6 @@ public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
this.authorizationRequestFilter.setAuthorizationRequestRepository(this.authorizationRequestRepository);
|
||||
}
|
||||
|
||||
// -> AuthorizationCodeAuthenticationFilter
|
||||
this.authorizationResponseFilter = new AuthorizationCodeAuthenticationFilter(this.getAuthorizationResponseBaseUri());
|
||||
this.authorizationResponseFilter.setClientRegistrationRepository(this.getClientRegistrationRepository());
|
||||
if (this.authorizationRequestRepository != null) {
|
||||
|
|
@ -255,19 +205,6 @@ public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
return this.jwtDecoderRegistry;
|
||||
}
|
||||
|
||||
private OAuth2UserService getUserService() {
|
||||
if (this.userService == null) {
|
||||
List<OAuth2UserService> userServices = new ArrayList<>();
|
||||
userServices.add(new DefaultOAuth2UserService());
|
||||
userServices.add(new OidcUserService());
|
||||
if (!this.customUserTypes.isEmpty()) {
|
||||
userServices.add(new CustomUserTypesOAuth2UserService(this.customUserTypes));
|
||||
}
|
||||
this.userService = new DelegatingOAuth2UserService(userServices);
|
||||
}
|
||||
return this.userService;
|
||||
}
|
||||
|
||||
private ClientRegistrationRepository getClientRegistrationRepository() {
|
||||
ClientRegistrationRepository clientRegistrationRepository = this.getBuilder().getSharedObject(ClientRegistrationRepository.class);
|
||||
if (clientRegistrationRepository == null) {
|
||||
|
|
|
|||
|
|
@ -22,10 +22,14 @@ import org.springframework.security.config.annotation.web.configurers.AbstractAu
|
|||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationGrantAuthenticator;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2UserAuthenticationProvider;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
|
||||
import org.springframework.security.oauth2.client.user.CustomUserTypesOAuth2UserService;
|
||||
import org.springframework.security.oauth2.client.user.DefaultOAuth2UserService;
|
||||
import org.springframework.security.oauth2.client.user.DelegatingOAuth2UserService;
|
||||
import org.springframework.security.oauth2.client.user.OAuth2UserService;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationFilter;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
|
||||
|
|
@ -33,13 +37,16 @@ import org.springframework.security.oauth2.client.web.AuthorizationRequestReposi
|
|||
import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.security.oauth2.oidc.client.user.OidcUserService;
|
||||
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
|
|
@ -171,29 +178,45 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
|
|||
}
|
||||
|
||||
public class UserInfoEndpointConfig {
|
||||
private OAuth2UserService userService;
|
||||
private Map<URI, Class<? extends OAuth2User>> customUserTypes = new HashMap<>();
|
||||
private GrantedAuthoritiesMapper userAuthoritiesMapper;
|
||||
|
||||
private UserInfoEndpointConfig() {
|
||||
}
|
||||
|
||||
public UserInfoEndpointConfig userService(OAuth2UserService userService) {
|
||||
Assert.notNull(userService, "userService cannot be null");
|
||||
authorizationCodeGrantConfigurer.userService(userService);
|
||||
this.userService = userService;
|
||||
return this;
|
||||
}
|
||||
|
||||
public UserInfoEndpointConfig customUserType(Class<? extends OAuth2User> customUserType, URI userInfoUri) {
|
||||
Assert.notNull(customUserType, "customUserType cannot be null");
|
||||
Assert.notNull(userInfoUri, "userInfoUri cannot be null");
|
||||
authorizationCodeGrantConfigurer.customUserType(customUserType, userInfoUri);
|
||||
this.customUserTypes.put(userInfoUri, customUserType);
|
||||
return this;
|
||||
}
|
||||
|
||||
public UserInfoEndpointConfig userAuthoritiesMapper(GrantedAuthoritiesMapper userAuthoritiesMapper) {
|
||||
Assert.notNull(userAuthoritiesMapper, "userAuthoritiesMapper cannot be null");
|
||||
authorizationCodeGrantConfigurer.userAuthoritiesMapper(userAuthoritiesMapper);
|
||||
this.userAuthoritiesMapper = userAuthoritiesMapper;
|
||||
return this;
|
||||
}
|
||||
|
||||
private OAuth2UserService getUserService() {
|
||||
if (this.userService == null) {
|
||||
List<OAuth2UserService> userServices = new ArrayList<>();
|
||||
userServices.add(new DefaultOAuth2UserService());
|
||||
userServices.add(new OidcUserService());
|
||||
if (!this.customUserTypes.isEmpty()) {
|
||||
userServices.add(new CustomUserTypesOAuth2UserService(this.customUserTypes));
|
||||
}
|
||||
this.userService = new DelegatingOAuth2UserService(userServices);
|
||||
}
|
||||
return this.userService;
|
||||
}
|
||||
|
||||
public OAuth2LoginConfigurer<B> and() {
|
||||
return OAuth2LoginConfigurer.this;
|
||||
}
|
||||
|
|
@ -204,6 +227,14 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
|
|||
super.init(http);
|
||||
this.authorizationCodeGrantConfigurer.setBuilder(http);
|
||||
this.authorizationCodeGrantConfigurer.init(http);
|
||||
|
||||
OAuth2UserAuthenticationProvider oauth2UserAuthenticationProvider =
|
||||
new OAuth2UserAuthenticationProvider(this.userInfoEndpointConfig.getUserService());
|
||||
if (this.userInfoEndpointConfig.userAuthoritiesMapper != null) {
|
||||
oauth2UserAuthenticationProvider.setAuthoritiesMapper(this.userInfoEndpointConfig.userAuthoritiesMapper);
|
||||
}
|
||||
http.authenticationProvider(this.postProcess(oauth2UserAuthenticationProvider));
|
||||
|
||||
this.initDefaultLoginFilter(http);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue