Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Move config AuthorizationCodeGrantConfigurer -> OAuth2LoginConfigurer

This commit is contained in:
Joe Grandja 2017-10-11 16:58:38 -04:00
parent ca5b62abb5
commit 18df9a869e
2 changed files with 35 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeGrantConfigurer.java
View File

@ -19,39 +19,28 @@ import org.springframework.context.ApplicationContext;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProvider; import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProvider;
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken; import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticator; import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticator;
import org.springframework.security.oauth2.client.authentication.AuthorizationGrantAuthenticator; import org.springframework.security.oauth2.client.authentication.AuthorizationGrantAuthenticator;
import org.springframework.security.oauth2.client.authentication.DelegatingAuthorizationGrantAuthenticator; import org.springframework.security.oauth2.client.authentication.DelegatingAuthorizationGrantAuthenticator;
import org.springframework.security.oauth2.client.authentication.OAuth2UserAuthenticationProvider;
import org.springframework.security.oauth2.client.authentication.jwt.JwtDecoderRegistry; import org.springframework.security.oauth2.client.authentication.jwt.JwtDecoderRegistry;
import org.springframework.security.oauth2.client.authentication.jwt.nimbus.NimbusJwtDecoderRegistry; import org.springframework.security.oauth2.client.authentication.jwt.nimbus.NimbusJwtDecoderRegistry;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.token.SecurityTokenRepository; import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
import org.springframework.security.oauth2.client.user.CustomUserTypesOAuth2UserService;
import org.springframework.security.oauth2.client.user.DefaultOAuth2UserService;
import org.springframework.security.oauth2.client.user.DelegatingOAuth2UserService;
import org.springframework.security.oauth2.client.user.OAuth2UserService;
import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationFilter; import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationFilter;
import org.springframework.security.oauth2.client.web.AuthorizationRequestRedirectFilter;
import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger; import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
import org.springframework.security.oauth2.client.web.AuthorizationRequestRedirectFilter;
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository; import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder; import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder;
import org.springframework.security.oauth2.client.web.nimbus.NimbusAuthorizationCodeTokenExchanger; import org.springframework.security.oauth2.client.web.nimbus.NimbusAuthorizationCodeTokenExchanger;
import org.springframework.security.oauth2.core.AccessToken; import org.springframework.security.oauth2.core.AccessToken;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.oauth2.oidc.client.authentication.OidcAuthorizationCodeAuthenticator; import org.springframework.security.oauth2.oidc.client.authentication.OidcAuthorizationCodeAuthenticator;
import org.springframework.security.oauth2.oidc.client.user.OidcUserService;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy; import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import java.net.URI;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map;
/** /**
* A security configurer for the Authorization Code Grant type. * A security configurer for the Authorization Code Grant type.
@ -75,9 +64,6 @@ public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>>
private AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger; private AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger;
private SecurityTokenRepository<AccessToken> accessTokenRepository; private SecurityTokenRepository<AccessToken> accessTokenRepository;
private JwtDecoderRegistry jwtDecoderRegistry; private JwtDecoderRegistry jwtDecoderRegistry;
private OAuth2UserService userService;
private Map<URI, Class<? extends OAuth2User>> customUserTypes = new HashMap<>();
private GrantedAuthoritiesMapper userAuthoritiesMapper;
public AuthorizationCodeGrantConfigurer<B> authorizationRequestBaseUri(String authorizationRequestBaseUri) { public AuthorizationCodeGrantConfigurer<B> authorizationRequestBaseUri(String authorizationRequestBaseUri) {
Assert.hasText(authorizationRequestBaseUri, "authorizationRequestBaseUri cannot be empty"); Assert.hasText(authorizationRequestBaseUri, "authorizationRequestBaseUri cannot be empty");
@ -131,25 +117,6 @@ public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>>
return this; return this;
} }
public AuthorizationCodeGrantConfigurer<B> userService(OAuth2UserService userService) {
Assert.notNull(userService, "userService cannot be null");
this.userService = userService;
return this;
}
public AuthorizationCodeGrantConfigurer<B> customUserType(Class<? extends OAuth2User> customUserType, URI userInfoUri) {
Assert.notNull(customUserType, "customUserType cannot be null");
Assert.notNull(userInfoUri, "userInfoUri cannot be null");
this.customUserTypes.put(userInfoUri, customUserType);
return this;
}
public AuthorizationCodeGrantConfigurer<B> userAuthoritiesMapper(GrantedAuthoritiesMapper userAuthoritiesMapper) {
Assert.notNull(userAuthoritiesMapper, "userAuthoritiesMapper cannot be null");
this.userAuthoritiesMapper = userAuthoritiesMapper;
return this;
}
public AuthorizationCodeGrantConfigurer<B> clientRegistrationRepository(ClientRegistrationRepository clientRegistrationRepository) { public AuthorizationCodeGrantConfigurer<B> clientRegistrationRepository(ClientRegistrationRepository clientRegistrationRepository) {
Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null"); Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
this.getBuilder().setSharedObject(ClientRegistrationRepository.class, clientRegistrationRepository); this.getBuilder().setSharedObject(ClientRegistrationRepository.class, clientRegistrationRepository);
@ -158,10 +125,6 @@ public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>>
@Override @Override
public final void init(B http) throws Exception { public final void init(B http) throws Exception {
// *****************************************
// ***** Initialize AuthenticationProvider's
//
// -> AuthorizationCodeAuthenticationProvider
AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider = AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider =
new AuthorizationCodeAuthenticationProvider(this.getAuthorizationCodeAuthenticator()); new AuthorizationCodeAuthenticationProvider(this.getAuthorizationCodeAuthenticator());
if (this.accessTokenRepository != null) { if (this.accessTokenRepository != null) {
@ -169,18 +132,6 @@ public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>>
} }
http.authenticationProvider(this.postProcess(authorizationCodeAuthenticationProvider)); http.authenticationProvider(this.postProcess(authorizationCodeAuthenticationProvider));
// -> OAuth2UserAuthenticationProvider
OAuth2UserAuthenticationProvider oauth2UserAuthenticationProvider =
new OAuth2UserAuthenticationProvider(this.getUserService());
if (this.userAuthoritiesMapper != null) {
oauth2UserAuthenticationProvider.setAuthoritiesMapper(this.userAuthoritiesMapper);
}
http.authenticationProvider(this.postProcess(oauth2UserAuthenticationProvider));
// *************************
// ***** Initialize Filter's
//
// -> AuthorizationRequestRedirectFilter
this.authorizationRequestFilter = new AuthorizationRequestRedirectFilter( this.authorizationRequestFilter = new AuthorizationRequestRedirectFilter(
this.getAuthorizationRequestBaseUri(), this.getClientRegistrationRepository()); this.getAuthorizationRequestBaseUri(), this.getClientRegistrationRepository());
if (this.authorizationRequestBuilder != null) { if (this.authorizationRequestBuilder != null) {
@ -190,7 +141,6 @@ public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>>
this.authorizationRequestFilter.setAuthorizationRequestRepository(this.authorizationRequestRepository); this.authorizationRequestFilter.setAuthorizationRequestRepository(this.authorizationRequestRepository);
} }
// -> AuthorizationCodeAuthenticationFilter
this.authorizationResponseFilter = new AuthorizationCodeAuthenticationFilter(this.getAuthorizationResponseBaseUri()); this.authorizationResponseFilter = new AuthorizationCodeAuthenticationFilter(this.getAuthorizationResponseBaseUri());
this.authorizationResponseFilter.setClientRegistrationRepository(this.getClientRegistrationRepository()); this.authorizationResponseFilter.setClientRegistrationRepository(this.getClientRegistrationRepository());
if (this.authorizationRequestRepository != null) { if (this.authorizationRequestRepository != null) {
@ -255,19 +205,6 @@ public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>>
return this.jwtDecoderRegistry; return this.jwtDecoderRegistry;
} }
private OAuth2UserService getUserService() {
if (this.userService == null) {
List<OAuth2UserService> userServices = new ArrayList<>();
userServices.add(new DefaultOAuth2UserService());
userServices.add(new OidcUserService());
if (!this.customUserTypes.isEmpty()) {
userServices.add(new CustomUserTypesOAuth2UserService(this.customUserTypes));
}
this.userService = new DelegatingOAuth2UserService(userServices);
}
return this.userService;
}
private ClientRegistrationRepository getClientRegistrationRepository() { private ClientRegistrationRepository getClientRegistrationRepository() {
ClientRegistrationRepository clientRegistrationRepository = this.getBuilder().getSharedObject(ClientRegistrationRepository.class); ClientRegistrationRepository clientRegistrationRepository = this.getBuilder().getSharedObject(ClientRegistrationRepository.class);
if (clientRegistrationRepository == null) { if (clientRegistrationRepository == null) {

37
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
View File

@ -22,10 +22,14 @@ import org.springframework.security.config.annotation.web.configurers.AbstractAu
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken; import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
import org.springframework.security.oauth2.client.authentication.AuthorizationGrantAuthenticator; import org.springframework.security.oauth2.client.authentication.AuthorizationGrantAuthenticator;
import org.springframework.security.oauth2.client.authentication.OAuth2UserAuthenticationProvider;
import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.client.token.SecurityTokenRepository; import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
import org.springframework.security.oauth2.client.user.CustomUserTypesOAuth2UserService;
import org.springframework.security.oauth2.client.user.DefaultOAuth2UserService;
import org.springframework.security.oauth2.client.user.DelegatingOAuth2UserService;
import org.springframework.security.oauth2.client.user.OAuth2UserService; import org.springframework.security.oauth2.client.user.OAuth2UserService;
import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationFilter; import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationFilter;
import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger; import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
@ -33,13 +37,16 @@ import org.springframework.security.oauth2.client.web.AuthorizationRequestReposi
import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder; import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder;
import org.springframework.security.oauth2.core.AccessToken; import org.springframework.security.oauth2.core.AccessToken;
import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.oauth2.oidc.client.user.OidcUserService;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter; import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import java.net.URI; import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.HashMap; import java.util.HashMap;
import java.util.List;
import java.util.Map; import java.util.Map;
/** /**
@ -171,29 +178,45 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
} }
public class UserInfoEndpointConfig { public class UserInfoEndpointConfig {
private OAuth2UserService userService;
private Map<URI, Class<? extends OAuth2User>> customUserTypes = new HashMap<>();
private GrantedAuthoritiesMapper userAuthoritiesMapper;
private UserInfoEndpointConfig() { private UserInfoEndpointConfig() {
} }
public UserInfoEndpointConfig userService(OAuth2UserService userService) { public UserInfoEndpointConfig userService(OAuth2UserService userService) {
Assert.notNull(userService, "userService cannot be null"); Assert.notNull(userService, "userService cannot be null");
authorizationCodeGrantConfigurer.userService(userService); this.userService = userService;
return this; return this;
} }
public UserInfoEndpointConfig customUserType(Class<? extends OAuth2User> customUserType, URI userInfoUri) { public UserInfoEndpointConfig customUserType(Class<? extends OAuth2User> customUserType, URI userInfoUri) {
Assert.notNull(customUserType, "customUserType cannot be null"); Assert.notNull(customUserType, "customUserType cannot be null");
Assert.notNull(userInfoUri, "userInfoUri cannot be null"); Assert.notNull(userInfoUri, "userInfoUri cannot be null");
authorizationCodeGrantConfigurer.customUserType(customUserType, userInfoUri); this.customUserTypes.put(userInfoUri, customUserType);
return this; return this;
} }
public UserInfoEndpointConfig userAuthoritiesMapper(GrantedAuthoritiesMapper userAuthoritiesMapper) { public UserInfoEndpointConfig userAuthoritiesMapper(GrantedAuthoritiesMapper userAuthoritiesMapper) {
Assert.notNull(userAuthoritiesMapper, "userAuthoritiesMapper cannot be null"); Assert.notNull(userAuthoritiesMapper, "userAuthoritiesMapper cannot be null");
authorizationCodeGrantConfigurer.userAuthoritiesMapper(userAuthoritiesMapper); this.userAuthoritiesMapper = userAuthoritiesMapper;
return this; return this;
} }
private OAuth2UserService getUserService() {
if (this.userService == null) {
List<OAuth2UserService> userServices = new ArrayList<>();
userServices.add(new DefaultOAuth2UserService());
userServices.add(new OidcUserService());
if (!this.customUserTypes.isEmpty()) {
userServices.add(new CustomUserTypesOAuth2UserService(this.customUserTypes));
}
this.userService = new DelegatingOAuth2UserService(userServices);
}
return this.userService;
}
public OAuth2LoginConfigurer<B> and() { public OAuth2LoginConfigurer<B> and() {
return OAuth2LoginConfigurer.this; return OAuth2LoginConfigurer.this;
} }
@ -204,6 +227,14 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
super.init(http); super.init(http);
this.authorizationCodeGrantConfigurer.setBuilder(http); this.authorizationCodeGrantConfigurer.setBuilder(http);
this.authorizationCodeGrantConfigurer.init(http); this.authorizationCodeGrantConfigurer.init(http);
OAuth2UserAuthenticationProvider oauth2UserAuthenticationProvider =
new OAuth2UserAuthenticationProvider(this.userInfoEndpointConfig.getUserService());
if (this.userInfoEndpointConfig.userAuthoritiesMapper != null) {
oauth2UserAuthenticationProvider.setAuthoritiesMapper(this.userInfoEndpointConfig.userAuthoritiesMapper);
}
http.authenticationProvider(this.postProcess(oauth2UserAuthenticationProvider));
this.initDefaultLoginFilter(http); this.initDefaultLoginFilter(http);
} }