Register Authentication Provider in Init Phase
Fixes gh-8031
This commit is contained in:
parent
bc16f1a526
commit
19584884b3
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2019 the original author or authors.
|
||||
* Copyright 2002-2020 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -222,9 +222,16 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
|
|||
|
||||
@Override
|
||||
public void init(H http) {
|
||||
validateConfiguration();
|
||||
|
||||
registerDefaultAccessDeniedHandler(http);
|
||||
registerDefaultEntryPoint(http);
|
||||
registerDefaultCsrfOverride(http);
|
||||
|
||||
AuthenticationProvider authenticationProvider = getAuthenticationProvider();
|
||||
if (authenticationProvider != null) {
|
||||
http.authenticationProvider(authenticationProvider);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -232,8 +239,6 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
|
|||
BearerTokenResolver bearerTokenResolver = getBearerTokenResolver();
|
||||
this.requestMatcher.setBearerTokenResolver(bearerTokenResolver);
|
||||
|
||||
validateConfiguration();
|
||||
|
||||
AuthenticationManagerResolver resolver = this.authenticationManagerResolver;
|
||||
if (resolver == null) {
|
||||
AuthenticationManager authenticationManager = getAuthenticationManager(http);
|
||||
|
@ -321,9 +326,9 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
|
|||
return this.decoder;
|
||||
}
|
||||
|
||||
AuthenticationManager getAuthenticationManager(H http) {
|
||||
AuthenticationProvider getAuthenticationProvider() {
|
||||
if (this.authenticationManager != null) {
|
||||
return this.authenticationManager;
|
||||
return null;
|
||||
}
|
||||
|
||||
JwtDecoder decoder = getJwtDecoder();
|
||||
|
@ -333,9 +338,13 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
|
|||
JwtAuthenticationProvider provider =
|
||||
new JwtAuthenticationProvider(decoder);
|
||||
provider.setJwtAuthenticationConverter(jwtAuthenticationConverter);
|
||||
AuthenticationProvider authenticationProvider = postProcess(provider);
|
||||
return postProcess(provider);
|
||||
}
|
||||
|
||||
http.authenticationProvider(authenticationProvider);
|
||||
AuthenticationManager getAuthenticationManager(H http) {
|
||||
if (this.authenticationManager != null) {
|
||||
return this.authenticationManager;
|
||||
}
|
||||
|
||||
return http.getSharedObject(AuthenticationManager.class);
|
||||
}
|
||||
|
@ -391,16 +400,19 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
|
|||
return this.context.getBean(OpaqueTokenIntrospector.class);
|
||||
}
|
||||
|
||||
AuthenticationProvider getAuthenticationProvider() {
|
||||
if (this.authenticationManager != null) {
|
||||
return null;
|
||||
}
|
||||
OpaqueTokenIntrospector introspector = getIntrospector();
|
||||
return new OpaqueTokenAuthenticationProvider(introspector);
|
||||
}
|
||||
|
||||
AuthenticationManager getAuthenticationManager(H http) {
|
||||
if (this.authenticationManager != null) {
|
||||
return this.authenticationManager;
|
||||
}
|
||||
|
||||
OpaqueTokenIntrospector introspector = getIntrospector();
|
||||
OpaqueTokenAuthenticationProvider provider =
|
||||
new OpaqueTokenAuthenticationProvider(introspector);
|
||||
http.authenticationProvider(provider);
|
||||
|
||||
return http.getSharedObject(AuthenticationManager.class);
|
||||
}
|
||||
}
|
||||
|
@ -439,6 +451,18 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
|
|||
csrf.ignoringRequestMatchers(this.requestMatcher);
|
||||
}
|
||||
|
||||
AuthenticationProvider getAuthenticationProvider() {
|
||||
if (this.jwtConfigurer != null) {
|
||||
return this.jwtConfigurer.getAuthenticationProvider();
|
||||
}
|
||||
|
||||
if (this.opaqueTokenConfigurer != null) {
|
||||
return this.opaqueTokenConfigurer.getAuthenticationProvider();
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
AuthenticationManager getAuthenticationManager(H http) {
|
||||
if (this.jwtConfigurer != null) {
|
||||
return this.jwtConfigurer.getAuthenticationManager(http);
|
||||
|
|
|
@ -375,6 +375,18 @@ public class OAuth2ResourceServerConfigurerTests {
|
|||
.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer"));
|
||||
}
|
||||
|
||||
// gh-8031
|
||||
@Test
|
||||
public void getWhenAnonymousDisabledThenAllows() throws Exception {
|
||||
this.spring.register(RestOperationsConfig.class, AnonymousDisabledConfig.class).autowire();
|
||||
mockRestOperations(jwks("Default"));
|
||||
String token = token("ValidNoScopes");
|
||||
|
||||
this.mvc.perform(get("/authenticated")
|
||||
.with(bearerToken(token)))
|
||||
.andExpect(status().isNotFound());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getWhenUsingDefaultsWithNoBearerTokenThenUnauthorized()
|
||||
throws Exception {
|
||||
|
@ -745,7 +757,8 @@ public class OAuth2ResourceServerConfigurerTests {
|
|||
|
||||
@Test
|
||||
public void getBearerTokenResolverWhenDuplicateResolverBeansThenWiringException() {
|
||||
assertThatCode(() -> this.spring.register(MultipleBearerTokenResolverBeansConfig.class).autowire())
|
||||
assertThatCode(() -> this.spring
|
||||
.register(MultipleBearerTokenResolverBeansConfig.class, JwtDecoderConfig.class).autowire())
|
||||
.isInstanceOf(BeanCreationException.class)
|
||||
.hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class);
|
||||
}
|
||||
|
@ -1544,6 +1557,22 @@ public class OAuth2ResourceServerConfigurerTests {
|
|||
}
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
static class AnonymousDisabledConfig extends WebSecurityConfigurerAdapter {
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
// @formatter:off
|
||||
http
|
||||
.authorizeRequests()
|
||||
.anyRequest().authenticated()
|
||||
.and()
|
||||
.anonymous().disable()
|
||||
.oauth2ResourceServer()
|
||||
.jwt();
|
||||
// @formatter:on
|
||||
}
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
static class MethodSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
|
Loading…
Reference in New Issue