Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove SecurityTokenRepository from AuthorizationCodeAuthenticationProvider constructor 

Fixes gh-4591
This commit is contained in:
Joe Grandja 2017-10-05 17:05:56 -04:00
parent eb320bfed4
commit 1b7e761be4
2 changed files with 12 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java
View File

@ -27,7 +27,6 @@ import org.springframework.security.oauth2.client.authentication.OAuth2UserAuthe
import org.springframework.security.oauth2.client.authentication.jwt.JwtDecoderRegistry;
import org.springframework.security.oauth2.client.authentication.jwt.nimbus.NimbusJwtDecoderRegistry;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.token.InMemoryAccessTokenRepository;
import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
import org.springframework.security.oauth2.client.user.CustomUserTypesOAuth2UserService;
import org.springframework.security.oauth2.client.user.DefaultOAuth2UserService;
@ -130,8 +129,10 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
@Override
public void init(H http) throws Exception {
AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider =
new AuthorizationCodeAuthenticationProvider(
this.getAuthorizationCodeAuthenticator(), this.getAccessTokenRepository());
new AuthorizationCodeAuthenticationProvider(this.getAuthorizationCodeAuthenticator());
if (this.accessTokenRepository != null) {
authorizationCodeAuthenticationProvider.setAccessTokenRepository(this.accessTokenRepository);
}
authorizationCodeAuthenticationProvider = this.postProcess(authorizationCodeAuthenticationProvider);
http.authenticationProvider(authorizationCodeAuthenticationProvider);
@ -180,13 +181,6 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
return this.authorizationCodeTokenExchanger;
}
private SecurityTokenRepository<AccessToken> getAccessTokenRepository() {
if (this.accessTokenRepository == null) {
this.accessTokenRepository = new InMemoryAccessTokenRepository();
}
return this.accessTokenRepository;
}
private JwtDecoderRegistry getJwtDecoderRegistry() {
if (this.jwtDecoderRegistry == null) {
this.jwtDecoderRegistry = new NimbusJwtDecoderRegistry();

13
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java
View File

@ -18,6 +18,7 @@ package org.springframework.security.oauth2.client.authentication;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.client.token.InMemoryAccessTokenRepository;
import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
import org.springframework.security.oauth2.core.AccessToken;
import org.springframework.security.oauth2.oidc.client.authentication.OidcClientAuthenticationToken;
@ -49,16 +50,13 @@ import org.springframework.util.Assert;
*/
public class AuthorizationCodeAuthenticationProvider implements AuthenticationProvider {
private final AuthorizationGrantAuthenticator<AuthorizationCodeAuthenticationToken> authorizationCodeAuthenticator;
private final SecurityTokenRepository<AccessToken> accessTokenRepository;
private SecurityTokenRepository<AccessToken> accessTokenRepository = new InMemoryAccessTokenRepository();
public AuthorizationCodeAuthenticationProvider(
AuthorizationGrantAuthenticator<AuthorizationCodeAuthenticationToken> authorizationCodeAuthenticator,
SecurityTokenRepository<AccessToken> accessTokenRepository) {
AuthorizationGrantAuthenticator<AuthorizationCodeAuthenticationToken> authorizationCodeAuthenticator) {
Assert.notNull(authorizationCodeAuthenticator, "authorizationCodeAuthenticator cannot be null");
Assert.notNull(accessTokenRepository, "accessTokenRepository cannot be null");
this.authorizationCodeAuthenticator = authorizationCodeAuthenticator;
this.accessTokenRepository = accessTokenRepository;
}
@Override
@ -76,6 +74,11 @@ public class AuthorizationCodeAuthenticationProvider implements AuthenticationPr
return oauth2ClientAuthentication;
}
public final void setAccessTokenRepository(SecurityTokenRepository<AccessToken> accessTokenRepository) {
Assert.notNull(accessTokenRepository, "accessTokenRepository cannot be null");
this.accessTokenRepository = accessTokenRepository;
}
@Override
public boolean supports(Class<?> authentication) {
return AuthorizationCodeAuthenticationToken.class.isAssignableFrom(authentication);