Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove SecurityTokenRepository from AuthorizationCodeAuthenticationProvider constructor 

Fixes gh-4591
This commit is contained in:
Joe Grandja 2017-10-05 17:05:56 -04:00
parent eb320bfed4
commit 1b7e761be4
2 changed files with 12 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java
View File

@ -27,7 +27,6 @@ import org.springframework.security.oauth2.client.authentication.OAuth2UserAuthe
import org.springframework.security.oauth2.client.authentication.jwt.JwtDecoderRegistry; import org.springframework.security.oauth2.client.authentication.jwt.JwtDecoderRegistry;
import org.springframework.security.oauth2.client.authentication.jwt.nimbus.NimbusJwtDecoderRegistry; import org.springframework.security.oauth2.client.authentication.jwt.nimbus.NimbusJwtDecoderRegistry;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.token.InMemoryAccessTokenRepository;
import org.springframework.security.oauth2.client.token.SecurityTokenRepository; import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
import org.springframework.security.oauth2.client.user.CustomUserTypesOAuth2UserService; import org.springframework.security.oauth2.client.user.CustomUserTypesOAuth2UserService;
import org.springframework.security.oauth2.client.user.DefaultOAuth2UserService; import org.springframework.security.oauth2.client.user.DefaultOAuth2UserService;
@ -130,8 +129,10 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
@Override @Override
public void init(H http) throws Exception { public void init(H http) throws Exception {
AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider = AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider =
new AuthorizationCodeAuthenticationProvider( new AuthorizationCodeAuthenticationProvider(this.getAuthorizationCodeAuthenticator());
this.getAuthorizationCodeAuthenticator(), this.getAccessTokenRepository()); if (this.accessTokenRepository != null) {
authorizationCodeAuthenticationProvider.setAccessTokenRepository(this.accessTokenRepository);
}
authorizationCodeAuthenticationProvider = this.postProcess(authorizationCodeAuthenticationProvider); authorizationCodeAuthenticationProvider = this.postProcess(authorizationCodeAuthenticationProvider);
http.authenticationProvider(authorizationCodeAuthenticationProvider); http.authenticationProvider(authorizationCodeAuthenticationProvider);
@ -180,13 +181,6 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
return this.authorizationCodeTokenExchanger; return this.authorizationCodeTokenExchanger;
} }
private SecurityTokenRepository<AccessToken> getAccessTokenRepository() {
if (this.accessTokenRepository == null) {
this.accessTokenRepository = new InMemoryAccessTokenRepository();
}
return this.accessTokenRepository;
}
private JwtDecoderRegistry getJwtDecoderRegistry() { private JwtDecoderRegistry getJwtDecoderRegistry() {
if (this.jwtDecoderRegistry == null) { if (this.jwtDecoderRegistry == null) {
this.jwtDecoderRegistry = new NimbusJwtDecoderRegistry(); this.jwtDecoderRegistry = new NimbusJwtDecoderRegistry();

13
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java
View File

@ -18,6 +18,7 @@ package org.springframework.security.oauth2.client.authentication;
import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.client.token.InMemoryAccessTokenRepository;
import org.springframework.security.oauth2.client.token.SecurityTokenRepository; import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
import org.springframework.security.oauth2.core.AccessToken; import org.springframework.security.oauth2.core.AccessToken;
import org.springframework.security.oauth2.oidc.client.authentication.OidcClientAuthenticationToken; import org.springframework.security.oauth2.oidc.client.authentication.OidcClientAuthenticationToken;
@ -49,16 +50,13 @@ import org.springframework.util.Assert;
*/ */
public class AuthorizationCodeAuthenticationProvider implements AuthenticationProvider { public class AuthorizationCodeAuthenticationProvider implements AuthenticationProvider {
private final AuthorizationGrantAuthenticator<AuthorizationCodeAuthenticationToken> authorizationCodeAuthenticator; private final AuthorizationGrantAuthenticator<AuthorizationCodeAuthenticationToken> authorizationCodeAuthenticator;
private final SecurityTokenRepository<AccessToken> accessTokenRepository; private SecurityTokenRepository<AccessToken> accessTokenRepository = new InMemoryAccessTokenRepository();
public AuthorizationCodeAuthenticationProvider( public AuthorizationCodeAuthenticationProvider(
AuthorizationGrantAuthenticator<AuthorizationCodeAuthenticationToken> authorizationCodeAuthenticator, AuthorizationGrantAuthenticator<AuthorizationCodeAuthenticationToken> authorizationCodeAuthenticator) {
SecurityTokenRepository<AccessToken> accessTokenRepository) {
Assert.notNull(authorizationCodeAuthenticator, "authorizationCodeAuthenticator cannot be null"); Assert.notNull(authorizationCodeAuthenticator, "authorizationCodeAuthenticator cannot be null");
Assert.notNull(accessTokenRepository, "accessTokenRepository cannot be null");
this.authorizationCodeAuthenticator = authorizationCodeAuthenticator; this.authorizationCodeAuthenticator = authorizationCodeAuthenticator;
this.accessTokenRepository = accessTokenRepository;
} }
@Override @Override
@ -76,6 +74,11 @@ public class AuthorizationCodeAuthenticationProvider implements AuthenticationPr
return oauth2ClientAuthentication; return oauth2ClientAuthentication;
} }
public final void setAccessTokenRepository(SecurityTokenRepository<AccessToken> accessTokenRepository) {
Assert.notNull(accessTokenRepository, "accessTokenRepository cannot be null");
this.accessTokenRepository = accessTokenRepository;
}
@Override @Override
public boolean supports(Class<?> authentication) { public boolean supports(Class<?> authentication) {
return AuthorizationCodeAuthenticationToken.class.isAssignableFrom(authentication); return AuthorizationCodeAuthenticationToken.class.isAssignableFrom(authentication);