Remove SecurityHeaders

We no longer need this since Spring Framework now provides
HttpHeaders.setBearerAuth

Issue: gh-5612
This commit is contained in:
Rob Winch 2018-07-30 14:28:41 -05:00
parent c26d7dc859
commit 262c1a77c6
5 changed files with 6 additions and 53 deletions

View File

@ -16,7 +16,6 @@
package org.springframework.security.oauth2.client.userinfo;
import static org.springframework.security.web.http.SecurityHeaders.bearerToken;
import java.net.UnknownHostException;
import java.util.HashSet;
@ -114,7 +113,7 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi
requestHeadersSpec = this.webClient.get()
.uri(userInfoUri)
.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
.headers(bearerToken(userRequest.getAccessToken().getTokenValue()));
.headers(headers -> headers.setBearerAuth(userRequest.getAccessToken().getTokenValue()));
}
Mono<Map<String, Object>> userAttributes = requestHeadersSpec
.retrieve()

View File

@ -48,7 +48,6 @@ import java.util.Optional;
import java.util.function.Consumer;
import static org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors.oauth2AccessTokenResponse;
import static org.springframework.security.web.http.SecurityHeaders.bearerToken;
/**
* Provides an easy mechanism for using an {@link OAuth2AuthorizedClient} to make OAuth2 requests by including the
@ -190,7 +189,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
private ClientRequest bearer(ClientRequest request, OAuth2AuthorizedClient authorizedClient) {
return ClientRequest.from(request)
.headers(bearerToken(authorizedClient.getAccessToken().getTokenValue()))
.headers(headers -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue()))
.build();
}

View File

@ -56,7 +56,6 @@ import java.util.Optional;
import java.util.function.Consumer;
import static org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors.oauth2AccessTokenResponse;
import static org.springframework.security.web.http.SecurityHeaders.bearerToken;
/**
* Provides an easy mechanism for using an {@link OAuth2AuthorizedClient} to make OAuth2 requests by including the
@ -338,7 +337,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
private ClientRequest bearer(ClientRequest request, OAuth2AuthorizedClient authorizedClient) {
return ClientRequest.from(request)
.headers(bearerToken(authorizedClient.getAccessToken().getTokenValue()))
.headers(headers -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue()))
.build();
}

View File

@ -25,8 +25,6 @@ import org.springframework.http.HttpHeaders;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.reactive.server.WebTestClient;
import static org.springframework.security.web.http.SecurityHeaders.bearerToken;
/**
* @author Rob Winch
* @since 5.1
@ -42,7 +40,7 @@ public class ServerOauth2ResourceApplicationTests {
public void getWhenValidTokenThenIsOk() {
String token = "eyJhbGciOiJSUzI1NiJ9.eyJzY29wZSI6Im1lc3NhZ2U6cmVhZCIsImV4cCI6MzEwNjMyODEzMSwianRpIjoiOGY5ZjFiYzItOWVlMi00NTJkLThhMGEtODg3YmE4YmViYjYzIn0.CM_KulSsIrNXW1x6NFeN5VwKQiIW-LIAScJzakRFDox8Ql7o4WOb0ubY3CjWYnglwqYzBvH9McCFqVrUtzdfODY5tyEEJSxWndIGExOi2osrwRPsY3AGzNa23GMfC9I03BFP1IFCq4ZfL-L6yVcIjLke-rA40UG-r-oA7r-N_zsLc5poO7Azf29IQgQF0GSRp4AKQprYHF5Q-Nz9XkILMDz9CwPQ9cbdLCC9smvaGmEAjMUr-C1QgM-_ulb42gWtRDLorW_eArg8g-fmIP0_w82eNWCBjLTy-WaDMACnDVrrUVsUMCqx6jS6h8_uejKly2NFuhyueIHZTTySqCZoTA";
this.rest.get().uri("/")
.headers(bearerToken(token))
.headers(headers -> headers.setBearerAuth(token))
.exchange()
.expectStatus().isOk()
.expectBody(String.class).isEqualTo("Hello, null!");
@ -60,7 +58,7 @@ public class ServerOauth2ResourceApplicationTests {
public void getWhenNone() {
String token = "ew0KICAiYWxnIjogIm5vbmUiLA0KICAidHlwIjogIkpXVCINCn0.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA0KICAibmFtZSI6ICJKb2huIERvZSIsDQogICJpYXQiOiAxNTE2MjM5MDIyDQp9.";
this.rest.get().uri("/")
.headers(bearerToken(token))
.headers(headers -> headers.setBearerAuth(token))
.exchange()
.expectStatus().isUnauthorized()
.expectHeader().valueEquals(HttpHeaders.WWW_AUTHENTICATE, "Bearer error=\"invalid_token\", error_description=\"Unsupported algorithm of none\", error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
@ -70,7 +68,7 @@ public class ServerOauth2ResourceApplicationTests {
public void getWhenInvalidToken() {
String token = "a";
this.rest.get().uri("/")
.headers(bearerToken(token))
.headers(headers -> headers.setBearerAuth(token))
.exchange()
.expectStatus().isUnauthorized()
.expectHeader().valueEquals(HttpHeaders.WWW_AUTHENTICATE, "Bearer error=\"invalid_token\", error_description=\"An error occurred while attempting to decode the Jwt: Invalid JWT serialization: Missing dot delimiter(s)\", error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");

View File

@ -1,42 +0,0 @@
/*
* Copyright 2002-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.http;
import org.junit.Test;
import static org.assertj.core.api.Assertions.*;
/**
* @author Rob Winch
* @since 5.1
*/
public class SecurityHeadersTests {
@Test
public void bearerTokenWhenNullThenIllegalArgumentException() {
String bearerTokenValue = null;
assertThatThrownBy(() -> SecurityHeaders.bearerToken(bearerTokenValue))
.isInstanceOf(IllegalArgumentException.class);
}
@Test
public void bearerTokenWhenEmptyStringThenIllegalArgumentException() {
assertThatThrownBy(() -> SecurityHeaders.bearerToken(""))
.isInstanceOf(IllegalArgumentException.class);
}
}