diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java index 533400c391..83d35f267f 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java @@ -16,7 +16,6 @@ package org.springframework.security.oauth2.client.userinfo; -import static org.springframework.security.web.http.SecurityHeaders.bearerToken; import java.net.UnknownHostException; import java.util.HashSet; @@ -114,7 +113,7 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi requestHeadersSpec = this.webClient.get() .uri(userInfoUri) .header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE) - .headers(bearerToken(userRequest.getAccessToken().getTokenValue())); + .headers(headers -> headers.setBearerAuth(userRequest.getAccessToken().getTokenValue())); } Mono> userAttributes = requestHeadersSpec .retrieve() diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java index 26b0fbbabe..b8edf6f133 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java @@ -48,7 +48,6 @@ import java.util.Optional; import java.util.function.Consumer; import static org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors.oauth2AccessTokenResponse; -import static org.springframework.security.web.http.SecurityHeaders.bearerToken; /** * Provides an easy mechanism for using an {@link OAuth2AuthorizedClient} to make OAuth2 requests by including the @@ -190,7 +189,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements private ClientRequest bearer(ClientRequest request, OAuth2AuthorizedClient authorizedClient) { return ClientRequest.from(request) - .headers(bearerToken(authorizedClient.getAccessToken().getTokenValue())) + .headers(headers -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue())) .build(); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java index bc10e7f2ed..60969a5bb0 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java @@ -56,7 +56,6 @@ import java.util.Optional; import java.util.function.Consumer; import static org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors.oauth2AccessTokenResponse; -import static org.springframework.security.web.http.SecurityHeaders.bearerToken; /** * Provides an easy mechanism for using an {@link OAuth2AuthorizedClient} to make OAuth2 requests by including the @@ -338,7 +337,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement private ClientRequest bearer(ClientRequest request, OAuth2AuthorizedClient authorizedClient) { return ClientRequest.from(request) - .headers(bearerToken(authorizedClient.getAccessToken().getTokenValue())) + .headers(headers -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue())) .build(); } diff --git a/samples/boot/oauth2resourceserver-webflux/src/test/java/sample/ServerOauth2ResourceApplicationTests.java b/samples/boot/oauth2resourceserver-webflux/src/test/java/sample/ServerOauth2ResourceApplicationTests.java index 7c8dce252e..a47be4787e 100644 --- a/samples/boot/oauth2resourceserver-webflux/src/test/java/sample/ServerOauth2ResourceApplicationTests.java +++ b/samples/boot/oauth2resourceserver-webflux/src/test/java/sample/ServerOauth2ResourceApplicationTests.java @@ -25,8 +25,6 @@ import org.springframework.http.HttpHeaders; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.web.reactive.server.WebTestClient; -import static org.springframework.security.web.http.SecurityHeaders.bearerToken; - /** * @author Rob Winch * @since 5.1 @@ -42,7 +40,7 @@ public class ServerOauth2ResourceApplicationTests { public void getWhenValidTokenThenIsOk() { String token = "eyJhbGciOiJSUzI1NiJ9.eyJzY29wZSI6Im1lc3NhZ2U6cmVhZCIsImV4cCI6MzEwNjMyODEzMSwianRpIjoiOGY5ZjFiYzItOWVlMi00NTJkLThhMGEtODg3YmE4YmViYjYzIn0.CM_KulSsIrNXW1x6NFeN5VwKQiIW-LIAScJzakRFDox8Ql7o4WOb0ubY3CjWYnglwqYzBvH9McCFqVrUtzdfODY5tyEEJSxWndIGExOi2osrwRPsY3AGzNa23GMfC9I03BFP1IFCq4ZfL-L6yVcIjLke-rA40UG-r-oA7r-N_zsLc5poO7Azf29IQgQF0GSRp4AKQprYHF5Q-Nz9XkILMDz9CwPQ9cbdLCC9smvaGmEAjMUr-C1QgM-_ulb42gWtRDLorW_eArg8g-fmIP0_w82eNWCBjLTy-WaDMACnDVrrUVsUMCqx6jS6h8_uejKly2NFuhyueIHZTTySqCZoTA"; this.rest.get().uri("/") - .headers(bearerToken(token)) + .headers(headers -> headers.setBearerAuth(token)) .exchange() .expectStatus().isOk() .expectBody(String.class).isEqualTo("Hello, null!"); @@ -60,7 +58,7 @@ public class ServerOauth2ResourceApplicationTests { public void getWhenNone() { String token = "ew0KICAiYWxnIjogIm5vbmUiLA0KICAidHlwIjogIkpXVCINCn0.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA0KICAibmFtZSI6ICJKb2huIERvZSIsDQogICJpYXQiOiAxNTE2MjM5MDIyDQp9."; this.rest.get().uri("/") - .headers(bearerToken(token)) + .headers(headers -> headers.setBearerAuth(token)) .exchange() .expectStatus().isUnauthorized() .expectHeader().valueEquals(HttpHeaders.WWW_AUTHENTICATE, "Bearer error=\"invalid_token\", error_description=\"Unsupported algorithm of none\", error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\""); @@ -70,7 +68,7 @@ public class ServerOauth2ResourceApplicationTests { public void getWhenInvalidToken() { String token = "a"; this.rest.get().uri("/") - .headers(bearerToken(token)) + .headers(headers -> headers.setBearerAuth(token)) .exchange() .expectStatus().isUnauthorized() .expectHeader().valueEquals(HttpHeaders.WWW_AUTHENTICATE, "Bearer error=\"invalid_token\", error_description=\"An error occurred while attempting to decode the Jwt: Invalid JWT serialization: Missing dot delimiter(s)\", error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\""); diff --git a/web/src/test/groovy/org/springframework/security/web/http/SecurityHeadersTests.java b/web/src/test/groovy/org/springframework/security/web/http/SecurityHeadersTests.java deleted file mode 100644 index 164a4ba39f..0000000000 --- a/web/src/test/groovy/org/springframework/security/web/http/SecurityHeadersTests.java +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright 2002-2018 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.web.http; - -import org.junit.Test; - -import static org.assertj.core.api.Assertions.*; - -/** - * @author Rob Winch - * @since 5.1 - */ -public class SecurityHeadersTests { - - @Test - public void bearerTokenWhenNullThenIllegalArgumentException() { - String bearerTokenValue = null; - assertThatThrownBy(() -> SecurityHeaders.bearerToken(bearerTokenValue)) - .isInstanceOf(IllegalArgumentException.class); - } - - @Test - public void bearerTokenWhenEmptyStringThenIllegalArgumentException() { - assertThatThrownBy(() -> SecurityHeaders.bearerToken("")) - .isInstanceOf(IllegalArgumentException.class); - } - -}