Remove SecurityHeaders

We no longer need this since Spring Framework now provides HttpHeaders.setBearerAuth Issue: gh-5612
2018-07-30 14:28:41 -05:00 · 2018-07-30 14:28:41 -05:00 · 262c1a77c6
parent c26d7dc859
commit 262c1a77c6
5 changed files with 6 additions and 53 deletions
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java
@ -16,7 +16,6 @@
 package org.springframework.security.oauth2.client.userinfo;
 import static org.springframework.security.web.http.SecurityHeaders.bearerToken;
 import java.net.UnknownHostException;
 import java.util.HashSet;
@ -114,7 +113,7 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi
 				requestHeadersSpec = this.webClient.get()
 						.uri(userInfoUri)
 						.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
-						.headers(bearerToken(userRequest.getAccessToken().getTokenValue()));
+						.headers(headers -> headers.setBearerAuth(userRequest.getAccessToken().getTokenValue()));
 			}
 			Mono<Map<String, Object>> userAttributes = requestHeadersSpec
 					.retrieve()
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
@ -48,7 +48,6 @@ import java.util.Optional;
 import java.util.function.Consumer;
 import static org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors.oauth2AccessTokenResponse;
 import static org.springframework.security.web.http.SecurityHeaders.bearerToken;
 /**
 * Provides an easy mechanism for using an {@link OAuth2AuthorizedClient} to make OAuth2 requests by including the
@ -190,7 +189,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	private ClientRequest bearer(ClientRequest request, OAuth2AuthorizedClient authorizedClient) {
 		return ClientRequest.from(request)
-					.headers(bearerToken(authorizedClient.getAccessToken().getTokenValue()))
+					.headers(headers -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue()))
 					.build();
 	}
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
@ -56,7 +56,6 @@ import java.util.Optional;
 import java.util.function.Consumer;
 import static org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors.oauth2AccessTokenResponse;
 import static org.springframework.security.web.http.SecurityHeaders.bearerToken;
 /**
 * Provides an easy mechanism for using an {@link OAuth2AuthorizedClient} to make OAuth2 requests by including the
@ -338,7 +337,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	private ClientRequest bearer(ClientRequest request, OAuth2AuthorizedClient authorizedClient) {
 		return ClientRequest.from(request)
-					.headers(bearerToken(authorizedClient.getAccessToken().getTokenValue()))
+					.headers(headers -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue()))
 					.build();
 	}
--- a/samples/boot/oauth2resourceserver-webflux/src/test/java/sample/ServerOauth2ResourceApplicationTests.java
+++ b/samples/boot/oauth2resourceserver-webflux/src/test/java/sample/ServerOauth2ResourceApplicationTests.java
@ -25,8 +25,6 @@ import org.springframework.http.HttpHeaders;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.web.reactive.server.WebTestClient;
 import static org.springframework.security.web.http.SecurityHeaders.bearerToken;
 /**
 * @author Rob Winch
 * @since 5.1
@ -42,7 +40,7 @@ public class ServerOauth2ResourceApplicationTests {
 	public void getWhenValidTokenThenIsOk() {
 		String token = "eyJhbGciOiJSUzI1NiJ9.eyJzY29wZSI6Im1lc3NhZ2U6cmVhZCIsImV4cCI6MzEwNjMyODEzMSwianRpIjoiOGY5ZjFiYzItOWVlMi00NTJkLThhMGEtODg3YmE4YmViYjYzIn0.CM_KulSsIrNXW1x6NFeN5VwKQiIW-LIAScJzakRFDox8Ql7o4WOb0ubY3CjWYnglwqYzBvH9McCFqVrUtzdfODY5tyEEJSxWndIGExOi2osrwRPsY3AGzNa23GMfC9I03BFP1IFCq4ZfL-L6yVcIjLke-rA40UG-r-oA7r-N_zsLc5poO7Azf29IQgQF0GSRp4AKQprYHF5Q-Nz9XkILMDz9CwPQ9cbdLCC9smvaGmEAjMUr-C1QgM-_ulb42gWtRDLorW_eArg8g-fmIP0_w82eNWCBjLTy-WaDMACnDVrrUVsUMCqx6jS6h8_uejKly2NFuhyueIHZTTySqCZoTA";
 		this.rest.get().uri("/")
-				.headers(bearerToken(token))
+				.headers(headers -> headers.setBearerAuth(token))
 				.exchange()
 				.expectStatus().isOk()
 				.expectBody(String.class).isEqualTo("Hello, null!");
@ -60,7 +58,7 @@ public class ServerOauth2ResourceApplicationTests {
 	public void getWhenNone() {
 		String token = "ew0KICAiYWxnIjogIm5vbmUiLA0KICAidHlwIjogIkpXVCINCn0.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA0KICAibmFtZSI6ICJKb2huIERvZSIsDQogICJpYXQiOiAxNTE2MjM5MDIyDQp9.";
 		this.rest.get().uri("/")
-				.headers(bearerToken(token))
+				.headers(headers -> headers.setBearerAuth(token))
 				.exchange()
 				.expectStatus().isUnauthorized()
 				.expectHeader().valueEquals(HttpHeaders.WWW_AUTHENTICATE, "Bearer error=\"invalid_token\", error_description=\"Unsupported algorithm of none\", error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
@ -70,7 +68,7 @@ public class ServerOauth2ResourceApplicationTests {
 	public void getWhenInvalidToken() {
 		String token = "a";
 		this.rest.get().uri("/")
-				.headers(bearerToken(token))
+				.headers(headers -> headers.setBearerAuth(token))
 				.exchange()
 				.expectStatus().isUnauthorized()
 				.expectHeader().valueEquals(HttpHeaders.WWW_AUTHENTICATE, "Bearer error=\"invalid_token\", error_description=\"An error occurred while attempting to decode the Jwt: Invalid JWT serialization: Missing dot delimiter(s)\", error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
--- a/web/src/test/groovy/org/springframework/security/web/http/SecurityHeadersTests.java
+++ b/web/src/test/groovy/org/springframework/security/web/http/SecurityHeadersTests.java
@ -1,42 +0,0 @@
 /*
 * Copyright 2002-2018 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.springframework.security.web.http;
 import org.junit.Test;
 import static org.assertj.core.api.Assertions.*;
 /**
 * @author Rob Winch
 * @since 5.1
 */
 public class SecurityHeadersTests {
 	@Test
 	public void bearerTokenWhenNullThenIllegalArgumentException() {
 		String bearerTokenValue = null;
 		assertThatThrownBy(() -> SecurityHeaders.bearerToken(bearerTokenValue))
 				.isInstanceOf(IllegalArgumentException.class);
 	}
 	@Test
 	public void bearerTokenWhenEmptyStringThenIllegalArgumentException() {
 		assertThatThrownBy(() -> SecurityHeaders.bearerToken(""))
 				.isInstanceOf(IllegalArgumentException.class);
 	}
 }