Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 01:02:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix oauth2login loginProcessingUrl NPE for java config

Browse Source 
Java Config http.oauth2Login().loginProcessingUrl("url"); throws NPE.
Override loginProcessingUrl method and cached config url.
Then when the config is initialized,
it calls the super method to complete the configuration.

Fixes gh-5488
This commit is contained in:
mhyeon.lee 2018-07-06 18:35:16 +09:00 committed by Joe Grandja
parent 522bfe9e05
commit 2af69f08a9
2 changed files with 52 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2017 the original author or authors. * Copyright 2002-2018 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -124,6 +124,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
private final RedirectionEndpointConfig redirectionEndpointConfig = new RedirectionEndpointConfig(); private final RedirectionEndpointConfig redirectionEndpointConfig = new RedirectionEndpointConfig();
private final UserInfoEndpointConfig userInfoEndpointConfig = new UserInfoEndpointConfig(); private final UserInfoEndpointConfig userInfoEndpointConfig = new UserInfoEndpointConfig();
private String loginPage; private String loginPage;
private String loginProcessingUrl = OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
/** /**
* Sets the repository of client registrations. * Sets the repository of client registrations.
@ -156,6 +157,13 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
return this; return this;
} }
@Override
public OAuth2LoginConfigurer<B> loginProcessingUrl(String loginProcessingUrl) {
Assert.hasText(loginProcessingUrl, "loginProcessingUrl cannot be empty");
this.loginProcessingUrl = loginProcessingUrl;
return this;
}
/** /**
* Returns the {@link AuthorizationEndpointConfig} for configuring the Authorization Server's Authorization Endpoint. * Returns the {@link AuthorizationEndpointConfig} for configuring the Authorization Server's Authorization Endpoint.
* *
@ -378,9 +386,9 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
new OAuth2LoginAuthenticationFilter( new OAuth2LoginAuthenticationFilter(
OAuth2ClientConfigurerUtils.getClientRegistrationRepository(this.getBuilder()), OAuth2ClientConfigurerUtils.getClientRegistrationRepository(this.getBuilder()),
OAuth2ClientConfigurerUtils.getAuthorizedClientService(this.getBuilder()), OAuth2ClientConfigurerUtils.getAuthorizedClientService(this.getBuilder()),
OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI); this.loginProcessingUrl);
this.setAuthenticationFilter(authenticationFilter); this.setAuthenticationFilter(authenticationFilter);
this.loginProcessingUrl(OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI); super.loginProcessingUrl(this.loginProcessingUrl);
if (this.loginPage != null) { if (this.loginPage != null) {
super.loginPage(this.loginPage); super.loginPage(this.loginPage);
} }

41
config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
View File

@ -197,6 +197,34 @@ public class OAuth2LoginConfigurerTests {
assertThat(authentication.getAuthorities()).last().hasToString("ROLE_OAUTH2_USER"); assertThat(authentication.getAuthorities()).last().hasToString("ROLE_OAUTH2_USER");
} }
// gh-5488
@Test
public void oauth2LoginConfigLoginProcessingUrl() throws Exception {
// setup application context
loadConfig(OAuth2LoginConfigLoginProcessingUrl.class);
// setup authorization request
OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest();
this.request.setServletPath("/login/oauth2/google");
this.authorizationRequestRepository.saveAuthorizationRequest(
authorizationRequest, this.request, this.response);
// setup authentication parameters
this.request.setParameter("code", "code123");
this.request.setParameter("state", authorizationRequest.getState());
// perform test
this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
// assertions
Authentication authentication = this.securityContextRepository
.loadContext(new HttpRequestResponseHolder(this.request, this.response))
.getAuthentication();
assertThat(authentication.getAuthorities()).hasSize(1);
assertThat(authentication.getAuthorities()).first()
.isInstanceOf(OAuth2UserAuthority.class).hasToString("ROLE_USER");
}
@Test @Test
public void oidcLogin() throws Exception { public void oidcLogin() throws Exception {
// setup application context // setup application context
@ -365,6 +393,19 @@ public class OAuth2LoginConfigurerTests {
} }
} }
@EnableWebSecurity
static class OAuth2LoginConfigLoginProcessingUrl extends CommonWebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Login()
.clientRegistrationRepository(
new InMemoryClientRegistrationRepository(CLIENT_REGISTRATION))
.loginProcessingUrl("/login/oauth2/*");
super.configure(http);
}
}
private static abstract class CommonWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { private static abstract class CommonWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {