diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java index b2e2ac8ad6..35becbb24b 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java @@ -43,6 +43,7 @@ import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequest import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository; import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter; import org.springframework.security.oauth2.core.OAuth2AccessToken; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import org.springframework.security.oauth2.core.oidc.user.OidcUser; import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter; @@ -100,7 +101,7 @@ public final class OAuth2LoginConfigurer> exten public class AuthorizationEndpointConfig { private String authorizationRequestBaseUri; private AuthorizationRequestUriBuilder authorizationRequestUriBuilder; - private AuthorizationRequestRepository authorizationRequestRepository; + private AuthorizationRequestRepository authorizationRequestRepository; private AuthorizationEndpointConfig() { } @@ -117,7 +118,7 @@ public final class OAuth2LoginConfigurer> exten return this; } - public AuthorizationEndpointConfig authorizationRequestRepository(AuthorizationRequestRepository authorizationRequestRepository) { + public AuthorizationEndpointConfig authorizationRequestRepository(AuthorizationRequestRepository authorizationRequestRepository) { Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null"); this.authorizationRequestRepository = authorizationRequestRepository; return this; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java index 51ea0b610d..df155ad3b8 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java @@ -33,15 +33,17 @@ import javax.servlet.http.HttpServletResponse; * @author Joe Grandja * @since 5.0 * @see OAuth2AuthorizationRequest - * @see HttpSessionAuthorizationRequestRepository + * @see HttpSessionOAuth2AuthorizationRequestRepository + * + * @param The type of OAuth 2.0 Authorization Request */ -public interface AuthorizationRequestRepository { +public interface AuthorizationRequestRepository { - OAuth2AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request); + T loadAuthorizationRequest(HttpServletRequest request); - void saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationRequest, HttpServletRequest request, + void saveAuthorizationRequest(T authorizationRequest, HttpServletRequest request, HttpServletResponse response); - OAuth2AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request); + T removeAuthorizationRequest(HttpServletRequest request); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionAuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java similarity index 90% rename from oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionAuthorizationRequestRepository.java rename to oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java index 22788c54f0..29cfa0d27e 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionAuthorizationRequestRepository.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java @@ -29,9 +29,9 @@ import javax.servlet.http.HttpSession; * @since 5.0 * @see OAuth2AuthorizationRequest */ -public final class HttpSessionAuthorizationRequestRepository implements AuthorizationRequestRepository { +public final class HttpSessionOAuth2AuthorizationRequestRepository implements AuthorizationRequestRepository { private static final String DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME = - HttpSessionAuthorizationRequestRepository.class.getName() + ".AUTHORIZATION_REQUEST"; + HttpSessionOAuth2AuthorizationRequestRepository.class.getName() + ".AUTHORIZATION_REQUEST"; private final String sessionAttributeName = DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME; @Override diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java index 0feba6b69f..de724bd135 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java @@ -73,7 +73,8 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt private AuthorizationRequestUriBuilder authorizationRequestUriBuilder = new OAuth2AuthorizationRequestUriBuilder(); private final RedirectStrategy authorizationRedirectStrategy = new DefaultRedirectStrategy(); private final StringKeyGenerator stateGenerator = new Base64StringKeyGenerator(Base64.getUrlEncoder()); - private AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository(); + private AuthorizationRequestRepository authorizationRequestRepository = + new HttpSessionOAuth2AuthorizationRequestRepository(); public OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository clientRegistrationRepository) { this(DEFAULT_AUTHORIZATION_REQUEST_BASE_URI, clientRegistrationRepository); @@ -94,7 +95,7 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt this.authorizationRequestUriBuilder = authorizationRequestUriBuilder; } - public final void setAuthorizationRequestRepository(AuthorizationRequestRepository authorizationRequestRepository) { + public final void setAuthorizationRequestRepository(AuthorizationRequestRepository authorizationRequestRepository) { Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null"); this.authorizationRequestRepository = authorizationRequestRepository; } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java index 434185031f..c2e836366c 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java @@ -84,7 +84,8 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce public static final String DEFAULT_FILTER_PROCESSES_URI = "/login/oauth2/code/*"; private static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found"; private ClientRegistrationRepository clientRegistrationRepository; - private AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository(); + private AuthorizationRequestRepository authorizationRequestRepository = + new HttpSessionOAuth2AuthorizationRequestRepository(); private OAuth2TokenRepository accessTokenRepository = new InMemoryAccessTokenRepository(); public OAuth2LoginAuthenticationFilter() { @@ -152,7 +153,7 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce this.clientRegistrationRepository = clientRegistrationRepository; } - public final void setAuthorizationRequestRepository(AuthorizationRequestRepository authorizationRequestRepository) { + public final void setAuthorizationRequestRepository(AuthorizationRequestRepository authorizationRequestRepository) { Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null"); this.authorizationRequestRepository = authorizationRequestRepository; } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java index 92452f3b8d..00fb1c6c11 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java @@ -87,7 +87,8 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { String authorizationUri = clientRegistration.getProviderDetails().getAuthorizationUri().toString(); OAuth2AuthorizationRequestRedirectFilter filter = setupFilter(authorizationUri, clientRegistration); - AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository(); + AuthorizationRequestRepository authorizationRequestRepository = + new HttpSessionOAuth2AuthorizationRequestRepository(); filter.setAuthorizationRequestRepository(authorizationRequestRepository); String requestUri = TestUtil.AUTHORIZATION_BASE_URI + "/" + clientRegistration.getRegistrationId(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java index 46457716e7..d0e4ff9004 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java @@ -109,7 +109,8 @@ public class OAuth2LoginAuthenticationFilterTests { OAuth2LoginAuthenticationFilter filter = Mockito.spy(setupFilter(authenticationManager, clientRegistration)); AuthenticationSuccessHandler successHandler = mock(AuthenticationSuccessHandler.class); filter.setAuthenticationSuccessHandler(successHandler); - AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository(); + AuthorizationRequestRepository authorizationRequestRepository = + new HttpSessionOAuth2AuthorizationRequestRepository(); filter.setAuthorizationRequestRepository(authorizationRequestRepository); MockHttpServletRequest request = this.setupRequest(clientRegistration); @@ -187,7 +188,7 @@ public class OAuth2LoginAuthenticationFilterTests { return filter; } - private void setupAuthorizationRequest(AuthorizationRequestRepository authorizationRequestRepository, + private void setupAuthorizationRequest(AuthorizationRequestRepository authorizationRequestRepository, HttpServletRequest request, HttpServletResponse response, ClientRegistration clientRegistration,