Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-25 13:32:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make AuthorizationRequestRepository a Generic

Browse Source 
Fixes gh-4723
This commit is contained in:
Joe Grandja 2017-10-27 21:31:45 -04:00
parent 9afefef3b9
commit 3d319f7592
7 changed files with 23 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
View File

@ -43,6 +43,7 @@ import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequest
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository; import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter; import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.oauth2.core.oidc.user.OidcUser; import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter; import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
@ -100,7 +101,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
public class AuthorizationEndpointConfig { public class AuthorizationEndpointConfig {
private String authorizationRequestBaseUri; private String authorizationRequestBaseUri;
private AuthorizationRequestUriBuilder authorizationRequestUriBuilder; private AuthorizationRequestUriBuilder authorizationRequestUriBuilder;
private AuthorizationRequestRepository authorizationRequestRepository; private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
private AuthorizationEndpointConfig() { private AuthorizationEndpointConfig() {
} }
@ -117,7 +118,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
return this; return this;
} }
public AuthorizationEndpointConfig authorizationRequestRepository(AuthorizationRequestRepository authorizationRequestRepository) { public AuthorizationEndpointConfig authorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null"); Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
this.authorizationRequestRepository = authorizationRequestRepository; this.authorizationRequestRepository = authorizationRequestRepository;
return this; return this;

12
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java
View File

@ -33,15 +33,17 @@ import javax.servlet.http.HttpServletResponse;
* @author Joe Grandja * @author Joe Grandja
* @since 5.0 * @since 5.0
* @see OAuth2AuthorizationRequest * @see OAuth2AuthorizationRequest
* @see HttpSessionAuthorizationRequestRepository * @see HttpSessionOAuth2AuthorizationRequestRepository
*
* @param <T> The type of <i>OAuth 2.0 Authorization Request</i>
*/ */
public interface AuthorizationRequestRepository { public interface AuthorizationRequestRepository<T extends OAuth2AuthorizationRequest> {
OAuth2AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request); T loadAuthorizationRequest(HttpServletRequest request);
void saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationRequest, HttpServletRequest request, void saveAuthorizationRequest(T authorizationRequest, HttpServletRequest request,
HttpServletResponse response); HttpServletResponse response);
OAuth2AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request); T removeAuthorizationRequest(HttpServletRequest request);
} }

4
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionAuthorizationRequestRepository.java → oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java
View File

@ -29,9 +29,9 @@ import javax.servlet.http.HttpSession;
* @since 5.0 * @since 5.0
* @see OAuth2AuthorizationRequest * @see OAuth2AuthorizationRequest
*/ */
public final class HttpSessionAuthorizationRequestRepository implements AuthorizationRequestRepository { public final class HttpSessionOAuth2AuthorizationRequestRepository implements AuthorizationRequestRepository<OAuth2AuthorizationRequest> {
private static final String DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME = private static final String DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME =
HttpSessionAuthorizationRequestRepository.class.getName() + ".AUTHORIZATION_REQUEST"; HttpSessionOAuth2AuthorizationRequestRepository.class.getName() + ".AUTHORIZATION_REQUEST";
private final String sessionAttributeName = DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME; private final String sessionAttributeName = DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME;
@Override @Override

5
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
View File

@ -73,7 +73,8 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
private AuthorizationRequestUriBuilder authorizationRequestUriBuilder = new OAuth2AuthorizationRequestUriBuilder(); private AuthorizationRequestUriBuilder authorizationRequestUriBuilder = new OAuth2AuthorizationRequestUriBuilder();
private final RedirectStrategy authorizationRedirectStrategy = new DefaultRedirectStrategy(); private final RedirectStrategy authorizationRedirectStrategy = new DefaultRedirectStrategy();
private final StringKeyGenerator stateGenerator = new Base64StringKeyGenerator(Base64.getUrlEncoder()); private final StringKeyGenerator stateGenerator = new Base64StringKeyGenerator(Base64.getUrlEncoder());
private AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository(); private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository =
new HttpSessionOAuth2AuthorizationRequestRepository();
public OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository clientRegistrationRepository) { public OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository clientRegistrationRepository) {
this(DEFAULT_AUTHORIZATION_REQUEST_BASE_URI, clientRegistrationRepository); this(DEFAULT_AUTHORIZATION_REQUEST_BASE_URI, clientRegistrationRepository);
@ -94,7 +95,7 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
this.authorizationRequestUriBuilder = authorizationRequestUriBuilder; this.authorizationRequestUriBuilder = authorizationRequestUriBuilder;
} }
public final void setAuthorizationRequestRepository(AuthorizationRequestRepository authorizationRequestRepository) { public final void setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null"); Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
this.authorizationRequestRepository = authorizationRequestRepository; this.authorizationRequestRepository = authorizationRequestRepository;
} }

5
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
View File

@ -84,7 +84,8 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
public static final String DEFAULT_FILTER_PROCESSES_URI = "/login/oauth2/code/*"; public static final String DEFAULT_FILTER_PROCESSES_URI = "/login/oauth2/code/*";
private static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found"; private static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found";
private ClientRegistrationRepository clientRegistrationRepository; private ClientRegistrationRepository clientRegistrationRepository;
private AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository(); private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository =
new HttpSessionOAuth2AuthorizationRequestRepository();
private OAuth2TokenRepository<OAuth2AccessToken> accessTokenRepository = new InMemoryAccessTokenRepository(); private OAuth2TokenRepository<OAuth2AccessToken> accessTokenRepository = new InMemoryAccessTokenRepository();
public OAuth2LoginAuthenticationFilter() { public OAuth2LoginAuthenticationFilter() {
@ -152,7 +153,7 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
this.clientRegistrationRepository = clientRegistrationRepository; this.clientRegistrationRepository = clientRegistrationRepository;
} }
public final void setAuthorizationRequestRepository(AuthorizationRequestRepository authorizationRequestRepository) { public final void setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null"); Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
this.authorizationRequestRepository = authorizationRequestRepository; this.authorizationRequestRepository = authorizationRequestRepository;
} }

3
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
View File

@ -87,7 +87,8 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
String authorizationUri = clientRegistration.getProviderDetails().getAuthorizationUri().toString(); String authorizationUri = clientRegistration.getProviderDetails().getAuthorizationUri().toString();
OAuth2AuthorizationRequestRedirectFilter filter = OAuth2AuthorizationRequestRedirectFilter filter =
setupFilter(authorizationUri, clientRegistration); setupFilter(authorizationUri, clientRegistration);
AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository(); AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository =
new HttpSessionOAuth2AuthorizationRequestRepository();
filter.setAuthorizationRequestRepository(authorizationRequestRepository); filter.setAuthorizationRequestRepository(authorizationRequestRepository);
String requestUri = TestUtil.AUTHORIZATION_BASE_URI + "/" + clientRegistration.getRegistrationId(); String requestUri = TestUtil.AUTHORIZATION_BASE_URI + "/" + clientRegistration.getRegistrationId();

5
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
View File

@ -109,7 +109,8 @@ public class OAuth2LoginAuthenticationFilterTests {
OAuth2LoginAuthenticationFilter filter = Mockito.spy(setupFilter(authenticationManager, clientRegistration)); OAuth2LoginAuthenticationFilter filter = Mockito.spy(setupFilter(authenticationManager, clientRegistration));
AuthenticationSuccessHandler successHandler = mock(AuthenticationSuccessHandler.class); AuthenticationSuccessHandler successHandler = mock(AuthenticationSuccessHandler.class);
filter.setAuthenticationSuccessHandler(successHandler); filter.setAuthenticationSuccessHandler(successHandler);
AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository(); AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository =
new HttpSessionOAuth2AuthorizationRequestRepository();
filter.setAuthorizationRequestRepository(authorizationRequestRepository); filter.setAuthorizationRequestRepository(authorizationRequestRepository);
MockHttpServletRequest request = this.setupRequest(clientRegistration); MockHttpServletRequest request = this.setupRequest(clientRegistration);
@ -187,7 +188,7 @@ public class OAuth2LoginAuthenticationFilterTests {
return filter; return filter;
} }
private void setupAuthorizationRequest(AuthorizationRequestRepository authorizationRequestRepository, private void setupAuthorizationRequest(AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository,
HttpServletRequest request, HttpServletRequest request,
HttpServletResponse response, HttpServletResponse response,
ClientRegistration clientRegistration, ClientRegistration clientRegistration,