From 415760838f7d4c9df69323a6b9f093f79fd291b6 Mon Sep 17 00:00:00 2001 From: Eleftheria Stein Date: Tue, 9 Jul 2019 13:31:08 -0400 Subject: [PATCH] Allow configuration of oauth2 client through nested builder Issue: gh-5557 --- .../annotation/web/builders/HttpSecurity.java | 35 ++++++++++++++++ .../oauth2/client/OAuth2ClientConfigurer.java | 17 +++++++- .../client/OAuth2ClientConfigurerTests.java | 40 +++++++++++++++++++ 3 files changed, 91 insertions(+), 1 deletion(-) diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java index 6e5b4c8281..cffdad7824 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java @@ -2059,6 +2059,41 @@ public final class HttpSecurity extends return configurer; } + /** + * Configures OAuth 2.0 Client support. + * + *

Example Configuration

+ * + * The following example demonstrates how to enable OAuth 2.0 Client support for all endpoints. + * + *
+	 * @Configuration
+	 * @EnableWebSecurity
+	 * public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
+	 * 	@Override
+	 * 	protected void configure(HttpSecurity http) throws Exception {
+	 * 		http
+	 * 			.authorizeRequests(authorizeRequests ->
+	 * 				authorizeRequests
+	 * 					.anyRequest().authenticated()
+	 * 			)
+	 * 			.oauth2Client(withDefaults());
+	 *	}
+	 * }
+	 * 
+ * + * @see OAuth 2.0 Authorization Framework + * + * @param oauth2ClientCustomizer the {@link Customizer} to provide more options for + * the {@link OAuth2ClientConfigurer} + * @return the {@link HttpSecurity} for further customizations + * @throws Exception + */ + public HttpSecurity oauth2Client(Customizer> oauth2ClientCustomizer) throws Exception { + oauth2ClientCustomizer.customize(getOrApply(new OAuth2ClientConfigurer<>())); + return HttpSecurity.this; + } + /** * Configures OAuth 2.0 Resource Server support. * diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java index f4a5c2c366..066ca0c692 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.config.annotation.web.configurers.oauth2.client; import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService; @@ -135,6 +136,20 @@ public final class OAuth2ClientConfigurer> exte return this.authorizationCodeGrantConfigurer; } + /** + * Configures the OAuth 2.0 Authorization Code Grant. + * + * @param authorizationCodeGrantCustomizer the {@link Customizer} to provide more options for + * the {@link AuthorizationCodeGrantConfigurer} + * @return the {@link OAuth2ClientConfigurer} for further customizations + * @throws Exception + */ + public OAuth2ClientConfigurer authorizationCodeGrant(Customizer authorizationCodeGrantCustomizer) + throws Exception { + authorizationCodeGrantCustomizer.customize(this.authorizationCodeGrantConfigurer); + return this; + } + /** * Configuration options for the OAuth 2.0 Authorization Code Grant. */ diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java index 269641783f..5a231dc28a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java @@ -65,6 +65,7 @@ import java.util.Map; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.*; +import static org.springframework.security.config.Customizer.withDefaults; import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication; import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; @@ -141,6 +142,19 @@ public class OAuth2ClientConfigurerTests { "redirect_uri=http://localhost/client-1"); } + @Test + public void configureWhenOauth2ClientInLambdaThenRedirectForAuthorization() throws Exception { + this.spring.register(OAuth2ClientInLambdaConfig.class).autowire(); + + MvcResult mvcResult = this.mockMvc.perform(get("/oauth2/authorization/registration-1")) + .andExpect(status().is3xxRedirection()) + .andReturn(); + assertThat(mvcResult.getResponse().getRedirectedUrl()).matches("https://provider.com/oauth2/authorize\\?" + + "response_type=code&client_id=client-1&" + + "scope=user&state=.{15,}&" + + "redirect_uri=http://localhost/client-1"); + } + @Test public void configureWhenAuthorizationCodeResponseSuccessThenAuthorizedClientSaved() throws Exception { this.spring.register(OAuth2ClientConfig.class).autowire(); @@ -248,4 +262,30 @@ public class OAuth2ClientConfigurerTests { } } } + + @EnableWebSecurity + @EnableWebMvc + static class OAuth2ClientInLambdaConfig extends WebSecurityConfigurerAdapter { + @Override + protected void configure(HttpSecurity http) throws Exception { + // @formatter:off + http + .authorizeRequests(authorizeRequests -> + authorizeRequests + .anyRequest().authenticated() + ) + .oauth2Client(withDefaults()); + // @formatter:on + } + + @Bean + public ClientRegistrationRepository clientRegistrationRepository() { + return clientRegistrationRepository; + } + + @Bean + public OAuth2AuthorizedClientRepository authorizedClientRepository() { + return authorizedClientRepository; + } + } }