Rename @OAuth2Client to @RegisteredOAuth2AuthorizedClient
Fixes gh-5360
This commit is contained in:
Joe Grandja
parent
81a73e1f55
commit
4fc6d96073
|
|
@ -21,8 +21,7 @@ import org.springframework.context.annotation.Import;
|
|||
import org.springframework.context.annotation.ImportSelector;
|
||||
import org.springframework.core.type.AnnotationMetadata;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.web.method.annotation.OAuth2ClientArgumentResolver;
|
||||
import org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver;
|
||||
import org.springframework.util.ClassUtils;
|
||||
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||
|
|
@ -58,18 +57,15 @@ final class OAuth2ClientConfiguration {
|
|||
|
||||
@Configuration
|
||||
static class OAuth2ClientWebMvcSecurityConfiguration implements WebMvcConfigurer {
|
||||
@Autowired(required = false)
|
||||
private ClientRegistrationRepository clientRegistrationRepository;
|
||||
|
||||
@Autowired(required = false)
|
||||
private OAuth2AuthorizedClientService authorizedClientService;
|
||||
|
||||
@Override
|
||||
public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {
|
||||
if (this.clientRegistrationRepository != null && this.authorizedClientService != null) {
|
||||
OAuth2ClientArgumentResolver oauth2ClientArgumentResolver = new OAuth2ClientArgumentResolver(
|
||||
this.clientRegistrationRepository, this.authorizedClientService);
|
||||
argumentResolvers.add(oauth2ClientArgumentResolver);
|
||||
if (this.authorizedClientService != null) {
|
||||
OAuth2AuthorizedClientArgumentResolver authorizedClientArgumentResolver =
|
||||
new OAuth2AuthorizedClientArgumentResolver(this.authorizedClientService);
|
||||
argumentResolvers.add(authorizedClientArgumentResolver);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,19 +16,18 @@
|
|||
|
||||
package org.springframework.security.config.annotation.web.reactive;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.ImportSelector;
|
||||
import org.springframework.core.type.AnnotationMetadata;
|
||||
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2ClientArgumentResolver;
|
||||
import org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientArgumentResolver;
|
||||
import org.springframework.util.ClassUtils;
|
||||
import org.springframework.web.reactive.config.WebFluxConfigurer;
|
||||
import org.springframework.web.reactive.result.method.annotation.ArgumentResolverConfigurer;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* {@link Configuration} for OAuth 2.0 Client support.
|
||||
*
|
||||
|
|
@ -52,21 +51,12 @@ final class ReactiveOAuth2ClientImportSelector implements ImportSelector {
|
|||
|
||||
@Configuration
|
||||
static class OAuth2ClientWebFluxSecurityConfiguration implements WebFluxConfigurer {
|
||||
private ReactiveClientRegistrationRepository clientRegistrationRepository;
|
||||
|
||||
private ReactiveOAuth2AuthorizedClientService authorizedClientService;
|
||||
|
||||
@Override
|
||||
public void configureArgumentResolvers(ArgumentResolverConfigurer configurer) {
|
||||
if (this.clientRegistrationRepository != null && this.authorizedClientService != null) {
|
||||
configurer.addCustomResolver(new OAuth2ClientArgumentResolver(this.clientRegistrationRepository, this.authorizedClientService));
|
||||
}
|
||||
}
|
||||
|
||||
@Autowired(required = false)
|
||||
public void setClientRegistrationRepository(List<ReactiveClientRegistrationRepository> clientRegistrationRepository) {
|
||||
if (clientRegistrationRepository.size() == 1) {
|
||||
this.clientRegistrationRepository = clientRegistrationRepository.get(0);
|
||||
if (this.authorizedClientService != null) {
|
||||
configurer.addCustomResolver(new OAuth2AuthorizedClientArgumentResolver(this.authorizedClientService));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -23,11 +23,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|||
import org.springframework.security.config.test.SpringTestRule;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.annotation.OAuth2Client;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
|
|
@ -54,24 +50,10 @@ public class OAuth2ClientConfigurationTests {
|
|||
private MockMvc mockMvc;
|
||||
|
||||
@Test
|
||||
public void requestWhenAuthorizedClientFoundThenOAuth2ClientArgumentsResolved() throws Exception {
|
||||
public void requestWhenAuthorizedClientFoundThenMethodArgumentResolved() throws Exception {
|
||||
String clientRegistrationId = "client1";
|
||||
String principalName = "user1";
|
||||
|
||||
ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class);
|
||||
ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(clientRegistrationId)
|
||||
.clientId("client-id")
|
||||
.clientSecret("secret")
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate("{baseUrl}/client1")
|
||||
.scope("scope1", "scope2")
|
||||
.authorizationUri("https://provider.com/oauth2/auth")
|
||||
.tokenUri("https://provider.com/oauth2/token")
|
||||
.clientName("Client 1")
|
||||
.build();
|
||||
when(clientRegistrationRepository.findByRegistrationId(clientRegistrationId)).thenReturn(clientRegistration);
|
||||
|
||||
OAuth2AuthorizedClientService authorizedClientService = mock(OAuth2AuthorizedClientService.class);
|
||||
OAuth2AuthorizedClient authorizedClient = mock(OAuth2AuthorizedClient.class);
|
||||
when(authorizedClientService.loadAuthorizedClient(clientRegistrationId, principalName)).thenReturn(authorizedClient);
|
||||
|
|
@ -79,25 +61,17 @@ public class OAuth2ClientConfigurationTests {
|
|||
OAuth2AccessToken accessToken = mock(OAuth2AccessToken.class);
|
||||
when(authorizedClient.getAccessToken()).thenReturn(accessToken);
|
||||
|
||||
OAuth2ClientArgumentResolverConfig.CLIENT_REGISTRATION_REPOSITORY = clientRegistrationRepository;
|
||||
OAuth2ClientArgumentResolverConfig.AUTHORIZED_CLIENT_SERVICE = authorizedClientService;
|
||||
this.spring.register(OAuth2ClientArgumentResolverConfig.class).autowire();
|
||||
OAuth2AuthorizedClientArgumentResolverConfig.AUTHORIZED_CLIENT_SERVICE = authorizedClientService;
|
||||
this.spring.register(OAuth2AuthorizedClientArgumentResolverConfig.class).autowire();
|
||||
|
||||
this.mockMvc.perform(get("/access-token").with(user(principalName)))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(content().string("resolved"));
|
||||
this.mockMvc.perform(get("/authorized-client").with(user(principalName)))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(content().string("resolved"));
|
||||
this.mockMvc.perform(get("/client-registration").with(user(principalName)))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(content().string("resolved"));
|
||||
}
|
||||
|
||||
@EnableWebMvc
|
||||
@EnableWebSecurity
|
||||
static class OAuth2ClientArgumentResolverConfig extends WebSecurityConfigurerAdapter {
|
||||
static ClientRegistrationRepository CLIENT_REGISTRATION_REPOSITORY;
|
||||
static class OAuth2AuthorizedClientArgumentResolverConfig extends WebSecurityConfigurerAdapter {
|
||||
static OAuth2AuthorizedClientService AUTHORIZED_CLIENT_SERVICE;
|
||||
|
||||
@Override
|
||||
|
|
@ -107,25 +81,10 @@ public class OAuth2ClientConfigurationTests {
|
|||
@RestController
|
||||
public class Controller {
|
||||
|
||||
@GetMapping("/access-token")
|
||||
public String accessToken(@OAuth2Client("client1") OAuth2AccessToken accessToken) {
|
||||
return accessToken != null ? "resolved" : "not-resolved";
|
||||
}
|
||||
|
||||
@GetMapping("/authorized-client")
|
||||
public String authorizedClient(@OAuth2Client("client1") OAuth2AuthorizedClient authorizedClient) {
|
||||
public String authorizedClient(@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
|
||||
return authorizedClient != null ? "resolved" : "not-resolved";
|
||||
}
|
||||
|
||||
@GetMapping("/client-registration")
|
||||
public String clientRegistration(@OAuth2Client("client1") ClientRegistration clientRegistration) {
|
||||
return clientRegistration != null ? "resolved" : "not-resolved";
|
||||
}
|
||||
}
|
||||
|
||||
@Bean
|
||||
public ClientRegistrationRepository clientRegistrationRepository() {
|
||||
return CLIENT_REGISTRATION_REPOSITORY;
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ import org.springframework.security.config.test.SpringTestRule;
|
|||
import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.annotation.OAuth2Client;
|
||||
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
|
|
@ -205,7 +205,7 @@ public class OAuth2ClientConfigurerTests {
|
|||
@RestController
|
||||
public class ResourceController {
|
||||
@GetMapping("/resource1")
|
||||
public String resource1(@OAuth2Client("registration-1") OAuth2AuthorizedClient authorizedClient) {
|
||||
public String resource1(@RegisteredOAuth2AuthorizedClient("registration-1") OAuth2AuthorizedClient authorizedClient) {
|
||||
return "resource1";
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,9 +17,7 @@ package org.springframework.security.oauth2.client.annotation;
|
|||
|
||||
import org.springframework.core.annotation.AliasFor;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.web.method.annotation.OAuth2ClientArgumentResolver;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver;
|
||||
|
||||
import java.lang.annotation.Documented;
|
||||
import java.lang.annotation.ElementType;
|
||||
|
|
@ -28,40 +26,29 @@ import java.lang.annotation.RetentionPolicy;
|
|||
import java.lang.annotation.Target;
|
||||
|
||||
/**
|
||||
* This annotation may be used to resolve a method parameter into an argument value
|
||||
* for the following types: {@link ClientRegistration}, {@link OAuth2AuthorizedClient}
|
||||
* and {@link OAuth2AccessToken}.
|
||||
* This annotation may be used to resolve a method parameter
|
||||
* to an argument value of type {@link OAuth2AuthorizedClient}.
|
||||
*
|
||||
* <p>
|
||||
* For example:
|
||||
* <pre>
|
||||
* @Controller
|
||||
* public class MyController {
|
||||
* @GetMapping("/client-registration")
|
||||
* public String clientRegistration(@OAuth2Client("login-client") ClientRegistration clientRegistration) {
|
||||
* // do something with clientRegistration
|
||||
* }
|
||||
*
|
||||
* @GetMapping("/authorized-client")
|
||||
* public String authorizedClient(@OAuth2Client("login-client") OAuth2AuthorizedClient authorizedClient) {
|
||||
* public String authorizedClient(@RegisteredOAuth2AuthorizedClient("login-client") OAuth2AuthorizedClient authorizedClient) {
|
||||
* // do something with authorizedClient
|
||||
* }
|
||||
*
|
||||
* @GetMapping("/access-token")
|
||||
* public String accessToken(@OAuth2Client("login-client") OAuth2AccessToken accessToken) {
|
||||
* // do something with accessToken
|
||||
* }
|
||||
* }
|
||||
* </pre>
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.1
|
||||
* @see OAuth2ClientArgumentResolver
|
||||
* @see OAuth2AuthorizedClientArgumentResolver
|
||||
*/
|
||||
@Target({ ElementType.PARAMETER, ElementType.ANNOTATION_TYPE })
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Documented
|
||||
public @interface OAuth2Client {
|
||||
public @interface RegisteredOAuth2AuthorizedClient {
|
||||
|
||||
/**
|
||||
* Sets the client registration identifier.
|
||||
|
|
@ -74,8 +61,8 @@ public @interface OAuth2Client {
|
|||
/**
|
||||
* The default attribute for this annotation.
|
||||
* This is an alias for {@link #registrationId()}.
|
||||
* For example, {@code @OAuth2Client("login-client")} is equivalent to
|
||||
* {@code @OAuth2Client(registrationId="login-client")}.
|
||||
* For example, {@code @RegisteredOAuth2AuthorizedClient("login-client")} is equivalent to
|
||||
* {@code @RegisteredOAuth2AuthorizedClient(registrationId="login-client")}.
|
||||
*
|
||||
* @return the client registration identifier
|
||||
*/
|
||||
|
|
@ -24,11 +24,8 @@ import org.springframework.security.core.context.SecurityContextHolder;
|
|||
import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.annotation.OAuth2Client;
|
||||
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.web.bind.support.WebDataBinderFactory;
|
||||
|
|
@ -38,60 +35,43 @@ import org.springframework.web.method.support.ModelAndViewContainer;
|
|||
|
||||
/**
|
||||
* An implementation of a {@link HandlerMethodArgumentResolver} that is capable
|
||||
* of resolving a method parameter into an argument value for the following types:
|
||||
* {@link ClientRegistration}, {@link OAuth2AuthorizedClient} and {@link OAuth2AccessToken}.
|
||||
* of resolving a method parameter to an argument value of type {@link OAuth2AuthorizedClient}.
|
||||
*
|
||||
* <p>
|
||||
* For example:
|
||||
* <pre>
|
||||
* @Controller
|
||||
* public class MyController {
|
||||
* @GetMapping("/client-registration")
|
||||
* public String clientRegistration(@OAuth2Client("login-client") ClientRegistration clientRegistration) {
|
||||
* // do something with clientRegistration
|
||||
* }
|
||||
*
|
||||
* @GetMapping("/authorized-client")
|
||||
* public String authorizedClient(@OAuth2Client("login-client") OAuth2AuthorizedClient authorizedClient) {
|
||||
* public String authorizedClient(@RegisteredOAuth2AuthorizedClient("login-client") OAuth2AuthorizedClient authorizedClient) {
|
||||
* // do something with authorizedClient
|
||||
* }
|
||||
*
|
||||
* @GetMapping("/access-token")
|
||||
* public String accessToken(@OAuth2Client("login-client") OAuth2AccessToken accessToken) {
|
||||
* // do something with accessToken
|
||||
* }
|
||||
* }
|
||||
* </pre>
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.1
|
||||
* @see OAuth2Client
|
||||
* @see RegisteredOAuth2AuthorizedClient
|
||||
*/
|
||||
public final class OAuth2ClientArgumentResolver implements HandlerMethodArgumentResolver {
|
||||
private final ClientRegistrationRepository clientRegistrationRepository;
|
||||
public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMethodArgumentResolver {
|
||||
private final OAuth2AuthorizedClientService authorizedClientService;
|
||||
|
||||
/**
|
||||
* Constructs an {@code OAuth2ClientArgumentResolver} using the provided parameters.
|
||||
* Constructs an {@code OAuth2AuthorizedClientArgumentResolver} using the provided parameters.
|
||||
*
|
||||
* @param clientRegistrationRepository the repository of client registrations
|
||||
* @param authorizedClientService the authorized client service
|
||||
*/
|
||||
public OAuth2ClientArgumentResolver(ClientRegistrationRepository clientRegistrationRepository,
|
||||
OAuth2AuthorizedClientService authorizedClientService) {
|
||||
Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
|
||||
public OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientService authorizedClientService) {
|
||||
Assert.notNull(authorizedClientService, "authorizedClientService cannot be null");
|
||||
this.clientRegistrationRepository = clientRegistrationRepository;
|
||||
this.authorizedClientService = authorizedClientService;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean supportsParameter(MethodParameter parameter) {
|
||||
Class<?> parameterType = parameter.getParameterType();
|
||||
return ((OAuth2AccessToken.class.isAssignableFrom(parameterType) ||
|
||||
OAuth2AuthorizedClient.class.isAssignableFrom(parameterType) ||
|
||||
ClientRegistration.class.isAssignableFrom(parameterType)) &&
|
||||
(AnnotatedElementUtils.findMergedAnnotation(parameter.getParameter(), OAuth2Client.class) != null));
|
||||
return (OAuth2AuthorizedClient.class.isAssignableFrom(parameterType) &&
|
||||
(AnnotatedElementUtils.findMergedAnnotation(
|
||||
parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class) != null));
|
||||
}
|
||||
|
||||
@NonNull
|
||||
|
|
@ -101,30 +81,21 @@ public final class OAuth2ClientArgumentResolver implements HandlerMethodArgument
|
|||
NativeWebRequest webRequest,
|
||||
@Nullable WebDataBinderFactory binderFactory) throws Exception {
|
||||
|
||||
OAuth2Client oauth2ClientAnnotation = AnnotatedElementUtils.findMergedAnnotation(
|
||||
parameter.getParameter(), OAuth2Client.class);
|
||||
RegisteredOAuth2AuthorizedClient authorizedClientAnnotation = AnnotatedElementUtils.findMergedAnnotation(
|
||||
parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class);
|
||||
Authentication principal = SecurityContextHolder.getContext().getAuthentication();
|
||||
|
||||
String clientRegistrationId = null;
|
||||
if (!StringUtils.isEmpty(oauth2ClientAnnotation.registrationId())) {
|
||||
clientRegistrationId = oauth2ClientAnnotation.registrationId();
|
||||
} else if (!StringUtils.isEmpty(oauth2ClientAnnotation.value())) {
|
||||
clientRegistrationId = oauth2ClientAnnotation.value();
|
||||
if (!StringUtils.isEmpty(authorizedClientAnnotation.registrationId())) {
|
||||
clientRegistrationId = authorizedClientAnnotation.registrationId();
|
||||
} else if (!StringUtils.isEmpty(authorizedClientAnnotation.value())) {
|
||||
clientRegistrationId = authorizedClientAnnotation.value();
|
||||
} else if (principal != null && OAuth2AuthenticationToken.class.isAssignableFrom(principal.getClass())) {
|
||||
clientRegistrationId = ((OAuth2AuthenticationToken) principal).getAuthorizedClientRegistrationId();
|
||||
}
|
||||
if (StringUtils.isEmpty(clientRegistrationId)) {
|
||||
throw new IllegalArgumentException("Unable to resolve the Client Registration Identifier. " +
|
||||
"It must be provided via @OAuth2Client(\"client1\") or @OAuth2Client(registrationId = \"client1\").");
|
||||
}
|
||||
|
||||
if (ClientRegistration.class.isAssignableFrom(parameter.getParameterType())) {
|
||||
ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId);
|
||||
if (clientRegistration == null) {
|
||||
throw new IllegalArgumentException("Unable to find ClientRegistration with registration identifier \"" +
|
||||
clientRegistrationId + "\".");
|
||||
}
|
||||
return clientRegistration;
|
||||
"It must be provided via @RegisteredOAuth2AuthorizedClient(\"client1\") or @RegisteredOAuth2AuthorizedClient(registrationId = \"client1\").");
|
||||
}
|
||||
|
||||
if (principal == null) {
|
||||
|
|
@ -140,7 +111,6 @@ public final class OAuth2ClientArgumentResolver implements HandlerMethodArgument
|
|||
throw new ClientAuthorizationRequiredException(clientRegistrationId);
|
||||
}
|
||||
|
||||
return OAuth2AccessToken.class.isAssignableFrom(parameter.getParameterType()) ?
|
||||
authorizedClient.getAccessToken() : authorizedClient;
|
||||
return authorizedClient;
|
||||
}
|
||||
}
|
||||
|
|
@ -24,92 +24,65 @@ import org.springframework.security.core.context.SecurityContext;
|
|||
import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.annotation.OAuth2Client;
|
||||
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.web.reactive.BindingContext;
|
||||
import org.springframework.web.reactive.result.method.HandlerMethodArgumentResolver;
|
||||
import org.springframework.web.server.ServerWebExchange;
|
||||
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
/**
|
||||
* An implementation of a {@link HandlerMethodArgumentResolver} that is capable
|
||||
* of resolving a method parameter into an argument value for the following types:
|
||||
* {@link ClientRegistration}, {@link OAuth2AuthorizedClient} and {@link OAuth2AccessToken}.
|
||||
* of resolving a method parameter to an argument value of type {@link OAuth2AuthorizedClient}.
|
||||
*
|
||||
* <p>
|
||||
* For example:
|
||||
* <pre>
|
||||
* @Controller
|
||||
* public class MyController {
|
||||
* @GetMapping("/client-registration")
|
||||
* public Mono<String></String> clientRegistration(@OAuth2Client("login-client") ClientRegistration clientRegistration) {
|
||||
* // do something with clientRegistration
|
||||
* }
|
||||
*
|
||||
* @GetMapping("/authorized-client")
|
||||
* public Mono<String></String> authorizedClient(@OAuth2Client("login-client") OAuth2AuthorizedClient authorizedClient) {
|
||||
* public Mono<String> authorizedClient(@RegisteredOAuth2AuthorizedClient("login-client") OAuth2AuthorizedClient authorizedClient) {
|
||||
* // do something with authorizedClient
|
||||
* }
|
||||
*
|
||||
* @GetMapping("/access-token")
|
||||
* public Mono<String> accessToken(@OAuth2Client("login-client") OAuth2AccessToken accessToken) {
|
||||
* // do something with accessToken
|
||||
* }
|
||||
* }
|
||||
* </pre>
|
||||
*
|
||||
* @author Rob Winch
|
||||
* @since 5.1
|
||||
* @see OAuth2Client
|
||||
* @see RegisteredOAuth2AuthorizedClient
|
||||
*/
|
||||
public final class OAuth2ClientArgumentResolver implements HandlerMethodArgumentResolver {
|
||||
private final ReactiveClientRegistrationRepository clientRegistrationRepository;
|
||||
public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMethodArgumentResolver {
|
||||
private final ReactiveOAuth2AuthorizedClientService authorizedClientService;
|
||||
|
||||
/**
|
||||
* Constructs an {@code OAuth2ClientArgumentResolver} using the provided parameters.
|
||||
* Constructs an {@code OAuth2AuthorizedClientArgumentResolver} using the provided parameters.
|
||||
*
|
||||
* @param clientRegistrationRepository the repository of client registrations
|
||||
* @param authorizedClientService the authorized client service
|
||||
*/
|
||||
public OAuth2ClientArgumentResolver(ReactiveClientRegistrationRepository clientRegistrationRepository,
|
||||
ReactiveOAuth2AuthorizedClientService authorizedClientService) {
|
||||
Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
|
||||
public OAuth2AuthorizedClientArgumentResolver(ReactiveOAuth2AuthorizedClientService authorizedClientService) {
|
||||
Assert.notNull(authorizedClientService, "authorizedClientService cannot be null");
|
||||
this.clientRegistrationRepository = clientRegistrationRepository;
|
||||
this.authorizedClientService = authorizedClientService;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean supportsParameter(MethodParameter parameter) {
|
||||
return AnnotatedElementUtils.findMergedAnnotation(parameter.getParameter(), OAuth2Client.class) != null;
|
||||
return AnnotatedElementUtils.findMergedAnnotation(parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class) != null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Mono<Object> resolveArgument(
|
||||
MethodParameter parameter, BindingContext bindingContext, ServerWebExchange exchange) {
|
||||
return Mono.defer(() -> {
|
||||
OAuth2Client oauth2ClientAnnotation = AnnotatedElementUtils
|
||||
.findMergedAnnotation(parameter.getParameter(), OAuth2Client.class);
|
||||
RegisteredOAuth2AuthorizedClient authorizedClientAnnotation = AnnotatedElementUtils
|
||||
.findMergedAnnotation(parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class);
|
||||
|
||||
Mono<String> clientRegistrationId = Mono.justOrEmpty(oauth2ClientAnnotation.registrationId())
|
||||
Mono<String> clientRegistrationId = Mono.justOrEmpty(authorizedClientAnnotation.registrationId())
|
||||
.filter(id -> !StringUtils.isEmpty(id))
|
||||
.switchIfEmpty(clientRegistrationId())
|
||||
.switchIfEmpty(Mono.defer(() -> Mono.error(new IllegalArgumentException(
|
||||
"Unable to resolve the Client Registration Identifier. It must be provided via @OAuth2Client(\"client1\") or @OAuth2Client(registrationId = \"client1\")."))));
|
||||
|
||||
if (ClientRegistration.class.isAssignableFrom(parameter.getParameterType())) {
|
||||
return clientRegistrationId.flatMap(id -> this.clientRegistrationRepository.findByRegistrationId(id)
|
||||
.switchIfEmpty(Mono.defer(() -> Mono.error(new IllegalArgumentException(
|
||||
"Unable to find ClientRegistration with registration identifier \""
|
||||
+ id + "\"."))))).cast(Object.class);
|
||||
}
|
||||
"Unable to resolve the Client Registration Identifier. It must be provided via @RegisteredOAuth2AuthorizedClient(\"client1\") or @RegisteredOAuth2AuthorizedClient(registrationId = \"client1\")."))));
|
||||
|
||||
Mono<String> principalName = ReactiveSecurityContextHolder.getContext()
|
||||
.map(SecurityContext::getAuthentication).map(Authentication::getName);
|
||||
|
|
@ -129,10 +102,6 @@ public final class OAuth2ClientArgumentResolver implements HandlerMethodArgument
|
|||
registrationId))));
|
||||
}).cast(OAuth2AuthorizedClient.class);
|
||||
|
||||
if (OAuth2AccessToken.class.isAssignableFrom(parameter.getParameterType())) {
|
||||
return authorizedClient.map(OAuth2AuthorizedClient::getAccessToken);
|
||||
}
|
||||
|
||||
return authorizedClient.cast(Object.class);
|
||||
});
|
||||
}
|
||||
|
|
@ -24,13 +24,8 @@ import org.springframework.security.core.context.SecurityContextHolder;
|
|||
import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.annotation.OAuth2Client;
|
||||
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.util.ReflectionUtils;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
|
|
@ -43,69 +38,32 @@ import static org.mockito.Mockito.mock;
|
|||
import static org.mockito.Mockito.when;
|
||||
|
||||
/**
|
||||
* Tests for {@link OAuth2ClientArgumentResolver}.
|
||||
* Tests for {@link OAuth2AuthorizedClientArgumentResolver}.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
*/
|
||||
public class OAuth2ClientArgumentResolverTests {
|
||||
private ClientRegistrationRepository clientRegistrationRepository;
|
||||
public class OAuth2AuthorizedClientArgumentResolverTests {
|
||||
private OAuth2AuthorizedClientService authorizedClientService;
|
||||
private OAuth2ClientArgumentResolver argumentResolver;
|
||||
private ClientRegistration clientRegistration;
|
||||
private OAuth2AuthorizedClientArgumentResolver argumentResolver;
|
||||
private OAuth2AuthorizedClient authorizedClient;
|
||||
private OAuth2AccessToken accessToken;
|
||||
|
||||
@Before
|
||||
public void setUp() {
|
||||
this.clientRegistrationRepository = mock(ClientRegistrationRepository.class);
|
||||
this.authorizedClientService = mock(OAuth2AuthorizedClientService.class);
|
||||
this.argumentResolver = new OAuth2ClientArgumentResolver(
|
||||
this.clientRegistrationRepository, this.authorizedClientService);
|
||||
this.clientRegistration = ClientRegistration.withRegistrationId("client1")
|
||||
.clientId("client-id")
|
||||
.clientSecret("secret")
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate("{baseUrl}/client1")
|
||||
.scope("scope1", "scope2")
|
||||
.authorizationUri("https://provider.com/oauth2/auth")
|
||||
.tokenUri("https://provider.com/oauth2/token")
|
||||
.clientName("Client 1")
|
||||
.build();
|
||||
when(this.clientRegistrationRepository.findByRegistrationId(anyString())).thenReturn(this.clientRegistration);
|
||||
this.argumentResolver = new OAuth2AuthorizedClientArgumentResolver(this.authorizedClientService);
|
||||
this.authorizedClient = mock(OAuth2AuthorizedClient.class);
|
||||
when(this.authorizedClientService.loadAuthorizedClient(anyString(), any())).thenReturn(this.authorizedClient);
|
||||
this.accessToken = mock(OAuth2AccessToken.class);
|
||||
when(this.authorizedClient.getAccessToken()).thenReturn(this.accessToken);
|
||||
SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
|
||||
securityContext.setAuthentication(mock(Authentication.class));
|
||||
SecurityContextHolder.setContext(securityContext);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
|
||||
assertThatThrownBy(() -> new OAuth2ClientArgumentResolver(null, this.authorizedClientService))
|
||||
.isInstanceOf(IllegalArgumentException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void constructorWhenOAuth2AuthorizedClientServiceIsNullThenThrowIllegalArgumentException() {
|
||||
assertThatThrownBy(() -> new OAuth2ClientArgumentResolver(this.clientRegistrationRepository, null))
|
||||
assertThatThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(null))
|
||||
.isInstanceOf(IllegalArgumentException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void supportsParameterWhenParameterTypeOAuth2AccessTokenThenTrue() {
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeAccessToken", OAuth2AccessToken.class);
|
||||
assertThat(this.argumentResolver.supportsParameter(methodParameter)).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void supportsParameterWhenParameterTypeOAuth2AccessTokenWithoutAnnotationThenFalse() {
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeAccessTokenWithoutAnnotation", OAuth2AccessToken.class);
|
||||
assertThat(this.argumentResolver.supportsParameter(methodParameter)).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void supportsParameterWhenParameterTypeOAuth2AuthorizedClientThenTrue() {
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient", OAuth2AuthorizedClient.class);
|
||||
|
|
@ -118,18 +76,6 @@ public class OAuth2ClientArgumentResolverTests {
|
|||
assertThat(this.argumentResolver.supportsParameter(methodParameter)).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void supportsParameterWhenParameterTypeClientRegistrationThenTrue() {
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeClientRegistration", ClientRegistration.class);
|
||||
assertThat(this.argumentResolver.supportsParameter(methodParameter)).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void supportsParameterWhenParameterTypeClientRegistrationWithoutAnnotationThenFalse() {
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeClientRegistrationWithoutAnnotation", ClientRegistration.class);
|
||||
assertThat(this.argumentResolver.supportsParameter(methodParameter)).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void supportsParameterWhenParameterTypeUnsupportedThenFalse() {
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeUnsupported", String.class);
|
||||
|
|
@ -144,10 +90,10 @@ public class OAuth2ClientArgumentResolverTests {
|
|||
|
||||
@Test
|
||||
public void resolveArgumentWhenRegistrationIdEmptyAndNotOAuth2AuthenticationThenThrowIllegalArgumentException() throws Exception {
|
||||
MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AccessToken.class);
|
||||
MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AuthorizedClient.class);
|
||||
assertThatThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null, null, null))
|
||||
.isInstanceOf(IllegalArgumentException.class)
|
||||
.hasMessage("Unable to resolve the Client Registration Identifier. It must be provided via @OAuth2Client(\"client1\") or @OAuth2Client(registrationId = \"client1\").");
|
||||
.hasMessage("Unable to resolve the Client Registration Identifier. It must be provided via @RegisteredOAuth2AuthorizedClient(\"client1\") or @RegisteredOAuth2AuthorizedClient(registrationId = \"client1\").");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -157,25 +103,10 @@ public class OAuth2ClientArgumentResolverTests {
|
|||
SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
|
||||
securityContext.setAuthentication(authentication);
|
||||
SecurityContextHolder.setContext(securityContext);
|
||||
MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AccessToken.class);
|
||||
MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AuthorizedClient.class);
|
||||
this.argumentResolver.resolveArgument(methodParameter, null, null, null);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveArgumentWhenClientRegistrationFoundThenResolves() throws Exception {
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeClientRegistration", ClientRegistration.class);
|
||||
assertThat(this.argumentResolver.resolveArgument(methodParameter, null, null, null)).isSameAs(this.clientRegistration);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveArgumentWhenClientRegistrationNotFoundThenThrowIllegalArgumentException() throws Exception {
|
||||
when(this.clientRegistrationRepository.findByRegistrationId(anyString())).thenReturn(null);
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeClientRegistration", ClientRegistration.class);
|
||||
assertThatThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null, null, null))
|
||||
.isInstanceOf(IllegalArgumentException.class)
|
||||
.hasMessage("Unable to find ClientRegistration with registration identifier \"client1\".");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveArgumentWhenParameterTypeOAuth2AuthorizedClientAndCurrentAuthenticationNullThenThrowIllegalStateException() throws Exception {
|
||||
SecurityContextHolder.clearContext();
|
||||
|
|
@ -201,60 +132,25 @@ public class OAuth2ClientArgumentResolverTests {
|
|||
.isInstanceOf(ClientAuthorizationRequiredException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveArgumentWhenOAuth2AccessTokenAndOAuth2AuthorizedClientFoundThenResolves() throws Exception {
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeAccessToken", OAuth2AccessToken.class);
|
||||
assertThat(this.argumentResolver.resolveArgument(methodParameter, null, null, null)).isSameAs(this.authorizedClient.getAccessToken());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveArgumentWhenOAuth2AccessTokenAndOAuth2AuthorizedClientNotFoundThenThrowClientAuthorizationRequiredException() throws Exception {
|
||||
when(this.authorizedClientService.loadAuthorizedClient(anyString(), any())).thenReturn(null);
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeAccessToken", OAuth2AccessToken.class);
|
||||
assertThatThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null, null, null))
|
||||
.isInstanceOf(ClientAuthorizationRequiredException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveArgumentWhenOAuth2AccessTokenAndAnnotationRegistrationIdSetThenResolves() throws Exception {
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeAccessTokenAnnotationRegistrationId", OAuth2AccessToken.class);
|
||||
assertThat(this.argumentResolver.resolveArgument(methodParameter, null, null, null)).isSameAs(this.authorizedClient.getAccessToken());
|
||||
}
|
||||
|
||||
private MethodParameter getMethodParameter(String methodName, Class<?>... paramTypes) {
|
||||
Method method = ReflectionUtils.findMethod(TestController.class, methodName, paramTypes);
|
||||
return new MethodParameter(method, 0);
|
||||
}
|
||||
|
||||
static class TestController {
|
||||
void paramTypeAccessToken(@OAuth2Client("client1") OAuth2AccessToken accessToken) {
|
||||
}
|
||||
|
||||
void paramTypeAccessTokenWithoutAnnotation(OAuth2AccessToken accessToken) {
|
||||
}
|
||||
|
||||
void paramTypeAuthorizedClient(@OAuth2Client("client1") OAuth2AuthorizedClient authorizedClient) {
|
||||
void paramTypeAuthorizedClient(@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
|
||||
}
|
||||
|
||||
void paramTypeAuthorizedClientWithoutAnnotation(OAuth2AuthorizedClient authorizedClient) {
|
||||
}
|
||||
|
||||
void paramTypeClientRegistration(@OAuth2Client("client1") ClientRegistration clientRegistration) {
|
||||
}
|
||||
|
||||
void paramTypeClientRegistrationWithoutAnnotation(ClientRegistration clientRegistration) {
|
||||
}
|
||||
|
||||
void paramTypeUnsupported(@OAuth2Client("client1") String param) {
|
||||
void paramTypeUnsupported(@RegisteredOAuth2AuthorizedClient("client1") String param) {
|
||||
}
|
||||
|
||||
void paramTypeUnsupportedWithoutAnnotation(String param) {
|
||||
}
|
||||
|
||||
void registrationIdEmpty(@OAuth2Client OAuth2AccessToken accessToken) {
|
||||
}
|
||||
|
||||
void paramTypeAccessTokenAnnotationRegistrationId(@OAuth2Client(registrationId = "client1") OAuth2AccessToken accessToken) {
|
||||
void registrationIdEmpty(@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -16,15 +16,6 @@
|
|||
|
||||
package org.springframework.security.oauth2.client.web.reactive.result.method.annotation;
|
||||
|
||||
import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
|
||||
import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.ArgumentMatchers.anyString;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
|
|
@ -37,83 +28,49 @@ import org.springframework.security.core.context.ReactiveSecurityContextHolder;
|
|||
import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.annotation.OAuth2Client;
|
||||
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.util.ReflectionUtils;
|
||||
|
||||
import reactor.core.publisher.Hooks;
|
||||
import reactor.core.publisher.Mono;
|
||||
import reactor.util.context.Context;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
|
||||
import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
|
||||
import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.ArgumentMatchers.anyString;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
* @since 5.1
|
||||
*/
|
||||
@RunWith(MockitoJUnitRunner.class)
|
||||
public class OAuth2ClientArgumentResolverTests {
|
||||
@Mock
|
||||
private ReactiveClientRegistrationRepository clientRegistrationRepository;
|
||||
public class OAuth2AuthorizedClientArgumentResolverTests {
|
||||
@Mock
|
||||
private ReactiveOAuth2AuthorizedClientService authorizedClientService;
|
||||
private OAuth2ClientArgumentResolver argumentResolver;
|
||||
private ClientRegistration clientRegistration;
|
||||
private OAuth2AuthorizedClientArgumentResolver argumentResolver;
|
||||
private OAuth2AuthorizedClient authorizedClient;
|
||||
private OAuth2AccessToken accessToken;
|
||||
|
||||
private Authentication authentication = new TestingAuthenticationToken("test", "this");
|
||||
|
||||
@Before
|
||||
public void setUp() {
|
||||
this.argumentResolver = new OAuth2ClientArgumentResolver(
|
||||
this.clientRegistrationRepository, this.authorizedClientService);
|
||||
this.clientRegistration = ClientRegistration.withRegistrationId("client1")
|
||||
.clientId("client-id")
|
||||
.clientSecret("secret")
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate("{baseUrl}/client1")
|
||||
.scope("scope1", "scope2")
|
||||
.authorizationUri("https://provider.com/oauth2/auth")
|
||||
.tokenUri("https://provider.com/oauth2/token")
|
||||
.clientName("Client 1")
|
||||
.build();
|
||||
when(this.clientRegistrationRepository.findByRegistrationId(anyString())).thenReturn(Mono.just(this.clientRegistration));
|
||||
this.argumentResolver = new OAuth2AuthorizedClientArgumentResolver(this.authorizedClientService);
|
||||
this.authorizedClient = mock(OAuth2AuthorizedClient.class);
|
||||
when(this.authorizedClientService.loadAuthorizedClient(anyString(), any())).thenReturn(Mono.just(this.authorizedClient));
|
||||
this.accessToken = mock(OAuth2AccessToken.class);
|
||||
when(this.authorizedClient.getAccessToken()).thenReturn(this.accessToken);
|
||||
Hooks.onOperatorDebug();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
|
||||
assertThatThrownBy(() -> new OAuth2ClientArgumentResolver(null, this.authorizedClientService))
|
||||
.isInstanceOf(IllegalArgumentException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void constructorWhenOAuth2AuthorizedClientServiceIsNullThenThrowIllegalArgumentException() {
|
||||
assertThatThrownBy(() -> new OAuth2ClientArgumentResolver(this.clientRegistrationRepository, null))
|
||||
assertThatThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(null))
|
||||
.isInstanceOf(IllegalArgumentException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void supportsParameterWhenParameterTypeOAuth2AccessTokenThenTrue() {
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeAccessToken", OAuth2AccessToken.class);
|
||||
assertThat(this.argumentResolver.supportsParameter(methodParameter)).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void supportsParameterWhenParameterTypeOAuth2AccessTokenWithoutAnnotationThenFalse() {
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeAccessTokenWithoutAnnotation", OAuth2AccessToken.class);
|
||||
assertThat(this.argumentResolver.supportsParameter(methodParameter)).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void supportsParameterWhenParameterTypeOAuth2AuthorizedClientThenTrue() {
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient", OAuth2AuthorizedClient.class);
|
||||
|
|
@ -126,18 +83,6 @@ public class OAuth2ClientArgumentResolverTests {
|
|||
assertThat(this.argumentResolver.supportsParameter(methodParameter)).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void supportsParameterWhenParameterTypeClientRegistrationThenTrue() {
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeClientRegistration", ClientRegistration.class);
|
||||
assertThat(this.argumentResolver.supportsParameter(methodParameter)).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void supportsParameterWhenParameterTypeClientRegistrationWithoutAnnotationThenFalse() {
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeClientRegistrationWithoutAnnotation", ClientRegistration.class);
|
||||
assertThat(this.argumentResolver.supportsParameter(methodParameter)).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void supportsParameterWhenParameterTypeUnsupportedWithoutAnnotationThenFalse() {
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeUnsupportedWithoutAnnotation", String.class);
|
||||
|
|
@ -146,10 +91,10 @@ public class OAuth2ClientArgumentResolverTests {
|
|||
|
||||
@Test
|
||||
public void resolveArgumentWhenRegistrationIdEmptyAndNotOAuth2AuthenticationThenThrowIllegalArgumentException() {
|
||||
MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AccessToken.class);
|
||||
MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AuthorizedClient.class);
|
||||
assertThatThrownBy(() -> resolveArgument(methodParameter))
|
||||
.isInstanceOf(IllegalArgumentException.class)
|
||||
.hasMessage("Unable to resolve the Client Registration Identifier. It must be provided via @OAuth2Client(\"client1\") or @OAuth2Client(registrationId = \"client1\").");
|
||||
.hasMessage("Unable to resolve the Client Registration Identifier. It must be provided via @RegisteredOAuth2AuthorizedClient(\"client1\") or @RegisteredOAuth2AuthorizedClient(registrationId = \"client1\").");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -157,25 +102,10 @@ public class OAuth2ClientArgumentResolverTests {
|
|||
this.authentication = mock(OAuth2AuthenticationToken.class);
|
||||
when(this.authentication.getName()).thenReturn("client1");
|
||||
when(((OAuth2AuthenticationToken) this.authentication).getAuthorizedClientRegistrationId()).thenReturn("client1");
|
||||
MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AccessToken.class);
|
||||
MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AuthorizedClient.class);
|
||||
resolveArgument(methodParameter);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveArgumentWhenClientRegistrationFoundThenResolves() {
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeClientRegistration", ClientRegistration.class);
|
||||
assertThat(resolveArgument(methodParameter)).isSameAs(this.clientRegistration);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveArgumentWhenClientRegistrationNotFoundThenThrowIllegalArgumentException() {
|
||||
when(this.clientRegistrationRepository.findByRegistrationId(anyString())).thenReturn(Mono.empty());
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeClientRegistration", ClientRegistration.class);
|
||||
assertThatThrownBy(() -> resolveArgument(methodParameter))
|
||||
.isInstanceOf(IllegalArgumentException.class)
|
||||
.hasMessage("Unable to find ClientRegistration with registration identifier \"client1\".");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveArgumentWhenParameterTypeOAuth2AuthorizedClientAndCurrentAuthenticationNullThenThrowIllegalStateException() {
|
||||
this.authentication = null;
|
||||
|
|
@ -201,26 +131,6 @@ public class OAuth2ClientArgumentResolverTests {
|
|||
.isInstanceOf(ClientAuthorizationRequiredException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveArgumentWhenOAuth2AccessTokenAndOAuth2AuthorizedClientFoundThenResolves() {
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeAccessToken", OAuth2AccessToken.class);
|
||||
assertThat(resolveArgument(methodParameter)).isSameAs(this.authorizedClient.getAccessToken());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveArgumentWhenOAuth2AccessTokenAndOAuth2AuthorizedClientNotFoundThenThrowClientAuthorizationRequiredException() {
|
||||
when(this.authorizedClientService.loadAuthorizedClient(anyString(), any())).thenReturn(Mono.empty());
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeAccessToken", OAuth2AccessToken.class);
|
||||
assertThatThrownBy(() -> resolveArgument(methodParameter))
|
||||
.isInstanceOf(ClientAuthorizationRequiredException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveArgumentWhenOAuth2AccessTokenAndAnnotationRegistrationIdSetThenResolves() {
|
||||
MethodParameter methodParameter = this.getMethodParameter("paramTypeAccessTokenAnnotationRegistrationId", OAuth2AccessToken.class);
|
||||
assertThat(resolveArgument(methodParameter)).isSameAs(this.authorizedClient.getAccessToken());
|
||||
}
|
||||
|
||||
private Object resolveArgument(MethodParameter methodParameter) {
|
||||
return this.argumentResolver.resolveArgument(methodParameter, null, null)
|
||||
.subscriberContext(this.authentication == null ? Context.empty() : ReactiveSecurityContextHolder.withAuthentication(this.authentication))
|
||||
|
|
@ -234,34 +144,19 @@ public class OAuth2ClientArgumentResolverTests {
|
|||
}
|
||||
|
||||
static class TestController {
|
||||
void paramTypeAccessToken(@OAuth2Client("client1") OAuth2AccessToken accessToken) {
|
||||
}
|
||||
|
||||
void paramTypeAccessTokenWithoutAnnotation(OAuth2AccessToken accessToken) {
|
||||
}
|
||||
|
||||
void paramTypeAuthorizedClient(@OAuth2Client("client1") OAuth2AuthorizedClient authorizedClient) {
|
||||
void paramTypeAuthorizedClient(@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
|
||||
}
|
||||
|
||||
void paramTypeAuthorizedClientWithoutAnnotation(OAuth2AuthorizedClient authorizedClient) {
|
||||
}
|
||||
|
||||
void paramTypeClientRegistration(@OAuth2Client("client1") ClientRegistration clientRegistration) {
|
||||
}
|
||||
|
||||
void paramTypeClientRegistrationWithoutAnnotation(ClientRegistration clientRegistration) {
|
||||
}
|
||||
|
||||
void paramTypeUnsupported(@OAuth2Client("client1") String param) {
|
||||
void paramTypeUnsupported(@RegisteredOAuth2AuthorizedClient("client1") String param) {
|
||||
}
|
||||
|
||||
void paramTypeUnsupportedWithoutAnnotation(String param) {
|
||||
}
|
||||
|
||||
void registrationIdEmpty(@OAuth2Client OAuth2AccessToken accessToken) {
|
||||
}
|
||||
|
||||
void paramTypeAccessTokenAnnotationRegistrationId(@OAuth2Client(registrationId = "client1") OAuth2AccessToken accessToken) {
|
||||
void registrationIdEmpty(@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -16,7 +16,7 @@
|
|||
package sample.web;
|
||||
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.annotation.OAuth2Client;
|
||||
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.Model;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
|
|
@ -44,7 +44,7 @@ public class GitHubReposController {
|
|||
}
|
||||
|
||||
@GetMapping("/repos")
|
||||
public String gitHubRepos(Model model, @OAuth2Client("github") OAuth2AuthorizedClient authorizedClient) {
|
||||
public String gitHubRepos(Model model, @RegisteredOAuth2AuthorizedClient("github") OAuth2AuthorizedClient authorizedClient) {
|
||||
String endpointUri = "https://api.github.com/user/repos";
|
||||
List repos = this.webClient
|
||||
.get()
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ package sample.web;
|
|||
|
||||
import org.springframework.security.core.annotation.AuthenticationPrincipal;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.annotation.OAuth2Client;
|
||||
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.Model;
|
||||
|
|
@ -32,7 +32,7 @@ public class OAuth2LoginController {
|
|||
|
||||
@GetMapping("/")
|
||||
public String index(Model model,
|
||||
@OAuth2Client OAuth2AuthorizedClient authorizedClient,
|
||||
@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient,
|
||||
@AuthenticationPrincipal OAuth2User oauth2User) {
|
||||
model.addAttribute("userName", oauth2User.getName());
|
||||
model.addAttribute("clientName", authorizedClient.getClientRegistration().getClientName());
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ package sample.web;
|
|||
|
||||
import org.springframework.security.core.annotation.AuthenticationPrincipal;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.annotation.OAuth2Client;
|
||||
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.Model;
|
||||
|
|
@ -32,7 +32,7 @@ public class OAuth2LoginController {
|
|||
|
||||
@GetMapping("/")
|
||||
public String index(Model model,
|
||||
@OAuth2Client OAuth2AuthorizedClient authorizedClient,
|
||||
@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient,
|
||||
@AuthenticationPrincipal OAuth2User oauth2User) {
|
||||
model.addAttribute("userName", oauth2User.getName());
|
||||
model.addAttribute("clientName", authorizedClient.getClientRegistration().getClientName());
|
||||
|
|
|
|||
Loading…
Reference in New Issue