diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler.java index 064aafa1b9..050203f2db 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler.java @@ -60,6 +60,7 @@ import org.springframework.web.server.ServerWebExchange; * * @author Evgeniy Cheban * @since 7.1 + * @see RefreshTokenReactiveOAuth2AuthorizedClientProvider */ public final class RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler implements ReactiveOAuth2AuthorizationSuccessHandler { @@ -158,16 +159,6 @@ public final class RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler this.jwtDecoderFactory = jwtDecoderFactory; } - /** - * Sets a {@link GrantedAuthoritiesMapper} to use for mapping - * {@link GrantedAuthority}s, defaults to no-op implementation. - * @param authoritiesMapper the {@link GrantedAuthoritiesMapper} to use - */ - public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) { - Assert.notNull(authoritiesMapper, "authoritiesMapper cannot be null"); - this.authoritiesMapper = authoritiesMapper; - } - /** * Sets a {@link ReactiveOAuth2UserService} to use for loading an {@link OidcUser} * from refreshed oidc id-token, defaults to {@link OidcReactiveOAuth2UserService}. @@ -178,6 +169,16 @@ public final class RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler this.userService = userService; } + /** + * Sets a {@link GrantedAuthoritiesMapper} to use for mapping + * {@link GrantedAuthority}s, defaults to no-op implementation. + * @param authoritiesMapper the {@link GrantedAuthoritiesMapper} to use + */ + public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) { + Assert.notNull(authoritiesMapper, "authoritiesMapper cannot be null"); + this.authoritiesMapper = authoritiesMapper; + } + /** * Sets the maximum acceptable clock skew, which is used when checking the * {@link OidcIdToken#getIssuedAt()} to match the existing @@ -297,7 +298,7 @@ public final class RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler OAuth2AuthenticationToken authenticationResult = new OAuth2AuthenticationToken(oidcUser, mappedAuthorities, clientRegistration.getRegistrationId()); authenticationResult.setDetails(authenticationToken.getDetails()); - SecurityContextImpl securityContext = new SecurityContextImpl(authenticationResult); + SecurityContext securityContext = new SecurityContextImpl(authenticationResult); return this.serverSecurityContextRepository.save(exchange, securityContext); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandlerTests.java index 5472886f4b..dd276be20a 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandlerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandlerTests.java @@ -60,6 +60,42 @@ import static org.mockito.Mockito.mock; */ class RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandlerTests { + @Test + void setServerSecurityContextRepositoryWhenNullThenException() { + assertThatException() + .isThrownBy(() -> new RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler() + .setServerSecurityContextRepository(null)) + .withMessage("serverSecurityContextRepository cannot be null"); + } + + @Test + void setJwtDecoderFactoryWhenNullThenException() { + assertThatException() + .isThrownBy(() -> new RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler().setJwtDecoderFactory(null)) + .withMessage("jwtDecoderFactory cannot be null"); + } + + @Test + void setAuthoritiesMapperWhenNullThenException() { + assertThatException() + .isThrownBy(() -> new RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler().setAuthoritiesMapper(null)) + .withMessage("authoritiesMapper cannot be null"); + } + + @Test + void setUserServiceWhenNullThenException() { + assertThatException() + .isThrownBy(() -> new RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler().setUserService(null)) + .withMessage("userService cannot be null"); + } + + @Test + void setClockSkewWhenNullThenException() { + assertThatException() + .isThrownBy(() -> new RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler().setClockSkew(null)) + .withMessage("clockSkew cannot be null"); + } + @Test void onAuthorizationSuccessWhenIdTokenValidThenSecurityContextRefreshed() { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); @@ -352,42 +388,6 @@ class RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandlerTests { .verifyErrorMessage("[invalid_nonce] Invalid nonce"); } - @Test - void setServerSecurityContextRepositoryWhenNullThenException() { - assertThatException() - .isThrownBy(() -> new RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler() - .setServerSecurityContextRepository(null)) - .withMessage("serverSecurityContextRepository cannot be null"); - } - - @Test - void setJwtDecoderFactoryWhenNullThenException() { - assertThatException() - .isThrownBy(() -> new RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler().setJwtDecoderFactory(null)) - .withMessage("jwtDecoderFactory cannot be null"); - } - - @Test - void setAuthoritiesMapperWhenNullThenException() { - assertThatException() - .isThrownBy(() -> new RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler().setAuthoritiesMapper(null)) - .withMessage("authoritiesMapper cannot be null"); - } - - @Test - void setUserServiceWhenNullThenException() { - assertThatException() - .isThrownBy(() -> new RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler().setUserService(null)) - .withMessage("userService cannot be null"); - } - - @Test - void setClockSkewWhenNullThenException() { - assertThatException() - .isThrownBy(() -> new RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler().setClockSkew(null)) - .withMessage("clockSkew cannot be null"); - } - private static OAuth2AccessToken createAccessToken() { Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant expiresAt = issuedAt.plus(Duration.ofMinutes(60));