mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-02-25 08:58:57 +00:00
Polish endpoint package
* Remove ErrorResponseAttributes * Rename AuthorizationRequestAttributes -> AuthorizationRequest * Remove AuthorizationCodeTokenRequestAttributes * Rename TokenResponseAttributes -> TokenResponse Issue gh-4593
This commit is contained in:
parent
ce142e50b6
commit
5811624bbe
@ -17,7 +17,7 @@ package org.springframework.security.oauth2.client.authentication;
|
||||
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
@ -33,11 +33,11 @@ import org.springframework.util.Assert;
|
||||
public class AuthorizationCodeAuthenticationToken extends AuthorizationGrantAuthenticationToken {
|
||||
private final String authorizationCode;
|
||||
private final ClientRegistration clientRegistration;
|
||||
private final AuthorizationRequestAttributes authorizationRequest;
|
||||
private final AuthorizationRequest authorizationRequest;
|
||||
|
||||
public AuthorizationCodeAuthenticationToken(String authorizationCode,
|
||||
ClientRegistration clientRegistration,
|
||||
AuthorizationRequestAttributes authorizationRequest) {
|
||||
AuthorizationRequest authorizationRequest) {
|
||||
super(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
Assert.hasText(authorizationCode, "authorizationCode cannot be empty");
|
||||
Assert.notNull(clientRegistration, "clientRegistration cannot be null");
|
||||
@ -66,7 +66,7 @@ public class AuthorizationCodeAuthenticationToken extends AuthorizationGrantAuth
|
||||
return this.clientRegistration;
|
||||
}
|
||||
|
||||
public AuthorizationRequestAttributes getAuthorizationRequest() {
|
||||
public AuthorizationRequest getAuthorizationRequest() {
|
||||
return this.authorizationRequest;
|
||||
}
|
||||
}
|
||||
|
@ -17,7 +17,7 @@ package org.springframework.security.oauth2.client.authentication;
|
||||
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes;
|
||||
import org.springframework.security.oauth2.core.endpoint.TokenResponse;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
@ -50,7 +50,7 @@ public class AuthorizationCodeAuthenticator implements AuthorizationGrantAuthent
|
||||
return null;
|
||||
}
|
||||
|
||||
TokenResponseAttributes tokenResponse =
|
||||
TokenResponse tokenResponse =
|
||||
this.authorizationCodeTokenExchanger.exchange(authorizationCodeAuthentication);
|
||||
|
||||
AccessToken accessToken = new AccessToken(tokenResponse.getTokenType(),
|
||||
|
@ -28,11 +28,9 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationIdentifierStrategy;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.web.converter.AuthorizationResponseConverter;
|
||||
import org.springframework.security.oauth2.client.web.converter.ErrorResponseAttributesConverter;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.ErrorResponseAttributes;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.security.oauth2.oidc.client.authentication.OidcClientAuthenticationToken;
|
||||
@ -75,7 +73,7 @@ import java.io.IOException;
|
||||
* @see AuthorizationCodeAuthenticationToken
|
||||
* @see AuthorizationCodeAuthenticationProvider
|
||||
* @see AuthorizationCodeRequestRedirectFilter
|
||||
* @see AuthorizationRequestAttributes
|
||||
* @see AuthorizationRequest
|
||||
* @see AuthorizationRequestRepository
|
||||
* @see ClientRegistrationRepository
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant Flow</a>
|
||||
@ -86,7 +84,6 @@ public class AuthorizationCodeAuthenticationFilter extends AbstractAuthenticatio
|
||||
private static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found";
|
||||
private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
|
||||
private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter";
|
||||
private final ErrorResponseAttributesConverter errorResponseConverter = new ErrorResponseAttributesConverter();
|
||||
private final AuthorizationResponseConverter authorizationResponseConverter = new AuthorizationResponseConverter();
|
||||
private ClientRegistrationRepository clientRegistrationRepository;
|
||||
private RequestMatcher authorizationResponseMatcher = new AuthorizationResponseMatcher();
|
||||
@ -101,15 +98,15 @@ public class AuthorizationCodeAuthenticationFilter extends AbstractAuthenticatio
|
||||
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
|
||||
throws AuthenticationException, IOException, ServletException {
|
||||
|
||||
ErrorResponseAttributes authorizationError = this.errorResponseConverter.apply(request);
|
||||
if (authorizationError != null) {
|
||||
OAuth2Error oauth2Error = new OAuth2Error(authorizationError.getErrorCode(),
|
||||
authorizationError.getDescription(), authorizationError.getUri());
|
||||
AuthorizationResponse authorizationResponse = this.authorizationResponseConverter.apply(request);
|
||||
|
||||
if (authorizationResponse.statusError()) {
|
||||
this.getAuthorizationRequestRepository().removeAuthorizationRequest(request);
|
||||
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
|
||||
throw new OAuth2AuthenticationException(
|
||||
authorizationResponse.getError(), authorizationResponse.getError().toString());
|
||||
}
|
||||
|
||||
AuthorizationRequestAttributes matchingAuthorizationRequest = this.resolveAuthorizationRequest(request);
|
||||
AuthorizationRequest matchingAuthorizationRequest = this.resolveAuthorizationRequest(request);
|
||||
String registrationId = (String)matchingAuthorizationRequest.getAdditionalParameters().get(OAuth2Parameter.REGISTRATION_ID);
|
||||
ClientRegistration clientRegistration = this.getClientRegistrationRepository().findByRegistrationId(registrationId);
|
||||
|
||||
@ -124,8 +121,6 @@ public class AuthorizationCodeAuthenticationFilter extends AbstractAuthenticatio
|
||||
.redirectUri(matchingAuthorizationRequest.getRedirectUri())
|
||||
.build();
|
||||
|
||||
AuthorizationResponse authorizationResponse = this.authorizationResponseConverter.apply(request);
|
||||
|
||||
AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = new AuthorizationCodeAuthenticationToken(
|
||||
authorizationResponse.getCode(), clientRegistration, matchingAuthorizationRequest);
|
||||
authorizationCodeAuthentication.setDetails(this.authenticationDetailsSource.buildDetails(request));
|
||||
@ -177,8 +172,8 @@ public class AuthorizationCodeAuthenticationFilter extends AbstractAuthenticatio
|
||||
this.authorizationRequestRepository = authorizationRequestRepository;
|
||||
}
|
||||
|
||||
private AuthorizationRequestAttributes resolveAuthorizationRequest(HttpServletRequest request) {
|
||||
AuthorizationRequestAttributes authorizationRequest =
|
||||
private AuthorizationRequest resolveAuthorizationRequest(HttpServletRequest request) {
|
||||
AuthorizationRequest authorizationRequest =
|
||||
this.getAuthorizationRequestRepository().loadAuthorizationRequest(request);
|
||||
if (authorizationRequest == null) {
|
||||
OAuth2Error oauth2Error = new OAuth2Error(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE);
|
||||
@ -189,7 +184,7 @@ public class AuthorizationCodeAuthenticationFilter extends AbstractAuthenticatio
|
||||
return authorizationRequest;
|
||||
}
|
||||
|
||||
private void assertMatchingAuthorizationRequest(HttpServletRequest request, AuthorizationRequestAttributes authorizationRequest) {
|
||||
private void assertMatchingAuthorizationRequest(HttpServletRequest request, AuthorizationRequest authorizationRequest) {
|
||||
String state = request.getParameter(OAuth2Parameter.STATE);
|
||||
if (!authorizationRequest.getState().equals(state)) {
|
||||
OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE);
|
||||
|
@ -19,7 +19,7 @@ import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.crypto.keygen.StringKeyGenerator;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
|
||||
import org.springframework.security.web.DefaultRedirectStrategy;
|
||||
import org.springframework.security.web.RedirectStrategy;
|
||||
@ -52,7 +52,7 @@ import java.util.Map;
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see AuthorizationRequestAttributes
|
||||
* @see AuthorizationRequest
|
||||
* @see AuthorizationRequestRepository
|
||||
* @see AuthorizationRequestUriBuilder
|
||||
* @see ClientRegistration
|
||||
@ -127,8 +127,8 @@ public class AuthorizationCodeRequestRedirectFilter extends OncePerRequestFilter
|
||||
Map<String,Object> additionalParameters = new HashMap<>();
|
||||
additionalParameters.put(OAuth2Parameter.REGISTRATION_ID, clientRegistration.getRegistrationId());
|
||||
|
||||
AuthorizationRequestAttributes authorizationRequestAttributes =
|
||||
AuthorizationRequestAttributes.withAuthorizationCode()
|
||||
AuthorizationRequest authorizationRequest =
|
||||
AuthorizationRequest.authorizationCode()
|
||||
.clientId(clientRegistration.getClientId())
|
||||
.authorizeUri(clientRegistration.getProviderDetails().getAuthorizationUri())
|
||||
.redirectUri(redirectUriStr)
|
||||
@ -137,9 +137,9 @@ public class AuthorizationCodeRequestRedirectFilter extends OncePerRequestFilter
|
||||
.additionalParameters(additionalParameters)
|
||||
.build();
|
||||
|
||||
this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequestAttributes, request, response);
|
||||
this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
|
||||
|
||||
URI redirectUri = this.authorizationUriBuilder.build(authorizationRequestAttributes);
|
||||
URI redirectUri = this.authorizationUriBuilder.build(authorizationRequest);
|
||||
this.authorizationRedirectStrategy.sendRedirect(request, response, redirectUri.toString());
|
||||
}
|
||||
|
||||
|
@ -19,7 +19,7 @@ package org.springframework.security.oauth2.client.web;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationGrantAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes;
|
||||
import org.springframework.security.oauth2.core.endpoint.TokenResponse;
|
||||
|
||||
/**
|
||||
* Implementations of this interface are responsible for <i>"exchanging"</i>
|
||||
@ -30,13 +30,13 @@ import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes
|
||||
* @since 5.0
|
||||
* @see AuthorizationGrantType
|
||||
* @see AuthorizationGrantAuthenticationToken
|
||||
* @see TokenResponseAttributes
|
||||
* @see TokenResponse
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3">Section 1.3 Authorization Grant</a>
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request (Authorization Code Grant)</a>
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response (Authorization Code Grant)</a>
|
||||
*/
|
||||
public interface AuthorizationGrantTokenExchanger<T extends AuthorizationGrantAuthenticationToken> {
|
||||
|
||||
TokenResponseAttributes exchange(T authorizationGrantAuthentication) throws OAuth2AuthenticationException;
|
||||
TokenResponse exchange(T authorizationGrantAuthentication) throws OAuth2AuthenticationException;
|
||||
|
||||
}
|
||||
|
@ -15,14 +15,14 @@
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.web;
|
||||
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
/**
|
||||
* Implementations of this interface are responsible for the persistence
|
||||
* of {@link AuthorizationRequestAttributes} between requests.
|
||||
* of {@link AuthorizationRequest} between requests.
|
||||
*
|
||||
* <p>
|
||||
* Used by the {@link AuthorizationCodeRequestRedirectFilter} for persisting the <i>Authorization Request</i>
|
||||
@ -32,16 +32,16 @@ import javax.servlet.http.HttpServletResponse;
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see AuthorizationRequestAttributes
|
||||
* @see AuthorizationRequest
|
||||
* @see HttpSessionAuthorizationRequestRepository
|
||||
*/
|
||||
public interface AuthorizationRequestRepository {
|
||||
|
||||
AuthorizationRequestAttributes loadAuthorizationRequest(HttpServletRequest request);
|
||||
AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request);
|
||||
|
||||
void saveAuthorizationRequest(AuthorizationRequestAttributes authorizationRequest, HttpServletRequest request,
|
||||
HttpServletResponse response);
|
||||
void saveAuthorizationRequest(AuthorizationRequest authorizationRequest, HttpServletRequest request,
|
||||
HttpServletResponse response);
|
||||
|
||||
AuthorizationRequestAttributes removeAuthorizationRequest(HttpServletRequest request);
|
||||
AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request);
|
||||
|
||||
}
|
||||
|
@ -16,7 +16,7 @@
|
||||
package org.springframework.security.oauth2.client.web;
|
||||
|
||||
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
|
||||
import java.net.URI;
|
||||
|
||||
@ -37,10 +37,10 @@ import java.net.URI;
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see AuthorizationRequestAttributes
|
||||
* @see AuthorizationRequest
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Request</a>
|
||||
*/
|
||||
public interface AuthorizationRequestUriBuilder {
|
||||
|
||||
URI build(AuthorizationRequestAttributes authorizationRequestAttributes);
|
||||
URI build(AuthorizationRequest authorizationRequest);
|
||||
}
|
||||
|
@ -15,7 +15,7 @@
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.web;
|
||||
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
|
||||
import org.springframework.security.oauth2.core.endpoint.ResponseType;
|
||||
import org.springframework.web.util.UriComponentsBuilder;
|
||||
@ -29,24 +29,24 @@ import java.util.stream.Collectors;
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see AuthorizationRequestAttributes
|
||||
* @see AuthorizationRequest
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Request</a>
|
||||
*/
|
||||
public class DefaultAuthorizationRequestUriBuilder implements AuthorizationRequestUriBuilder {
|
||||
|
||||
@Override
|
||||
public URI build(AuthorizationRequestAttributes authorizationRequestAttributes) {
|
||||
public URI build(AuthorizationRequest authorizationRequest) {
|
||||
UriComponentsBuilder uriBuilder = UriComponentsBuilder
|
||||
.fromUriString(authorizationRequestAttributes.getAuthorizeUri())
|
||||
.fromUriString(authorizationRequest.getAuthorizeUri())
|
||||
.queryParam(OAuth2Parameter.RESPONSE_TYPE, ResponseType.CODE.getValue());
|
||||
if (authorizationRequestAttributes.getRedirectUri() != null) {
|
||||
uriBuilder.queryParam(OAuth2Parameter.REDIRECT_URI, authorizationRequestAttributes.getRedirectUri());
|
||||
if (authorizationRequest.getRedirectUri() != null) {
|
||||
uriBuilder.queryParam(OAuth2Parameter.REDIRECT_URI, authorizationRequest.getRedirectUri());
|
||||
}
|
||||
uriBuilder
|
||||
.queryParam(OAuth2Parameter.CLIENT_ID, authorizationRequestAttributes.getClientId())
|
||||
.queryParam(OAuth2Parameter.CLIENT_ID, authorizationRequest.getClientId())
|
||||
.queryParam(OAuth2Parameter.SCOPE,
|
||||
authorizationRequestAttributes.getScope().stream().collect(Collectors.joining(" ")))
|
||||
.queryParam(OAuth2Parameter.STATE, authorizationRequestAttributes.getState());
|
||||
authorizationRequest.getScope().stream().collect(Collectors.joining(" ")))
|
||||
.queryParam(OAuth2Parameter.STATE, authorizationRequest.getState());
|
||||
|
||||
return uriBuilder.build().encode().toUri();
|
||||
}
|
||||
|
@ -15,7 +15,7 @@
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.web;
|
||||
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
@ -23,11 +23,11 @@ import javax.servlet.http.HttpSession;
|
||||
|
||||
/**
|
||||
* An implementation of an {@link AuthorizationRequestRepository} that stores
|
||||
* {@link AuthorizationRequestAttributes} in the {@link HttpSession}.
|
||||
* {@link AuthorizationRequest} in the {@link HttpSession}.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see AuthorizationRequestAttributes
|
||||
* @see AuthorizationRequest
|
||||
*/
|
||||
public final class HttpSessionAuthorizationRequestRepository implements AuthorizationRequestRepository {
|
||||
private static final String DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME =
|
||||
@ -35,18 +35,18 @@ public final class HttpSessionAuthorizationRequestRepository implements Authoriz
|
||||
private String sessionAttributeName = DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME;
|
||||
|
||||
@Override
|
||||
public AuthorizationRequestAttributes loadAuthorizationRequest(HttpServletRequest request) {
|
||||
AuthorizationRequestAttributes authorizationRequest = null;
|
||||
public AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request) {
|
||||
AuthorizationRequest authorizationRequest = null;
|
||||
HttpSession session = request.getSession(false);
|
||||
if (session != null) {
|
||||
authorizationRequest = (AuthorizationRequestAttributes) session.getAttribute(this.sessionAttributeName);
|
||||
authorizationRequest = (AuthorizationRequest) session.getAttribute(this.sessionAttributeName);
|
||||
}
|
||||
return authorizationRequest;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void saveAuthorizationRequest(AuthorizationRequestAttributes authorizationRequest, HttpServletRequest request,
|
||||
HttpServletResponse response) {
|
||||
public void saveAuthorizationRequest(AuthorizationRequest authorizationRequest, HttpServletRequest request,
|
||||
HttpServletResponse response) {
|
||||
if (authorizationRequest == null) {
|
||||
this.removeAuthorizationRequest(request);
|
||||
return;
|
||||
@ -55,8 +55,8 @@ public final class HttpSessionAuthorizationRequestRepository implements Authoriz
|
||||
}
|
||||
|
||||
@Override
|
||||
public AuthorizationRequestAttributes removeAuthorizationRequest(HttpServletRequest request) {
|
||||
AuthorizationRequestAttributes authorizationRequest = this.loadAuthorizationRequest(request);
|
||||
public AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request) {
|
||||
AuthorizationRequest authorizationRequest = this.loadAuthorizationRequest(request);
|
||||
if (authorizationRequest != null) {
|
||||
request.getSession().removeAttribute(this.sessionAttributeName);
|
||||
}
|
||||
|
@ -17,7 +17,7 @@ package org.springframework.security.oauth2.client.web.converter;
|
||||
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.util.function.Function;
|
||||
@ -36,12 +36,23 @@ public final class AuthorizationResponseConverter implements Function<HttpServle
|
||||
@Override
|
||||
public AuthorizationResponse apply(HttpServletRequest request) {
|
||||
String code = request.getParameter(OAuth2Parameter.CODE);
|
||||
Assert.hasText(code, OAuth2Parameter.CODE + " attribute is required");
|
||||
|
||||
String errorCode = request.getParameter(OAuth2Parameter.ERROR);
|
||||
String state = request.getParameter(OAuth2Parameter.STATE);
|
||||
|
||||
return AuthorizationResponse.success(code)
|
||||
.state(state)
|
||||
.build();
|
||||
if (StringUtils.hasText(code)) {
|
||||
return AuthorizationResponse.success(code)
|
||||
.state(state)
|
||||
.build();
|
||||
} else if (StringUtils.hasText(errorCode)) {
|
||||
String description = request.getParameter(OAuth2Parameter.ERROR_DESCRIPTION);
|
||||
String uri = request.getParameter(OAuth2Parameter.ERROR_URI);
|
||||
return AuthorizationResponse.error(errorCode)
|
||||
.errorDescription(description)
|
||||
.errorUri(uri)
|
||||
.state(state)
|
||||
.build();
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
@ -1,56 +0,0 @@
|
||||
/*
|
||||
* Copyright 2012-2017 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.web.converter;
|
||||
|
||||
import org.springframework.security.oauth2.core.endpoint.ErrorResponseAttributes;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.util.function.Function;
|
||||
|
||||
/**
|
||||
* A <code>Function</code> that converts an <i>OAuth 2.0 Error Response</i>
|
||||
* (in the form of a {@link HttpServletRequest}) to a {@link ErrorResponseAttributes}.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see ErrorResponseAttributes
|
||||
*/
|
||||
public final class ErrorResponseAttributesConverter implements Function<HttpServletRequest, ErrorResponseAttributes> {
|
||||
|
||||
@Override
|
||||
public ErrorResponseAttributes apply(HttpServletRequest request) {
|
||||
ErrorResponseAttributes response;
|
||||
|
||||
String errorCode = request.getParameter(OAuth2Parameter.ERROR);
|
||||
if (!StringUtils.hasText(errorCode)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
String description = request.getParameter(OAuth2Parameter.ERROR_DESCRIPTION);
|
||||
String uri = request.getParameter(OAuth2Parameter.ERROR_URI);
|
||||
String state = request.getParameter(OAuth2Parameter.STATE);
|
||||
|
||||
response = ErrorResponseAttributes.withErrorCode(errorCode)
|
||||
.description(description)
|
||||
.uri(uri)
|
||||
.state(state)
|
||||
.build();
|
||||
|
||||
return response;
|
||||
}
|
||||
}
|
@ -24,7 +24,6 @@ import com.nimbusds.oauth2.sdk.ErrorObject;
|
||||
import com.nimbusds.oauth2.sdk.ParseException;
|
||||
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
|
||||
import com.nimbusds.oauth2.sdk.TokenRequest;
|
||||
import com.nimbusds.oauth2.sdk.TokenResponse;
|
||||
import com.nimbusds.oauth2.sdk.auth.ClientAuthentication;
|
||||
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
|
||||
import com.nimbusds.oauth2.sdk.auth.ClientSecretPost;
|
||||
@ -40,7 +39,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes;
|
||||
import org.springframework.security.oauth2.core.endpoint.TokenResponse;
|
||||
import org.springframework.util.CollectionUtils;
|
||||
|
||||
import java.io.IOException;
|
||||
@ -62,7 +61,7 @@ import java.util.stream.Collectors;
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see AuthorizationCodeAuthenticationToken
|
||||
* @see TokenResponseAttributes
|
||||
* @see TokenResponse
|
||||
* @see <a target="_blank" href="https://connect2id.com/products/nimbus-oauth-openid-connect-sdk">Nimbus OAuth 2.0 SDK</a>
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request (Authorization Code Grant)</a>
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response (Authorization Code Grant)</a>
|
||||
@ -71,7 +70,7 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant
|
||||
private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
|
||||
|
||||
@Override
|
||||
public TokenResponseAttributes exchange(AuthorizationCodeAuthenticationToken authorizationCodeAuthenticationToken)
|
||||
public TokenResponse exchange(AuthorizationCodeAuthenticationToken authorizationCodeAuthenticationToken)
|
||||
throws OAuth2AuthenticationException {
|
||||
|
||||
ClientRegistration clientRegistration = authorizationCodeAuthenticationToken.getClientRegistration();
|
||||
@ -92,7 +91,7 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant
|
||||
clientAuthentication = new ClientSecretBasic(clientId, clientSecret);
|
||||
}
|
||||
|
||||
TokenResponse tokenResponse;
|
||||
com.nimbusds.oauth2.sdk.TokenResponse tokenResponse;
|
||||
try {
|
||||
// Send the Access Token request
|
||||
TokenRequest tokenRequest = new TokenRequest(tokenUri, clientAuthentication, authorizationCodeGrant);
|
||||
@ -100,7 +99,7 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant
|
||||
httpRequest.setAccept(MediaType.APPLICATION_JSON_VALUE);
|
||||
httpRequest.setConnectTimeout(30000);
|
||||
httpRequest.setReadTimeout(30000);
|
||||
tokenResponse = TokenResponse.parse(httpRequest.send());
|
||||
tokenResponse = com.nimbusds.oauth2.sdk.TokenResponse.parse(httpRequest.send());
|
||||
} catch (ParseException pe) {
|
||||
// This error occurs if the Access Token Response is not well-formed,
|
||||
// for example, a required attribute is missing
|
||||
@ -134,7 +133,7 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant
|
||||
Map<String, Object> additionalParameters = accessTokenResponse.getCustomParameters().entrySet().stream()
|
||||
.collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
|
||||
|
||||
return TokenResponseAttributes.withToken(accessToken)
|
||||
return TokenResponse.withToken(accessToken)
|
||||
.tokenType(accessTokenType)
|
||||
.expiresIn(expiresIn)
|
||||
.scope(scope)
|
||||
|
@ -25,7 +25,7 @@ import org.springframework.security.oauth2.client.authentication.jwt.JwtDecoderR
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes;
|
||||
import org.springframework.security.oauth2.core.endpoint.TokenResponse;
|
||||
import org.springframework.security.oauth2.oidc.core.IdToken;
|
||||
import org.springframework.security.oauth2.oidc.core.endpoint.OidcParameter;
|
||||
import org.springframework.util.Assert;
|
||||
@ -66,7 +66,7 @@ public class OidcAuthorizationCodeAuthenticator implements AuthorizationGrantAut
|
||||
|
||||
ClientRegistration clientRegistration = authorizationCodeAuthentication.getClientRegistration();
|
||||
|
||||
TokenResponseAttributes tokenResponse =
|
||||
TokenResponse tokenResponse =
|
||||
this.authorizationCodeTokenExchanger.exchange(authorizationCodeAuthentication);
|
||||
|
||||
AccessToken accessToken = new AccessToken(tokenResponse.getTokenType(),
|
||||
|
@ -34,7 +34,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
|
||||
@ -245,8 +245,8 @@ public class AuthorizationCodeAuthenticationFilterTests {
|
||||
Map<String,Object> additionalParameters = new HashMap<>();
|
||||
additionalParameters.put(OAuth2Parameter.REGISTRATION_ID, clientRegistration.getRegistrationId());
|
||||
|
||||
AuthorizationRequestAttributes authorizationRequestAttributes =
|
||||
AuthorizationRequestAttributes.withAuthorizationCode()
|
||||
AuthorizationRequest authorizationRequest =
|
||||
AuthorizationRequest.authorizationCode()
|
||||
.clientId(clientRegistration.getClientId())
|
||||
.authorizeUri(clientRegistration.getProviderDetails().getAuthorizationUri())
|
||||
.redirectUri(clientRegistration.getRedirectUri())
|
||||
@ -255,7 +255,7 @@ public class AuthorizationCodeAuthenticationFilterTests {
|
||||
.additionalParameters(additionalParameters)
|
||||
.build();
|
||||
|
||||
authorizationRequestRepository.saveAuthorizationRequest(authorizationRequestAttributes, request, response);
|
||||
authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
|
||||
}
|
||||
|
||||
private MockHttpServletRequest setupRequest(ClientRegistration clientRegistration) {
|
||||
|
@ -23,7 +23,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
@ -100,17 +100,17 @@ public class AuthorizationCodeRequestRedirectFilterTests {
|
||||
Mockito.verifyZeroInteractions(filterChain); // Request should not proceed up the chain
|
||||
|
||||
// The authorization request attributes are saved in the session before the redirect happens
|
||||
AuthorizationRequestAttributes authorizationRequestAttributes =
|
||||
AuthorizationRequest authorizationRequest =
|
||||
authorizationRequestRepository.loadAuthorizationRequest(request);
|
||||
Assertions.assertThat(authorizationRequestAttributes).isNotNull();
|
||||
Assertions.assertThat(authorizationRequest).isNotNull();
|
||||
|
||||
Assertions.assertThat(authorizationRequestAttributes.getAuthorizeUri()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequestAttributes.getGrantType()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequestAttributes.getResponseType()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequestAttributes.getClientId()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequestAttributes.getRedirectUri()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequestAttributes.getScope()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequestAttributes.getState()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequest.getAuthorizeUri()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequest.getGrantType()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequest.getResponseType()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequest.getClientId()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequest.getRedirectUri()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequest.getScope()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequest.getState()).isNotNull();
|
||||
}
|
||||
|
||||
private AuthorizationCodeRequestRedirectFilter setupFilter(String authorizationUri,
|
||||
@ -118,7 +118,7 @@ public class AuthorizationCodeRequestRedirectFilterTests {
|
||||
|
||||
AuthorizationRequestUriBuilder authorizationUriBuilder = Mockito.mock(AuthorizationRequestUriBuilder.class);
|
||||
URI authorizationURI = new URI(authorizationUri);
|
||||
Mockito.when(authorizationUriBuilder.build(Matchers.any(AuthorizationRequestAttributes.class))).thenReturn(authorizationURI);
|
||||
Mockito.when(authorizationUriBuilder.build(Matchers.any(AuthorizationRequest.class))).thenReturn(authorizationURI);
|
||||
|
||||
return setupFilter(authorizationUriBuilder, clientRegistrations);
|
||||
}
|
||||
|
@ -30,7 +30,7 @@ import org.springframework.util.Assert;
|
||||
* @since 5.0
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-11.4">Section 11.4 OAuth Extensions Error Registry</a>
|
||||
*/
|
||||
public class OAuth2Error {
|
||||
public final class OAuth2Error {
|
||||
// Standard error codes
|
||||
public static final String INVALID_REQUEST_ERROR_CODE = "invalid_request";
|
||||
public static final String INVALID_CLIENT_ERROR_CODE = "invalid_client";
|
||||
|
@ -1,76 +0,0 @@
|
||||
/*
|
||||
* Copyright 2012-2017 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.core.endpoint;
|
||||
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* A representation of an <i>OAuth 2.0 Access Token Request</i> for the authorization code grant type.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request</a>
|
||||
*/
|
||||
public final class AuthorizationCodeTokenRequestAttributes {
|
||||
private String code;
|
||||
private String clientId;
|
||||
private String redirectUri;
|
||||
|
||||
private AuthorizationCodeTokenRequestAttributes() {
|
||||
}
|
||||
|
||||
public String getCode() {
|
||||
return this.code;
|
||||
}
|
||||
|
||||
public String getClientId() {
|
||||
return this.clientId;
|
||||
}
|
||||
|
||||
public String getRedirectUri() {
|
||||
return this.redirectUri;
|
||||
}
|
||||
|
||||
public static Builder withCode(String code) {
|
||||
return new Builder(code);
|
||||
}
|
||||
|
||||
public static class Builder {
|
||||
private final AuthorizationCodeTokenRequestAttributes authorizationCodeTokenRequest;
|
||||
|
||||
private Builder(String code) {
|
||||
Assert.hasText(code, "code cannot be empty");
|
||||
this.authorizationCodeTokenRequest = new AuthorizationCodeTokenRequestAttributes();
|
||||
this.authorizationCodeTokenRequest.code = code;
|
||||
}
|
||||
|
||||
public Builder clientId(String clientId) {
|
||||
this.authorizationCodeTokenRequest.clientId = clientId;
|
||||
return this;
|
||||
}
|
||||
|
||||
public Builder redirectUri(String redirectUri) {
|
||||
this.authorizationCodeTokenRequest.redirectUri = redirectUri;
|
||||
return this;
|
||||
}
|
||||
|
||||
public AuthorizationCodeTokenRequestAttributes build() {
|
||||
Assert.hasText(this.authorizationCodeTokenRequest.clientId, "clientId cannot be empty");
|
||||
Assert.hasText(this.authorizationCodeTokenRequest.redirectUri, "redirectUri cannot be empty");
|
||||
return this.authorizationCodeTokenRequest;
|
||||
}
|
||||
}
|
||||
}
|
@ -37,7 +37,7 @@ import java.util.Set;
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Code Grant Request</a>
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.2.1">Section 4.2.1 Implicit Grant Request</a>
|
||||
*/
|
||||
public final class AuthorizationRequestAttributes implements Serializable {
|
||||
public final class AuthorizationRequest implements Serializable {
|
||||
private String authorizeUri;
|
||||
private AuthorizationGrantType authorizationGrantType;
|
||||
private ResponseType responseType;
|
||||
@ -47,7 +47,7 @@ public final class AuthorizationRequestAttributes implements Serializable {
|
||||
private String state;
|
||||
private Map<String,Object> additionalParameters;
|
||||
|
||||
private AuthorizationRequestAttributes() {
|
||||
private AuthorizationRequest() {
|
||||
}
|
||||
|
||||
public String getAuthorizeUri() {
|
||||
@ -82,16 +82,16 @@ public final class AuthorizationRequestAttributes implements Serializable {
|
||||
return this.additionalParameters;
|
||||
}
|
||||
|
||||
public static Builder withAuthorizationCode() {
|
||||
public static Builder authorizationCode() {
|
||||
return new Builder(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
}
|
||||
|
||||
public static class Builder {
|
||||
private final AuthorizationRequestAttributes authorizationRequest;
|
||||
private final AuthorizationRequest authorizationRequest;
|
||||
|
||||
private Builder(AuthorizationGrantType authorizationGrantType) {
|
||||
Assert.notNull(authorizationGrantType, "authorizationGrantType cannot be null");
|
||||
this.authorizationRequest = new AuthorizationRequestAttributes();
|
||||
this.authorizationRequest = new AuthorizationRequest();
|
||||
this.authorizationRequest.authorizationGrantType = authorizationGrantType;
|
||||
if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(authorizationGrantType)) {
|
||||
this.authorizationRequest.responseType = ResponseType.CODE;
|
||||
@ -128,7 +128,7 @@ public final class AuthorizationRequestAttributes implements Serializable {
|
||||
return this;
|
||||
}
|
||||
|
||||
public AuthorizationRequestAttributes build() {
|
||||
public AuthorizationRequest build() {
|
||||
Assert.hasText(this.authorizationRequest.clientId, "clientId cannot be empty");
|
||||
Assert.hasText(this.authorizationRequest.authorizeUri, "authorizeUri cannot be empty");
|
||||
this.authorizationRequest.scope = Collections.unmodifiableSet(
|
@ -51,7 +51,7 @@ public final class AuthorizationResponse {
|
||||
}
|
||||
|
||||
public boolean statusError() {
|
||||
return this.error != null && this.error.getErrorCode() != null;
|
||||
return (this.error != null && this.error.getErrorCode() != null);
|
||||
}
|
||||
|
||||
public static Builder success(String code) {
|
||||
|
@ -1,96 +0,0 @@
|
||||
/*
|
||||
* Copyright 2012-2017 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.core.endpoint;
|
||||
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* A representation of an <i>OAuth 2.0 Error Response</i>.
|
||||
*
|
||||
* <p>
|
||||
* An error response may be returned from either of the following locations:
|
||||
* <ul>
|
||||
* <li><a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.2.1">Section 4.1.2.1</a> Authorization Code Grant Response</li>
|
||||
* <li><a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.2.2.1">Section 4.2.2.1</a> Implicit Grant Response</li>
|
||||
* <li><a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-5.2">Section 5.2</a> Access Token Response</li>
|
||||
* <li><a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-7.2">Section 7.2</a> Protected Resource Response</li>
|
||||
* </ul>
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
*/
|
||||
public final class ErrorResponseAttributes {
|
||||
private OAuth2Error errorObject;
|
||||
private String state;
|
||||
|
||||
private ErrorResponseAttributes() {
|
||||
}
|
||||
|
||||
public String getErrorCode() {
|
||||
return this.errorObject.getErrorCode();
|
||||
}
|
||||
|
||||
public String getDescription() {
|
||||
return this.errorObject.getDescription();
|
||||
}
|
||||
|
||||
public String getUri() {
|
||||
return this.errorObject.getUri();
|
||||
}
|
||||
|
||||
public String getState() {
|
||||
return this.state;
|
||||
}
|
||||
|
||||
public static Builder withErrorCode(String errorCode) {
|
||||
return new Builder(errorCode);
|
||||
}
|
||||
|
||||
public static class Builder {
|
||||
private String errorCode;
|
||||
private String description;
|
||||
private String uri;
|
||||
private String state;
|
||||
|
||||
private Builder(String errorCode) {
|
||||
Assert.hasText(errorCode, "errorCode cannot be empty");
|
||||
this.errorCode = errorCode;
|
||||
}
|
||||
|
||||
public Builder description(String description) {
|
||||
this.description = description;
|
||||
return this;
|
||||
}
|
||||
|
||||
public Builder uri(String uri) {
|
||||
this.uri = uri;
|
||||
return this;
|
||||
}
|
||||
|
||||
public Builder state(String state) {
|
||||
this.state = state;
|
||||
return this;
|
||||
}
|
||||
|
||||
public ErrorResponseAttributes build() {
|
||||
ErrorResponseAttributes errorResponse = new ErrorResponseAttributes();
|
||||
errorResponse.errorObject = new OAuth2Error(this.errorCode, this.description, this.uri);
|
||||
errorResponse.state = this.state;
|
||||
return errorResponse;
|
||||
}
|
||||
}
|
||||
}
|
@ -31,11 +31,11 @@ import java.util.Set;
|
||||
* @see AccessToken
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-5.1">Section 5.1 Access Token Response</a>
|
||||
*/
|
||||
public final class TokenResponseAttributes {
|
||||
public final class TokenResponse {
|
||||
private AccessToken accessToken;
|
||||
private Map<String,Object> additionalParameters;
|
||||
|
||||
private TokenResponseAttributes() {
|
||||
private TokenResponse() {
|
||||
}
|
||||
|
||||
public String getTokenValue() {
|
||||
@ -97,12 +97,12 @@ public final class TokenResponseAttributes {
|
||||
return this;
|
||||
}
|
||||
|
||||
public TokenResponseAttributes build() {
|
||||
public TokenResponse build() {
|
||||
Assert.isTrue(this.expiresIn >= 0, "expiresIn must be a positive number");
|
||||
Instant issuedAt = Instant.now();
|
||||
AccessToken accessToken = new AccessToken(this.tokenType, this.tokenValue, issuedAt,
|
||||
issuedAt.plusSeconds(this.expiresIn), this.scope);
|
||||
TokenResponseAttributes tokenResponse = new TokenResponseAttributes();
|
||||
TokenResponse tokenResponse = new TokenResponse();
|
||||
tokenResponse.accessToken = accessToken;
|
||||
tokenResponse.additionalParameters = Collections.unmodifiableMap(
|
||||
this.additionalParameters != null ? this.additionalParameters : Collections.emptyMap());
|
@ -1,75 +0,0 @@
|
||||
/*
|
||||
* Copyright 2012-2017 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.core.endpoint;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
/**
|
||||
* Tests {@link AuthorizationCodeTokenRequestAttributes}
|
||||
*
|
||||
* @author Luander Ribeiro
|
||||
*/
|
||||
public class AuthorizationCodeTokenRequestAttributesTest {
|
||||
private static final String CODE = "code";
|
||||
private static final String CLIENT_ID = "client id";
|
||||
private static final String REDIRECT_URI = "http://redirect.uri/";
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenCodeIsNullThenThrowIllegalArgumentException() {
|
||||
AuthorizationCodeTokenRequestAttributes
|
||||
.withCode(null)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.build();
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenClientIdIsNullThenThrowIllegalArgumentException() {
|
||||
AuthorizationCodeTokenRequestAttributes
|
||||
.withCode(CODE)
|
||||
.clientId(null)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.build();
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenRedirectUriIsNullThenThrowIllegalArgumentException() {
|
||||
AuthorizationCodeTokenRequestAttributes
|
||||
.withCode(CODE)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(null)
|
||||
.build();
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenClientIdNotSetThenThrowIllegalArgumentException() {
|
||||
AuthorizationCodeTokenRequestAttributes
|
||||
.withCode(CODE)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.build();
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenRedirectUriNotSetThenThrowIllegalArgumentException() {
|
||||
AuthorizationCodeTokenRequestAttributes
|
||||
.withCode(CODE)
|
||||
.clientId(CLIENT_ID)
|
||||
.build();
|
||||
}
|
||||
}
|
@ -24,11 +24,11 @@ import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatCode;
|
||||
|
||||
/**
|
||||
* Tests {@link AuthorizationRequestAttributes}
|
||||
* Tests {@link AuthorizationRequest}
|
||||
*
|
||||
* @author Luander Ribeiro
|
||||
*/
|
||||
public class AuthorizationRequestAttributesTest {
|
||||
public class AuthorizationRequestTest {
|
||||
private static final String AUTHORIZE_URI = "http://authorize.uri/";
|
||||
private static final String CLIENT_ID = "client id";
|
||||
private static final String REDIRECT_URI = "http://redirect.uri/";
|
||||
@ -37,7 +37,7 @@ public class AuthorizationRequestAttributesTest {
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenAuthorizationUriIsNullThenThrowIllegalArgumentException() {
|
||||
AuthorizationRequestAttributes.withAuthorizationCode()
|
||||
AuthorizationRequest.authorizationCode()
|
||||
.authorizeUri(null)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
@ -48,7 +48,7 @@ public class AuthorizationRequestAttributesTest {
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenAuthorizeUriNotSetThenThrowIllegalArgumentException() {
|
||||
AuthorizationRequestAttributes.withAuthorizationCode()
|
||||
AuthorizationRequest.authorizationCode()
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPE)
|
||||
@ -58,7 +58,7 @@ public class AuthorizationRequestAttributesTest {
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenClientIdIsNullThenThrowIllegalArgumentException() {
|
||||
AuthorizationRequestAttributes.withAuthorizationCode()
|
||||
AuthorizationRequest.authorizationCode()
|
||||
.authorizeUri(AUTHORIZE_URI)
|
||||
.clientId(null)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
@ -69,7 +69,7 @@ public class AuthorizationRequestAttributesTest {
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenClientIdNotSetThenThrowIllegalArgumentException() {
|
||||
AuthorizationRequestAttributes.withAuthorizationCode()
|
||||
AuthorizationRequest.authorizationCode()
|
||||
.authorizeUri(AUTHORIZE_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPE)
|
||||
@ -79,8 +79,8 @@ public class AuthorizationRequestAttributesTest {
|
||||
|
||||
@Test
|
||||
public void buildWhenGetResponseTypeIsCalledThenReturnCode() {
|
||||
AuthorizationRequestAttributes attributes;
|
||||
attributes = AuthorizationRequestAttributes.withAuthorizationCode()
|
||||
AuthorizationRequest authorizationRequest;
|
||||
authorizationRequest = AuthorizationRequest.authorizationCode()
|
||||
.authorizeUri(AUTHORIZE_URI)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
@ -88,12 +88,12 @@ public class AuthorizationRequestAttributesTest {
|
||||
.state(STATE)
|
||||
.build();
|
||||
|
||||
assertThat(attributes.getResponseType()).isEqualTo(ResponseType.CODE);
|
||||
assertThat(authorizationRequest.getResponseType()).isEqualTo(ResponseType.CODE);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void buildWhenRedirectUriIsNullThenDoesNotThrowAnyException() {
|
||||
assertThatCode(() -> AuthorizationRequestAttributes.withAuthorizationCode()
|
||||
assertThatCode(() -> AuthorizationRequest.authorizationCode()
|
||||
.authorizeUri(AUTHORIZE_URI)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(null)
|
||||
@ -104,7 +104,7 @@ public class AuthorizationRequestAttributesTest {
|
||||
|
||||
@Test
|
||||
public void buildWhenRedirectUriNotSetThenDoesNotThrowAnyException() {
|
||||
assertThatCode(() -> AuthorizationRequestAttributes.withAuthorizationCode()
|
||||
assertThatCode(() -> AuthorizationRequest.authorizationCode()
|
||||
.authorizeUri(AUTHORIZE_URI)
|
||||
.clientId(CLIENT_ID)
|
||||
.scope(SCOPE)
|
||||
@ -114,7 +114,7 @@ public class AuthorizationRequestAttributesTest {
|
||||
|
||||
@Test
|
||||
public void buildWhenScopesIsNullThenDoesNotThrowAnyException() {
|
||||
assertThatCode(() -> AuthorizationRequestAttributes.withAuthorizationCode()
|
||||
assertThatCode(() -> AuthorizationRequest.authorizationCode()
|
||||
.authorizeUri(AUTHORIZE_URI)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
@ -125,7 +125,7 @@ public class AuthorizationRequestAttributesTest {
|
||||
|
||||
@Test
|
||||
public void buildWhenScopesNotSetThenDoesNotThrowAnyException() {
|
||||
assertThatCode(() -> AuthorizationRequestAttributes.withAuthorizationCode()
|
||||
assertThatCode(() -> AuthorizationRequest.authorizationCode()
|
||||
.authorizeUri(AUTHORIZE_URI)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
@ -135,7 +135,7 @@ public class AuthorizationRequestAttributesTest {
|
||||
|
||||
@Test
|
||||
public void buildWhenStateIsNullThenDoesNotThrowAnyException() {
|
||||
assertThatCode(() -> AuthorizationRequestAttributes.withAuthorizationCode()
|
||||
assertThatCode(() -> AuthorizationRequest.authorizationCode()
|
||||
.authorizeUri(AUTHORIZE_URI)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
@ -146,7 +146,7 @@ public class AuthorizationRequestAttributesTest {
|
||||
|
||||
@Test
|
||||
public void buildWhenStateNotSetThenDoesNotThrowAnyException() {
|
||||
assertThatCode(() -> AuthorizationRequestAttributes.withAuthorizationCode()
|
||||
assertThatCode(() -> AuthorizationRequest.authorizationCode()
|
||||
.authorizeUri(AUTHORIZE_URI)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
@ -1,32 +0,0 @@
|
||||
/*
|
||||
* Copyright 2012-2017 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.core.endpoint;
|
||||
|
||||
import org.junit.Test;
|
||||
|
||||
/**
|
||||
* Tests {@link ErrorResponseAttributes}
|
||||
*
|
||||
* @author Luander Ribeiro
|
||||
*/
|
||||
public class ErrorResponseAttributesTest {
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void withErrorCodeWhenCodeIsNullThenThrowIllegalArgumentException() {
|
||||
ErrorResponseAttributes.withErrorCode(null)
|
||||
.build();
|
||||
}
|
||||
}
|
@ -21,11 +21,11 @@ import org.springframework.security.oauth2.core.AccessToken;
|
||||
import java.util.Collections;
|
||||
|
||||
/**
|
||||
* Tests {@link TokenResponseAttributes}
|
||||
* Tests {@link TokenResponse}
|
||||
*
|
||||
* @author Luander Ribeiro
|
||||
*/
|
||||
public class TokenResponseAttributesTest {
|
||||
public class TokenResponseTest {
|
||||
|
||||
private static final String TOKEN = "token";
|
||||
private static final long INVALID_EXPIRES_IN = -1L;
|
||||
@ -33,7 +33,7 @@ public class TokenResponseAttributesTest {
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenTokenValueIsNullThenThrowIllegalArgumentException() {
|
||||
TokenResponseAttributes.withToken(null)
|
||||
TokenResponse.withToken(null)
|
||||
.expiresIn(EXPIRES_IN)
|
||||
.additionalParameters(Collections.emptyMap())
|
||||
.scope(Collections.emptySet())
|
||||
@ -43,7 +43,7 @@ public class TokenResponseAttributesTest {
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenExpiresInIsNegativeThenThrowIllegalArgumentException() {
|
||||
TokenResponseAttributes.withToken(TOKEN)
|
||||
TokenResponse.withToken(TOKEN)
|
||||
.expiresIn(INVALID_EXPIRES_IN)
|
||||
.additionalParameters(Collections.emptyMap())
|
||||
.scope(Collections.emptySet())
|
||||
@ -53,7 +53,7 @@ public class TokenResponseAttributesTest {
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenTokenTypeIsInvalidThenThrowIllegalArgumentException() {
|
||||
TokenResponseAttributes.withToken(TOKEN)
|
||||
TokenResponse.withToken(TOKEN)
|
||||
.expiresIn(EXPIRES_IN)
|
||||
.additionalParameters(Collections.emptyMap())
|
||||
.tokenType(null)
|
||||
@ -62,7 +62,7 @@ public class TokenResponseAttributesTest {
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenTokenTypeNotSetThenThrowIllegalArgumentException() {
|
||||
TokenResponseAttributes.withToken(TOKEN)
|
||||
TokenResponse.withToken(TOKEN)
|
||||
.expiresIn(EXPIRES_IN)
|
||||
.additionalParameters(Collections.emptyMap())
|
||||
.build();
|
@ -47,7 +47,7 @@ import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
|
||||
import org.springframework.security.oauth2.core.endpoint.ResponseType;
|
||||
import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes;
|
||||
import org.springframework.security.oauth2.core.endpoint.TokenResponse;
|
||||
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
|
||||
import org.springframework.test.context.junit4.SpringRunner;
|
||||
@ -381,7 +381,7 @@ public class OAuth2LoginApplicationTests {
|
||||
// @formatter:on
|
||||
|
||||
private AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> mockAuthorizationCodeTokenExchanger() {
|
||||
TokenResponseAttributes tokenResponse = TokenResponseAttributes.withToken("access-token-1234")
|
||||
TokenResponse tokenResponse = TokenResponse.withToken("access-token-1234")
|
||||
.tokenType(AccessToken.TokenType.BEARER)
|
||||
.expiresIn(60 * 1000)
|
||||
.scope(Collections.singleton("openid"))
|
||||
|
Loading…
x
Reference in New Issue
Block a user