Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added HttpServletResponse to AuthorizationRequestRepository 

This change enables AuthorizationRequestRepository to possibly save the AuthorizationRequestAttributes to a cookie.

Fixes gh-4446
This commit is contained in:
Luander Ribeiro 2017-07-24 20:43:20 +02:00 committed by Joe Grandja
parent ef1de5eda0
commit 65734414f7
4 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeRequestRedirectFilter.java
View File

@ -126,7 +126,7 @@ public class AuthorizationCodeRequestRedirectFilter extends OncePerRequestFilter
.state(this.stateGenerator.generateKey())
.build();
this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequestAttributes, request);
this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequestAttributes, request, response);
URI redirectUri = this.authorizationUriBuilder.build(authorizationRequestAttributes);
this.authorizationRedirectStrategy.sendRedirect(request, response, redirectUri.toString());

4
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationRequestRepository.java
View File

@ -18,6 +18,7 @@ package org.springframework.security.oauth2.client.authentication;
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Implementations of this interface are responsible for the persistence
@ -38,7 +39,8 @@ public interface AuthorizationRequestRepository {
AuthorizationRequestAttributes loadAuthorizationRequest(HttpServletRequest request);
void saveAuthorizationRequest(AuthorizationRequestAttributes authorizationRequest, HttpServletRequest request);
void saveAuthorizationRequest(AuthorizationRequestAttributes authorizationRequest, HttpServletRequest request,
HttpServletResponse response);
AuthorizationRequestAttributes removeAuthorizationRequest(HttpServletRequest request);

4
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/HttpSessionAuthorizationRequestRepository.java
View File

@ -18,6 +18,7 @@ package org.springframework.security.oauth2.client.authentication;
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
@ -44,7 +45,8 @@ public final class HttpSessionAuthorizationRequestRepository implements Authoriz
}
@Override
public void saveAuthorizationRequest(AuthorizationRequestAttributes authorizationRequest, HttpServletRequest request) {
public void saveAuthorizationRequest(AuthorizationRequestAttributes authorizationRequest, HttpServletRequest request,
HttpServletResponse response) {
if (authorizationRequest == null) {
this.removeAuthorizationRequest(request);
return;

9
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProcessingFilterTests.java
View File

@ -106,8 +106,8 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
String state = "some state";
request.addParameter(OAuth2Parameter.CODE, authCode);
request.addParameter(OAuth2Parameter.STATE, state);
setupAuthorizationRequest(authorizationRequestRepository, request, clientRegistration, state);
MockHttpServletResponse response = new MockHttpServletResponse();
setupAuthorizationRequest(authorizationRequestRepository, request, response, clientRegistration, state);
FilterChain filterChain = mock(FilterChain.class);
filter.doFilter(request, response, filterChain);
@ -156,8 +156,8 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
String state = "some other state";
request.addParameter(OAuth2Parameter.CODE, authCode);
request.addParameter(OAuth2Parameter.STATE, state);
setupAuthorizationRequest(authorizationRequestRepository, request, clientRegistration, "some state");
MockHttpServletResponse response = new MockHttpServletResponse();
setupAuthorizationRequest(authorizationRequestRepository, request, response, clientRegistration, "some state");
FilterChain filterChain = mock(FilterChain.class);
filter.doFilter(request, response, filterChain);
@ -181,8 +181,8 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
String state = "some state";
request.addParameter(OAuth2Parameter.CODE, authCode);
request.addParameter(OAuth2Parameter.STATE, state);
setupAuthorizationRequest(authorizationRequestRepository, request, clientRegistration, state);
MockHttpServletResponse response = new MockHttpServletResponse();
setupAuthorizationRequest(authorizationRequestRepository, request, response, clientRegistration, state);
FilterChain filterChain = mock(FilterChain.class);
filter.doFilter(request, response, filterChain);
@ -227,6 +227,7 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
private void setupAuthorizationRequest(AuthorizationRequestRepository authorizationRequestRepository,
HttpServletRequest request,
HttpServletResponse response,
ClientRegistration clientRegistration,
String state) {
@ -239,7 +240,7 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
.state(state)
.build();
authorizationRequestRepository.saveAuthorizationRequest(authorizationRequestAttributes, request);
authorizationRequestRepository.saveAuthorizationRequest(authorizationRequestAttributes, request, response);
}
private MockHttpServletRequest setupRequest(ClientRegistration clientRegistration) {