From 65b968f04ab8cc128933fbd376bd1c66a149bbca Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Wed, 13 Sep 2017 16:13:21 -0400 Subject: [PATCH] Move servlet-specific classes to 'web' package Fixes gh-4366 --- .../web/builders/FilterComparator.java | 4 +- .../annotation/web/builders/HttpSecurity.java | 8 +- ...ionCodeAuthenticationFilterConfigurer.java | 8 +- ...onCodeRequestRedirectFilterConfigurer.java | 6 +- .../oauth2/client/OAuth2LoginConfigurer.java | 8 +- ...thorizationCodeAuthenticationProvider.java | 1 + .../client/authentication/package-info.java | 2 +- .../nimbus/NimbusClientHttpResponse.java | 2 +- .../nimbus/NimbusOAuth2UserService.java | 2 +- ...ionCodeAuthenticationProcessingFilter.java | 6 +- ...uthorizationCodeRequestRedirectFilter.java | 2 +- .../AuthorizationGrantTokenExchanger.java | 4 +- .../AuthorizationRequestRepository.java | 2 +- .../AuthorizationRequestUriBuilder.java | 2 +- ...DefaultAuthorizationRequestUriBuilder.java | 2 +- .../DefaultStateGenerator.java | 2 +- ...SessionAuthorizationRequestRepository.java | 2 +- ...NimbusAuthorizationCodeTokenExchanger.java | 4 +- ...deAuthenticationProcessingFilterTests.java | 95 ++++++++++--------- ...izationCodeRequestRedirectFilterTests.java | 56 +++++------ .../{authentication => web}/TestUtil.java | 2 +- .../samples/OAuth2LoginApplicationTests.java | 6 +- 22 files changed, 120 insertions(+), 106 deletions(-) rename oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/{ => web}/nimbus/NimbusClientHttpResponse.java (96%) rename oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/{ => web}/nimbus/NimbusOAuth2UserService.java (99%) rename oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/{authentication => web}/AuthorizationCodeAuthenticationProcessingFilter.java (96%) rename oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/{authentication => web}/AuthorizationCodeRequestRedirectFilter.java (99%) rename oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/{authentication => web}/AuthorizationGrantTokenExchanger.java (87%) rename oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/{authentication => web}/AuthorizationRequestRepository.java (96%) rename oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/{authentication => web}/AuthorizationRequestUriBuilder.java (96%) rename oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/{authentication => web}/DefaultAuthorizationRequestUriBuilder.java (97%) rename oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/{authentication => web}/DefaultStateGenerator.java (96%) rename oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/{authentication => web}/HttpSessionAuthorizationRequestRepository.java (97%) rename oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/{authentication => web}/nimbus/NimbusAuthorizationCodeTokenExchanger.java (97%) rename oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/{authentication => web}/AuthorizationCodeAuthenticationProcessingFilterTests.java (67%) rename oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/{authentication => web}/AuthorizationCodeRequestRedirectFilterTests.java (65%) rename oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/{authentication => web}/TestUtil.java (98%) diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java index abd4086272..e0aece2244 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java @@ -78,7 +78,7 @@ final class FilterComparator implements Comparator, Serializable { put(LogoutFilter.class, order); order += STEP; filterToOrder.put( - "org.springframework.security.oauth2.client.authentication.AuthorizationCodeRequestRedirectFilter", + "org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter", order); order += STEP; put(X509AuthenticationFilter.class, order); @@ -89,7 +89,7 @@ final class FilterComparator implements Comparator, Serializable { order); order += STEP; filterToOrder.put( - "org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProcessingFilter", + "org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationProcessingFilter", order); order += STEP; put(UsernamePasswordAuthenticationFilter.class, order); diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java index b792351d88..4e9f7b88e9 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java @@ -62,6 +62,8 @@ import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer; +import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger; +import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder; import org.springframework.security.web.DefaultSecurityFilterChain; import org.springframework.security.web.PortMapper; import org.springframework.security.web.PortMapperImpl; @@ -943,7 +945,7 @@ public final class HttpSecurity extends * *

* At this point in the "authentication flow", the configured - * {@link org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger} + * {@link AuthorizationGrantTokenExchanger} * will exchange the Authorization Code for an Access Token and then use it to access the protected resource * at the UserInfo Endpoint (via {@link org.springframework.security.oauth2.client.user.OAuth2UserService}) * in order to retrieve the details of the Resource Owner (end-user) and establish the "authenticated" session. @@ -1038,8 +1040,8 @@ public final class HttpSecurity extends * @see Section 4.1.2 Authorization Response * @see org.springframework.security.oauth2.client.registration.ClientRegistration * @see org.springframework.security.oauth2.client.registration.ClientRegistrationRepository - * @see org.springframework.security.oauth2.client.authentication.AuthorizationRequestUriBuilder - * @see org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger + * @see AuthorizationRequestUriBuilder + * @see AuthorizationGrantTokenExchanger * @see org.springframework.security.oauth2.client.user.OAuth2UserService * * @return the {@link OAuth2LoginConfigurer} for further customizations diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java index 3f47250497..e75aef3a71 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java @@ -20,19 +20,19 @@ import org.springframework.security.config.annotation.web.configurers.AbstractAu import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; import org.springframework.security.jwt.JwtDecoder; import org.springframework.security.jwt.nimbus.NimbusJwtDecoderJwkSupport; -import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProcessingFilter; +import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationProcessingFilter; import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProvider; import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken; -import org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger; +import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger; import org.springframework.security.oauth2.client.authentication.jwt.DefaultProviderJwtDecoderRegistry; import org.springframework.security.oauth2.client.authentication.jwt.ProviderJwtDecoderRegistry; -import org.springframework.security.oauth2.client.authentication.nimbus.NimbusAuthorizationCodeTokenExchanger; +import org.springframework.security.oauth2.client.web.nimbus.NimbusAuthorizationCodeTokenExchanger; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.token.InMemoryAccessTokenRepository; import org.springframework.security.oauth2.client.token.SecurityTokenRepository; import org.springframework.security.oauth2.client.user.OAuth2UserService; -import org.springframework.security.oauth2.client.user.nimbus.NimbusOAuth2UserService; +import org.springframework.security.oauth2.client.user.web.nimbus.NimbusOAuth2UserService; import org.springframework.security.oauth2.core.AccessToken; import org.springframework.security.oauth2.core.provider.DefaultProviderMetadata; import org.springframework.security.oauth2.core.provider.ProviderMetadata; diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeRequestRedirectFilterConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeRequestRedirectFilterConfigurer.java index a83e2dc297..66e08b944b 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeRequestRedirectFilterConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeRequestRedirectFilterConfigurer.java @@ -17,9 +17,9 @@ package org.springframework.security.config.annotation.web.configurers.oauth2.cl import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; -import org.springframework.security.oauth2.client.authentication.AuthorizationCodeRequestRedirectFilter; -import org.springframework.security.oauth2.client.authentication.AuthorizationRequestUriBuilder; -import org.springframework.security.oauth2.client.authentication.DefaultAuthorizationRequestUriBuilder; +import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter; +import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder; +import org.springframework.security.oauth2.client.web.DefaultAuthorizationRequestUriBuilder; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.security.web.util.matcher.RequestVariablesExtractor; diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java index 71b61c1182..df018b3bbc 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java @@ -20,9 +20,9 @@ import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken; -import org.springframework.security.oauth2.client.authentication.AuthorizationCodeRequestRedirectFilter; -import org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger; -import org.springframework.security.oauth2.client.authentication.AuthorizationRequestUriBuilder; +import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter; +import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger; +import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository; @@ -44,7 +44,7 @@ import java.util.Arrays; import java.util.Map; import java.util.stream.Collectors; -import static org.springframework.security.oauth2.client.authentication.AuthorizationCodeRequestRedirectFilter.CLIENT_ALIAS_URI_VARIABLE_NAME; +import static org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter.CLIENT_ALIAS_URI_VARIABLE_NAME; /** * @author Joe Grandja diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java index 910018ed71..e86a4e78e8 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java @@ -28,6 +28,7 @@ import org.springframework.security.oauth2.client.authentication.jwt.ProviderJwt import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.token.SecurityTokenRepository; import org.springframework.security.oauth2.client.user.OAuth2UserService; +import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger; import org.springframework.security.oauth2.core.AccessToken; import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes; import org.springframework.security.oauth2.core.user.OAuth2User; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/package-info.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/package-info.java index cf81d1aada..6f99394570 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/package-info.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/package-info.java @@ -15,6 +15,6 @@ */ /** * Support classes/interfaces for authenticating an end-user - * with an authorization server using the authorization code grant flow. + * with an authorization server using a specific authorization grant flow. */ package org.springframework.security.oauth2.client.authentication; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/nimbus/NimbusClientHttpResponse.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/web/nimbus/NimbusClientHttpResponse.java similarity index 96% rename from oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/nimbus/NimbusClientHttpResponse.java rename to oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/web/nimbus/NimbusClientHttpResponse.java index 2ee2282c7b..870d69094b 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/nimbus/NimbusClientHttpResponse.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/web/nimbus/NimbusClientHttpResponse.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.springframework.security.oauth2.client.user.nimbus; +package org.springframework.security.oauth2.client.user.web.nimbus; import com.nimbusds.oauth2.sdk.http.HTTPResponse; import org.springframework.http.HttpHeaders; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/nimbus/NimbusOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/web/nimbus/NimbusOAuth2UserService.java similarity index 99% rename from oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/nimbus/NimbusOAuth2UserService.java rename to oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/web/nimbus/NimbusOAuth2UserService.java index 7615b313fa..b650e65cde 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/nimbus/NimbusOAuth2UserService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/web/nimbus/NimbusOAuth2UserService.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.springframework.security.oauth2.client.user.nimbus; +package org.springframework.security.oauth2.client.user.web.nimbus; import com.nimbusds.oauth2.sdk.ErrorObject; import com.nimbusds.oauth2.sdk.ParseException; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProcessingFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationProcessingFilter.java similarity index 96% rename from oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProcessingFilter.java rename to oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationProcessingFilter.java index b063ab57b5..50fa541f49 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProcessingFilter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationProcessingFilter.java @@ -13,11 +13,15 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.springframework.security.oauth2.client.authentication; +package org.springframework.security.oauth2.client.web; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; +import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProvider; +import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken; +import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException; +import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.user.OAuth2UserService; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeRequestRedirectFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeRequestRedirectFilter.java similarity index 99% rename from oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeRequestRedirectFilter.java rename to oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeRequestRedirectFilter.java index 27648c26a8..6cdf9c3289 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeRequestRedirectFilter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeRequestRedirectFilter.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.springframework.security.oauth2.client.authentication; +package org.springframework.security.oauth2.client.web; import org.springframework.security.crypto.keygen.StringKeyGenerator; import org.springframework.security.oauth2.client.registration.ClientRegistration; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationGrantTokenExchanger.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationGrantTokenExchanger.java similarity index 87% rename from oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationGrantTokenExchanger.java rename to oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationGrantTokenExchanger.java index b5980bde6b..ec33c5e6cc 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationGrantTokenExchanger.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationGrantTokenExchanger.java @@ -13,9 +13,11 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.springframework.security.oauth2.client.authentication; +package org.springframework.security.oauth2.client.web; +import org.springframework.security.oauth2.client.authentication.AuthorizationGrantAuthenticationToken; +import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java similarity index 96% rename from oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationRequestRepository.java rename to oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java index ecacce1264..3dcb906368 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationRequestRepository.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.springframework.security.oauth2.client.authentication; +package org.springframework.security.oauth2.client.web; import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationRequestUriBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestUriBuilder.java similarity index 96% rename from oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationRequestUriBuilder.java rename to oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestUriBuilder.java index a64008b451..a2fe694c36 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationRequestUriBuilder.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestUriBuilder.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.springframework.security.oauth2.client.authentication; +package org.springframework.security.oauth2.client.web; import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/DefaultAuthorizationRequestUriBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultAuthorizationRequestUriBuilder.java similarity index 97% rename from oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/DefaultAuthorizationRequestUriBuilder.java rename to oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultAuthorizationRequestUriBuilder.java index ae4d9a49db..f5e7b6d7bf 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/DefaultAuthorizationRequestUriBuilder.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultAuthorizationRequestUriBuilder.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.springframework.security.oauth2.client.authentication; +package org.springframework.security.oauth2.client.web; import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes; import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/DefaultStateGenerator.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultStateGenerator.java similarity index 96% rename from oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/DefaultStateGenerator.java rename to oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultStateGenerator.java index 37e79be250..40aa829c80 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/DefaultStateGenerator.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultStateGenerator.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.springframework.security.oauth2.client.authentication; +package org.springframework.security.oauth2.client.web; import java.util.Base64; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/HttpSessionAuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionAuthorizationRequestRepository.java similarity index 97% rename from oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/HttpSessionAuthorizationRequestRepository.java rename to oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionAuthorizationRequestRepository.java index 930f1bd208..a3c4c63909 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/HttpSessionAuthorizationRequestRepository.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionAuthorizationRequestRepository.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.springframework.security.oauth2.client.authentication; +package org.springframework.security.oauth2.client.web; import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/nimbus/NimbusAuthorizationCodeTokenExchanger.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/nimbus/NimbusAuthorizationCodeTokenExchanger.java similarity index 97% rename from oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/nimbus/NimbusAuthorizationCodeTokenExchanger.java rename to oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/nimbus/NimbusAuthorizationCodeTokenExchanger.java index a4373125cd..b52ad91ad1 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/nimbus/NimbusAuthorizationCodeTokenExchanger.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/nimbus/NimbusAuthorizationCodeTokenExchanger.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.springframework.security.oauth2.client.authentication.nimbus; +package org.springframework.security.oauth2.client.web.nimbus; import com.nimbusds.oauth2.sdk.AccessTokenResponse; @@ -34,7 +34,7 @@ import com.nimbusds.oauth2.sdk.id.ClientID; import org.springframework.http.MediaType; import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken; -import org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger; +import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger; import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.core.AccessToken; diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProcessingFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationProcessingFilterTests.java similarity index 67% rename from oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProcessingFilterTests.java rename to oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationProcessingFilterTests.java index 47f3656013..d8b3e1a81b 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProcessingFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationProcessingFilterTests.java @@ -13,16 +13,20 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.springframework.security.oauth2.client.authentication; +package org.springframework.security.oauth2.client.web; +import org.assertj.core.api.Assertions; import org.junit.Test; import org.mockito.ArgumentCaptor; +import org.mockito.Matchers; +import org.mockito.Mockito; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; +import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.core.OAuth2Error; @@ -38,7 +42,6 @@ import javax.servlet.http.HttpServletResponse; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Matchers.any; import static org.mockito.Mockito.*; -import static org.springframework.security.oauth2.client.authentication.TestUtil.*; /** * Tests {@link AuthorizationCodeAuthenticationProcessingFilter}. @@ -49,28 +52,28 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests { @Test public void doFilterWhenNotAuthorizationCodeResponseThenContinueChain() throws Exception { - ClientRegistration clientRegistration = googleClientRegistration(); + ClientRegistration clientRegistration = TestUtil.googleClientRegistration(); - AuthorizationCodeAuthenticationProcessingFilter filter = spy(setupFilter(clientRegistration)); + AuthorizationCodeAuthenticationProcessingFilter filter = Mockito.spy(setupFilter(clientRegistration)); String requestURI = "/path"; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestURI); request.setServletPath(requestURI); MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain filterChain = mock(FilterChain.class); + FilterChain filterChain = Mockito.mock(FilterChain.class); filter.doFilter(request, response, filterChain); - verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - verify(filter, never()).attemptAuthentication(any(HttpServletRequest.class), any(HttpServletResponse.class)); + Mockito.verify(filterChain).doFilter(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class)); + Mockito.verify(filter, Mockito.never()).attemptAuthentication(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class)); } @Test public void doFilterWhenAuthorizationCodeErrorResponseThenAuthenticationFailureHandlerIsCalled() throws Exception { - ClientRegistration clientRegistration = githubClientRegistration(); + ClientRegistration clientRegistration = TestUtil.githubClientRegistration(); - AuthorizationCodeAuthenticationProcessingFilter filter = spy(setupFilter(clientRegistration)); - AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class); + AuthorizationCodeAuthenticationProcessingFilter filter = Mockito.spy(setupFilter(clientRegistration)); + AuthenticationFailureHandler failureHandler = Mockito.mock(AuthenticationFailureHandler.class); filter.setAuthenticationFailureHandler(failureHandler); MockHttpServletRequest request = this.setupRequest(clientRegistration); @@ -78,25 +81,25 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests { request.addParameter(OAuth2Parameter.ERROR, errorCode); request.addParameter(OAuth2Parameter.STATE, "some state"); MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain filterChain = mock(FilterChain.class); + FilterChain filterChain = Mockito.mock(FilterChain.class); filter.doFilter(request, response, filterChain); - verify(filter).attemptAuthentication(any(HttpServletRequest.class), any(HttpServletResponse.class)); - verify(failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), - any(AuthenticationException.class)); + Mockito.verify(filter).attemptAuthentication(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class)); + Mockito.verify(failureHandler).onAuthenticationFailure(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class), + Matchers.any(AuthenticationException.class)); } @Test public void doFilterWhenAuthorizationCodeSuccessResponseThenAuthenticationSuccessHandlerIsCalled() throws Exception { TestingAuthenticationToken authentication = new TestingAuthenticationToken("joe", "password", "user", "admin"); - AuthenticationManager authenticationManager = mock(AuthenticationManager.class); - when(authenticationManager.authenticate(any(Authentication.class))).thenReturn(authentication); + AuthenticationManager authenticationManager = Mockito.mock(AuthenticationManager.class); + Mockito.when(authenticationManager.authenticate(Matchers.any(Authentication.class))).thenReturn(authentication); - ClientRegistration clientRegistration = githubClientRegistration(); + ClientRegistration clientRegistration = TestUtil.githubClientRegistration(); - AuthorizationCodeAuthenticationProcessingFilter filter = spy(setupFilter(authenticationManager, clientRegistration)); - AuthenticationSuccessHandler successHandler = mock(AuthenticationSuccessHandler.class); + AuthorizationCodeAuthenticationProcessingFilter filter = Mockito.spy(setupFilter(authenticationManager, clientRegistration)); + AuthenticationSuccessHandler successHandler = Mockito.mock(AuthenticationSuccessHandler.class); filter.setAuthenticationSuccessHandler(successHandler); AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository(); filter.setAuthorizationRequestRepository(authorizationRequestRepository); @@ -108,24 +111,24 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests { request.addParameter(OAuth2Parameter.STATE, state); MockHttpServletResponse response = new MockHttpServletResponse(); setupAuthorizationRequest(authorizationRequestRepository, request, response, clientRegistration, state); - FilterChain filterChain = mock(FilterChain.class); + FilterChain filterChain = Mockito.mock(FilterChain.class); filter.doFilter(request, response, filterChain); - verify(filter).attemptAuthentication(any(HttpServletRequest.class), any(HttpServletResponse.class)); + Mockito.verify(filter).attemptAuthentication(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class)); ArgumentCaptor authenticationArgCaptor = ArgumentCaptor.forClass(Authentication.class); - verify(successHandler).onAuthenticationSuccess(any(HttpServletRequest.class), any(HttpServletResponse.class), + Mockito.verify(successHandler).onAuthenticationSuccess(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class), authenticationArgCaptor.capture()); - assertThat(authenticationArgCaptor.getValue()).isEqualTo(authentication); + Assertions.assertThat(authenticationArgCaptor.getValue()).isEqualTo(authentication); } @Test public void doFilterWhenAuthorizationCodeSuccessResponseAndNoMatchingAuthorizationRequestThenThrowOAuth2AuthenticationExceptionAuthorizationRequestNotFound() throws Exception { - ClientRegistration clientRegistration = githubClientRegistration(); + ClientRegistration clientRegistration = TestUtil.githubClientRegistration(); - AuthorizationCodeAuthenticationProcessingFilter filter = spy(setupFilter(clientRegistration)); - AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class); + AuthorizationCodeAuthenticationProcessingFilter filter = Mockito.spy(setupFilter(clientRegistration)); + AuthenticationFailureHandler failureHandler = Mockito.mock(AuthenticationFailureHandler.class); filter.setAuthenticationFailureHandler(failureHandler); MockHttpServletRequest request = this.setupRequest(clientRegistration); @@ -134,7 +137,7 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests { request.addParameter(OAuth2Parameter.CODE, authCode); request.addParameter(OAuth2Parameter.STATE, state); MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain filterChain = mock(FilterChain.class); + FilterChain filterChain = Mockito.mock(FilterChain.class); filter.doFilter(request, response, filterChain); @@ -143,10 +146,10 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests { @Test public void doFilterWhenAuthorizationCodeSuccessResponseWithInvalidStateParamThenThrowOAuth2AuthenticationExceptionInvalidStateParameter() throws Exception { - ClientRegistration clientRegistration = githubClientRegistration(); + ClientRegistration clientRegistration = TestUtil.githubClientRegistration(); - AuthorizationCodeAuthenticationProcessingFilter filter = spy(setupFilter(clientRegistration)); - AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class); + AuthorizationCodeAuthenticationProcessingFilter filter = Mockito.spy(setupFilter(clientRegistration)); + AuthenticationFailureHandler failureHandler = Mockito.mock(AuthenticationFailureHandler.class); filter.setAuthenticationFailureHandler(failureHandler); AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository(); filter.setAuthorizationRequestRepository(authorizationRequestRepository); @@ -158,7 +161,7 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests { request.addParameter(OAuth2Parameter.STATE, state); MockHttpServletResponse response = new MockHttpServletResponse(); setupAuthorizationRequest(authorizationRequestRepository, request, response, clientRegistration, "some state"); - FilterChain filterChain = mock(FilterChain.class); + FilterChain filterChain = Mockito.mock(FilterChain.class); filter.doFilter(request, response, filterChain); @@ -167,10 +170,10 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests { @Test public void doFilterWhenAuthorizationCodeSuccessResponseWithInvalidRedirectUriParamThenThrowOAuth2AuthenticationExceptionInvalidRedirectUriParameter() throws Exception { - ClientRegistration clientRegistration = githubClientRegistration(); + ClientRegistration clientRegistration = TestUtil.githubClientRegistration(); - AuthorizationCodeAuthenticationProcessingFilter filter = spy(setupFilter(clientRegistration)); - AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class); + AuthorizationCodeAuthenticationProcessingFilter filter = Mockito.spy(setupFilter(clientRegistration)); + AuthenticationFailureHandler failureHandler = Mockito.mock(AuthenticationFailureHandler.class); filter.setAuthenticationFailureHandler(failureHandler); AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository(); filter.setAuthorizationRequestRepository(authorizationRequestRepository); @@ -183,7 +186,7 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests { request.addParameter(OAuth2Parameter.STATE, state); MockHttpServletResponse response = new MockHttpServletResponse(); setupAuthorizationRequest(authorizationRequestRepository, request, response, clientRegistration, state); - FilterChain filterChain = mock(FilterChain.class); + FilterChain filterChain = Mockito.mock(FilterChain.class); filter.doFilter(request, response, filterChain); @@ -194,21 +197,21 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests { AuthenticationFailureHandler failureHandler, String errorCode) throws Exception { - verify(filter).attemptAuthentication(any(HttpServletRequest.class), any(HttpServletResponse.class)); + Mockito.verify(filter).attemptAuthentication(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class)); ArgumentCaptor authenticationExceptionArgCaptor = ArgumentCaptor.forClass(AuthenticationException.class); - verify(failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), + Mockito.verify(failureHandler).onAuthenticationFailure(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture()); - assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class); + Assertions.assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class); OAuth2AuthenticationException oauth2AuthenticationException = (OAuth2AuthenticationException)authenticationExceptionArgCaptor.getValue(); - assertThat(oauth2AuthenticationException.getErrorObject()).isNotNull(); - assertThat(oauth2AuthenticationException.getErrorObject().getErrorCode()).isEqualTo(errorCode); + Assertions.assertThat(oauth2AuthenticationException.getErrorObject()).isNotNull(); + Assertions.assertThat(oauth2AuthenticationException.getErrorObject().getErrorCode()).isEqualTo(errorCode); } private AuthorizationCodeAuthenticationProcessingFilter setupFilter(ClientRegistration... clientRegistrations) throws Exception { - AuthenticationManager authenticationManager = mock(AuthenticationManager.class); + AuthenticationManager authenticationManager = Mockito.mock(AuthenticationManager.class); return setupFilter(authenticationManager, clientRegistrations); } @@ -216,7 +219,7 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests { private AuthorizationCodeAuthenticationProcessingFilter setupFilter( AuthenticationManager authenticationManager, ClientRegistration... clientRegistrations) throws Exception { - ClientRegistrationRepository clientRegistrationRepository = clientRegistrationRepository(clientRegistrations); + ClientRegistrationRepository clientRegistrationRepository = TestUtil.clientRegistrationRepository(clientRegistrations); AuthorizationCodeAuthenticationProcessingFilter filter = new AuthorizationCodeAuthenticationProcessingFilter(); filter.setClientRegistrationRepository(clientRegistrationRepository); @@ -244,11 +247,11 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests { } private MockHttpServletRequest setupRequest(ClientRegistration clientRegistration) { - String requestURI = AUTHORIZE_BASE_URI + "/" + clientRegistration.getClientAlias(); + String requestURI = TestUtil.AUTHORIZE_BASE_URI + "/" + clientRegistration.getClientAlias(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestURI); - request.setScheme(DEFAULT_SCHEME); - request.setServerName(DEFAULT_SERVER_NAME); - request.setServerPort(DEFAULT_SERVER_PORT); + request.setScheme(TestUtil.DEFAULT_SCHEME); + request.setServerName(TestUtil.DEFAULT_SERVER_NAME); + request.setServerPort(TestUtil.DEFAULT_SERVER_PORT); request.setServletPath(requestURI); return request; } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeRequestRedirectFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationCodeRequestRedirectFilterTests.java similarity index 65% rename from oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeRequestRedirectFilterTests.java rename to oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationCodeRequestRedirectFilterTests.java index 1ec5308f8b..b80eedee99 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeRequestRedirectFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationCodeRequestRedirectFilterTests.java @@ -13,9 +13,12 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.springframework.security.oauth2.client.authentication; +package org.springframework.security.oauth2.client.web; +import org.assertj.core.api.Assertions; import org.junit.Test; +import org.mockito.Matchers; +import org.mockito.Mockito; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.oauth2.client.registration.ClientRegistration; @@ -29,7 +32,6 @@ import java.net.URI; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.*; -import static org.springframework.security.oauth2.client.authentication.TestUtil.*; /** * Tests {@link AuthorizationCodeRequestRedirectFilter}. @@ -40,17 +42,17 @@ public class AuthorizationCodeRequestRedirectFilterTests { @Test(expected = IllegalArgumentException.class) public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() { - new AuthorizationCodeRequestRedirectFilter(null, mock(AuthorizationRequestUriBuilder.class)); + new AuthorizationCodeRequestRedirectFilter(null, Mockito.mock(AuthorizationRequestUriBuilder.class)); } @Test(expected = IllegalArgumentException.class) public void constructorWhenAuthorizationRequestUriBuilderIsNullThenThrowIllegalArgumentException() { - new AuthorizationCodeRequestRedirectFilter(mock(ClientRegistrationRepository.class), null); + new AuthorizationCodeRequestRedirectFilter(Mockito.mock(ClientRegistrationRepository.class), null); } @Test public void doFilterWhenRequestDoesNotMatchClientThenContinueChain() throws Exception { - ClientRegistration clientRegistration = googleClientRegistration(); + ClientRegistration clientRegistration = TestUtil.googleClientRegistration(); String authorizationUri = clientRegistration.getProviderDetails().getAuthorizationUri().toString(); AuthorizationCodeRequestRedirectFilter filter = setupFilter(authorizationUri, clientRegistration); @@ -59,72 +61,72 @@ public class AuthorizationCodeRequestRedirectFilterTests { MockHttpServletRequest request = new MockHttpServletRequest("GET", requestURI); request.setServletPath(requestURI); MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain filterChain = mock(FilterChain.class); + FilterChain filterChain = Mockito.mock(FilterChain.class); filter.doFilter(request, response, filterChain); - verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); + Mockito.verify(filterChain).doFilter(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class)); } @Test public void doFilterWhenRequestMatchesClientThenRedirectForAuthorization() throws Exception { - ClientRegistration clientRegistration = googleClientRegistration(); + ClientRegistration clientRegistration = TestUtil.googleClientRegistration(); String authorizationUri = clientRegistration.getProviderDetails().getAuthorizationUri().toString(); AuthorizationCodeRequestRedirectFilter filter = setupFilter(authorizationUri, clientRegistration); - String requestUri = AUTHORIZATION_BASE_URI + "/" + clientRegistration.getClientAlias(); + String requestUri = TestUtil.AUTHORIZATION_BASE_URI + "/" + clientRegistration.getClientAlias(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain filterChain = mock(FilterChain.class); + FilterChain filterChain = Mockito.mock(FilterChain.class); filter.doFilter(request, response, filterChain); - verifyZeroInteractions(filterChain); // Request should not proceed up the chain + Mockito.verifyZeroInteractions(filterChain); // Request should not proceed up the chain - assertThat(response.getRedirectedUrl()).isEqualTo(authorizationUri); + Assertions.assertThat(response.getRedirectedUrl()).isEqualTo(authorizationUri); } @Test public void doFilterWhenRequestMatchesClientThenAuthorizationRequestSavedInSession() throws Exception { - ClientRegistration clientRegistration = githubClientRegistration(); + ClientRegistration clientRegistration = TestUtil.githubClientRegistration(); String authorizationUri = clientRegistration.getProviderDetails().getAuthorizationUri().toString(); AuthorizationCodeRequestRedirectFilter filter = setupFilter(authorizationUri, clientRegistration); AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository(); filter.setAuthorizationRequestRepository(authorizationRequestRepository); - String requestUri = AUTHORIZATION_BASE_URI + "/" + clientRegistration.getClientAlias(); + String requestUri = TestUtil.AUTHORIZATION_BASE_URI + "/" + clientRegistration.getClientAlias(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain filterChain = mock(FilterChain.class); + FilterChain filterChain = Mockito.mock(FilterChain.class); filter.doFilter(request, response, filterChain); - verifyZeroInteractions(filterChain); // Request should not proceed up the chain + Mockito.verifyZeroInteractions(filterChain); // Request should not proceed up the chain // The authorization request attributes are saved in the session before the redirect happens AuthorizationRequestAttributes authorizationRequestAttributes = authorizationRequestRepository.loadAuthorizationRequest(request); - assertThat(authorizationRequestAttributes).isNotNull(); + Assertions.assertThat(authorizationRequestAttributes).isNotNull(); - assertThat(authorizationRequestAttributes.getAuthorizeUri()).isNotNull(); - assertThat(authorizationRequestAttributes.getGrantType()).isNotNull(); - assertThat(authorizationRequestAttributes.getResponseType()).isNotNull(); - assertThat(authorizationRequestAttributes.getClientId()).isNotNull(); - assertThat(authorizationRequestAttributes.getRedirectUri()).isNotNull(); - assertThat(authorizationRequestAttributes.getScope()).isNotNull(); - assertThat(authorizationRequestAttributes.getState()).isNotNull(); + Assertions.assertThat(authorizationRequestAttributes.getAuthorizeUri()).isNotNull(); + Assertions.assertThat(authorizationRequestAttributes.getGrantType()).isNotNull(); + Assertions.assertThat(authorizationRequestAttributes.getResponseType()).isNotNull(); + Assertions.assertThat(authorizationRequestAttributes.getClientId()).isNotNull(); + Assertions.assertThat(authorizationRequestAttributes.getRedirectUri()).isNotNull(); + Assertions.assertThat(authorizationRequestAttributes.getScope()).isNotNull(); + Assertions.assertThat(authorizationRequestAttributes.getState()).isNotNull(); } private AuthorizationCodeRequestRedirectFilter setupFilter(String authorizationUri, ClientRegistration... clientRegistrations) throws Exception { - AuthorizationRequestUriBuilder authorizationUriBuilder = mock(AuthorizationRequestUriBuilder.class); + AuthorizationRequestUriBuilder authorizationUriBuilder = Mockito.mock(AuthorizationRequestUriBuilder.class); URI authorizationURI = new URI(authorizationUri); - when(authorizationUriBuilder.build(any(AuthorizationRequestAttributes.class))).thenReturn(authorizationURI); + Mockito.when(authorizationUriBuilder.build(Matchers.any(AuthorizationRequestAttributes.class))).thenReturn(authorizationURI); return setupFilter(authorizationUriBuilder, clientRegistrations); } @@ -132,7 +134,7 @@ public class AuthorizationCodeRequestRedirectFilterTests { private AuthorizationCodeRequestRedirectFilter setupFilter(AuthorizationRequestUriBuilder authorizationUriBuilder, ClientRegistration... clientRegistrations) throws Exception { - ClientRegistrationRepository clientRegistrationRepository = clientRegistrationRepository(clientRegistrations); + ClientRegistrationRepository clientRegistrationRepository = TestUtil.clientRegistrationRepository(clientRegistrations); AuthorizationCodeRequestRedirectFilter filter = new AuthorizationCodeRequestRedirectFilter( clientRegistrationRepository, authorizationUriBuilder); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestUtil.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/TestUtil.java similarity index 98% rename from oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestUtil.java rename to oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/TestUtil.java index 81938e6b8e..d4624ae86b 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestUtil.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/TestUtil.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.springframework.security.oauth2.client.authentication; +package org.springframework.security.oauth2.client.web; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationProperties; diff --git a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java index 8d88cbc3f3..5736c4d957 100644 --- a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java +++ b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java @@ -36,10 +36,10 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProcessingFilter; +import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationProcessingFilter; import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken; -import org.springframework.security.oauth2.client.authentication.AuthorizationCodeRequestRedirectFilter; -import org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger; +import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter; +import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.user.OAuth2UserService;