Move servlet-specific classes to 'web' package
Fixes gh-4366
This commit is contained in:
Joe Grandja
parent
0a36359f11
commit
65b968f04a
|
|
@ -78,7 +78,7 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
|
|||
put(LogoutFilter.class, order);
|
||||
order += STEP;
|
||||
filterToOrder.put(
|
||||
"org.springframework.security.oauth2.client.authentication.AuthorizationCodeRequestRedirectFilter",
|
||||
"org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter",
|
||||
order);
|
||||
order += STEP;
|
||||
put(X509AuthenticationFilter.class, order);
|
||||
|
|
@ -89,7 +89,7 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
|
|||
order);
|
||||
order += STEP;
|
||||
filterToOrder.put(
|
||||
"org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProcessingFilter",
|
||||
"org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationProcessingFilter",
|
||||
order);
|
||||
order += STEP;
|
||||
put(UsernamePasswordAuthenticationFilter.class, order);
|
||||
|
|
|
|||
|
|
@ -62,6 +62,8 @@ import org.springframework.security.core.context.SecurityContext;
|
|||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder;
|
||||
import org.springframework.security.web.DefaultSecurityFilterChain;
|
||||
import org.springframework.security.web.PortMapper;
|
||||
import org.springframework.security.web.PortMapperImpl;
|
||||
|
|
@ -943,7 +945,7 @@ public final class HttpSecurity extends
|
|||
*
|
||||
* <p>
|
||||
* At this point in the <i>"authentication flow"</i>, the configured
|
||||
* {@link org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger}
|
||||
* {@link AuthorizationGrantTokenExchanger}
|
||||
* will exchange the <i>Authorization Code</i> for an <i>Access Token</i> and then use it to access the protected resource
|
||||
* at the <i>UserInfo Endpoint</i> (via {@link org.springframework.security.oauth2.client.user.OAuth2UserService})
|
||||
* in order to retrieve the details of the <i>Resource Owner</i> (end-user) and establish the <i>"authenticated"</i> session.
|
||||
|
|
@ -1038,8 +1040,8 @@ public final class HttpSecurity extends
|
|||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization Response</a>
|
||||
* @see org.springframework.security.oauth2.client.registration.ClientRegistration
|
||||
* @see org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
|
||||
* @see org.springframework.security.oauth2.client.authentication.AuthorizationRequestUriBuilder
|
||||
* @see org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger
|
||||
* @see AuthorizationRequestUriBuilder
|
||||
* @see AuthorizationGrantTokenExchanger
|
||||
* @see org.springframework.security.oauth2.client.user.OAuth2UserService
|
||||
*
|
||||
* @return the {@link OAuth2LoginConfigurer} for further customizations
|
||||
|
|
|
|||
|
|
@ -20,19 +20,19 @@ import org.springframework.security.config.annotation.web.configurers.AbstractAu
|
|||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||
import org.springframework.security.jwt.JwtDecoder;
|
||||
import org.springframework.security.jwt.nimbus.NimbusJwtDecoderJwkSupport;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProcessingFilter;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationProcessingFilter;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProvider;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
|
||||
import org.springframework.security.oauth2.client.authentication.jwt.DefaultProviderJwtDecoderRegistry;
|
||||
import org.springframework.security.oauth2.client.authentication.jwt.ProviderJwtDecoderRegistry;
|
||||
import org.springframework.security.oauth2.client.authentication.nimbus.NimbusAuthorizationCodeTokenExchanger;
|
||||
import org.springframework.security.oauth2.client.web.nimbus.NimbusAuthorizationCodeTokenExchanger;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.token.InMemoryAccessTokenRepository;
|
||||
import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
|
||||
import org.springframework.security.oauth2.client.user.OAuth2UserService;
|
||||
import org.springframework.security.oauth2.client.user.nimbus.NimbusOAuth2UserService;
|
||||
import org.springframework.security.oauth2.client.user.web.nimbus.NimbusOAuth2UserService;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.provider.DefaultProviderMetadata;
|
||||
import org.springframework.security.oauth2.core.provider.ProviderMetadata;
|
||||
|
|
|
|||
|
|
@ -17,9 +17,9 @@ package org.springframework.security.config.annotation.web.configurers.oauth2.cl
|
|||
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeRequestRedirectFilter;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationRequestUriBuilder;
|
||||
import org.springframework.security.oauth2.client.authentication.DefaultAuthorizationRequestUriBuilder;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder;
|
||||
import org.springframework.security.oauth2.client.web.DefaultAuthorizationRequestUriBuilder;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.RequestVariablesExtractor;
|
||||
|
|
|
|||
|
|
@ -20,9 +20,9 @@ import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
|||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeRequestRedirectFilter;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationRequestUriBuilder;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
|
||||
|
|
@ -44,7 +44,7 @@ import java.util.Arrays;
|
|||
import java.util.Map;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import static org.springframework.security.oauth2.client.authentication.AuthorizationCodeRequestRedirectFilter.CLIENT_ALIAS_URI_VARIABLE_NAME;
|
||||
import static org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter.CLIENT_ALIAS_URI_VARIABLE_NAME;
|
||||
|
||||
/**
|
||||
* @author Joe Grandja
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ import org.springframework.security.oauth2.client.authentication.jwt.ProviderJwt
|
|||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
|
||||
import org.springframework.security.oauth2.client.user.OAuth2UserService;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
|
|
|
|||
|
|
@ -15,6 +15,6 @@
|
|||
*/
|
||||
/**
|
||||
* Support classes/interfaces for authenticating an <i>end-user</i>
|
||||
* with an <i>authorization server</i> using the <i>authorization code grant flow</i>.
|
||||
* with an <i>authorization server</i> using a specific <i>authorization grant flow</i>.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.authentication;
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.user.nimbus;
|
||||
package org.springframework.security.oauth2.client.user.web.nimbus;
|
||||
|
||||
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.user.nimbus;
|
||||
package org.springframework.security.oauth2.client.user.web.nimbus;
|
||||
|
||||
import com.nimbusds.oauth2.sdk.ErrorObject;
|
||||
import com.nimbusds.oauth2.sdk.ParseException;
|
||||
|
|
@ -13,11 +13,15 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.authentication;
|
||||
package org.springframework.security.oauth2.client.web;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProvider;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.user.OAuth2UserService;
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.authentication;
|
||||
package org.springframework.security.oauth2.client.web;
|
||||
|
||||
import org.springframework.security.crypto.keygen.StringKeyGenerator;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
|
|
@ -13,9 +13,11 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.authentication;
|
||||
package org.springframework.security.oauth2.client.web;
|
||||
|
||||
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationGrantAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes;
|
||||
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.authentication;
|
||||
package org.springframework.security.oauth2.client.web;
|
||||
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
|
||||
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.authentication;
|
||||
package org.springframework.security.oauth2.client.web;
|
||||
|
||||
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.authentication;
|
||||
package org.springframework.security.oauth2.client.web;
|
||||
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.authentication;
|
||||
package org.springframework.security.oauth2.client.web;
|
||||
|
||||
import java.util.Base64;
|
||||
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.authentication;
|
||||
package org.springframework.security.oauth2.client.web;
|
||||
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
|
||||
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.authentication.nimbus;
|
||||
package org.springframework.security.oauth2.client.web.nimbus;
|
||||
|
||||
|
||||
import com.nimbusds.oauth2.sdk.AccessTokenResponse;
|
||||
|
|
@ -34,7 +34,7 @@ import com.nimbusds.oauth2.sdk.id.ClientID;
|
|||
import org.springframework.http.MediaType;
|
||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
|
|
@ -13,16 +13,20 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.authentication;
|
||||
package org.springframework.security.oauth2.client.web;
|
||||
|
||||
import org.assertj.core.api.Assertions;
|
||||
import org.junit.Test;
|
||||
import org.mockito.ArgumentCaptor;
|
||||
import org.mockito.Matchers;
|
||||
import org.mockito.Mockito;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
|
|
@ -38,7 +42,6 @@ import javax.servlet.http.HttpServletResponse;
|
|||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.Matchers.any;
|
||||
import static org.mockito.Mockito.*;
|
||||
import static org.springframework.security.oauth2.client.authentication.TestUtil.*;
|
||||
|
||||
/**
|
||||
* Tests {@link AuthorizationCodeAuthenticationProcessingFilter}.
|
||||
|
|
@ -49,28 +52,28 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
|
|||
|
||||
@Test
|
||||
public void doFilterWhenNotAuthorizationCodeResponseThenContinueChain() throws Exception {
|
||||
ClientRegistration clientRegistration = googleClientRegistration();
|
||||
ClientRegistration clientRegistration = TestUtil.googleClientRegistration();
|
||||
|
||||
AuthorizationCodeAuthenticationProcessingFilter filter = spy(setupFilter(clientRegistration));
|
||||
AuthorizationCodeAuthenticationProcessingFilter filter = Mockito.spy(setupFilter(clientRegistration));
|
||||
|
||||
String requestURI = "/path";
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", requestURI);
|
||||
request.setServletPath(requestURI);
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
FilterChain filterChain = mock(FilterChain.class);
|
||||
FilterChain filterChain = Mockito.mock(FilterChain.class);
|
||||
|
||||
filter.doFilter(request, response, filterChain);
|
||||
|
||||
verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
|
||||
verify(filter, never()).attemptAuthentication(any(HttpServletRequest.class), any(HttpServletResponse.class));
|
||||
Mockito.verify(filterChain).doFilter(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class));
|
||||
Mockito.verify(filter, Mockito.never()).attemptAuthentication(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void doFilterWhenAuthorizationCodeErrorResponseThenAuthenticationFailureHandlerIsCalled() throws Exception {
|
||||
ClientRegistration clientRegistration = githubClientRegistration();
|
||||
ClientRegistration clientRegistration = TestUtil.githubClientRegistration();
|
||||
|
||||
AuthorizationCodeAuthenticationProcessingFilter filter = spy(setupFilter(clientRegistration));
|
||||
AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class);
|
||||
AuthorizationCodeAuthenticationProcessingFilter filter = Mockito.spy(setupFilter(clientRegistration));
|
||||
AuthenticationFailureHandler failureHandler = Mockito.mock(AuthenticationFailureHandler.class);
|
||||
filter.setAuthenticationFailureHandler(failureHandler);
|
||||
|
||||
MockHttpServletRequest request = this.setupRequest(clientRegistration);
|
||||
|
|
@ -78,25 +81,25 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
|
|||
request.addParameter(OAuth2Parameter.ERROR, errorCode);
|
||||
request.addParameter(OAuth2Parameter.STATE, "some state");
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
FilterChain filterChain = mock(FilterChain.class);
|
||||
FilterChain filterChain = Mockito.mock(FilterChain.class);
|
||||
|
||||
filter.doFilter(request, response, filterChain);
|
||||
|
||||
verify(filter).attemptAuthentication(any(HttpServletRequest.class), any(HttpServletResponse.class));
|
||||
verify(failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class),
|
||||
any(AuthenticationException.class));
|
||||
Mockito.verify(filter).attemptAuthentication(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class));
|
||||
Mockito.verify(failureHandler).onAuthenticationFailure(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class),
|
||||
Matchers.any(AuthenticationException.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void doFilterWhenAuthorizationCodeSuccessResponseThenAuthenticationSuccessHandlerIsCalled() throws Exception {
|
||||
TestingAuthenticationToken authentication = new TestingAuthenticationToken("joe", "password", "user", "admin");
|
||||
AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
|
||||
when(authenticationManager.authenticate(any(Authentication.class))).thenReturn(authentication);
|
||||
AuthenticationManager authenticationManager = Mockito.mock(AuthenticationManager.class);
|
||||
Mockito.when(authenticationManager.authenticate(Matchers.any(Authentication.class))).thenReturn(authentication);
|
||||
|
||||
ClientRegistration clientRegistration = githubClientRegistration();
|
||||
ClientRegistration clientRegistration = TestUtil.githubClientRegistration();
|
||||
|
||||
AuthorizationCodeAuthenticationProcessingFilter filter = spy(setupFilter(authenticationManager, clientRegistration));
|
||||
AuthenticationSuccessHandler successHandler = mock(AuthenticationSuccessHandler.class);
|
||||
AuthorizationCodeAuthenticationProcessingFilter filter = Mockito.spy(setupFilter(authenticationManager, clientRegistration));
|
||||
AuthenticationSuccessHandler successHandler = Mockito.mock(AuthenticationSuccessHandler.class);
|
||||
filter.setAuthenticationSuccessHandler(successHandler);
|
||||
AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository();
|
||||
filter.setAuthorizationRequestRepository(authorizationRequestRepository);
|
||||
|
|
@ -108,24 +111,24 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
|
|||
request.addParameter(OAuth2Parameter.STATE, state);
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
setupAuthorizationRequest(authorizationRequestRepository, request, response, clientRegistration, state);
|
||||
FilterChain filterChain = mock(FilterChain.class);
|
||||
FilterChain filterChain = Mockito.mock(FilterChain.class);
|
||||
|
||||
filter.doFilter(request, response, filterChain);
|
||||
|
||||
verify(filter).attemptAuthentication(any(HttpServletRequest.class), any(HttpServletResponse.class));
|
||||
Mockito.verify(filter).attemptAuthentication(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class));
|
||||
|
||||
ArgumentCaptor<Authentication> authenticationArgCaptor = ArgumentCaptor.forClass(Authentication.class);
|
||||
verify(successHandler).onAuthenticationSuccess(any(HttpServletRequest.class), any(HttpServletResponse.class),
|
||||
Mockito.verify(successHandler).onAuthenticationSuccess(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class),
|
||||
authenticationArgCaptor.capture());
|
||||
assertThat(authenticationArgCaptor.getValue()).isEqualTo(authentication);
|
||||
Assertions.assertThat(authenticationArgCaptor.getValue()).isEqualTo(authentication);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void doFilterWhenAuthorizationCodeSuccessResponseAndNoMatchingAuthorizationRequestThenThrowOAuth2AuthenticationExceptionAuthorizationRequestNotFound() throws Exception {
|
||||
ClientRegistration clientRegistration = githubClientRegistration();
|
||||
ClientRegistration clientRegistration = TestUtil.githubClientRegistration();
|
||||
|
||||
AuthorizationCodeAuthenticationProcessingFilter filter = spy(setupFilter(clientRegistration));
|
||||
AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class);
|
||||
AuthorizationCodeAuthenticationProcessingFilter filter = Mockito.spy(setupFilter(clientRegistration));
|
||||
AuthenticationFailureHandler failureHandler = Mockito.mock(AuthenticationFailureHandler.class);
|
||||
filter.setAuthenticationFailureHandler(failureHandler);
|
||||
|
||||
MockHttpServletRequest request = this.setupRequest(clientRegistration);
|
||||
|
|
@ -134,7 +137,7 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
|
|||
request.addParameter(OAuth2Parameter.CODE, authCode);
|
||||
request.addParameter(OAuth2Parameter.STATE, state);
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
FilterChain filterChain = mock(FilterChain.class);
|
||||
FilterChain filterChain = Mockito.mock(FilterChain.class);
|
||||
|
||||
filter.doFilter(request, response, filterChain);
|
||||
|
||||
|
|
@ -143,10 +146,10 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
|
|||
|
||||
@Test
|
||||
public void doFilterWhenAuthorizationCodeSuccessResponseWithInvalidStateParamThenThrowOAuth2AuthenticationExceptionInvalidStateParameter() throws Exception {
|
||||
ClientRegistration clientRegistration = githubClientRegistration();
|
||||
ClientRegistration clientRegistration = TestUtil.githubClientRegistration();
|
||||
|
||||
AuthorizationCodeAuthenticationProcessingFilter filter = spy(setupFilter(clientRegistration));
|
||||
AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class);
|
||||
AuthorizationCodeAuthenticationProcessingFilter filter = Mockito.spy(setupFilter(clientRegistration));
|
||||
AuthenticationFailureHandler failureHandler = Mockito.mock(AuthenticationFailureHandler.class);
|
||||
filter.setAuthenticationFailureHandler(failureHandler);
|
||||
AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository();
|
||||
filter.setAuthorizationRequestRepository(authorizationRequestRepository);
|
||||
|
|
@ -158,7 +161,7 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
|
|||
request.addParameter(OAuth2Parameter.STATE, state);
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
setupAuthorizationRequest(authorizationRequestRepository, request, response, clientRegistration, "some state");
|
||||
FilterChain filterChain = mock(FilterChain.class);
|
||||
FilterChain filterChain = Mockito.mock(FilterChain.class);
|
||||
|
||||
filter.doFilter(request, response, filterChain);
|
||||
|
||||
|
|
@ -167,10 +170,10 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
|
|||
|
||||
@Test
|
||||
public void doFilterWhenAuthorizationCodeSuccessResponseWithInvalidRedirectUriParamThenThrowOAuth2AuthenticationExceptionInvalidRedirectUriParameter() throws Exception {
|
||||
ClientRegistration clientRegistration = githubClientRegistration();
|
||||
ClientRegistration clientRegistration = TestUtil.githubClientRegistration();
|
||||
|
||||
AuthorizationCodeAuthenticationProcessingFilter filter = spy(setupFilter(clientRegistration));
|
||||
AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class);
|
||||
AuthorizationCodeAuthenticationProcessingFilter filter = Mockito.spy(setupFilter(clientRegistration));
|
||||
AuthenticationFailureHandler failureHandler = Mockito.mock(AuthenticationFailureHandler.class);
|
||||
filter.setAuthenticationFailureHandler(failureHandler);
|
||||
AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository();
|
||||
filter.setAuthorizationRequestRepository(authorizationRequestRepository);
|
||||
|
|
@ -183,7 +186,7 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
|
|||
request.addParameter(OAuth2Parameter.STATE, state);
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
setupAuthorizationRequest(authorizationRequestRepository, request, response, clientRegistration, state);
|
||||
FilterChain filterChain = mock(FilterChain.class);
|
||||
FilterChain filterChain = Mockito.mock(FilterChain.class);
|
||||
|
||||
filter.doFilter(request, response, filterChain);
|
||||
|
||||
|
|
@ -194,21 +197,21 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
|
|||
AuthenticationFailureHandler failureHandler,
|
||||
String errorCode) throws Exception {
|
||||
|
||||
verify(filter).attemptAuthentication(any(HttpServletRequest.class), any(HttpServletResponse.class));
|
||||
Mockito.verify(filter).attemptAuthentication(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class));
|
||||
|
||||
ArgumentCaptor<AuthenticationException> authenticationExceptionArgCaptor =
|
||||
ArgumentCaptor.forClass(AuthenticationException.class);
|
||||
verify(failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class),
|
||||
Mockito.verify(failureHandler).onAuthenticationFailure(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class),
|
||||
authenticationExceptionArgCaptor.capture());
|
||||
assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class);
|
||||
Assertions.assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class);
|
||||
OAuth2AuthenticationException oauth2AuthenticationException =
|
||||
(OAuth2AuthenticationException)authenticationExceptionArgCaptor.getValue();
|
||||
assertThat(oauth2AuthenticationException.getErrorObject()).isNotNull();
|
||||
assertThat(oauth2AuthenticationException.getErrorObject().getErrorCode()).isEqualTo(errorCode);
|
||||
Assertions.assertThat(oauth2AuthenticationException.getErrorObject()).isNotNull();
|
||||
Assertions.assertThat(oauth2AuthenticationException.getErrorObject().getErrorCode()).isEqualTo(errorCode);
|
||||
}
|
||||
|
||||
private AuthorizationCodeAuthenticationProcessingFilter setupFilter(ClientRegistration... clientRegistrations) throws Exception {
|
||||
AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
|
||||
AuthenticationManager authenticationManager = Mockito.mock(AuthenticationManager.class);
|
||||
|
||||
return setupFilter(authenticationManager, clientRegistrations);
|
||||
}
|
||||
|
|
@ -216,7 +219,7 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
|
|||
private AuthorizationCodeAuthenticationProcessingFilter setupFilter(
|
||||
AuthenticationManager authenticationManager, ClientRegistration... clientRegistrations) throws Exception {
|
||||
|
||||
ClientRegistrationRepository clientRegistrationRepository = clientRegistrationRepository(clientRegistrations);
|
||||
ClientRegistrationRepository clientRegistrationRepository = TestUtil.clientRegistrationRepository(clientRegistrations);
|
||||
|
||||
AuthorizationCodeAuthenticationProcessingFilter filter = new AuthorizationCodeAuthenticationProcessingFilter();
|
||||
filter.setClientRegistrationRepository(clientRegistrationRepository);
|
||||
|
|
@ -244,11 +247,11 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
|
|||
}
|
||||
|
||||
private MockHttpServletRequest setupRequest(ClientRegistration clientRegistration) {
|
||||
String requestURI = AUTHORIZE_BASE_URI + "/" + clientRegistration.getClientAlias();
|
||||
String requestURI = TestUtil.AUTHORIZE_BASE_URI + "/" + clientRegistration.getClientAlias();
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", requestURI);
|
||||
request.setScheme(DEFAULT_SCHEME);
|
||||
request.setServerName(DEFAULT_SERVER_NAME);
|
||||
request.setServerPort(DEFAULT_SERVER_PORT);
|
||||
request.setScheme(TestUtil.DEFAULT_SCHEME);
|
||||
request.setServerName(TestUtil.DEFAULT_SERVER_NAME);
|
||||
request.setServerPort(TestUtil.DEFAULT_SERVER_PORT);
|
||||
request.setServletPath(requestURI);
|
||||
return request;
|
||||
}
|
||||
|
|
@ -13,9 +13,12 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.authentication;
|
||||
package org.springframework.security.oauth2.client.web;
|
||||
|
||||
import org.assertj.core.api.Assertions;
|
||||
import org.junit.Test;
|
||||
import org.mockito.Matchers;
|
||||
import org.mockito.Mockito;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
|
|
@ -29,7 +32,6 @@ import java.net.URI;
|
|||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.Mockito.*;
|
||||
import static org.springframework.security.oauth2.client.authentication.TestUtil.*;
|
||||
|
||||
/**
|
||||
* Tests {@link AuthorizationCodeRequestRedirectFilter}.
|
||||
|
|
@ -40,17 +42,17 @@ public class AuthorizationCodeRequestRedirectFilterTests {
|
|||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
|
||||
new AuthorizationCodeRequestRedirectFilter(null, mock(AuthorizationRequestUriBuilder.class));
|
||||
new AuthorizationCodeRequestRedirectFilter(null, Mockito.mock(AuthorizationRequestUriBuilder.class));
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void constructorWhenAuthorizationRequestUriBuilderIsNullThenThrowIllegalArgumentException() {
|
||||
new AuthorizationCodeRequestRedirectFilter(mock(ClientRegistrationRepository.class), null);
|
||||
new AuthorizationCodeRequestRedirectFilter(Mockito.mock(ClientRegistrationRepository.class), null);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void doFilterWhenRequestDoesNotMatchClientThenContinueChain() throws Exception {
|
||||
ClientRegistration clientRegistration = googleClientRegistration();
|
||||
ClientRegistration clientRegistration = TestUtil.googleClientRegistration();
|
||||
String authorizationUri = clientRegistration.getProviderDetails().getAuthorizationUri().toString();
|
||||
AuthorizationCodeRequestRedirectFilter filter =
|
||||
setupFilter(authorizationUri, clientRegistration);
|
||||
|
|
@ -59,72 +61,72 @@ public class AuthorizationCodeRequestRedirectFilterTests {
|
|||
MockHttpServletRequest request = new MockHttpServletRequest("GET", requestURI);
|
||||
request.setServletPath(requestURI);
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
FilterChain filterChain = mock(FilterChain.class);
|
||||
FilterChain filterChain = Mockito.mock(FilterChain.class);
|
||||
|
||||
filter.doFilter(request, response, filterChain);
|
||||
|
||||
verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
|
||||
Mockito.verify(filterChain).doFilter(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void doFilterWhenRequestMatchesClientThenRedirectForAuthorization() throws Exception {
|
||||
ClientRegistration clientRegistration = googleClientRegistration();
|
||||
ClientRegistration clientRegistration = TestUtil.googleClientRegistration();
|
||||
String authorizationUri = clientRegistration.getProviderDetails().getAuthorizationUri().toString();
|
||||
AuthorizationCodeRequestRedirectFilter filter =
|
||||
setupFilter(authorizationUri, clientRegistration);
|
||||
|
||||
String requestUri = AUTHORIZATION_BASE_URI + "/" + clientRegistration.getClientAlias();
|
||||
String requestUri = TestUtil.AUTHORIZATION_BASE_URI + "/" + clientRegistration.getClientAlias();
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
|
||||
request.setServletPath(requestUri);
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
FilterChain filterChain = mock(FilterChain.class);
|
||||
FilterChain filterChain = Mockito.mock(FilterChain.class);
|
||||
|
||||
filter.doFilter(request, response, filterChain);
|
||||
|
||||
verifyZeroInteractions(filterChain); // Request should not proceed up the chain
|
||||
Mockito.verifyZeroInteractions(filterChain); // Request should not proceed up the chain
|
||||
|
||||
assertThat(response.getRedirectedUrl()).isEqualTo(authorizationUri);
|
||||
Assertions.assertThat(response.getRedirectedUrl()).isEqualTo(authorizationUri);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void doFilterWhenRequestMatchesClientThenAuthorizationRequestSavedInSession() throws Exception {
|
||||
ClientRegistration clientRegistration = githubClientRegistration();
|
||||
ClientRegistration clientRegistration = TestUtil.githubClientRegistration();
|
||||
String authorizationUri = clientRegistration.getProviderDetails().getAuthorizationUri().toString();
|
||||
AuthorizationCodeRequestRedirectFilter filter =
|
||||
setupFilter(authorizationUri, clientRegistration);
|
||||
AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository();
|
||||
filter.setAuthorizationRequestRepository(authorizationRequestRepository);
|
||||
|
||||
String requestUri = AUTHORIZATION_BASE_URI + "/" + clientRegistration.getClientAlias();
|
||||
String requestUri = TestUtil.AUTHORIZATION_BASE_URI + "/" + clientRegistration.getClientAlias();
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
|
||||
request.setServletPath(requestUri);
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
FilterChain filterChain = mock(FilterChain.class);
|
||||
FilterChain filterChain = Mockito.mock(FilterChain.class);
|
||||
|
||||
filter.doFilter(request, response, filterChain);
|
||||
|
||||
verifyZeroInteractions(filterChain); // Request should not proceed up the chain
|
||||
Mockito.verifyZeroInteractions(filterChain); // Request should not proceed up the chain
|
||||
|
||||
// The authorization request attributes are saved in the session before the redirect happens
|
||||
AuthorizationRequestAttributes authorizationRequestAttributes =
|
||||
authorizationRequestRepository.loadAuthorizationRequest(request);
|
||||
assertThat(authorizationRequestAttributes).isNotNull();
|
||||
Assertions.assertThat(authorizationRequestAttributes).isNotNull();
|
||||
|
||||
assertThat(authorizationRequestAttributes.getAuthorizeUri()).isNotNull();
|
||||
assertThat(authorizationRequestAttributes.getGrantType()).isNotNull();
|
||||
assertThat(authorizationRequestAttributes.getResponseType()).isNotNull();
|
||||
assertThat(authorizationRequestAttributes.getClientId()).isNotNull();
|
||||
assertThat(authorizationRequestAttributes.getRedirectUri()).isNotNull();
|
||||
assertThat(authorizationRequestAttributes.getScope()).isNotNull();
|
||||
assertThat(authorizationRequestAttributes.getState()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequestAttributes.getAuthorizeUri()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequestAttributes.getGrantType()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequestAttributes.getResponseType()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequestAttributes.getClientId()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequestAttributes.getRedirectUri()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequestAttributes.getScope()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequestAttributes.getState()).isNotNull();
|
||||
}
|
||||
|
||||
private AuthorizationCodeRequestRedirectFilter setupFilter(String authorizationUri,
|
||||
ClientRegistration... clientRegistrations) throws Exception {
|
||||
|
||||
AuthorizationRequestUriBuilder authorizationUriBuilder = mock(AuthorizationRequestUriBuilder.class);
|
||||
AuthorizationRequestUriBuilder authorizationUriBuilder = Mockito.mock(AuthorizationRequestUriBuilder.class);
|
||||
URI authorizationURI = new URI(authorizationUri);
|
||||
when(authorizationUriBuilder.build(any(AuthorizationRequestAttributes.class))).thenReturn(authorizationURI);
|
||||
Mockito.when(authorizationUriBuilder.build(Matchers.any(AuthorizationRequestAttributes.class))).thenReturn(authorizationURI);
|
||||
|
||||
return setupFilter(authorizationUriBuilder, clientRegistrations);
|
||||
}
|
||||
|
|
@ -132,7 +134,7 @@ public class AuthorizationCodeRequestRedirectFilterTests {
|
|||
private AuthorizationCodeRequestRedirectFilter setupFilter(AuthorizationRequestUriBuilder authorizationUriBuilder,
|
||||
ClientRegistration... clientRegistrations) throws Exception {
|
||||
|
||||
ClientRegistrationRepository clientRegistrationRepository = clientRegistrationRepository(clientRegistrations);
|
||||
ClientRegistrationRepository clientRegistrationRepository = TestUtil.clientRegistrationRepository(clientRegistrations);
|
||||
|
||||
AuthorizationCodeRequestRedirectFilter filter = new AuthorizationCodeRequestRedirectFilter(
|
||||
clientRegistrationRepository, authorizationUriBuilder);
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.authentication;
|
||||
package org.springframework.security.oauth2.client.web;
|
||||
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationProperties;
|
||||
|
|
@ -36,10 +36,10 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProcessingFilter;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationProcessingFilter;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeRequestRedirectFilter;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.user.OAuth2UserService;
|
||||
|
|
|
|||
Loading…
Reference in New Issue