mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-05-31 01:02:14 +00:00
Remove deprecated UnAuthenticatedServerOAuth2AuthorizedClientRepository
Closes gh-11508
This commit is contained in:
Joe Grandja
parent
f5a436df80
commit
67b27a41c3
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2020 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -36,11 +36,9 @@ import org.springframework.security.core.context.ReactiveSecurityContextHolder;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.oauth2.client.ClientAuthorizationException;
|
||||
import org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizationContext;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizationFailureHandler;
|
||||
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizationSuccessHandler;
|
||||
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientManager;
|
||||
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProvider;
|
||||
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder;
|
||||
@ -53,7 +51,6 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
|
||||
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager;
|
||||
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
|
||||
import org.springframework.security.oauth2.client.web.server.UnAuthenticatedServerOAuth2AuthorizedClientRepository;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
|
||||
@ -227,16 +224,6 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
|
||||
ServerOAuth2AuthorizedClientRepository authorizedClientRepository,
|
||||
ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler) {
|
||||
// gh-7544
|
||||
if (authorizedClientRepository instanceof UnAuthenticatedServerOAuth2AuthorizedClientRepository) {
|
||||
UnAuthenticatedReactiveOAuth2AuthorizedClientManager unauthenticatedAuthorizedClientManager = new UnAuthenticatedReactiveOAuth2AuthorizedClientManager(
|
||||
clientRegistrationRepository,
|
||||
(UnAuthenticatedServerOAuth2AuthorizedClientRepository) authorizedClientRepository,
|
||||
authorizationFailureHandler);
|
||||
unauthenticatedAuthorizedClientManager
|
||||
.setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
|
||||
.authorizationCode().refreshToken().clientCredentials().password().build());
|
||||
return unauthenticatedAuthorizedClientManager;
|
||||
}
|
||||
DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(
|
||||
clientRegistrationRepository, authorizedClientRepository);
|
||||
authorizedClientManager.setAuthorizationFailureHandler(authorizationFailureHandler);
|
||||
@ -386,14 +373,8 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
|
||||
.password((configurer) -> configurer.clockSkew(this.accessTokenExpiresSkew))
|
||||
.build();
|
||||
// @formatter:on
|
||||
if (this.authorizedClientManager instanceof UnAuthenticatedReactiveOAuth2AuthorizedClientManager) {
|
||||
((UnAuthenticatedReactiveOAuth2AuthorizedClientManager) this.authorizedClientManager)
|
||||
.setAuthorizedClientProvider(authorizedClientProvider);
|
||||
}
|
||||
else {
|
||||
((DefaultReactiveOAuth2AuthorizedClientManager) this.authorizedClientManager)
|
||||
.setAuthorizedClientProvider(authorizedClientProvider);
|
||||
}
|
||||
((DefaultReactiveOAuth2AuthorizedClientManager) this.authorizedClientManager)
|
||||
.setAuthorizedClientProvider(authorizedClientProvider);
|
||||
}
|
||||
|
||||
private void updateClientCredentialsProvider(
|
||||
@ -558,114 +539,6 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
|
||||
|
||||
}
|
||||
|
||||
private static final class UnAuthenticatedReactiveOAuth2AuthorizedClientManager
|
||||
implements ReactiveOAuth2AuthorizedClientManager {
|
||||
|
||||
private final ReactiveClientRegistrationRepository clientRegistrationRepository;
|
||||
|
||||
private final UnAuthenticatedServerOAuth2AuthorizedClientRepository authorizedClientRepository;
|
||||
|
||||
private final ReactiveOAuth2AuthorizationSuccessHandler authorizationSuccessHandler;
|
||||
|
||||
private final ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler;
|
||||
|
||||
private ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider;
|
||||
|
||||
private UnAuthenticatedReactiveOAuth2AuthorizedClientManager(
|
||||
ReactiveClientRegistrationRepository clientRegistrationRepository,
|
||||
UnAuthenticatedServerOAuth2AuthorizedClientRepository authorizedClientRepository,
|
||||
ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler) {
|
||||
this.clientRegistrationRepository = clientRegistrationRepository;
|
||||
this.authorizedClientRepository = authorizedClientRepository;
|
||||
this.authorizationSuccessHandler = (authorizedClient, principal, attributes) -> authorizedClientRepository
|
||||
.saveAuthorizedClient(authorizedClient, principal, null);
|
||||
this.authorizationFailureHandler = authorizationFailureHandler;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizeRequest authorizeRequest) {
|
||||
Assert.notNull(authorizeRequest, "authorizeRequest cannot be null");
|
||||
String clientRegistrationId = authorizeRequest.getClientRegistrationId();
|
||||
Authentication principal = authorizeRequest.getPrincipal();
|
||||
// @formatter:off
|
||||
return Mono.justOrEmpty(authorizeRequest.getAuthorizedClient())
|
||||
.switchIfEmpty(loadAuthorizedClient(clientRegistrationId, principal))
|
||||
.flatMap((authorizedClient) -> reauthorize(authorizedClient, authorizeRequest, principal))
|
||||
.switchIfEmpty(findAndAuthorize(clientRegistrationId, principal));
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
private Mono<OAuth2AuthorizedClient> loadAuthorizedClient(String clientRegistrationId,
|
||||
Authentication principal) {
|
||||
return Mono.defer(
|
||||
() -> this.authorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal, null));
|
||||
}
|
||||
|
||||
private Mono<OAuth2AuthorizedClient> reauthorize(OAuth2AuthorizedClient authorizedClient,
|
||||
OAuth2AuthorizeRequest authorizeRequest, Authentication principal) {
|
||||
return Mono
|
||||
.just(OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient).principal(principal)
|
||||
.build())
|
||||
.flatMap((authorizationContext) -> authorize(authorizationContext, principal))
|
||||
// Default to the existing authorizedClient if the client was not
|
||||
// re-authorized
|
||||
.defaultIfEmpty((authorizeRequest.getAuthorizedClient() != null)
|
||||
? authorizeRequest.getAuthorizedClient() : authorizedClient);
|
||||
}
|
||||
|
||||
private Mono<OAuth2AuthorizedClient> findAndAuthorize(String clientRegistrationId, Authentication principal) {
|
||||
// @formatter:off
|
||||
return Mono.defer(() ->
|
||||
this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)
|
||||
.switchIfEmpty(Mono.error(() ->
|
||||
new IllegalArgumentException("Could not find ClientRegistration with id '" + clientRegistrationId + "'"))
|
||||
)
|
||||
.flatMap((clientRegistration) -> Mono.just(OAuth2AuthorizationContext
|
||||
.withClientRegistration(clientRegistration).principal(principal).build())
|
||||
)
|
||||
.flatMap((authorizationContext) -> authorize(authorizationContext, principal))
|
||||
);
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
/**
|
||||
* Performs authorization and then delegates to either the
|
||||
* {@link #authorizationSuccessHandler} or {@link #authorizationFailureHandler},
|
||||
* depending on the authorization result.
|
||||
* @param authorizationContext the context to authorize
|
||||
* @param principal the principle to authorize
|
||||
* @return a {@link Mono} that emits the authorized client after the authorization
|
||||
* attempt succeeds and the {@link #authorizationSuccessHandler} has completed, or
|
||||
* completes with an exception after the authorization attempt fails and the
|
||||
* {@link #authorizationFailureHandler} has completed
|
||||
*/
|
||||
private Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext authorizationContext,
|
||||
Authentication principal) {
|
||||
// @formatter:off
|
||||
return this.authorizedClientProvider.authorize(authorizationContext)
|
||||
// Delegates to the authorizationSuccessHandler of the successful
|
||||
// authorization
|
||||
.flatMap((authorizedClient) -> this.authorizationSuccessHandler
|
||||
.onAuthorizationSuccess(authorizedClient, principal, Collections.emptyMap())
|
||||
.thenReturn(authorizedClient)
|
||||
)
|
||||
// Delegates to the authorizationFailureHandler of the failed
|
||||
// authorization
|
||||
.onErrorResume(OAuth2AuthorizationException.class, (authorizationException) ->
|
||||
this.authorizationFailureHandler
|
||||
.onAuthorizationFailure(authorizationException, principal, Collections.emptyMap())
|
||||
.then(Mono.error(authorizationException))
|
||||
);
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
private void setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider) {
|
||||
Assert.notNull(authorizedClientProvider, "authorizedClientProvider cannot be null");
|
||||
this.authorizedClientProvider = authorizedClientProvider;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Forwards authentication and authorization failures to a
|
||||
* {@link ReactiveOAuth2AuthorizationFailureHandler}.
|
||||
|
||||
@ -1,84 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2020 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.oauth2.client.web.server;
|
||||
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationTrustResolver;
|
||||
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.web.server.ServerWebExchange;
|
||||
|
||||
/**
|
||||
* Provides support for an unauthenticated user. This is useful when running as a process
|
||||
* with no user associated to it. The implementation ensures that
|
||||
* {@link ServerWebExchange} is null and that the {@link Authentication} is either null or
|
||||
* anonymous to prevent using it incorrectly.
|
||||
*
|
||||
* @author Rob Winch
|
||||
* @since 5.1
|
||||
* @deprecated Use {@link AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager}
|
||||
* instead
|
||||
*/
|
||||
@Deprecated
|
||||
public class UnAuthenticatedServerOAuth2AuthorizedClientRepository implements ServerOAuth2AuthorizedClientRepository {
|
||||
|
||||
private final AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
|
||||
|
||||
private final Map<String, OAuth2AuthorizedClient> clientRegistrationIdToAuthorizedClient = new ConcurrentHashMap<>();
|
||||
|
||||
@Override
|
||||
public <T extends OAuth2AuthorizedClient> Mono<T> loadAuthorizedClient(String clientRegistrationId,
|
||||
Authentication authentication, ServerWebExchange serverWebExchange) {
|
||||
Assert.notNull(clientRegistrationId, "clientRegistrationId cannot be null");
|
||||
Assert.isNull(serverWebExchange, "serverWebExchange must be null");
|
||||
Assert.isTrue(isUnauthenticated(authentication), "The user " + authentication + " should not be authenticated");
|
||||
return Mono.fromSupplier(() -> (T) this.clientRegistrationIdToAuthorizedClient.get(clientRegistrationId));
|
||||
}
|
||||
|
||||
@Override
|
||||
public Mono<Void> saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication authentication,
|
||||
ServerWebExchange serverWebExchange) {
|
||||
Assert.notNull(authorizedClient, "authorizedClient cannot be null");
|
||||
Assert.isNull(serverWebExchange, "serverWebExchange must be null");
|
||||
Assert.isTrue(isUnauthenticated(authentication), "The user " + authentication + " should not be authenticated");
|
||||
return Mono.fromRunnable(() -> {
|
||||
String clientRegistrationId = authorizedClient.getClientRegistration().getRegistrationId();
|
||||
this.clientRegistrationIdToAuthorizedClient.put(clientRegistrationId, authorizedClient);
|
||||
});
|
||||
}
|
||||
|
||||
@Override
|
||||
public Mono<Void> removeAuthorizedClient(String clientRegistrationId, Authentication authentication,
|
||||
ServerWebExchange serverWebExchange) {
|
||||
Assert.notNull(clientRegistrationId, "clientRegistrationId cannot be null");
|
||||
Assert.isNull(serverWebExchange, "serverWebExchange " + serverWebExchange + "must be null");
|
||||
Assert.isTrue(isUnauthenticated(authentication), "The user " + authentication + " should not be authenticated");
|
||||
return Mono.fromRunnable(() -> this.clientRegistrationIdToAuthorizedClient.remove(clientRegistrationId));
|
||||
}
|
||||
|
||||
private boolean isUnauthenticated(Authentication authentication) {
|
||||
return authentication == null || this.trustResolver.isAnonymous(authentication);
|
||||
}
|
||||
|
||||
}
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2020 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -60,13 +60,17 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
|
||||
import org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager;
|
||||
import org.springframework.security.oauth2.client.ClientAuthorizationException;
|
||||
import org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider;
|
||||
import org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizationContext;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizationFailureHandler;
|
||||
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProvider;
|
||||
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder;
|
||||
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.endpoint.JwtBearerGrantRequest;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest;
|
||||
@ -79,7 +83,6 @@ import org.springframework.security.oauth2.client.registration.ReactiveClientReg
|
||||
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
|
||||
import org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager;
|
||||
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
|
||||
import org.springframework.security.oauth2.client.web.server.UnAuthenticatedServerOAuth2AuthorizedClientRepository;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
@ -872,13 +875,32 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
|
||||
@Test
|
||||
public void filterWhenClientCredentialsClientNotAuthorizedAndOutsideRequestContextThenGetNewToken() {
|
||||
setupMockHeaders();
|
||||
// Use UnAuthenticatedServerOAuth2AuthorizedClientRepository when operating
|
||||
// outside of a request context
|
||||
ServerOAuth2AuthorizedClientRepository unauthenticatedAuthorizedClientRepository = spy(
|
||||
new UnAuthenticatedServerOAuth2AuthorizedClientRepository());
|
||||
this.function = new ServerOAuth2AuthorizedClientExchangeFilterFunction(this.clientRegistrationRepository,
|
||||
unauthenticatedAuthorizedClientRepository);
|
||||
this.function.setClientCredentialsTokenResponseClient(this.clientCredentialsTokenResponseClient);
|
||||
ReactiveOAuth2AuthorizedClientService authorizedClientServiceDelegate = new InMemoryReactiveOAuth2AuthorizedClientService(
|
||||
this.clientRegistrationRepository);
|
||||
ReactiveOAuth2AuthorizedClientService authorizedClientService = new ReactiveOAuth2AuthorizedClientService() {
|
||||
@Override
|
||||
public <T extends OAuth2AuthorizedClient> Mono<T> loadAuthorizedClient(String clientRegistrationId,
|
||||
String principalName) {
|
||||
return authorizedClientServiceDelegate.loadAuthorizedClient(clientRegistrationId, principalName);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Mono<Void> saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal) {
|
||||
return authorizedClientServiceDelegate.saveAuthorizedClient(authorizedClient, principal);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Mono<Void> removeAuthorizedClient(String clientRegistrationId, String principalName) {
|
||||
return authorizedClientServiceDelegate.removeAuthorizedClient(clientRegistrationId, principalName);
|
||||
}
|
||||
};
|
||||
authorizedClientService = spy(authorizedClientService);
|
||||
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager = new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(
|
||||
this.clientRegistrationRepository, authorizedClientService);
|
||||
ClientCredentialsReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = new ClientCredentialsReactiveOAuth2AuthorizedClientProvider();
|
||||
authorizedClientProvider.setAccessTokenResponseClient(this.clientCredentialsTokenResponseClient);
|
||||
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
|
||||
this.function = new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
|
||||
OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token")
|
||||
.tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build();
|
||||
given(this.clientCredentialsTokenResponseClient.getTokenResponse(any()))
|
||||
@ -892,9 +914,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
|
||||
.build();
|
||||
// @formatter:on
|
||||
this.function.filter(request, this.exchange).block();
|
||||
verify(unauthenticatedAuthorizedClientRepository).loadAuthorizedClient(any(), any(), any());
|
||||
verify(authorizedClientService).loadAuthorizedClient(any(), any());
|
||||
verify(this.clientCredentialsTokenResponseClient).getTokenResponse(any());
|
||||
verify(unauthenticatedAuthorizedClientRepository).saveAuthorizedClient(any(), any(), any());
|
||||
verify(authorizedClientService).saveAuthorizedClient(any(), any());
|
||||
List<ClientRequest> requests = this.exchange.getRequests();
|
||||
assertThat(requests).hasSize(1);
|
||||
ClientRequest request1 = requests.get(0);
|
||||
|
||||
@ -1,171 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2018 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.oauth2.client.web.server;
|
||||
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
|
||||
import org.springframework.mock.web.server.MockServerWebExchange;
|
||||
import org.springframework.security.authentication.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
|
||||
import org.springframework.web.server.ServerWebExchange;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
*/
|
||||
public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests {
|
||||
|
||||
private UnAuthenticatedServerOAuth2AuthorizedClientRepository repository = new UnAuthenticatedServerOAuth2AuthorizedClientRepository();
|
||||
|
||||
private ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().build();
|
||||
|
||||
private String clientRegistrationId = this.clientRegistration.getRegistrationId();
|
||||
|
||||
private ServerWebExchange exchange;
|
||||
|
||||
private Authentication anonymous = new AnonymousAuthenticationToken("key", "anonymous",
|
||||
AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
|
||||
|
||||
private Authentication authentication;
|
||||
|
||||
private OAuth2AuthorizedClient authorizedClient;
|
||||
|
||||
@BeforeEach
|
||||
public void setup() {
|
||||
OAuth2AccessToken token = TestOAuth2AccessTokens.noScopes();
|
||||
this.authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, "anonymousUser", token);
|
||||
}
|
||||
|
||||
// loadAuthorizedClient
|
||||
@Test
|
||||
public void loadAuthorizedClientWhenClientRegistrationIdNullThenIllegalArgumentException() {
|
||||
this.clientRegistrationId = null;
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> this.repository
|
||||
.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loadAuthorizedClientWhenAuthenticationNotNullThenIllegalArgumentException() {
|
||||
this.authentication = new TestingAuthenticationToken("a", "b", "ROLE_USER");
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> this.repository
|
||||
.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loadAuthorizedClientWhenServerWebExchangeNotNullThenIllegalArgumentException() {
|
||||
this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> this.repository
|
||||
.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loadAuthorizedClientWhenNotFoundThenEmpty() {
|
||||
assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange)
|
||||
.block()).isNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loadAuthorizedClientWhenFoundThenFound() {
|
||||
this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block();
|
||||
assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange)
|
||||
.block()).isEqualTo(this.authorizedClient);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loadAuthorizedClientWhenMultipleThenFound() {
|
||||
ClientRegistration otherClientRegistration = TestClientRegistrations.clientRegistration()
|
||||
.registrationId("other-client-registration").build();
|
||||
OAuth2AuthorizedClient otherAuthorizedClient = new OAuth2AuthorizedClient(otherClientRegistration,
|
||||
"anonymousUser", this.authorizedClient.getAccessToken());
|
||||
this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block();
|
||||
this.repository.saveAuthorizedClient(otherAuthorizedClient, this.authentication, this.exchange).block();
|
||||
assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange)
|
||||
.block()).isEqualTo(this.authorizedClient);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loadAuthorizedClientWhenAnonymousThenFound() {
|
||||
this.authentication = this.anonymous;
|
||||
this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block();
|
||||
assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange)
|
||||
.block()).isEqualTo(this.authorizedClient);
|
||||
}
|
||||
|
||||
// saveAuthorizedClient
|
||||
@Test
|
||||
public void saveAuthorizedClientWhenAuthorizedClientNullThenIllegalArgumentException() {
|
||||
this.authorizedClient = null;
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> this.repository
|
||||
.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void saveAuthorizedClientWhenAuthenticationNotNullThenIllegalArgumentException() {
|
||||
this.authentication = new TestingAuthenticationToken("a", "b", "ROLE_USER");
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> this.repository
|
||||
.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void saveAuthorizedClientWhenServerWebExchangeNotNullThenIllegalArgumentException() {
|
||||
this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> this.repository
|
||||
.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block());
|
||||
}
|
||||
|
||||
// removeAuthorizedClient
|
||||
@Test
|
||||
public void removeAuthorizedClientWhenClientRegistrationIdNullThenIllegalArgumentException() {
|
||||
this.clientRegistrationId = null;
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> this.repository
|
||||
.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void removeAuthorizedClientWhenAuthenticationNotNullThenIllegalArgumentException() {
|
||||
this.authentication = new TestingAuthenticationToken("a", "b", "ROLE_USER");
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> this.repository
|
||||
.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void removeAuthorizedClientWhenServerWebExchangeNotNullThenIllegalArgumentException() {
|
||||
this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> this.repository
|
||||
.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void removeAuthorizedClientWhenFoundThenFound() {
|
||||
this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block();
|
||||
this.repository.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block();
|
||||
assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange)
|
||||
.block()).isNull();
|
||||
}
|
||||
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user