diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java index b563f992f8..fd663f2aa7 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java @@ -18,13 +18,10 @@ package org.springframework.security.config.annotation.web.configurers.oauth2.cl import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer; import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; -import org.springframework.security.jwt.JwtDecoder; -import org.springframework.security.jwt.nimbus.NimbusJwtDecoderJwkSupport; import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProvider; import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken; -import org.springframework.security.oauth2.client.authentication.jwt.DefaultProviderJwtDecoderRegistry; -import org.springframework.security.oauth2.client.authentication.jwt.ProviderJwtDecoderRegistry; -import org.springframework.security.oauth2.client.registration.ClientRegistration; +import org.springframework.security.oauth2.client.authentication.jwt.JwtDecoderRegistry; +import org.springframework.security.oauth2.client.authentication.jwt.nimbus.NimbusJwtDecoderRegistry; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.token.InMemoryAccessTokenRepository; import org.springframework.security.oauth2.client.token.SecurityTokenRepository; @@ -36,19 +33,13 @@ import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthentic import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger; import org.springframework.security.oauth2.client.web.nimbus.NimbusAuthorizationCodeTokenExchanger; import org.springframework.security.oauth2.core.AccessToken; -import org.springframework.security.oauth2.core.provider.DefaultProviderMetadata; -import org.springframework.security.oauth2.core.provider.ProviderMetadata; import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.security.oauth2.oidc.client.user.OidcUserService; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.security.web.util.matcher.RequestVariablesExtractor; import org.springframework.util.Assert; -import org.springframework.util.StringUtils; -import org.springframework.web.util.UriComponentsBuilder; -import java.net.MalformedURLException; import java.net.URI; -import java.net.URL; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -63,6 +54,7 @@ final class AuthorizationCodeAuthenticationFilterConfigurer authorizationCodeTokenExchanger; private SecurityTokenRepository accessTokenRepository; + private JwtDecoderRegistry jwtDecoderRegistry; private OAuth2UserService userInfoService; private Map> customUserTypes = new HashMap<>(); private GrantedAuthoritiesMapper userAuthoritiesMapper; @@ -91,6 +83,12 @@ final class AuthorizationCodeAuthenticationFilterConfigurer jwtDecoderRegistry(JwtDecoderRegistry jwtDecoderRegistry) { + Assert.notNull(jwtDecoderRegistry, "jwtDecoderRegistry cannot be null"); + this.jwtDecoderRegistry = jwtDecoderRegistry; + return this; + } + AuthorizationCodeAuthenticationFilterConfigurer userInfoService(OAuth2UserService userInfoService) { Assert.notNull(userInfoService, "userInfoService cannot be null"); this.userInfoService = userInfoService; @@ -112,7 +110,6 @@ final class AuthorizationCodeAuthenticationFilterConfigurer clientRegistrationRepository(ClientRegistrationRepository clientRegistrationRepository) { Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null"); - Assert.notEmpty(clientRegistrationRepository.getRegistrations(), "clientRegistrationRepository cannot be empty"); this.getBuilder().setSharedObject(ClientRegistrationRepository.class, clientRegistrationRepository); return this; } @@ -129,7 +126,7 @@ final class AuthorizationCodeAuthenticationFilterConfigurer jwtDecoders = new HashMap<>(); - ClientRegistrationRepository clientRegistrationRepository = OAuth2LoginConfigurer.getClientRegistrationRepository(this.getBuilder()); - clientRegistrationRepository.getRegistrations().forEach(registration -> { - ClientRegistration.ProviderDetails providerDetails = registration.getProviderDetails(); - if (StringUtils.hasText(providerDetails.getJwkSetUri())) { - DefaultProviderMetadata providerMetadata = new DefaultProviderMetadata(); - // Default the Issuer to the host of the Authorization Endpoint - providerMetadata.setIssuer(this.toURL( - UriComponentsBuilder - .fromHttpUrl(providerDetails.getAuthorizationUri()) - .replacePath(null) - .toUriString() - )); - providerMetadata.setAuthorizationEndpoint(this.toURL(providerDetails.getAuthorizationUri())); - providerMetadata.setTokenEndpoint(this.toURL(providerDetails.getTokenUri())); - providerMetadata.setUserInfoEndpoint(this.toURL(providerDetails.getUserInfoEndpoint().getUri())); - providerMetadata.setJwkSetUri(this.toURL(providerDetails.getJwkSetUri())); - NimbusJwtDecoderJwkSupport nimbusJwtDecoderJwkSupport = - new NimbusJwtDecoderJwkSupport(providerDetails.getJwkSetUri()); - jwtDecoders.put(providerMetadata, nimbusJwtDecoderJwkSupport); - } - }); - return new DefaultProviderJwtDecoderRegistry(jwtDecoders); - } - - private boolean isOidcClientRegistered() { - ClientRegistrationRepository clientRegistrationRepository = OAuth2LoginConfigurer.getClientRegistrationRepository(this.getBuilder()); - return clientRegistrationRepository.getRegistrations() - .stream() - .anyMatch(registration -> - registration.getScope().stream().anyMatch(scope -> scope.equalsIgnoreCase("openid"))); - + private JwtDecoderRegistry getJwtDecoderRegistry() { + if (this.jwtDecoderRegistry == null) { + this.jwtDecoderRegistry = new NimbusJwtDecoderRegistry(); + } + return this.jwtDecoderRegistry; } private OAuth2UserService getUserInfoService() { if (this.userInfoService == null) { List oauth2UserServices = new ArrayList<>(); oauth2UserServices.add(new DefaultOAuth2UserService()); - if (this.isOidcClientRegistered()) { - oauth2UserServices.add(new OidcUserService()); - } + oauth2UserServices.add(new OidcUserService()); if (!this.customUserTypes.isEmpty()) { oauth2UserServices.add(new CustomUserTypesOAuth2UserService(this.customUserTypes)); } @@ -217,15 +184,4 @@ final class AuthorizationCodeAuthenticationFilterConfigurer clientRegistrationRepository(ClientRegistrationRepository clientRegistrationRepository) { Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null"); - Assert.notEmpty(clientRegistrationRepository.getRegistrations(), "clientRegistrationRepository cannot be empty"); this.getBuilder().setSharedObject(ClientRegistrationRepository.class, clientRegistrationRepository); return this; } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java index b5027fc8b0..e021026bd8 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java @@ -15,7 +15,9 @@ */ package org.springframework.security.config.annotation.web.configurers.oauth2.client; +import org.springframework.beans.factory.BeanFactoryUtils; import org.springframework.context.ApplicationContext; +import org.springframework.core.ResolvableType; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; @@ -40,7 +42,10 @@ import org.springframework.util.Assert; import org.springframework.util.CollectionUtils; import java.net.URI; +import java.util.ArrayList; import java.util.Arrays; +import java.util.Collection; +import java.util.List; import java.util.Map; import java.util.stream.Collectors; @@ -70,12 +75,12 @@ public final class OAuth2LoginConfigurer> exten public OAuth2LoginConfigurer clients(ClientRegistration... clientRegistrations) { Assert.notEmpty(clientRegistrations, "clientRegistrations cannot be empty"); + this.getBuilder().setSharedObject(ClientRegistration[].class, clientRegistrations); return this.clients(new InMemoryClientRegistrationRepository(Arrays.asList(clientRegistrations))); } public OAuth2LoginConfigurer clients(ClientRegistrationRepository clientRegistrationRepository) { Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null"); - Assert.notEmpty(clientRegistrationRepository.getRegistrations(), "clientRegistrationRepository cannot be empty"); this.getBuilder().setSharedObject(ClientRegistrationRepository.class, clientRegistrationRepository); return this; } @@ -225,38 +230,81 @@ public final class OAuth2LoginConfigurer> exten } private static > ClientRegistrationRepository getDefaultClientRegistrationRepository(H http) { + List clientRegistrations = getClientRegistrations(http); + if (!CollectionUtils.isEmpty(clientRegistrations)) { + return new InMemoryClientRegistrationRepository(clientRegistrations); + } return http.getSharedObject(ApplicationContext.class).getBean(ClientRegistrationRepository.class); } + private static > List getClientRegistrations(H http) { + ClientRegistration[] clientRegistrations = http.getSharedObject(ClientRegistration[].class); + if (clientRegistrations != null) { + return Arrays.asList(clientRegistrations); + } + + List clientRegistrationsList = new ArrayList<>(); + + // Check context for type -> Collection + ResolvableType clientRegistrationsType = ResolvableType.forClassWithGenerics( + Collection.class, ClientRegistration.class); + Map clientRegistrationsMap = BeanFactoryUtils.beansOfTypeIncludingAncestors( + http.getSharedObject(ApplicationContext.class), + clientRegistrationsType.resolve(Collection.class)); + clientRegistrationsMap.values().stream() + .filter(col -> Collection.class.isAssignableFrom(col.getClass())) + .filter(col -> ((Collection) col).stream() + .anyMatch(e -> ClientRegistration.class.isAssignableFrom(e.getClass()))) + .flatMap(col -> ((Collection) col).stream()) + .forEach(e -> clientRegistrationsList.add((ClientRegistration)e)); + if (!clientRegistrationsList.isEmpty()) { + return clientRegistrationsList; + } + + // Check context for type -> ClientRegistration[] + clientRegistrationsType = ResolvableType.forClass(ClientRegistration[].class); + clientRegistrationsMap = BeanFactoryUtils.beansOfTypeIncludingAncestors( + http.getSharedObject(ApplicationContext.class), + clientRegistrationsType.resolve(ClientRegistration[].class)); + clientRegistrationsMap.values().stream() + .flatMap(array -> Arrays.stream((ClientRegistration[])array)) + .forEach(clientRegistrationsList::add); + + return clientRegistrationsList; + } + private void initDefaultLoginFilter(H http) { DefaultLoginPageGeneratingFilter loginPageGeneratingFilter = http.getSharedObject(DefaultLoginPageGeneratingFilter.class); - if (loginPageGeneratingFilter != null && !this.authorizationCodeAuthenticationFilterConfigurer.isCustomLoginPage()) { - ClientRegistrationRepository clientRegistrationRepository = getClientRegistrationRepository(this.getBuilder()); - if (!CollectionUtils.isEmpty(clientRegistrationRepository.getRegistrations())) { - String authorizationRequestBaseUri; - RequestMatcher authorizationRequestMatcher = OAuth2LoginConfigurer.this.authorizationCodeRequestRedirectFilterConfigurer.getAuthorizationRequestMatcher(); - if (authorizationRequestMatcher != null && AntPathRequestMatcher.class.isAssignableFrom(authorizationRequestMatcher.getClass())) { - String authorizationRequestPattern = ((AntPathRequestMatcher)authorizationRequestMatcher).getPattern(); - String registrationIdTemplateVariable = "{" + REGISTRATION_ID_URI_VARIABLE_NAME + "}"; - if (authorizationRequestPattern.endsWith(registrationIdTemplateVariable)) { - authorizationRequestBaseUri = authorizationRequestPattern.substring( - 0, authorizationRequestPattern.length() - registrationIdTemplateVariable.length() - 1); - } else { - authorizationRequestBaseUri = authorizationRequestPattern; - } - } else { - authorizationRequestBaseUri = AuthorizationCodeRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI; - } - - Map oauth2AuthenticationUrlToClientName = clientRegistrationRepository.getRegistrations().stream() - .collect(Collectors.toMap( - e -> authorizationRequestBaseUri + "/" + e.getRegistrationId(), - e -> e.getClientName())); - loginPageGeneratingFilter.setOauth2LoginEnabled(true); - loginPageGeneratingFilter.setOauth2AuthenticationUrlToClientName(oauth2AuthenticationUrlToClientName); - loginPageGeneratingFilter.setLoginPageUrl(this.authorizationCodeAuthenticationFilterConfigurer.getLoginUrl()); - loginPageGeneratingFilter.setFailureUrl(this.authorizationCodeAuthenticationFilterConfigurer.getLoginFailureUrl()); - } + if (loginPageGeneratingFilter == null || this.authorizationCodeAuthenticationFilterConfigurer.isCustomLoginPage()) { + return; } + List clientRegistrations = getClientRegistrations(http); + if (CollectionUtils.isEmpty(clientRegistrations)) { + return; + } + + String authorizationRequestBaseUri; + RequestMatcher authorizationRequestMatcher = OAuth2LoginConfigurer.this.authorizationCodeRequestRedirectFilterConfigurer.getAuthorizationRequestMatcher(); + if (authorizationRequestMatcher != null && AntPathRequestMatcher.class.isAssignableFrom(authorizationRequestMatcher.getClass())) { + String authorizationRequestPattern = ((AntPathRequestMatcher)authorizationRequestMatcher).getPattern(); + String registrationIdTemplateVariable = "{" + REGISTRATION_ID_URI_VARIABLE_NAME + "}"; + if (authorizationRequestPattern.endsWith(registrationIdTemplateVariable)) { + authorizationRequestBaseUri = authorizationRequestPattern.substring( + 0, authorizationRequestPattern.length() - registrationIdTemplateVariable.length() - 1); + } else { + authorizationRequestBaseUri = authorizationRequestPattern; + } + } else { + authorizationRequestBaseUri = AuthorizationCodeRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI; + } + + Map oauth2AuthenticationUrlToClientName = clientRegistrations.stream() + .collect(Collectors.toMap( + e -> authorizationRequestBaseUri + "/" + e.getRegistrationId(), + e -> e.getClientName())); + loginPageGeneratingFilter.setOauth2LoginEnabled(true); + loginPageGeneratingFilter.setOauth2AuthenticationUrlToClientName(oauth2AuthenticationUrlToClientName); + loginPageGeneratingFilter.setLoginPageUrl(this.authorizationCodeAuthenticationFilterConfigurer.getLoginUrl()); + loginPageGeneratingFilter.setFailureUrl(this.authorizationCodeAuthenticationFilterConfigurer.getLoginFailureUrl()); } } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java index 3643f80f05..197de9c5ab 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java @@ -24,7 +24,7 @@ import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMap import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper; import org.springframework.security.jwt.Jwt; import org.springframework.security.jwt.JwtDecoder; -import org.springframework.security.oauth2.client.authentication.jwt.ProviderJwtDecoderRegistry; +import org.springframework.security.oauth2.client.authentication.jwt.JwtDecoderRegistry; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.token.SecurityTokenRepository; import org.springframework.security.oauth2.client.user.OAuth2UserService; @@ -89,23 +89,23 @@ import java.util.Collection; public class AuthorizationCodeAuthenticationProvider implements AuthenticationProvider { private final AuthorizationGrantTokenExchanger authorizationCodeTokenExchanger; private final SecurityTokenRepository accessTokenRepository; - private final ProviderJwtDecoderRegistry providerJwtDecoderRegistry; + private final JwtDecoderRegistry jwtDecoderRegistry; private final OAuth2UserService userInfoService; private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper(); public AuthorizationCodeAuthenticationProvider( AuthorizationGrantTokenExchanger authorizationCodeTokenExchanger, SecurityTokenRepository accessTokenRepository, - ProviderJwtDecoderRegistry providerJwtDecoderRegistry, + JwtDecoderRegistry jwtDecoderRegistry, OAuth2UserService userInfoService) { Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null"); Assert.notNull(accessTokenRepository, "accessTokenRepository cannot be null"); - Assert.notNull(providerJwtDecoderRegistry, "providerJwtDecoderRegistry cannot be null"); + Assert.notNull(jwtDecoderRegistry, "jwtDecoderRegistry cannot be null"); Assert.notNull(userInfoService, "userInfoService cannot be null"); this.authorizationCodeTokenExchanger = authorizationCodeTokenExchanger; this.accessTokenRepository = accessTokenRepository; - this.providerJwtDecoderRegistry = providerJwtDecoderRegistry; + this.jwtDecoderRegistry = jwtDecoderRegistry; this.userInfoService = userInfoService; } @@ -124,9 +124,9 @@ public class AuthorizationCodeAuthenticationProvider implements AuthenticationPr IdToken idToken = null; if (tokenResponse.getAdditionalParameters().containsKey(OidcParameter.ID_TOKEN)) { - JwtDecoder jwtDecoder = this.providerJwtDecoderRegistry.getJwtDecoder(clientRegistration.getProviderDetails().getJwkSetUri()); + JwtDecoder jwtDecoder = this.jwtDecoderRegistry.getJwtDecoder(clientRegistration); if (jwtDecoder == null) { - throw new IllegalArgumentException("Unable to find a registered JwtDecoder for the provider '" + clientRegistration.getProviderDetails().getTokenUri() + + throw new IllegalArgumentException("Unable to find a registered JwtDecoder for Client Registration: '" + clientRegistration.getRegistrationId() + "'. Check to ensure you have configured the JwkSet URI property."); } Jwt jwt = jwtDecoder.decode((String)tokenResponse.getAdditionalParameters().get(OidcParameter.ID_TOKEN)); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrationRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrationRepository.java index 61c3c94d2d..14d8acd741 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrationRepository.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrationRepository.java @@ -37,6 +37,4 @@ public interface ClientRegistrationRepository { ClientRegistration findByRegistrationId(String registrationId); - List getRegistrations(); - } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java index 5508075c59..44ed6f285b 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java @@ -17,7 +17,6 @@ package org.springframework.security.oauth2.client.registration; import org.springframework.util.Assert; -import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; import java.util.List; @@ -64,9 +63,4 @@ public final class InMemoryClientRegistrationRepository implements ClientRegistr .findFirst() .orElse(null); } - - @Override - public List getRegistrations() { - return new ArrayList<>(this.registrations.values()); - } } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationProcessingFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationProcessingFilter.java index 16e7a78c46..b55bb67cf5 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationProcessingFilter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationProcessingFilter.java @@ -192,7 +192,6 @@ public class AuthorizationCodeAuthenticationProcessingFilter extends AbstractAut public final void setClientRegistrationRepository(ClientRegistrationRepository clientRegistrationRepository) { Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null"); - Assert.notEmpty(clientRegistrationRepository.getRegistrations(), "clientRegistrationRepository cannot be empty"); this.clientRegistrationRepository = clientRegistrationRepository; } diff --git a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java index 651e17a6ca..ad85bbac0e 100644 --- a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java +++ b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java @@ -36,13 +36,14 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationProcessingFilter; import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken; -import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter; -import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; +import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository; import org.springframework.security.oauth2.client.user.OAuth2UserService; +import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationProcessingFilter; +import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter; +import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger; import org.springframework.security.oauth2.core.AccessToken; import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter; @@ -57,7 +58,14 @@ import org.springframework.web.util.UriComponentsBuilder; import java.net.URI; import java.net.URL; import java.net.URLDecoder; -import java.util.*; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import java.util.Set; import java.util.stream.Collectors; import static org.assertj.core.api.Assertions.assertThat; @@ -83,6 +91,8 @@ public class OAuth2LoginApplicationTests { private WebClient webClient; @Autowired + private ClientRegistration[] clientRegistrations; + private ClientRegistrationRepository clientRegistrationRepository; private ClientRegistration googleClientRegistration; @@ -93,6 +103,7 @@ public class OAuth2LoginApplicationTests { @Before public void setup() { this.webClient.getCookieManager().clearCookies(); + this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(Arrays.asList(this.clientRegistrations)); this.googleClientRegistration = this.clientRegistrationRepository.findByRegistrationId("google"); this.githubClientRegistration = this.clientRegistrationRepository.findByRegistrationId("github"); this.facebookClientRegistration = this.clientRegistrationRepository.findByRegistrationId("facebook"); diff --git a/samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/ClientRegistrationAutoConfiguration.java b/samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/ClientRegistrationAutoConfiguration.java index 37ede8e098..ace33e0813 100644 --- a/samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/ClientRegistrationAutoConfiguration.java +++ b/samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/ClientRegistrationAutoConfiguration.java @@ -40,8 +40,6 @@ import org.springframework.core.io.ClassPathResource; import org.springframework.core.type.AnnotatedTypeMetadata; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationProperties; -import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; -import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository; import org.springframework.util.CollectionUtils; import java.util.ArrayList; @@ -56,8 +54,8 @@ import java.util.stream.Collectors; */ @Configuration @ConditionalOnWebApplication -@ConditionalOnClass(ClientRegistrationRepository.class) -@ConditionalOnMissingBean(ClientRegistrationRepository.class) +@ConditionalOnClass(ClientRegistration.class) +@ConditionalOnMissingBean(ClientRegistration.class) @AutoConfigureBefore(SecurityAutoConfiguration.class) public class ClientRegistrationAutoConfiguration { private static final String CLIENTS_DEFAULTS_RESOURCE = "META-INF/oauth2-clients-defaults.yml"; @@ -74,7 +72,7 @@ public class ClientRegistrationAutoConfiguration { } @Bean - public ClientRegistrationRepository clientRegistrationRepository() { + public ClientRegistration[] clientRegistrations() { MutablePropertySources propertySources = ((ConfigurableEnvironment) this.environment).getPropertySources(); Properties clientsDefaultProperties = this.getClientsDefaultProperties(); if (clientsDefaultProperties != null) { @@ -95,7 +93,7 @@ public class ClientRegistrationAutoConfiguration { clientRegistrations.add(clientRegistration); } - return new InMemoryClientRegistrationRepository(clientRegistrations); + return clientRegistrations.toArray(new ClientRegistration[0]); } private Properties getClientsDefaultProperties() { diff --git a/samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2LoginAutoConfiguration.java b/samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2LoginAutoConfiguration.java index 02d75cdc7e..ba14f03a53 100644 --- a/samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2LoginAutoConfiguration.java +++ b/samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2LoginAutoConfiguration.java @@ -27,7 +27,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; +import org.springframework.security.oauth2.client.registration.ClientRegistration; /** * @author Joe Grandja @@ -36,7 +36,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio @ConditionalOnWebApplication @ConditionalOnClass(EnableWebSecurity.class) @ConditionalOnMissingBean(WebSecurityConfiguration.class) -@ConditionalOnBean(ClientRegistrationRepository.class) +@ConditionalOnBean(ClientRegistration[].class) @AutoConfigureBefore(SecurityAutoConfiguration.class) @AutoConfigureAfter(ClientRegistrationAutoConfiguration.class) public class OAuth2LoginAutoConfiguration {