Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-26 13:53:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Extract Converter from AuthorizationResponseMatcher

Browse Source 
Fixes gh-4653
This commit is contained in:
Joe Grandja 2017-10-20 04:56:07 -04:00
parent a49047dec5
commit 84a1c417a3
1 changed files with 28 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationFilter.java
View File

@ -105,7 +105,7 @@ public class AuthorizationCodeAuthenticationFilter extends AbstractAuthenticatio
} }
this.authorizationRequestRepository.removeAuthorizationRequest(request); this.authorizationRequestRepository.removeAuthorizationRequest(request);
AuthorizationResponse authorizationResponse = this.authorizationResponseMatcher.convert(request); AuthorizationResponse authorizationResponse = this.convert(request);
String registrationId = (String)authorizationRequest.getAdditionalParameters().get(OAuth2Parameter.REGISTRATION_ID); String registrationId = (String)authorizationRequest.getAdditionalParameters().get(OAuth2Parameter.REGISTRATION_ID);
ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId); ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId);
@ -151,6 +151,33 @@ public class AuthorizationCodeAuthenticationFilter extends AbstractAuthenticatio
this.authorizationRequestRepository = authorizationRequestRepository; this.authorizationRequestRepository = authorizationRequestRepository;
} }
private AuthorizationResponse convert(HttpServletRequest request) {
if (!this.getAuthorizationResponseMatcher().matches(request)) {
return null;
}
String code = request.getParameter(OAuth2Parameter.CODE);
String errorCode = request.getParameter(OAuth2Parameter.ERROR);
String state = request.getParameter(OAuth2Parameter.STATE);
String redirectUri = request.getRequestURL().toString();
if (StringUtils.hasText(code)) {
return AuthorizationResponse.success(code)
.redirectUri(redirectUri)
.state(state)
.build();
} else {
String errorDescription = request.getParameter(OAuth2Parameter.ERROR_DESCRIPTION);
String errorUri = request.getParameter(OAuth2Parameter.ERROR_URI);
return AuthorizationResponse.error(errorCode)
.redirectUri(redirectUri)
.errorDescription(errorDescription)
.errorUri(errorUri)
.state(state)
.build();
}
}
private static class AuthorizationResponseMatcher implements RequestMatcher { private static class AuthorizationResponseMatcher implements RequestMatcher {
private final String baseUri; private final String baseUri;
@ -174,32 +201,5 @@ public class AuthorizationCodeAuthenticationFilter extends AbstractAuthenticatio
return StringUtils.hasText(request.getParameter(OAuth2Parameter.ERROR)) && return StringUtils.hasText(request.getParameter(OAuth2Parameter.ERROR)) &&
StringUtils.hasText(request.getParameter(OAuth2Parameter.STATE)); StringUtils.hasText(request.getParameter(OAuth2Parameter.STATE));
} }
private AuthorizationResponse convert(HttpServletRequest request) {
if (!this.matches(request)) {
return null;
}
String code = request.getParameter(OAuth2Parameter.CODE);
String errorCode = request.getParameter(OAuth2Parameter.ERROR);
String state = request.getParameter(OAuth2Parameter.STATE);
String redirectUri = request.getRequestURL().toString();
if (StringUtils.hasText(code)) {
return AuthorizationResponse.success(code)
.redirectUri(redirectUri)
.state(state)
.build();
} else {
String errorDescription = request.getParameter(OAuth2Parameter.ERROR_DESCRIPTION);
String errorUri = request.getParameter(OAuth2Parameter.ERROR_URI);
return AuthorizationResponse.error(errorCode)
.redirectUri(redirectUri)
.errorDescription(errorDescription)
.errorUri(errorUri)
.state(state)
.build();
}
}
} }
} }