From 942b647c0d2593d30c623fcbefed6382ded391bf Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 26 Oct 2017 12:09:47 -0400 Subject: [PATCH] OAuth2LoginAuthenticationFilter processes uri /login/oauth2/code/* Issue gh-4687 --- .../oauth2/client/CommonOAuth2Provider.java | 2 +- .../client/CommonOAuth2ProviderTests.java | 2 +- .../web/OAuth2LoginAuthenticationFilter.java | 2 +- .../security/oauth2/client/web/TestUtil.java | 2 +- samples/boot/oauth2login/README.adoc | 20 +++++++++---------- .../samples/OAuth2LoginApplicationTests.java | 2 +- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java b/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java index 434d531380..56605c5c19 100644 --- a/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java +++ b/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java @@ -93,7 +93,7 @@ public enum CommonOAuth2Provider { } }; - private static final String DEFAULT_LOGIN_REDIRECT_URL = "{scheme}://{serverName}:{serverPort}{contextPath}/login/oauth2/{registrationId}"; + private static final String DEFAULT_LOGIN_REDIRECT_URL = "{scheme}://{serverName}:{serverPort}{contextPath}/login/oauth2/code/{registrationId}"; protected final ClientRegistration.Builder getBuilder(String registrationId, ClientAuthenticationMethod method, String redirectUri) { diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java index 49c59da0e8..5c665f359b 100644 --- a/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java +++ b/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java @@ -31,7 +31,7 @@ import static org.assertj.core.api.Assertions.assertThat; */ public class CommonOAuth2ProviderTests { - private static final String DEFAULT_LOGIN_REDIRECT_URL = "{scheme}://{serverName}:{serverPort}{contextPath}/login/oauth2/{registrationId}"; + private static final String DEFAULT_LOGIN_REDIRECT_URL = "{scheme}://{serverName}:{serverPort}{contextPath}/login/oauth2/code/{registrationId}"; @Test public void getBuilderWhenGoogleShouldHaveGoogleSettings() throws Exception { diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java index b8a69651c5..f7ed88c4b1 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java @@ -79,7 +79,7 @@ import java.io.IOException; * @see Section 4.1.2 Authorization Response */ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter { - public static final String DEFAULT_FILTER_PROCESSES_URI = "/login/oauth2/*"; + public static final String DEFAULT_FILTER_PROCESSES_URI = "/login/oauth2/code/*"; private static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found"; private ClientRegistrationRepository clientRegistrationRepository; private AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/TestUtil.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/TestUtil.java index 942530f4d5..4e44aba7ea 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/TestUtil.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/TestUtil.java @@ -31,7 +31,7 @@ class TestUtil { static final int DEFAULT_SERVER_PORT = 8080; static final String DEFAULT_SERVER_URL = DEFAULT_SCHEME + "://" + DEFAULT_SERVER_NAME + ":" + DEFAULT_SERVER_PORT; static final String AUTHORIZATION_BASE_URI = "/oauth2/authorization"; - static final String AUTHORIZE_BASE_URI = "/login/oauth2"; + static final String AUTHORIZE_BASE_URI = "/login/oauth2/code"; static final String GOOGLE_REGISTRATION_ID = "google"; static final String GITHUB_REGISTRATION_ID = "github"; diff --git a/samples/boot/oauth2login/README.adoc b/samples/boot/oauth2login/README.adoc index f839a2e822..7c42f2b66c 100644 --- a/samples/boot/oauth2login/README.adoc +++ b/samples/boot/oauth2login/README.adoc @@ -65,9 +65,9 @@ After completing the sub-section, *_"Obtain OAuth 2.0 credentials"_*, you should The redirect URI is the path in the sample application that the end-user's user-agent is redirected back to after they have authenticated with Google and have granted access to the OAuth Client _(created from the <>)_ on the *Consent screen* page. -For the sub-section, *_"Set a redirect URI"_*, ensure the *Authorised redirect URIs* is set to *http://localhost:8080/login/login/oauth2/authorize/code/google* +For the sub-section, *_"Set a redirect URI"_*, ensure the *Authorised redirect URIs* is set to *http://localhost:8080/login/oauth2/code/google* -TIP: The default redirect URI is *_"{scheme}://{serverName}:{serverPort}/login/login/oauth2/authorize/code/{registrationId}"_*. +TIP: The default redirect URI is *_"{scheme}://{serverName}:{serverPort}/login/oauth2/code/{registrationId}"_*. See <> for more details on this default. [[google-login-configure-application-yml]] @@ -128,12 +128,12 @@ NOTE: https://developer.github.com/v3/oauth/[GitHub's OAuth 2.0 implementation] In order to use GitHub's OAuth 2.0 authentication system for login, you must https://github.com/settings/applications/new[_Register a new OAuth application_]. -While registering your application, ensure the *Authorization callback URL* is set to *http://localhost:8080/login/oauth2/authorize/code/github*. +While registering your application, ensure the *Authorization callback URL* is set to *http://localhost:8080/login/oauth2/code/github*. NOTE: The *Authorization callback URL* (or redirect URI) is the path in the sample application that the end-user's user-agent is redirected back to after they have authenticated with GitHub and have granted access to the OAuth application on the *Authorize application* page. -TIP: The default redirect URI is *_"{scheme}://{serverName}:{serverPort}/login/oauth2/authorize/code/{registrationId}"_*. +TIP: The default redirect URI is *_"{scheme}://{serverName}:{serverPort}/login/oauth2/code/{registrationId}"_*. See <> for more details on this default. After completing the registration, you should have created a new *OAuth Application* with credentials consisting of a *Client ID* and *Client Secret*. @@ -205,12 +205,12 @@ NOTE: The selection for the _Category_ field is not relevant but it's a required The next page presented is _"Product Setup"_. Click the _"Get Started"_ button for the *_Facebook Login_* product. In the left sidebar, under *_Products -> Facebook Login_*, select *_Settings_*. -For the field *Valid OAuth redirect URIs*, enter *http://localhost:8080/login/oauth2/authorize/code/facebook* then click _"Save Changes"_. +For the field *Valid OAuth redirect URIs*, enter *http://localhost:8080/login/oauth2/code/facebook* then click _"Save Changes"_. NOTE: The *OAuth redirect URI* is the path in the sample application that the end-user's user-agent is redirected back to after they have authenticated with Facebook and have granted access to the application on the *Authorize application* page. -TIP: The default redirect URI is *_"{scheme}://{serverName}:{serverPort}/login/oauth2/authorize/code/{registrationId}"_*. +TIP: The default redirect URI is *_"{scheme}://{serverName}:{serverPort}/login/oauth2/code/{registrationId}"_*. See <> for more details on this default. Your application has now been assigned new OAuth 2.0 credentials under *App ID* and *App Secret*. @@ -280,12 +280,12 @@ From the _"Add Application"_ page, click on the _"Create New App"_ button and en Click on the _"Create"_ button. On the _"General Settings"_ page, enter the Application Name (for example, _"Spring Security Okta Login"_) and then click on the _"Next"_ button. -On the _"Configure OpenID Connect"_ page, enter *http://localhost:8080/login/oauth2/authorize/code/okta* for the field *Redirect URIs* and then click _"Finish"_. +On the _"Configure OpenID Connect"_ page, enter *http://localhost:8080/login/oauth2/code/okta* for the field *Redirect URIs* and then click _"Finish"_. NOTE: The *Redirect URI* is the path in the sample application that the end-user's user-agent is redirected back to after they have authenticated with Okta and have granted access to the application on the *Authorize application* page. -TIP: The default redirect URI is *_"{scheme}://{serverName}:{serverPort}/login/oauth2/authorize/code/{registrationId}"_*. +TIP: The default redirect URI is *_"{scheme}://{serverName}:{serverPort}/login/oauth2/code/{registrationId}"_*. See <> for more details on this default. The next page presented displays the _"General"_ tab selected for the application. @@ -456,7 +456,7 @@ The following specifies the common set of properties available for configuring a - *redirect-uri* - this is the client's _registered_ redirect URI that the _Authorization Server_ redirects the end-user's user-agent to after the end-user has authenticated and authorized access for the client. -NOTE: The default redirect URI is _"{scheme}://{serverName}:{serverPort}/login/oauth2/authorize/code/{registrationId}"_, which leverages *URI template variables*. +NOTE: The default redirect URI is _"{scheme}://{serverName}:{serverPort}/login/oauth2/code/{registrationId}"_, which leverages *URI template variables*. - *scope* - a comma-delimited string of scope(s) requested during the _Authorization Request_ flow, for example: _openid, email, profile_ @@ -552,7 +552,7 @@ security.oauth2.client.registrations.google.client-id=${client-id} security.oauth2.client.registrations.google.client-secret=${client-secret} security.oauth2.client.registrations.google.client-authentication-method=basic security.oauth2.client.registrations.google.authorized-grant-type=authorization_code -security.oauth2.client.registrations.google.redirect-uri=http://localhost:8080/login/oauth2/authorize/code/google +security.oauth2.client.registrations.google.redirect-uri=http://localhost:8080/login/oauth2/code/google security.oauth2.client.registrations.google.scope=openid,email,profile security.oauth2.client.registrations.google.authorization-uri=https://accounts.google.com/o/oauth2/auth security.oauth2.client.registrations.google.token-uri=https://accounts.google.com/o/oauth2/token diff --git a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java index 8ee9ee84e9..f0262f5e4e 100644 --- a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java +++ b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java @@ -81,7 +81,7 @@ import static org.mockito.Mockito.when; @AutoConfigureMockMvc public class OAuth2LoginApplicationTests { private static final String AUTHORIZATION_BASE_URI = "/oauth2/authorization"; - private static final String AUTHORIZE_BASE_URL = "http://localhost:8080/login/oauth2"; + private static final String AUTHORIZE_BASE_URL = "http://localhost:8080/login/oauth2/code"; @Autowired private WebClient webClient;