Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add @transient to OAuth2IntrospectionAuthenticationToken 

fixes gh-6829
This commit is contained in:
Florian Aumeier 2019-05-29 11:50:22 +02:00 committed by Josh Cummings
parent e15922322e
commit 9fe8949883
2 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
View File

@ -564,6 +564,22 @@ public class OAuth2ResourceServerConfigurerTests {
assertThat(result.getRequest().getSession(false)).isNull(); assertThat(result.getRequest().getSession(false)).isNull();
} }
@Test
public void requestWhenIntrospectionConfiguredThenSessionIsNotCreated()
throws Exception {
this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class, BasicController.class).autowire();
mockRestOperations(json("Active"));
MvcResult result = this.mvc.perform(get("/authenticated")
.with(bearerToken("token")))
.andExpect(status().isOk())
.andExpect(content().string("test-subject"))
.andReturn();
assertThat(result.getRequest().getSession(false)).isNull();
}
@Test @Test
public void requestWhenUsingDefaultsAndNoBearerTokenThenSessionIsCreated() public void requestWhenUsingDefaultsAndNoBearerTokenThenSessionIsCreated()
throws Exception { throws Exception {

2
oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationToken.java
View File

@ -22,6 +22,7 @@ import java.util.Map;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityCoreVersion; import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.security.core.Transient;
import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.util.Assert; import org.springframework.util.Assert;
@ -36,6 +37,7 @@ import static org.springframework.security.oauth2.server.resource.introspection.
* @author Josh Cummings * @author Josh Cummings
* @since 5.2 * @since 5.2
*/ */
@Transient
public class OAuth2IntrospectionAuthenticationToken public class OAuth2IntrospectionAuthenticationToken
extends AbstractOAuth2TokenAuthenticationToken<OAuth2AccessToken> { extends AbstractOAuth2TokenAuthenticationToken<OAuth2AccessToken> {