Remove AuthorizationRequestUriBuilder
Make this API private since we don't have concrete use cases for exposing it yet. Fixes gh-4742
This commit is contained in:
Rob Winch
parent
c3d2effc1d
commit
a3e38fec47
|
|
@ -63,7 +63,6 @@ import org.springframework.security.core.context.SecurityContextHolder;
|
|||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
|
||||
import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder;
|
||||
import org.springframework.security.web.DefaultSecurityFilterChain;
|
||||
import org.springframework.security.web.PortMapper;
|
||||
import org.springframework.security.web.PortMapperImpl;
|
||||
|
|
@ -947,8 +946,8 @@ public final class HttpSecurity extends
|
|||
* At this point in the <i>"authentication flow"</i>, the configured
|
||||
* {@link OAuth2AccessTokenResponseClient}
|
||||
* will getTokenResponse the <i>Authorization Code</i> for an <i>Access Token</i> and then use it to access the protected resource
|
||||
* at the <i>UserInfo Endpoint</i> (via {@link org.springframework.security.oauth2.client.user.OAuth2UserService})
|
||||
* in order to retrieve the details of the <i>Resource Owner</i> (end-user) and establish the <i>"authenticated"</i> session.
|
||||
* at the <i>UserInfo Endpoint</i> in order to retrieve the details of the <i>Resource Owner</i> (end-user) and establish the
|
||||
* <i>"authenticated"</i> session.
|
||||
*
|
||||
* <h2>Example Configurations</h2>
|
||||
*
|
||||
|
|
@ -1040,7 +1039,6 @@ public final class HttpSecurity extends
|
|||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization Response</a>
|
||||
* @see org.springframework.security.oauth2.client.registration.ClientRegistration
|
||||
* @see org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
|
||||
* @see AuthorizationRequestUriBuilder
|
||||
* @see OAuth2AccessTokenResponseClient
|
||||
* @see org.springframework.security.oauth2.client.user.OAuth2UserService
|
||||
*
|
||||
|
|
|
|||
|
|
@ -20,7 +20,6 @@ import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
|||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
|
||||
import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
|
|
@ -33,7 +32,6 @@ public final class ImplicitGrantConfigurer<B extends HttpSecurityBuilder<B>> ext
|
|||
AbstractHttpConfigurer<ImplicitGrantConfigurer<B>, B> {
|
||||
|
||||
private String authorizationRequestBaseUri;
|
||||
private AuthorizationRequestUriBuilder authorizationRequestUriBuilder;
|
||||
|
||||
public ImplicitGrantConfigurer<B> authorizationRequestBaseUri(String authorizationRequestBaseUri) {
|
||||
Assert.hasText(authorizationRequestBaseUri, "authorizationRequestBaseUri cannot be empty");
|
||||
|
|
@ -41,12 +39,6 @@ public final class ImplicitGrantConfigurer<B extends HttpSecurityBuilder<B>> ext
|
|||
return this;
|
||||
}
|
||||
|
||||
public ImplicitGrantConfigurer<B> authorizationRequestUriBuilder(AuthorizationRequestUriBuilder authorizationRequestUriBuilder) {
|
||||
Assert.notNull(authorizationRequestUriBuilder, "authorizationRequestUriBuilder cannot be null");
|
||||
this.authorizationRequestUriBuilder = authorizationRequestUriBuilder;
|
||||
return this;
|
||||
}
|
||||
|
||||
public ImplicitGrantConfigurer<B> clientRegistrationRepository(ClientRegistrationRepository clientRegistrationRepository) {
|
||||
Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
|
||||
this.getBuilder().setSharedObject(ClientRegistrationRepository.class, clientRegistrationRepository);
|
||||
|
|
@ -57,9 +49,6 @@ public final class ImplicitGrantConfigurer<B extends HttpSecurityBuilder<B>> ext
|
|||
public void configure(B http) throws Exception {
|
||||
OAuth2AuthorizationRequestRedirectFilter authorizationRequestFilter = new OAuth2AuthorizationRequestRedirectFilter(
|
||||
this.getAuthorizationRequestBaseUri(), this.getClientRegistrationRepository());
|
||||
if (this.authorizationRequestUriBuilder != null) {
|
||||
authorizationRequestFilter.setAuthorizationRequestUriBuilder(this.authorizationRequestUriBuilder);
|
||||
}
|
||||
http.addFilter(this.postProcess(authorizationRequestFilter));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -22,9 +22,8 @@ import org.springframework.security.config.annotation.web.configurers.AbstractAu
|
|||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider;
|
||||
import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder;
|
||||
import org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenResponseClient;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
|
||||
import org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenResponseClient;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
|
||||
import org.springframework.security.oauth2.client.jwt.JwtDecoderRegistry;
|
||||
import org.springframework.security.oauth2.client.jwt.NimbusJwtDecoderRegistry;
|
||||
|
|
@ -96,7 +95,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
|
|||
|
||||
public class AuthorizationEndpointConfig {
|
||||
private String authorizationRequestBaseUri;
|
||||
private AuthorizationRequestUriBuilder authorizationRequestUriBuilder;
|
||||
private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
|
||||
|
||||
private AuthorizationEndpointConfig() {
|
||||
|
|
@ -108,12 +106,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
|
|||
return this;
|
||||
}
|
||||
|
||||
public AuthorizationEndpointConfig authorizationRequestUriBuilder(AuthorizationRequestUriBuilder authorizationRequestUriBuilder) {
|
||||
Assert.notNull(authorizationRequestUriBuilder, "authorizationRequestUriBuilder cannot be null");
|
||||
this.authorizationRequestUriBuilder = authorizationRequestUriBuilder;
|
||||
return this;
|
||||
}
|
||||
|
||||
public AuthorizationEndpointConfig authorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
|
||||
Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
|
||||
this.authorizationRequestRepository = authorizationRequestRepository;
|
||||
|
|
@ -277,10 +269,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
|
|||
|
||||
OAuth2AuthorizationRequestRedirectFilter authorizationRequestFilter = new OAuth2AuthorizationRequestRedirectFilter(
|
||||
authorizationRequestBaseUri, this.getClientRegistrationRepository());
|
||||
if (this.authorizationEndpointConfig.authorizationRequestUriBuilder != null) {
|
||||
authorizationRequestFilter.setAuthorizationRequestUriBuilder(
|
||||
this.authorizationEndpointConfig.authorizationRequestUriBuilder);
|
||||
}
|
||||
|
||||
if (this.authorizationEndpointConfig.authorizationRequestRepository != null) {
|
||||
authorizationRequestFilter.setAuthorizationRequestRepository(
|
||||
this.authorizationEndpointConfig.authorizationRequestRepository);
|
||||
|
|
|
|||
|
|
@ -1,46 +0,0 @@
|
|||
/*
|
||||
* Copyright 2002-2017 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.endpoint;
|
||||
|
||||
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
|
||||
import java.net.URI;
|
||||
|
||||
/**
|
||||
* Implementations of this interface are responsible for building an <i>OAuth 2.0 Authorization Request</i>,
|
||||
* which is used as the redirect <code>URI</code> to the <i>Authorization Endpoint</i>.
|
||||
*
|
||||
* <p>
|
||||
* The returned redirect <code>URI</code> will include the following parameters as query components to the
|
||||
* <i>Authorization Endpoint</i> (using the "application/x-www-form-urlencoded" format):
|
||||
* <ul>
|
||||
* <li>client identifier (required)</li>
|
||||
* <li>response type (required)</li>
|
||||
* <li>requested scope(s) (optional)</li>
|
||||
* <li>state (recommended)</li>
|
||||
* <li>redirection URI (optional) - the authorization server will send the user-agent back to once access is granted (or denied) by the end-user (resource owner)</li>
|
||||
* </ul>
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see OAuth2AuthorizationRequest
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Request</a>
|
||||
*/
|
||||
public interface AuthorizationRequestUriBuilder {
|
||||
|
||||
URI build(OAuth2AuthorizationRequest authorizationRequest);
|
||||
}
|
||||
|
|
@ -18,12 +18,10 @@ package org.springframework.security.oauth2.client.web;
|
|||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
|
||||
import org.springframework.security.crypto.keygen.StringKeyGenerator;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationRequestUriBuilder;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
|
||||
import org.springframework.security.web.DefaultRedirectStrategy;
|
||||
import org.springframework.security.web.RedirectStrategy;
|
||||
|
|
@ -47,17 +45,17 @@ import java.util.Map;
|
|||
* by redirecting the end-user's user-agent to the authorization server's <i>Authorization Endpoint</i>.
|
||||
*
|
||||
* <p>
|
||||
* It uses an {@link AuthorizationRequestUriBuilder} to build the <i>OAuth 2.0 Authorization Request</i>,
|
||||
* It builds the <i>OAuth 2.0 Authorization Request</i>,
|
||||
* which is used as the redirect <code>URI</code> to the <i>Authorization Endpoint</i>.
|
||||
* The redirect <code>URI</code> will include the client identifier, requested scope(s), state,
|
||||
* response type, and a redirection URI which the authorization server will send the user-agent back to
|
||||
* once access is granted (or denied) by the end-user (resource owner).
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @author Rob Winch
|
||||
* @since 5.0
|
||||
* @see OAuth2AuthorizationRequest
|
||||
* @see AuthorizationRequestRepository
|
||||
* @see AuthorizationRequestUriBuilder
|
||||
* @see ClientRegistration
|
||||
* @see ClientRegistrationRepository
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant</a>
|
||||
|
|
@ -70,7 +68,7 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
|
|||
private static final String REGISTRATION_ID_URI_VARIABLE_NAME = "registrationId";
|
||||
private final AntPathRequestMatcher authorizationRequestMatcher;
|
||||
private final ClientRegistrationRepository clientRegistrationRepository;
|
||||
private AuthorizationRequestUriBuilder authorizationRequestUriBuilder = new OAuth2AuthorizationRequestUriBuilder();
|
||||
private final OAuth2AuthorizationRequestUriBuilder authorizationRequestUriBuilder = new OAuth2AuthorizationRequestUriBuilder();
|
||||
private final RedirectStrategy authorizationRedirectStrategy = new DefaultRedirectStrategy();
|
||||
private final StringKeyGenerator stateGenerator = new Base64StringKeyGenerator(Base64.getUrlEncoder());
|
||||
private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository =
|
||||
|
|
@ -90,11 +88,6 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
|
|||
this.clientRegistrationRepository = clientRegistrationRepository;
|
||||
}
|
||||
|
||||
public final void setAuthorizationRequestUriBuilder(AuthorizationRequestUriBuilder authorizationRequestUriBuilder) {
|
||||
Assert.notNull(authorizationRequestUriBuilder, "authorizationRequestUriBuilder cannot be null");
|
||||
this.authorizationRequestUriBuilder = authorizationRequestUriBuilder;
|
||||
}
|
||||
|
||||
public final void setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
|
||||
Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
|
||||
this.authorizationRequestRepository = authorizationRequestRepository;
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.endpoint;
|
||||
package org.springframework.security.oauth2.client.web;
|
||||
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
|
||||
|
|
@ -24,19 +24,16 @@ import java.net.URI;
|
|||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* The default implementation of an {@link AuthorizationRequestUriBuilder},
|
||||
* which internally uses a {@link UriComponentsBuilder} to construct the <i>OAuth 2.0 Authorization Request</i>.
|
||||
* Uses a {@link UriComponentsBuilder} to construct the <i>OAuth 2.0 Authorization Request</i>.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see AuthorizationRequestUriBuilder
|
||||
* @see OAuth2AuthorizationRequest
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Code Grant Request</a>
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.2.1">Section 4.2.1 Implicit Grant Request</a>
|
||||
*/
|
||||
public class OAuth2AuthorizationRequestUriBuilder implements AuthorizationRequestUriBuilder {
|
||||
class OAuth2AuthorizationRequestUriBuilder {
|
||||
|
||||
@Override
|
||||
public URI build(OAuth2AuthorizationRequest authorizationRequest) {
|
||||
Set<String> scopes = authorizationRequest.getScopes();
|
||||
UriComponentsBuilder uriBuilder = UriComponentsBuilder
|
||||
|
|
@ -24,7 +24,6 @@ import org.springframework.mock.web.MockHttpServletResponse;
|
|||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
|
@ -78,7 +77,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
|
|||
|
||||
Mockito.verifyZeroInteractions(filterChain); // Request should not proceed up the chain
|
||||
|
||||
Assertions.assertThat(response.getRedirectedUrl()).isEqualTo(authorizationUri);
|
||||
Assertions.assertThat(response.getRedirectedUrl()).matches("https://accounts.google.com/o/oauth2/auth\\?response_type=code&client_id=google-client-id&scope=openid%20email%20profile&state=.{15,}&redirect_uri=https://localhost:8080/login/oauth2/code/google");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -117,21 +116,8 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
|
|||
|
||||
private OAuth2AuthorizationRequestRedirectFilter setupFilter(String authorizationUri,
|
||||
ClientRegistration... clientRegistrations) throws Exception {
|
||||
|
||||
AuthorizationRequestUriBuilder authorizationUriBuilder = Mockito.mock(AuthorizationRequestUriBuilder.class);
|
||||
URI authorizationURI = new URI(authorizationUri);
|
||||
Mockito.when(authorizationUriBuilder.build(Matchers.any(OAuth2AuthorizationRequest.class))).thenReturn(authorizationURI);
|
||||
|
||||
return setupFilter(authorizationUriBuilder, clientRegistrations);
|
||||
}
|
||||
|
||||
private OAuth2AuthorizationRequestRedirectFilter setupFilter(AuthorizationRequestUriBuilder authorizationUriBuilder,
|
||||
ClientRegistration... clientRegistrations) throws Exception {
|
||||
|
||||
ClientRegistrationRepository clientRegistrationRepository = TestUtil.clientRegistrationRepository(clientRegistrations);
|
||||
OAuth2AuthorizationRequestRedirectFilter filter = new OAuth2AuthorizationRequestRedirectFilter(clientRegistrationRepository);
|
||||
filter.setAuthorizationRequestUriBuilder(authorizationUriBuilder);
|
||||
|
||||
return filter;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,9 +14,10 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.oauth2.client.endpoint;
|
||||
package org.springframework.security.oauth2.client.web;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestUriBuilder;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
|
||||
import java.net.URI;
|
||||
Loading…
Reference in New Issue