Remove ClientRegistrationIdentifierStrategy

Fixes gh-4648
This commit is contained in:
Joe Grandja 2017-10-19 13:40:06 -04:00
parent f3756cdd07
commit a980e3b0d7
3 changed files with 20 additions and 61 deletions

View File

@ -23,7 +23,6 @@ import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMap
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationIdentifierStrategy;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.util.Assert;
@ -48,7 +47,6 @@ import java.util.Collection;
* @see OAuth2User
*/
public class OAuth2UserAuthenticationProvider implements AuthenticationProvider {
private final ClientRegistrationIdentifierStrategy<String> providerIdentifierStrategy = new ProviderIdentifierStrategy();
private final OAuth2UserService userService;
private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
@ -115,23 +113,19 @@ public class OAuth2UserAuthenticationProvider implements AuthenticationProvider
OAuth2UserAuthenticationToken currentUserAuthentication =
(OAuth2UserAuthenticationToken)SecurityContextHolder.getContext().getAuthentication();
String userProviderId = this.providerIdentifierStrategy.getIdentifier(
String userProviderId = this.getProviderIdentifier(
currentUserAuthentication.getClientAuthentication().getClientRegistration());
String clientProviderId = this.providerIdentifierStrategy.getIdentifier(
String clientProviderId = this.getProviderIdentifier(
clientAuthentication.getClientRegistration());
return userProviderId.equals(clientProviderId);
}
private static class ProviderIdentifierStrategy implements ClientRegistrationIdentifierStrategy<String> {
@Override
public String getIdentifier(ClientRegistration clientRegistration) {
StringBuilder builder = new StringBuilder();
builder.append("[").append(clientRegistration.getProviderDetails().getAuthorizationUri()).append("]");
builder.append("[").append(clientRegistration.getProviderDetails().getTokenUri()).append("]");
builder.append("[").append(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri()).append("]");
return builder.toString();
}
private String getProviderIdentifier(ClientRegistration clientRegistration) {
StringBuilder builder = new StringBuilder();
builder.append("[").append(clientRegistration.getProviderDetails().getAuthorizationUri()).append("]");
builder.append("[").append(clientRegistration.getProviderDetails().getTokenUri()).append("]");
builder.append("[").append(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri()).append("]");
return builder.toString();
}
}

View File

@ -1,29 +0,0 @@
/*
* Copyright 2012-2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.oauth2.client.registration;
/**
* A strategy for obtaining a unique identifier for a {@link ClientRegistration}.
*
* @author Joe Grandja
* @since 5.0
* @see ClientRegistration
*/
public interface ClientRegistrationIdentifierStrategy<T> {
T getIdentifier(ClientRegistration clientRegistration);
}

View File

@ -16,7 +16,6 @@
package org.springframework.security.oauth2.client.token;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationIdentifierStrategy;
import org.springframework.security.oauth2.core.AccessToken;
import org.springframework.util.Assert;
@ -35,26 +34,25 @@ import java.util.concurrent.ConcurrentHashMap;
* @see ClientRegistration
*/
public final class InMemoryAccessTokenRepository implements SecurityTokenRepository<AccessToken> {
private final ClientRegistrationIdentifierStrategy<String> identifierStrategy = new AuthorizedClientIdentifierStrategy();
private final Map<String, AccessToken> accessTokens = new ConcurrentHashMap<>();
@Override
public AccessToken loadSecurityToken(ClientRegistration registration) {
Assert.notNull(registration, "registration cannot be null");
return this.accessTokens.get(this.identifierStrategy.getIdentifier(registration));
return this.accessTokens.get(this.getClientIdentifier(registration));
}
@Override
public void saveSecurityToken(AccessToken accessToken, ClientRegistration registration) {
Assert.notNull(accessToken, "accessToken cannot be null");
Assert.notNull(registration, "registration cannot be null");
this.accessTokens.put(this.identifierStrategy.getIdentifier(registration), accessToken);
this.accessTokens.put(this.getClientIdentifier(registration), accessToken);
}
@Override
public void removeSecurityToken(ClientRegistration registration) {
Assert.notNull(registration, "registration cannot be null");
this.accessTokens.remove(this.identifierStrategy.getIdentifier(registration));
this.accessTokens.remove(this.getClientIdentifier(registration));
}
/**
@ -63,22 +61,18 @@ public final class InMemoryAccessTokenRepository implements SecurityTokenReposit
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request</a>
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-5.1">Section 5.1 Access Token Response</a>
*/
private static class AuthorizedClientIdentifierStrategy implements ClientRegistrationIdentifierStrategy<String> {
private String getClientIdentifier(ClientRegistration clientRegistration) {
StringBuilder builder = new StringBuilder();
@Override
public String getIdentifier(ClientRegistration clientRegistration) {
StringBuilder builder = new StringBuilder();
// Access Token Request attributes
builder.append("[").append(clientRegistration.getAuthorizationGrantType().getValue()).append("]");
builder.append("[").append(clientRegistration.getRedirectUri()).append("]");
builder.append("[").append(clientRegistration.getClientId()).append("]");
// Access Token Request attributes
builder.append("[").append(clientRegistration.getAuthorizationGrantType().getValue()).append("]");
builder.append("[").append(clientRegistration.getRedirectUri()).append("]");
builder.append("[").append(clientRegistration.getClientId()).append("]");
// Access Token Response attributes
builder.append("[").append(clientRegistration.getScopes().toString()).append("]");
// Access Token Response attributes
builder.append("[").append(clientRegistration.getScopes().toString()).append("]");
return Base64.getEncoder().encodeToString(builder.toString().getBytes());
}
return Base64.getEncoder().encodeToString(builder.toString().getBytes());
}
}