From b0597f45a818e7976107e5772df8f8a2f20465a9 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Wed, 19 Jun 2019 16:02:04 -0400 Subject: [PATCH] Revert OAuth2AuthorizationCodeGrantWebFilter works with /{action}/ Issue #5856 Commit 385bdfc055854581e9e9f671d11f86a978c27c42 NOTE: This commit 'partially' reverts #5856. Only the ServerWebExchangeMatcher for OAuth2LoginSpec is reverted. Fixes gh-6890 --- .../security/config/web/server/ServerHttpSecurity.java | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java index ec5f578ca6..ad194406e2 100644 --- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java @@ -54,7 +54,6 @@ import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.ReactiveAuthorizationManager; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.context.ReactiveSecurityContextHolder; import org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService; import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService; import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeReactiveAuthenticationManager; @@ -647,11 +646,7 @@ public class ServerHttpSecurity { } private ServerWebExchangeMatcher createAttemptAuthenticationRequestMatcher() { - PathPatternParserServerWebExchangeMatcher loginPathMatcher = new PathPatternParserServerWebExchangeMatcher("/login/oauth2/code/{registrationId}"); - ServerWebExchangeMatcher notAuthenticatedMatcher = e -> ReactiveSecurityContextHolder.getContext() - .flatMap(p -> ServerWebExchangeMatcher.MatchResult.notMatch()) - .switchIfEmpty(ServerWebExchangeMatcher.MatchResult.match()); - return new AndServerWebExchangeMatcher(loginPathMatcher, notAuthenticatedMatcher); + return new PathPatternParserServerWebExchangeMatcher("/login/oauth2/code/{registrationId}"); } private ReactiveOAuth2UserService getOidcUserService() {