Joe Grandja
parent
b1d56b5821
commit
b471dd1c54
|
|
@ -34,7 +34,6 @@ import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
|
|||
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.token.OAuth2TokenRepository;
|
||||
import org.springframework.security.oauth2.client.userinfo.CustomUserTypesOAuth2UserService;
|
||||
import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
|
||||
import org.springframework.security.oauth2.client.userinfo.DelegatingOAuth2UserService;
|
||||
|
|
@ -43,7 +42,6 @@ import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
|
|||
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
|
||||
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
|
||||
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
|
|
@ -136,7 +134,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
|
|||
|
||||
public class TokenEndpointConfig {
|
||||
private AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger;
|
||||
private OAuth2TokenRepository<OAuth2AccessToken> accessTokenRepository;
|
||||
private JwtDecoderRegistry jwtDecoderRegistry;
|
||||
|
||||
private TokenEndpointConfig() {
|
||||
|
|
@ -150,12 +147,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
|
|||
return this;
|
||||
}
|
||||
|
||||
public TokenEndpointConfig accessTokenRepository(OAuth2TokenRepository<OAuth2AccessToken> accessTokenRepository) {
|
||||
Assert.notNull(accessTokenRepository, "accessTokenRepository cannot be null");
|
||||
this.accessTokenRepository = accessTokenRepository;
|
||||
return this;
|
||||
}
|
||||
|
||||
public TokenEndpointConfig jwtDecoderRegistry(JwtDecoderRegistry jwtDecoderRegistry) {
|
||||
Assert.notNull(jwtDecoderRegistry, "jwtDecoderRegistry cannot be null");
|
||||
this.jwtDecoderRegistry = jwtDecoderRegistry;
|
||||
|
|
@ -301,10 +292,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
|
|||
this.authorizationEndpointConfig.authorizationRequestRepository);
|
||||
}
|
||||
authorizationResponseFilter.setAuthorizedClientService(this.getAuthorizedClientService());
|
||||
if (this.tokenEndpointConfig.accessTokenRepository != null) {
|
||||
authorizationResponseFilter.setAccessTokenRepository(
|
||||
this.tokenEndpointConfig.accessTokenRepository);
|
||||
}
|
||||
super.configure(http);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,66 +0,0 @@
|
|||
/*
|
||||
* Copyright 2002-2017 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.token;
|
||||
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import java.util.Base64;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
|
||||
/**
|
||||
* An <i>in-memory</i> {@link OAuth2TokenRepository} for {@link OAuth2AccessToken}'s.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see OAuth2TokenRepository
|
||||
* @see OAuth2AccessToken
|
||||
* @see ClientRegistration
|
||||
* @see Authentication
|
||||
*/
|
||||
public final class InMemoryAccessTokenRepository implements OAuth2TokenRepository<OAuth2AccessToken> {
|
||||
private final Map<String, OAuth2AccessToken> accessTokens = new ConcurrentHashMap<>();
|
||||
|
||||
@Override
|
||||
public OAuth2AccessToken loadToken(ClientRegistration registration, Authentication principal) {
|
||||
Assert.notNull(registration, "registration cannot be null");
|
||||
Assert.notNull(principal, "principal cannot be null");
|
||||
return this.accessTokens.get(this.getIdentifier(registration, principal));
|
||||
}
|
||||
|
||||
@Override
|
||||
public void saveToken(OAuth2AccessToken accessToken, ClientRegistration registration, Authentication principal) {
|
||||
Assert.notNull(accessToken, "accessToken cannot be null");
|
||||
Assert.notNull(registration, "registration cannot be null");
|
||||
Assert.notNull(principal, "principal cannot be null");
|
||||
this.accessTokens.put(this.getIdentifier(registration, principal), accessToken);
|
||||
}
|
||||
|
||||
@Override
|
||||
public OAuth2AccessToken removeToken(ClientRegistration registration, Authentication principal) {
|
||||
Assert.notNull(registration, "registration cannot be null");
|
||||
Assert.notNull(principal, "principal cannot be null");
|
||||
return this.accessTokens.remove(this.getIdentifier(registration, principal));
|
||||
}
|
||||
|
||||
private String getIdentifier(ClientRegistration registration, Authentication principal) {
|
||||
String identifier = "[" + registration.getRegistrationId() + "][" + principal.getName() + "]";
|
||||
return Base64.getEncoder().encodeToString(identifier.getBytes());
|
||||
}
|
||||
}
|
||||
|
|
@ -1,42 +0,0 @@
|
|||
/*
|
||||
* Copyright 2002-2017 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.token;
|
||||
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.core.AbstractOAuth2Token;
|
||||
|
||||
/**
|
||||
* Implementations of this interface are responsible for the persistence
|
||||
* and association of an {@link AbstractOAuth2Token OAuth 2.0 Token}
|
||||
* to a {@link ClientRegistration Client} and <i>Resource Owner</i>,
|
||||
* which is the {@link Authentication Principal} who originally granted the authorization.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see AbstractOAuth2Token
|
||||
* @see ClientRegistration
|
||||
* @see Authentication
|
||||
*/
|
||||
public interface OAuth2TokenRepository<T extends AbstractOAuth2Token> {
|
||||
|
||||
T loadToken(ClientRegistration registration, Authentication principal);
|
||||
|
||||
void saveToken(T token, ClientRegistration registration, Authentication principal);
|
||||
|
||||
T removeToken(ClientRegistration registration, Authentication principal);
|
||||
|
||||
}
|
||||
|
|
@ -25,9 +25,6 @@ import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuth
|
|||
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.token.InMemoryAccessTokenRepository;
|
||||
import org.springframework.security.oauth2.client.token.OAuth2TokenRepository;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
|
||||
|
|
@ -76,7 +73,7 @@ import java.io.IOException;
|
|||
* @see AuthorizationRequestRepository
|
||||
* @see OAuth2AuthorizationRequestRedirectFilter
|
||||
* @see ClientRegistrationRepository
|
||||
* @see OAuth2TokenRepository
|
||||
* @see OAuth2AuthorizedClientService
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant</a>
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization Response</a>
|
||||
*/
|
||||
|
|
@ -87,7 +84,6 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
|
|||
private OAuth2AuthorizedClientService<OAuth2AuthorizedClient> authorizedClientService;
|
||||
private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository =
|
||||
new HttpSessionOAuth2AuthorizationRequestRepository();
|
||||
private OAuth2TokenRepository<OAuth2AccessToken> accessTokenRepository = new InMemoryAccessTokenRepository();
|
||||
|
||||
public OAuth2LoginAuthenticationFilter() {
|
||||
this(DEFAULT_FILTER_PROCESSES_URI);
|
||||
|
|
@ -144,11 +140,6 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
|
|||
this.authorizedClientService.saveAuthorizedClient(
|
||||
authorizedClient, oauth2Authentication);
|
||||
|
||||
this.accessTokenRepository.saveToken(
|
||||
authorizedClient.getAccessToken(),
|
||||
authorizedClient.getClientRegistration(),
|
||||
oauth2Authentication);
|
||||
|
||||
return oauth2Authentication;
|
||||
}
|
||||
|
||||
|
|
@ -167,11 +158,6 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
|
|||
this.authorizationRequestRepository = authorizationRequestRepository;
|
||||
}
|
||||
|
||||
public final void setAccessTokenRepository(OAuth2TokenRepository<OAuth2AccessToken> accessTokenRepository) {
|
||||
Assert.notNull(accessTokenRepository, "accessTokenRepository cannot be null");
|
||||
this.accessTokenRepository = accessTokenRepository;
|
||||
}
|
||||
|
||||
private OAuth2AuthorizationResponse convert(HttpServletRequest request) {
|
||||
String code = request.getParameter(OAuth2ParameterNames.CODE);
|
||||
String errorCode = request.getParameter(OAuth2ParameterNames.ERROR);
|
||||
|
|
|
|||
Loading…
Reference in New Issue