Add AuthorizationExchange

Fixes gh-4660
2025-05-31 09:12:14 +00:00 · 2017-10-20 17:13:47 -04:00 · 2017-10-20 17:13:47 -04:00 · c94b3f4d23
commit c94b3f4d23
parent eb2b573426
6 changed files with 72 additions and 24 deletions
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java
@ -65,14 +65,17 @@ public class AuthorizationCodeAuthenticationProvider implements AuthenticationPr
 		// Section 3.1.2.1 Authentication Request - http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
 		// scope
 		// 		REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
-		if (authorizationCodeAuthentication.getAuthorizationRequest().getScopes().contains("openid")) {
+		if (authorizationCodeAuthentication.getAuthorizationExchange()
 			.getAuthorizationRequest().getScopes().contains("openid")) {
 			// This is an OpenID Connect Authentication Request so return null
 			// and let OidcAuthorizationCodeAuthenticationProvider handle it instead
 			return null;
 		}
-		AuthorizationRequest authorizationRequest = authorizationCodeAuthentication.getAuthorizationRequest();
+		AuthorizationRequest authorizationRequest = authorizationCodeAuthentication
-		AuthorizationResponse authorizationResponse = authorizationCodeAuthentication.getAuthorizationResponse();
+			.getAuthorizationExchange().getAuthorizationRequest();
 		AuthorizationResponse authorizationResponse = authorizationCodeAuthentication
 			.getAuthorizationExchange().getAuthorizationResponse();
 		if (authorizationResponse.statusError()) {
 			throw new OAuth2AuthenticationException(
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationToken.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationToken.java
@ -17,6 +17,7 @@ package org.springframework.security.oauth2.client.authentication;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.endpoint.AuthorizationExchange;
 import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.AuthorizationResponse;
 import org.springframework.util.Assert;
@ -35,20 +36,16 @@ import org.springframework.util.Assert;
 */
 public class AuthorizationCodeAuthenticationToken extends AuthorizationGrantAuthenticationToken {
 	private final ClientRegistration clientRegistration;
-	private final AuthorizationRequest authorizationRequest;
+	private final AuthorizationExchange authorizationExchange;
 	private final AuthorizationResponse authorizationResponse;
 	public AuthorizationCodeAuthenticationToken(ClientRegistration clientRegistration,
-												AuthorizationRequest authorizationRequest,
+												AuthorizationExchange authorizationExchange) {
 												AuthorizationResponse authorizationResponse) {
 		super(AuthorizationGrantType.AUTHORIZATION_CODE);
 		Assert.notNull(clientRegistration, "clientRegistration cannot be null");
-		Assert.notNull(authorizationRequest, "authorizationRequest cannot be null");
+		Assert.notNull(authorizationExchange, "authorizationExchange cannot be null");
 		Assert.notNull(authorizationResponse, "authorizationResponse cannot be null");
 		this.clientRegistration = clientRegistration;
-		this.authorizationRequest = authorizationRequest;
+		this.authorizationExchange = authorizationExchange;
 		this.authorizationResponse = authorizationResponse;
 		this.setAuthenticated(false);
 	}
@ -66,11 +63,7 @@ public class AuthorizationCodeAuthenticationToken extends AuthorizationGrantAuth
 		return this.clientRegistration;
 	}
-	public AuthorizationRequest getAuthorizationRequest() {
+	public AuthorizationExchange getAuthorizationExchange() {
-		return this.authorizationRequest;
+		return this.authorizationExchange;
 	}
 	public AuthorizationResponse getAuthorizationResponse() {
 		return this.authorizationResponse;
 	}
 }
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/NimbusAuthorizationCodeTokenExchanger.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/NimbusAuthorizationCodeTokenExchanger.java
@ -75,7 +75,7 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant
 		// Build the authorization code grant request for the token endpoint
 		AuthorizationCode authorizationCode = new AuthorizationCode(
-			authorizationCodeAuthentication.getAuthorizationResponse().getCode());
+			authorizationCodeAuthentication.getAuthorizationExchange().getAuthorizationResponse().getCode());
 		URI redirectUri = toURI(clientRegistration.getRedirectUri());
 		AuthorizationGrant authorizationCodeGrant = new AuthorizationCodeGrant(authorizationCode, redirectUri);
 		URI tokenUri = toURI(clientRegistration.getProviderDetails().getTokenUri());
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationFilter.java
@ -26,6 +26,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.OAuth2ErrorCode;
 import org.springframework.security.oauth2.core.endpoint.AuthorizationExchange;
 import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.AuthorizationResponse;
 import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
@ -124,7 +125,7 @@ public class AuthorizationCodeAuthenticationFilter extends AbstractAuthenticatio
 			.build();
 		AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = new AuthorizationCodeAuthenticationToken(
-				clientRegistration, authorizationRequest, authorizationResponse);
+				clientRegistration, new AuthorizationExchange(authorizationRequest, authorizationResponse));
 		authorizationCodeAuthentication.setDetails(this.authenticationDetailsSource.buildDetails(request));
 		OAuth2ClientAuthenticationToken clientAuthentication =
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/oidc/client/authentication/OidcAuthorizationCodeAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/oidc/client/authentication/OidcAuthorizationCodeAuthenticationProvider.java
@ -18,8 +18,6 @@ package org.springframework.security.oauth2.oidc.client.authentication;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
 import org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
@ -32,6 +30,8 @@ import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.AuthorizationResponse;
 import org.springframework.security.oauth2.core.endpoint.TokenResponse;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.oidc.core.IdToken;
 import org.springframework.security.oauth2.oidc.core.OidcScope;
 import org.springframework.security.oauth2.oidc.core.endpoint.OidcParameter;
@ -79,14 +79,17 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 		// Section 3.1.2.1 Authentication Request - http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
 		// scope
 		// 		REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
-		if (!authorizationCodeAuthentication.getAuthorizationRequest().getScopes().contains(OidcScope.OPENID)) {
+		if (!authorizationCodeAuthentication.getAuthorizationExchange()
 			.getAuthorizationRequest().getScopes().contains(OidcScope.OPENID)) {
 			// This is NOT an OpenID Connect Authentication Request so return null
 			// and let AuthorizationCodeAuthenticationProvider handle it instead
 			return null;
 		}
-		AuthorizationRequest authorizationRequest = authorizationCodeAuthentication.getAuthorizationRequest();
+		AuthorizationRequest authorizationRequest = authorizationCodeAuthentication
-		AuthorizationResponse authorizationResponse = authorizationCodeAuthentication.getAuthorizationResponse();
+			.getAuthorizationExchange().getAuthorizationRequest();
 		AuthorizationResponse authorizationResponse = authorizationCodeAuthentication
 			.getAuthorizationExchange().getAuthorizationResponse();
 		if (authorizationResponse.statusError()) {
 			throw new OAuth2AuthenticationException(
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationExchange.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationExchange.java
@ -0,0 +1,48 @@
 /*
 * Copyright 2002-2017 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.springframework.security.oauth2.core.endpoint;
 import org.springframework.util.Assert;
 /**
 * An &quot;<i>exchange</i>&quot; of an <i>OAuth 2.0 Authorization Request and Response</i>
 * for the authorization code grant type.
 *
 * @author Joe Grandja
 * @since 5.0
 * @see AuthorizationRequest
 * @see AuthorizationResponse
 */
 public final class AuthorizationExchange {
 	private final AuthorizationRequest authorizationRequest;
 	private final AuthorizationResponse authorizationResponse;
 	public AuthorizationExchange(AuthorizationRequest authorizationRequest,
 									AuthorizationResponse authorizationResponse) {
 		Assert.notNull(authorizationRequest, "authorizationRequest cannot be null");
 		Assert.notNull(authorizationResponse, "authorizationResponse cannot be null");
 		this.authorizationRequest = authorizationRequest;
 		this.authorizationResponse = authorizationResponse;
 	}
 	public AuthorizationRequest getAuthorizationRequest() {
 		return this.authorizationRequest;
 	}
 	public AuthorizationResponse getAuthorizationResponse() {
 		return this.authorizationResponse;
 	}
 }