mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-29 07:12:32 +00:00
Polish ServerAuthenticationConverter
Update changes for ServerAuthenticationConverter to be passive. Issue: gh-5338
This commit is contained in:
Rob Winch
parent
b6afe66d32
commit
e3eaa99ad0
@ -485,7 +485,7 @@ public class ServerHttpSecurity {
|
|||||||
|
|
||||||
AuthenticationWebFilter authenticationFilter = new AuthenticationWebFilter(manager);
|
AuthenticationWebFilter authenticationFilter = new AuthenticationWebFilter(manager);
|
||||||
authenticationFilter.setRequiresAuthenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/login/oauth2/code/{registrationId}"));
|
authenticationFilter.setRequiresAuthenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/login/oauth2/code/{registrationId}"));
|
||||||
authenticationFilter.setAuthenticationConverter(new ServerOAuth2LoginAuthenticationTokenConverter(clientRegistrationRepository));
|
authenticationFilter.setServerAuthenticationConverter(new ServerOAuth2LoginAuthenticationTokenConverter(clientRegistrationRepository));
|
||||||
|
|
||||||
RedirectServerAuthenticationSuccessHandler redirectHandler = new RedirectServerAuthenticationSuccessHandler();
|
RedirectServerAuthenticationSuccessHandler redirectHandler = new RedirectServerAuthenticationSuccessHandler();
|
||||||
|
|
||||||
@ -651,7 +651,7 @@ public class ServerHttpSecurity {
|
|||||||
JwtReactiveAuthenticationManager authenticationManager = new JwtReactiveAuthenticationManager(
|
JwtReactiveAuthenticationManager authenticationManager = new JwtReactiveAuthenticationManager(
|
||||||
this.jwtDecoder);
|
this.jwtDecoder);
|
||||||
AuthenticationWebFilter oauth2 = new AuthenticationWebFilter(authenticationManager);
|
AuthenticationWebFilter oauth2 = new AuthenticationWebFilter(authenticationManager);
|
||||||
oauth2.setAuthenticationConverter(new ServerBearerTokenAuthenticationConverter());
|
oauth2.setServerAuthenticationConverter(new ServerBearerTokenAuthenticationConverter());
|
||||||
oauth2.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint));
|
oauth2.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint));
|
||||||
http
|
http
|
||||||
.exceptionHandling()
|
.exceptionHandling()
|
||||||
|
|||||||
@ -38,9 +38,10 @@ import reactor.core.publisher.Mono;
|
|||||||
* converter does not validate any errors it only performs a conversion.
|
* converter does not validate any errors it only performs a conversion.
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 5.1
|
* @since 5.1
|
||||||
* @see org.springframework.security.web.server.authentication.AuthenticationWebFilter#setAuthenticationConverter(ServerAuthenticationConverter)
|
* @see org.springframework.security.web.server.authentication.AuthenticationWebFilter#setServerAuthenticationConverter(ServerAuthenticationConverter)
|
||||||
*/
|
*/
|
||||||
public class ServerOAuth2LoginAuthenticationTokenConverter implements ServerAuthenticationConverter {
|
public class ServerOAuth2LoginAuthenticationTokenConverter
|
||||||
|
implements ServerAuthenticationConverter {
|
||||||
|
|
||||||
static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found";
|
static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found";
|
||||||
|
|
||||||
|
|||||||
@ -102,7 +102,8 @@ public class ServerOAuth2LoginAuthenticationTokenConverterTest {
|
|||||||
|
|
||||||
assertThatThrownBy(() -> applyConverter())
|
assertThatThrownBy(() -> applyConverter())
|
||||||
.isInstanceOf(OAuth2AuthenticationException.class)
|
.isInstanceOf(OAuth2AuthenticationException.class)
|
||||||
.hasMessageContaining(ServerOAuth2LoginAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
|
.hasMessageContaining(
|
||||||
|
ServerOAuth2LoginAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@ -112,7 +113,8 @@ public class ServerOAuth2LoginAuthenticationTokenConverterTest {
|
|||||||
|
|
||||||
assertThatThrownBy(() -> applyConverter())
|
assertThatThrownBy(() -> applyConverter())
|
||||||
.isInstanceOf(OAuth2AuthenticationException.class)
|
.isInstanceOf(OAuth2AuthenticationException.class)
|
||||||
.hasMessageContaining(ServerOAuth2LoginAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
|
.hasMessageContaining(
|
||||||
|
ServerOAuth2LoginAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|||||||
@ -41,7 +41,8 @@ import java.util.regex.Pattern;
|
|||||||
* @since 5.1
|
* @since 5.1
|
||||||
* @see <a href="https://tools.ietf.org/html/rfc6750#section-2" target="_blank">RFC 6750 Section 2: Authenticated Requests</a>
|
* @see <a href="https://tools.ietf.org/html/rfc6750#section-2" target="_blank">RFC 6750 Section 2: Authenticated Requests</a>
|
||||||
*/
|
*/
|
||||||
public class ServerBearerTokenAuthenticationConverter implements ServerAuthenticationConverter {
|
public class ServerBearerTokenAuthenticationConverter
|
||||||
|
implements ServerAuthenticationConverter {
|
||||||
private static final Pattern authorizationPattern = Pattern.compile("^Bearer (?<token>[a-zA-Z0-9-._~+/]+)=*$");
|
private static final Pattern authorizationPattern = Pattern.compile("^Bearer (?<token>[a-zA-Z0-9-._~+/]+)=*$");
|
||||||
|
|
||||||
private boolean allowUriQueryParameter = false;
|
private boolean allowUriQueryParameter = false;
|
||||||
|
|||||||
@ -24,6 +24,8 @@ import org.springframework.security.core.Authentication;
|
|||||||
import org.springframework.util.MultiValueMap;
|
import org.springframework.util.MultiValueMap;
|
||||||
import org.springframework.web.server.ServerWebExchange;
|
import org.springframework.web.server.ServerWebExchange;
|
||||||
|
|
||||||
|
import java.util.function.Function;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Converts a ServerWebExchange into a UsernamePasswordAuthenticationToken from the form
|
* Converts a ServerWebExchange into a UsernamePasswordAuthenticationToken from the form
|
||||||
* data HTTP parameters.
|
* data HTTP parameters.
|
||||||
@ -31,7 +33,9 @@ import org.springframework.web.server.ServerWebExchange;
|
|||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*/
|
*/
|
||||||
public class ServerFormLoginAuthenticationConverter implements ServerAuthenticationConverter {
|
public class ServerFormLoginAuthenticationConverter implements
|
||||||
|
ServerAuthenticationConverter,
|
||||||
|
Function<ServerWebExchange, Mono<Authentication>> {
|
||||||
|
|
||||||
private String usernameParameter = "username";
|
private String usernameParameter = "username";
|
||||||
|
|
||||||
@ -43,6 +47,18 @@ public class ServerFormLoginAuthenticationConverter implements ServerAuthenticat
|
|||||||
.map( data -> createAuthentication(data));
|
.map( data -> createAuthentication(data));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Alias for {@link #convert(ServerWebExchange)}
|
||||||
|
* @param exchange the {@link ServerWebExchange} to use
|
||||||
|
* @return the {@link Authentication}
|
||||||
|
* @deprecated Use {@link #convert(ServerWebExchange)}
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
@Deprecated
|
||||||
|
public Mono<Authentication> apply(ServerWebExchange exchange) {
|
||||||
|
return convert(exchange);
|
||||||
|
}
|
||||||
|
|
||||||
private UsernamePasswordAuthenticationToken createAuthentication(
|
private UsernamePasswordAuthenticationToken createAuthentication(
|
||||||
MultiValueMap<String, String> data) {
|
MultiValueMap<String, String> data) {
|
||||||
String username = data.getFirst(this.usernameParameter);
|
String username = data.getFirst(this.usernameParameter);
|
||||||
|
|||||||
@ -16,6 +16,7 @@
|
|||||||
package org.springframework.security.web.server;
|
package org.springframework.security.web.server;
|
||||||
|
|
||||||
import java.util.Base64;
|
import java.util.Base64;
|
||||||
|
import java.util.function.Function;
|
||||||
|
|
||||||
import org.springframework.http.HttpHeaders;
|
import org.springframework.http.HttpHeaders;
|
||||||
import org.springframework.http.server.reactive.ServerHttpRequest;
|
import org.springframework.http.server.reactive.ServerHttpRequest;
|
||||||
@ -32,7 +33,9 @@ import reactor.core.publisher.Mono;
|
|||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*/
|
*/
|
||||||
public class ServerHttpBasicAuthenticationConverter implements ServerAuthenticationConverter {
|
public class ServerHttpBasicAuthenticationConverter implements
|
||||||
|
ServerAuthenticationConverter,
|
||||||
|
Function<ServerWebExchange, Mono<Authentication>> {
|
||||||
|
|
||||||
public static final String BASIC = "Basic ";
|
public static final String BASIC = "Basic ";
|
||||||
|
|
||||||
@ -61,6 +64,18 @@ public class ServerHttpBasicAuthenticationConverter implements ServerAuthenticat
|
|||||||
return Mono.just(new UsernamePasswordAuthenticationToken(username, password));
|
return Mono.just(new UsernamePasswordAuthenticationToken(username, password));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Alias for {@link #convert(ServerWebExchange)}
|
||||||
|
* @param exchange the {@link ServerWebExchange} to use
|
||||||
|
* @return the {@link Authentication}
|
||||||
|
* @deprecated Use {@link #convert(ServerWebExchange)}
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
@Deprecated
|
||||||
|
public Mono<Authentication> apply(ServerWebExchange exchange) {
|
||||||
|
return convert(exchange);
|
||||||
|
}
|
||||||
|
|
||||||
private byte[] base64Decode(String value) {
|
private byte[] base64Decode(String value) {
|
||||||
try {
|
try {
|
||||||
return Base64.getDecoder().decode(value);
|
return Base64.getDecoder().decode(value);
|
||||||
|
|||||||
@ -138,13 +138,13 @@ public class AuthenticationWebFilter implements WebFilter {
|
|||||||
* that no authentication attempt should be made. The default converter is
|
* that no authentication attempt should be made. The default converter is
|
||||||
* {@link ServerHttpBasicAuthenticationConverter}
|
* {@link ServerHttpBasicAuthenticationConverter}
|
||||||
* @param authenticationConverter the converter to use
|
* @param authenticationConverter the converter to use
|
||||||
* @deprecated As of 5.1 in favor of {@link #setAuthenticationConverter(ServerAuthenticationConverter)}
|
* @deprecated As of 5.1 in favor of {@link #setServerAuthenticationConverter(ServerAuthenticationConverter)}
|
||||||
* @see #setAuthenticationConverter(ServerAuthenticationConverter)
|
* @see #setServerAuthenticationConverter(ServerAuthenticationConverter)
|
||||||
*/
|
*/
|
||||||
@Deprecated
|
@Deprecated
|
||||||
public void setAuthenticationConverter(Function<ServerWebExchange, Mono<Authentication>> authenticationConverter) {
|
public void setAuthenticationConverter(Function<ServerWebExchange, Mono<Authentication>> authenticationConverter) {
|
||||||
Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
|
Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
|
||||||
setAuthenticationConverter((ServerAuthenticationConverter) authenticationConverter);
|
setServerAuthenticationConverter(authenticationConverter::apply);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -155,7 +155,8 @@ public class AuthenticationWebFilter implements WebFilter {
|
|||||||
* @param authenticationConverter the converter to use
|
* @param authenticationConverter the converter to use
|
||||||
* @since 5.1
|
* @since 5.1
|
||||||
*/
|
*/
|
||||||
public void setAuthenticationConverter(ServerAuthenticationConverter authenticationConverter) {
|
public void setServerAuthenticationConverter(
|
||||||
|
ServerAuthenticationConverter authenticationConverter) {
|
||||||
Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
|
Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
|
||||||
this.authenticationConverter = authenticationConverter;
|
this.authenticationConverter = authenticationConverter;
|
||||||
}
|
}
|
||||||
@ -172,7 +173,7 @@ public class AuthenticationWebFilter implements WebFilter {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Sets the matcher used to determine when creating an {@link Authentication} from
|
* Sets the matcher used to determine when creating an {@link Authentication} from
|
||||||
* {@link #setAuthenticationConverter(ServerAuthenticationConverter)} to be authentication. If the converter returns an empty
|
* {@link #setServerAuthenticationConverter(ServerAuthenticationConverter)} to be authentication. If the converter returns an empty
|
||||||
* result, then no authentication is attempted. The default is any request
|
* result, then no authentication is attempted. The default is any request
|
||||||
* @param requiresAuthenticationMatcher the matcher to use. Cannot be null.
|
* @param requiresAuthenticationMatcher the matcher to use. Cannot be null.
|
||||||
*/
|
*/
|
||||||
|
|||||||
@ -61,7 +61,7 @@ public class AuthenticationWebFilterTests {
|
|||||||
public void setup() {
|
public void setup() {
|
||||||
this.filter = new AuthenticationWebFilter(this.authenticationManager);
|
this.filter = new AuthenticationWebFilter(this.authenticationManager);
|
||||||
this.filter.setAuthenticationSuccessHandler(this.successHandler);
|
this.filter.setAuthenticationSuccessHandler(this.successHandler);
|
||||||
this.filter.setAuthenticationConverter(this.authenticationConverter);
|
this.filter.setServerAuthenticationConverter(this.authenticationConverter);
|
||||||
this.filter.setSecurityContextRepository(this.securityContextRepository);
|
this.filter.setSecurityContextRepository(this.securityContextRepository);
|
||||||
this.filter.setAuthenticationFailureHandler(this.failureHandler);
|
this.filter.setAuthenticationFailureHandler(this.failureHandler);
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user