diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeGrantConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeGrantConfigurer.java index 2ec052bad7..27e609d6bd 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeGrantConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeGrantConfigurer.java @@ -65,7 +65,7 @@ public class AuthorizationCodeGrantConfigurer> // ***** Authorization Request members private AuthorizationCodeRequestRedirectFilter authorizationRequestFilter; - private RequestMatcher authorizationRequestMatcher; + private String authorizationRequestBaseUri = AuthorizationCodeRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI; private AuthorizationRequestUriBuilder authorizationRequestBuilder; private AuthorizationRequestRepository authorizationRequestRepository; @@ -80,9 +80,9 @@ public class AuthorizationCodeGrantConfigurer> private Map> customUserTypes = new HashMap<>(); private GrantedAuthoritiesMapper userAuthoritiesMapper; - public AuthorizationCodeGrantConfigurer authorizationRequestMatcher(RequestMatcher authorizationRequestMatcher) { - Assert.notNull(authorizationRequestMatcher, "authorizationRequestMatcher cannot be null"); - this.authorizationRequestMatcher = authorizationRequestMatcher; + public AuthorizationCodeGrantConfigurer authorizationRequestBaseUri(String authorizationRequestBaseUri) { + Assert.hasText(authorizationRequestBaseUri, "authorizationRequestBaseUri cannot be empty"); + this.authorizationRequestBaseUri = authorizationRequestBaseUri; return this; } @@ -183,10 +183,7 @@ public class AuthorizationCodeGrantConfigurer> // // -> AuthorizationCodeRequestRedirectFilter this.authorizationRequestFilter = new AuthorizationCodeRequestRedirectFilter( - this.getClientRegistrationRepository()); - if (this.authorizationRequestMatcher != null) { - this.authorizationRequestFilter.setAuthorizationRequestMatcher(this.authorizationRequestMatcher); - } + this.authorizationRequestBaseUri, this.getClientRegistrationRepository()); if (this.authorizationRequestBuilder != null) { this.authorizationRequestFilter.setAuthorizationUriBuilder(this.authorizationRequestBuilder); } @@ -221,8 +218,8 @@ public class AuthorizationCodeGrantConfigurer> return this.authorizationRequestFilter; } - RequestMatcher getAuthorizationRequestMatcher() { - return this.authorizationRequestMatcher; + String getAuthorizationRequestBaseUri() { + return this.authorizationRequestBaseUri; } AuthorizationCodeAuthenticationFilter getAuthorizationResponseFilter() { diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java index c5efaf35b4..88f02aeb40 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java @@ -28,14 +28,12 @@ import org.springframework.security.oauth2.client.registration.InMemoryClientReg import org.springframework.security.oauth2.client.token.SecurityTokenRepository; import org.springframework.security.oauth2.client.user.OAuth2UserService; import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationFilter; -import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter; import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger; import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository; import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder; import org.springframework.security.oauth2.core.AccessToken; import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; @@ -44,8 +42,6 @@ import java.util.Arrays; import java.util.HashMap; import java.util.Map; -import static org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter.REGISTRATION_ID_URI_VARIABLE_NAME; - /** * A security configurer for OAuth 2.0 / OpenID Connect 1.0 login. * @@ -85,9 +81,9 @@ public final class OAuth2LoginConfigurer> exten private AuthorizationEndpointConfig() { } - public AuthorizationEndpointConfig requestMatcher(RequestMatcher authorizationRequestMatcher) { - Assert.notNull(authorizationRequestMatcher, "authorizationRequestMatcher cannot be null"); - authorizationCodeGrantConfigurer.authorizationRequestMatcher(authorizationRequestMatcher); + public AuthorizationEndpointConfig baseUri(String authorizationRequestBaseUri) { + Assert.hasText(authorizationRequestBaseUri, "authorizationRequestBaseUri cannot be empty"); + authorizationCodeGrantConfigurer.authorizationRequestBaseUri(authorizationRequestBaseUri); return this; } @@ -247,24 +243,10 @@ public final class OAuth2LoginConfigurer> exten return; } - String authorizationRequestBaseUri; - RequestMatcher authorizationRequestMatcher = authorizationCodeGrantConfigurer.getAuthorizationRequestMatcher(); - if (authorizationRequestMatcher != null && AntPathRequestMatcher.class.isAssignableFrom(authorizationRequestMatcher.getClass())) { - String authorizationRequestPattern = ((AntPathRequestMatcher)authorizationRequestMatcher).getPattern(); - String registrationIdTemplateVariable = "{" + REGISTRATION_ID_URI_VARIABLE_NAME + "}"; - if (authorizationRequestPattern.endsWith(registrationIdTemplateVariable)) { - authorizationRequestBaseUri = authorizationRequestPattern.substring( - 0, authorizationRequestPattern.length() - registrationIdTemplateVariable.length() - 1); - } else { - authorizationRequestBaseUri = authorizationRequestPattern; - } - } else { - authorizationRequestBaseUri = AuthorizationCodeRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI; - } - Map authenticationUrlToClientName = new HashMap<>(); clientRegistrations.forEach(registration -> authenticationUrlToClientName.put( - authorizationRequestBaseUri + "/" + registration.getRegistrationId(), registration.getClientName())); + authorizationCodeGrantConfigurer.getAuthorizationRequestBaseUri() + "/" + registration.getRegistrationId(), + registration.getClientName())); loginPageGeneratingFilter.setOauth2LoginEnabled(true); loginPageGeneratingFilter.setOauth2AuthenticationUrlToClientName(authenticationUrlToClientName); loginPageGeneratingFilter.setLoginPageUrl(this.getLoginPage()); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeRequestRedirectFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeRequestRedirectFilter.java index 34f9dec58e..4662902163 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeRequestRedirectFilter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeRequestRedirectFilter.java @@ -64,8 +64,7 @@ import java.util.Map; public class AuthorizationCodeRequestRedirectFilter extends OncePerRequestFilter { public static final String DEFAULT_AUTHORIZATION_REQUEST_BASE_URI = "/oauth2/authorization/code"; public static final String REGISTRATION_ID_URI_VARIABLE_NAME = "registrationId"; - public static final String DEFAULT_AUTHORIZATION_REQUEST_URI = DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/{" + REGISTRATION_ID_URI_VARIABLE_NAME + "}"; - private RequestMatcher authorizationRequestMatcher = new AntPathRequestMatcher(DEFAULT_AUTHORIZATION_REQUEST_URI); + private final RequestMatcher authorizationRequestMatcher; private final ClientRegistrationRepository clientRegistrationRepository; private AuthorizationRequestUriBuilder authorizationUriBuilder = new DefaultAuthorizationRequestUriBuilder(); private final RedirectStrategy authorizationRedirectStrategy = new DefaultRedirectStrategy(); @@ -73,15 +72,17 @@ public class AuthorizationCodeRequestRedirectFilter extends OncePerRequestFilter private AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository(); public AuthorizationCodeRequestRedirectFilter(ClientRegistrationRepository clientRegistrationRepository) { - Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null"); - this.clientRegistrationRepository = clientRegistrationRepository; + this(DEFAULT_AUTHORIZATION_REQUEST_BASE_URI, clientRegistrationRepository); } - public final void setAuthorizationRequestMatcher(RequestMatcher authorizationRequestMatcher) { - Assert.notNull(authorizationRequestMatcher, "authorizationRequestMatcher cannot be null"); - Assert.isInstanceOf(RequestVariablesExtractor.class, authorizationRequestMatcher, - "authorizationRequestMatcher must also be a " + RequestVariablesExtractor.class.getName()); - this.authorizationRequestMatcher = authorizationRequestMatcher; + public AuthorizationCodeRequestRedirectFilter( + String authorizationRequestBaseUri, ClientRegistrationRepository clientRegistrationRepository) { + + Assert.hasText(authorizationRequestBaseUri, "authorizationRequestBaseUri cannot be empty"); + Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null"); + this.authorizationRequestMatcher = new AntPathRequestMatcher( + authorizationRequestBaseUri + "/{" + REGISTRATION_ID_URI_VARIABLE_NAME + "}"); + this.clientRegistrationRepository = clientRegistrationRepository; } public final void setAuthorizationUriBuilder(AuthorizationRequestUriBuilder authorizationUriBuilder) {