Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove AuthorizationCodeRequestRedirectFilter. setAuthorizationRequestMatcher

This commit is contained in:
Joe Grandja 2017-10-10 05:59:25 -04:00
parent 6b16fa0d8c
commit efa4bf409c
3 changed files with 22 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeGrantConfigurer.java
View File

@ -65,7 +65,7 @@ public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>>
// ***** Authorization Request members // ***** Authorization Request members
private AuthorizationCodeRequestRedirectFilter authorizationRequestFilter; private AuthorizationCodeRequestRedirectFilter authorizationRequestFilter;
private RequestMatcher authorizationRequestMatcher; private String authorizationRequestBaseUri = AuthorizationCodeRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI;
private AuthorizationRequestUriBuilder authorizationRequestBuilder; private AuthorizationRequestUriBuilder authorizationRequestBuilder;
private AuthorizationRequestRepository authorizationRequestRepository; private AuthorizationRequestRepository authorizationRequestRepository;
@ -80,9 +80,9 @@ public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>>
private Map<URI, Class<? extends OAuth2User>> customUserTypes = new HashMap<>(); private Map<URI, Class<? extends OAuth2User>> customUserTypes = new HashMap<>();
private GrantedAuthoritiesMapper userAuthoritiesMapper; private GrantedAuthoritiesMapper userAuthoritiesMapper;
public AuthorizationCodeGrantConfigurer<B> authorizationRequestMatcher(RequestMatcher authorizationRequestMatcher) { public AuthorizationCodeGrantConfigurer<B> authorizationRequestBaseUri(String authorizationRequestBaseUri) {
Assert.notNull(authorizationRequestMatcher, "authorizationRequestMatcher cannot be null"); Assert.hasText(authorizationRequestBaseUri, "authorizationRequestBaseUri cannot be empty");
this.authorizationRequestMatcher = authorizationRequestMatcher; this.authorizationRequestBaseUri = authorizationRequestBaseUri;
return this; return this;
} }
@ -183,10 +183,7 @@ public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>>
// //
// -> AuthorizationCodeRequestRedirectFilter // -> AuthorizationCodeRequestRedirectFilter
this.authorizationRequestFilter = new AuthorizationCodeRequestRedirectFilter( this.authorizationRequestFilter = new AuthorizationCodeRequestRedirectFilter(
this.getClientRegistrationRepository()); this.authorizationRequestBaseUri, this.getClientRegistrationRepository());
if (this.authorizationRequestMatcher != null) {
this.authorizationRequestFilter.setAuthorizationRequestMatcher(this.authorizationRequestMatcher);
}
if (this.authorizationRequestBuilder != null) { if (this.authorizationRequestBuilder != null) {
this.authorizationRequestFilter.setAuthorizationUriBuilder(this.authorizationRequestBuilder); this.authorizationRequestFilter.setAuthorizationUriBuilder(this.authorizationRequestBuilder);
} }
@ -221,8 +218,8 @@ public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>>
return this.authorizationRequestFilter; return this.authorizationRequestFilter;
} }
RequestMatcher getAuthorizationRequestMatcher() { String getAuthorizationRequestBaseUri() {
return this.authorizationRequestMatcher; return this.authorizationRequestBaseUri;
} }
AuthorizationCodeAuthenticationFilter getAuthorizationResponseFilter() { AuthorizationCodeAuthenticationFilter getAuthorizationResponseFilter() {

28
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
View File

@ -28,14 +28,12 @@ import org.springframework.security.oauth2.client.registration.InMemoryClientReg
import org.springframework.security.oauth2.client.token.SecurityTokenRepository; import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
import org.springframework.security.oauth2.client.user.OAuth2UserService; import org.springframework.security.oauth2.client.user.OAuth2UserService;
import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationFilter; import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationFilter;
import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter;
import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger; import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository; import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder; import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder;
import org.springframework.security.oauth2.core.AccessToken; import org.springframework.security.oauth2.core.AccessToken;
import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter; import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert; import org.springframework.util.Assert;
@ -44,8 +42,6 @@ import java.util.Arrays;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import static org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter.REGISTRATION_ID_URI_VARIABLE_NAME;
/** /**
* A security configurer for OAuth 2.0 / OpenID Connect 1.0 login. * A security configurer for OAuth 2.0 / OpenID Connect 1.0 login.
* *
@ -85,9 +81,9 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
private AuthorizationEndpointConfig() { private AuthorizationEndpointConfig() {
} }
public AuthorizationEndpointConfig requestMatcher(RequestMatcher authorizationRequestMatcher) { public AuthorizationEndpointConfig baseUri(String authorizationRequestBaseUri) {
Assert.notNull(authorizationRequestMatcher, "authorizationRequestMatcher cannot be null"); Assert.hasText(authorizationRequestBaseUri, "authorizationRequestBaseUri cannot be empty");
authorizationCodeGrantConfigurer.authorizationRequestMatcher(authorizationRequestMatcher); authorizationCodeGrantConfigurer.authorizationRequestBaseUri(authorizationRequestBaseUri);
return this; return this;
} }
@ -247,24 +243,10 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
return; return;
} }
String authorizationRequestBaseUri;
RequestMatcher authorizationRequestMatcher = authorizationCodeGrantConfigurer.getAuthorizationRequestMatcher();
if (authorizationRequestMatcher != null && AntPathRequestMatcher.class.isAssignableFrom(authorizationRequestMatcher.getClass())) {
String authorizationRequestPattern = ((AntPathRequestMatcher)authorizationRequestMatcher).getPattern();
String registrationIdTemplateVariable = "{" + REGISTRATION_ID_URI_VARIABLE_NAME + "}";
if (authorizationRequestPattern.endsWith(registrationIdTemplateVariable)) {
authorizationRequestBaseUri = authorizationRequestPattern.substring(
0, authorizationRequestPattern.length() - registrationIdTemplateVariable.length() - 1);
} else {
authorizationRequestBaseUri = authorizationRequestPattern;
}
} else {
authorizationRequestBaseUri = AuthorizationCodeRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI;
}
Map<String, String> authenticationUrlToClientName = new HashMap<>(); Map<String, String> authenticationUrlToClientName = new HashMap<>();
clientRegistrations.forEach(registration -> authenticationUrlToClientName.put( clientRegistrations.forEach(registration -> authenticationUrlToClientName.put(
authorizationRequestBaseUri + "/" + registration.getRegistrationId(), registration.getClientName())); authorizationCodeGrantConfigurer.getAuthorizationRequestBaseUri() + "/" + registration.getRegistrationId(),
registration.getClientName()));
loginPageGeneratingFilter.setOauth2LoginEnabled(true); loginPageGeneratingFilter.setOauth2LoginEnabled(true);
loginPageGeneratingFilter.setOauth2AuthenticationUrlToClientName(authenticationUrlToClientName); loginPageGeneratingFilter.setOauth2AuthenticationUrlToClientName(authenticationUrlToClientName);
loginPageGeneratingFilter.setLoginPageUrl(this.getLoginPage()); loginPageGeneratingFilter.setLoginPageUrl(this.getLoginPage());

19
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeRequestRedirectFilter.java
View File

@ -64,8 +64,7 @@ import java.util.Map;
public class AuthorizationCodeRequestRedirectFilter extends OncePerRequestFilter { public class AuthorizationCodeRequestRedirectFilter extends OncePerRequestFilter {
public static final String DEFAULT_AUTHORIZATION_REQUEST_BASE_URI = "/oauth2/authorization/code"; public static final String DEFAULT_AUTHORIZATION_REQUEST_BASE_URI = "/oauth2/authorization/code";
public static final String REGISTRATION_ID_URI_VARIABLE_NAME = "registrationId"; public static final String REGISTRATION_ID_URI_VARIABLE_NAME = "registrationId";
public static final String DEFAULT_AUTHORIZATION_REQUEST_URI = DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/{" + REGISTRATION_ID_URI_VARIABLE_NAME + "}"; private final RequestMatcher authorizationRequestMatcher;
private RequestMatcher authorizationRequestMatcher = new AntPathRequestMatcher(DEFAULT_AUTHORIZATION_REQUEST_URI);
private final ClientRegistrationRepository clientRegistrationRepository; private final ClientRegistrationRepository clientRegistrationRepository;
private AuthorizationRequestUriBuilder authorizationUriBuilder = new DefaultAuthorizationRequestUriBuilder(); private AuthorizationRequestUriBuilder authorizationUriBuilder = new DefaultAuthorizationRequestUriBuilder();
private final RedirectStrategy authorizationRedirectStrategy = new DefaultRedirectStrategy(); private final RedirectStrategy authorizationRedirectStrategy = new DefaultRedirectStrategy();
@ -73,15 +72,17 @@ public class AuthorizationCodeRequestRedirectFilter extends OncePerRequestFilter
private AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository(); private AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository();
public AuthorizationCodeRequestRedirectFilter(ClientRegistrationRepository clientRegistrationRepository) { public AuthorizationCodeRequestRedirectFilter(ClientRegistrationRepository clientRegistrationRepository) {
Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null"); this(DEFAULT_AUTHORIZATION_REQUEST_BASE_URI, clientRegistrationRepository);
this.clientRegistrationRepository = clientRegistrationRepository;
} }
public final void setAuthorizationRequestMatcher(RequestMatcher authorizationRequestMatcher) { public AuthorizationCodeRequestRedirectFilter(
Assert.notNull(authorizationRequestMatcher, "authorizationRequestMatcher cannot be null"); String authorizationRequestBaseUri, ClientRegistrationRepository clientRegistrationRepository) {
Assert.isInstanceOf(RequestVariablesExtractor.class, authorizationRequestMatcher,
"authorizationRequestMatcher must also be a " + RequestVariablesExtractor.class.getName()); Assert.hasText(authorizationRequestBaseUri, "authorizationRequestBaseUri cannot be empty");
this.authorizationRequestMatcher = authorizationRequestMatcher; Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
this.authorizationRequestMatcher = new AntPathRequestMatcher(
authorizationRequestBaseUri + "/{" + REGISTRATION_ID_URI_VARIABLE_NAME + "}");
this.clientRegistrationRepository = clientRegistrationRepository;
} }
public final void setAuthorizationUriBuilder(AuthorizationRequestUriBuilder authorizationUriBuilder) { public final void setAuthorizationUriBuilder(AuthorizationRequestUriBuilder authorizationUriBuilder) {