Polish gh-4557
This commit is contained in:
Joe Grandja
parent
71a5c9521c
commit
ff8002eb2e
|
|
@ -139,12 +139,10 @@ final class AuthenticationConfigBuilder {
|
|||
private String openIDLoginPage;
|
||||
|
||||
private String oauth2LoginFilterId;
|
||||
private String oauth2AuthorizationRequestRedirectFilterId;
|
||||
private BeanDefinition oauth2AuthorizationRequestRedirectFilter;
|
||||
private BeanDefinition oauth2LoginEntryPoint;
|
||||
private BeanReference oauth2LoginAuthenticationProviderRef;
|
||||
private BeanReference oauth2LoginOidcAuthenticationProviderRef;
|
||||
|
||||
private BeanDefinition oauth2LoginLinks;
|
||||
|
||||
AuthenticationConfigBuilder(Element element, boolean forceAutoConfig,
|
||||
|
|
@ -247,43 +245,42 @@ final class AuthenticationConfigBuilder {
|
|||
|
||||
void createOAuth2LoginFilter(BeanReference sessionStrategy, BeanReference authManager) {
|
||||
Element oauth2LoginElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.OAUTH2_LOGIN);
|
||||
if (oauth2LoginElt != null) {
|
||||
OAuth2LoginBeanDefinitionParser parser = new OAuth2LoginBeanDefinitionParser(requestCache, portMapper,
|
||||
portResolver, sessionStrategy, allowSessionCreation);
|
||||
BeanDefinition oauth2LoginFilterBean = parser.parse(oauth2LoginElt, this.pc);
|
||||
oauth2LoginFilterBean.getPropertyValues().addPropertyValue("authenticationManager", authManager);
|
||||
|
||||
// retrieve the other bean result
|
||||
BeanDefinition oauth2LoginAuthProvider = parser.getOAuth2LoginAuthenticationProvider();
|
||||
oauth2AuthorizationRequestRedirectFilter = parser.getOAuth2AuthorizationRequestRedirectFilter();
|
||||
oauth2LoginEntryPoint = parser.getOAuth2LoginAuthenticationEntryPoint();
|
||||
|
||||
// generate bean name to be registered
|
||||
String oauth2LoginAuthenticationProviderId = pc.getReaderContext()
|
||||
.generateBeanName(oauth2LoginAuthProvider);
|
||||
oauth2LoginFilterId = pc.getReaderContext().generateBeanName(oauth2LoginFilterBean);
|
||||
oauth2AuthorizationRequestRedirectFilterId = pc.getReaderContext()
|
||||
.generateBeanName(oauth2AuthorizationRequestRedirectFilter);
|
||||
oauth2LoginLinks = parser.getOAuth2LoginLinks();
|
||||
|
||||
// register the component
|
||||
pc.registerBeanComponent(new BeanComponentDefinition(oauth2AuthorizationRequestRedirectFilter,
|
||||
oauth2AuthorizationRequestRedirectFilterId));
|
||||
pc.registerBeanComponent(new BeanComponentDefinition(oauth2LoginFilterBean, oauth2LoginFilterId));
|
||||
pc.registerBeanComponent(
|
||||
new BeanComponentDefinition(oauth2LoginAuthProvider, oauth2LoginAuthenticationProviderId));
|
||||
|
||||
oauth2LoginAuthenticationProviderRef = new RuntimeBeanReference(oauth2LoginAuthenticationProviderId);
|
||||
|
||||
// oidc provider
|
||||
BeanDefinition oauth2LoginOidcAuthProvider = parser.getOAuth2LoginOidcAuthenticationProvider();
|
||||
String oauth2LoginOidcAuthenticationProviderId = pc.getReaderContext()
|
||||
.generateBeanName(oauth2LoginOidcAuthProvider);
|
||||
pc.registerBeanComponent(
|
||||
new BeanComponentDefinition(oauth2LoginOidcAuthProvider, oauth2LoginOidcAuthenticationProviderId));
|
||||
oauth2LoginOidcAuthenticationProviderRef = new RuntimeBeanReference(
|
||||
oauth2LoginOidcAuthenticationProviderId);
|
||||
if (oauth2LoginElt == null) {
|
||||
return;
|
||||
}
|
||||
|
||||
OAuth2LoginBeanDefinitionParser parser = new OAuth2LoginBeanDefinitionParser(requestCache, portMapper,
|
||||
portResolver, sessionStrategy, allowSessionCreation);
|
||||
BeanDefinition oauth2LoginFilterBean = parser.parse(oauth2LoginElt, this.pc);
|
||||
oauth2LoginFilterBean.getPropertyValues().addPropertyValue("authenticationManager", authManager);
|
||||
|
||||
// retrieve the other bean result
|
||||
BeanDefinition oauth2LoginAuthProvider = parser.getOAuth2LoginAuthenticationProvider();
|
||||
oauth2AuthorizationRequestRedirectFilter = parser.getOAuth2AuthorizationRequestRedirectFilter();
|
||||
oauth2LoginEntryPoint = parser.getOAuth2LoginAuthenticationEntryPoint();
|
||||
|
||||
// generate bean name to be registered
|
||||
String oauth2LoginAuthProviderId = pc.getReaderContext()
|
||||
.generateBeanName(oauth2LoginAuthProvider);
|
||||
oauth2LoginFilterId = pc.getReaderContext().generateBeanName(oauth2LoginFilterBean);
|
||||
String oauth2AuthorizationRequestRedirectFilterId = pc.getReaderContext()
|
||||
.generateBeanName(oauth2AuthorizationRequestRedirectFilter);
|
||||
oauth2LoginLinks = parser.getOAuth2LoginLinks();
|
||||
|
||||
// register the component
|
||||
pc.registerBeanComponent(new BeanComponentDefinition(oauth2LoginFilterBean, oauth2LoginFilterId));
|
||||
pc.registerBeanComponent(new BeanComponentDefinition(
|
||||
oauth2AuthorizationRequestRedirectFilter, oauth2AuthorizationRequestRedirectFilterId));
|
||||
pc.registerBeanComponent(new BeanComponentDefinition(oauth2LoginAuthProvider, oauth2LoginAuthProviderId));
|
||||
|
||||
oauth2LoginAuthenticationProviderRef = new RuntimeBeanReference(oauth2LoginAuthProviderId);
|
||||
|
||||
// oidc provider
|
||||
BeanDefinition oauth2LoginOidcAuthProvider = parser.getOAuth2LoginOidcAuthenticationProvider();
|
||||
String oauth2LoginOidcAuthProviderId = pc.getReaderContext().generateBeanName(oauth2LoginOidcAuthProvider);
|
||||
pc.registerBeanComponent(new BeanComponentDefinition(
|
||||
oauth2LoginOidcAuthProvider, oauth2LoginOidcAuthProviderId));
|
||||
oauth2LoginOidcAuthenticationProviderRef = new RuntimeBeanReference(oauth2LoginOidcAuthProviderId);
|
||||
}
|
||||
|
||||
void createOpenIDLoginFilter(BeanReference sessionStrategy, BeanReference authManager) {
|
||||
|
|
@ -870,7 +867,7 @@ final class AuthenticationConfigBuilder {
|
|||
|
||||
if (oauth2LoginFilterId != null) {
|
||||
filters.add(new OrderDecorator(new RuntimeBeanReference(oauth2LoginFilterId), OAUTH2_LOGIN_FILTER));
|
||||
filters.add(new OrderDecorator(oauth2AuthorizationRequestRedirectFilter, OAUTH2_REDIRECT_FILTER));
|
||||
filters.add(new OrderDecorator(oauth2AuthorizationRequestRedirectFilter, OAUTH2_AUTHORIZATION_REQUEST_FILTER));
|
||||
}
|
||||
|
||||
if (openIDFilterId != null) {
|
||||
|
|
|
|||
|
|
@ -92,7 +92,7 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
|
|||
private static final String ATT_AUTHENTICATION_FAILURE_HANDLER_REF = "authentication-failure-handler-ref";
|
||||
private static final String ATT_JWT_DECODER_FACTORY_REF = "jwt-decoder-factory-ref";
|
||||
|
||||
private BeanReference requestCache;
|
||||
private final BeanReference requestCache;
|
||||
private final BeanReference portMapper;
|
||||
private final BeanReference portResolver;
|
||||
private final BeanReference sessionStrategy;
|
||||
|
|
@ -123,8 +123,8 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
|
|||
BeanDefinition oauth2LoginBeanConfig = BeanDefinitionBuilder.rootBeanDefinition(OAuth2LoginBeanConfig.class)
|
||||
.getBeanDefinition();
|
||||
String oauth2LoginBeanConfigId = parserContext.getReaderContext().generateBeanName(oauth2LoginBeanConfig);
|
||||
parserContext
|
||||
.registerBeanComponent(new BeanComponentDefinition(oauth2LoginBeanConfig, oauth2LoginBeanConfigId));
|
||||
parserContext.registerBeanComponent(
|
||||
new BeanComponentDefinition(oauth2LoginBeanConfig, oauth2LoginBeanConfigId));
|
||||
|
||||
// configure filter
|
||||
BeanMetadataElement clientRegistrationRepository = getClientRegistrationRepository(element);
|
||||
|
|
@ -132,12 +132,13 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
|
|||
clientRegistrationRepository);
|
||||
BeanMetadataElement accessTokenResponseClient = getAccessTokenResponseClient(element);
|
||||
BeanMetadataElement oauth2UserService = getOAuth2UserService(element);
|
||||
BeanMetadataElement oauth2AuthRequestRepository = getOAuth2AuthorizationRequestRepository(element);
|
||||
BeanMetadataElement authorizationRequestRepository = getAuthorizationRequestRepository(element);
|
||||
|
||||
BeanDefinitionBuilder oauth2LoginAuthenticationFilterBuilder = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(OAuth2LoginAuthenticationFilter.class)
|
||||
.addConstructorArgValue(clientRegistrationRepository).addConstructorArgValue(authorizedClientRepository)
|
||||
.addPropertyValue("authorizationRequestRepository", oauth2AuthRequestRepository);
|
||||
.addConstructorArgValue(clientRegistrationRepository)
|
||||
.addConstructorArgValue(authorizedClientRepository)
|
||||
.addPropertyValue("authorizationRequestRepository", authorizationRequestRepository);
|
||||
|
||||
if (sessionStrategy != null) {
|
||||
oauth2LoginAuthenticationFilterBuilder.addPropertyValue("sessionAuthenticationStrategy", sessionStrategy);
|
||||
|
|
@ -145,8 +146,8 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
Object source = parserContext.extractSource(element);
|
||||
String loginProcessingUrl = element.getAttribute(ATT_LOGIN_PROCESSING_URL);
|
||||
WebConfigUtils.validateHttpRedirect(loginProcessingUrl, parserContext, source);
|
||||
if (!StringUtils.isEmpty(loginProcessingUrl)) {
|
||||
WebConfigUtils.validateHttpRedirect(loginProcessingUrl, parserContext, source);
|
||||
oauth2LoginAuthenticationFilterBuilder.addConstructorArgValue(loginProcessingUrl);
|
||||
} else {
|
||||
oauth2LoginAuthenticationFilterBuilder
|
||||
|
|
@ -155,31 +156,32 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
BeanDefinitionBuilder oauth2LoginAuthenticationProviderBuilder = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(OAuth2LoginAuthenticationProvider.class)
|
||||
.addConstructorArgValue(accessTokenResponseClient).addConstructorArgValue(oauth2UserService);
|
||||
.addConstructorArgValue(accessTokenResponseClient)
|
||||
.addConstructorArgValue(oauth2UserService);
|
||||
|
||||
String oauth2UserAuthMapperRef = element.getAttribute(ATT_USER_AUTHORITIES_MAPPER_REF);
|
||||
if (!StringUtils.isEmpty(oauth2UserAuthMapperRef)) {
|
||||
oauth2LoginAuthenticationProviderBuilder.addPropertyReference("authoritiesMapper", oauth2UserAuthMapperRef);
|
||||
String userAuthoritiesMapperRef = element.getAttribute(ATT_USER_AUTHORITIES_MAPPER_REF);
|
||||
if (!StringUtils.isEmpty(userAuthoritiesMapperRef)) {
|
||||
oauth2LoginAuthenticationProviderBuilder.addPropertyReference("authoritiesMapper", userAuthoritiesMapperRef);
|
||||
}
|
||||
|
||||
oauth2LoginAuthenticationProvider = oauth2LoginAuthenticationProviderBuilder.getBeanDefinition();
|
||||
|
||||
oauth2LoginOidcAuthenticationProvider = getOAuth2OidcAuthProvider(element, accessTokenResponseClient,
|
||||
oauth2UserAuthMapperRef, parserContext);
|
||||
oauth2LoginOidcAuthenticationProvider = getOidcAuthProvider(
|
||||
element, accessTokenResponseClient, userAuthoritiesMapperRef);
|
||||
|
||||
BeanDefinitionBuilder oauth2AuthorizationRequestRedirectFilterBuilder = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(OAuth2AuthorizationRequestRedirectFilter.class);
|
||||
|
||||
String oauth2AuthorizationRequestResolverRef = element.getAttribute(ATT_AUTHORIZATION_REQUEST_RESOLVER_REF);
|
||||
if (!StringUtils.isEmpty(oauth2AuthorizationRequestResolverRef)) {
|
||||
String authorizationRequestResolverRef = element.getAttribute(ATT_AUTHORIZATION_REQUEST_RESOLVER_REF);
|
||||
if (!StringUtils.isEmpty(authorizationRequestResolverRef)) {
|
||||
oauth2AuthorizationRequestRedirectFilterBuilder
|
||||
.addConstructorArgReference(oauth2AuthorizationRequestResolverRef);
|
||||
.addConstructorArgReference(authorizationRequestResolverRef);
|
||||
} else {
|
||||
oauth2AuthorizationRequestRedirectFilterBuilder.addConstructorArgValue(clientRegistrationRepository);
|
||||
}
|
||||
|
||||
oauth2AuthorizationRequestRedirectFilterBuilder
|
||||
.addPropertyValue("authorizationRequestRepository", oauth2AuthRequestRepository)
|
||||
.addPropertyValue("authorizationRequestRepository", authorizationRequestRepository)
|
||||
.addPropertyValue("requestCache", requestCache);
|
||||
oauth2AuthorizationRequestRedirectFilter = oauth2AuthorizationRequestRedirectFilterBuilder.getBeanDefinition();
|
||||
|
||||
|
|
@ -187,21 +189,29 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
|
|||
if (!StringUtils.isEmpty(authenticationSuccessHandlerRef)) {
|
||||
oauth2LoginAuthenticationFilterBuilder.addPropertyReference("authenticationSuccessHandler",
|
||||
authenticationSuccessHandlerRef);
|
||||
} else {
|
||||
BeanDefinitionBuilder successHandlerBuilder = BeanDefinitionBuilder.rootBeanDefinition(
|
||||
"org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler")
|
||||
.addPropertyValue("requestCache", requestCache);
|
||||
oauth2LoginAuthenticationFilterBuilder.addPropertyValue("authenticationSuccessHandler",
|
||||
successHandlerBuilder.getBeanDefinition());
|
||||
}
|
||||
|
||||
String loginPage = element.getAttribute(ATT_LOGIN_PAGE);
|
||||
WebConfigUtils.validateHttpRedirect(loginPage, parserContext, source);
|
||||
if (!StringUtils.isEmpty(loginPage)) {
|
||||
WebConfigUtils.validateHttpRedirect(loginPage, parserContext, source);
|
||||
oauth2LoginAuthenticationEntryPoint = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class).addConstructorArgValue(loginPage)
|
||||
.addPropertyValue("portMapper", portMapper).addPropertyValue("portResolver", portResolver)
|
||||
.rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class)
|
||||
.addConstructorArgValue(loginPage)
|
||||
.addPropertyValue("portMapper", portMapper)
|
||||
.addPropertyValue("portResolver", portResolver)
|
||||
.getBeanDefinition();
|
||||
} else {
|
||||
Map<RequestMatcher, AuthenticationEntryPoint> entryPoint = getLoginEntryPoint(element, parserContext);
|
||||
|
||||
Map<RequestMatcher, AuthenticationEntryPoint> entryPoint = getLoginEntryPoint(element);
|
||||
if (entryPoint != null) {
|
||||
oauth2LoginAuthenticationEntryPoint = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(DelegatingAuthenticationEntryPoint.class).addConstructorArgValue(entryPoint)
|
||||
.rootBeanDefinition(DelegatingAuthenticationEntryPoint.class)
|
||||
.addConstructorArgValue(entryPoint)
|
||||
.addPropertyValue("defaultEntryPoint", new LoginUrlAuthenticationEntryPoint(DEFAULT_LOGIN_URI))
|
||||
.getBeanDefinition();
|
||||
}
|
||||
|
|
@ -217,7 +227,6 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
|
|||
failureHandlerBuilder.addConstructorArgValue(
|
||||
DEFAULT_LOGIN_URI + "?" + DefaultLoginPageGeneratingFilter.ERROR_PARAMETER_NAME);
|
||||
failureHandlerBuilder.addPropertyValue("allowSessionCreation", allowSessionCreation);
|
||||
|
||||
oauth2LoginAuthenticationFilterBuilder.addPropertyValue("authenticationFailureHandler",
|
||||
failureHandlerBuilder.getBeanDefinition());
|
||||
}
|
||||
|
|
@ -229,49 +238,45 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
|
|||
return oauth2LoginAuthenticationFilterBuilder.getBeanDefinition();
|
||||
}
|
||||
|
||||
private BeanMetadataElement getOAuth2AuthorizationRequestRepository(Element element) {
|
||||
BeanMetadataElement oauth2AuthRequestRepository = null;
|
||||
String oauth2AuthRequestRepositoryRef = element.getAttribute(ATT_AUTHORIZATION_REQUEST_REPOSITORY_REF);
|
||||
if (!StringUtils.isEmpty(oauth2AuthRequestRepositoryRef)) {
|
||||
oauth2AuthRequestRepository = new RuntimeBeanReference(oauth2AuthRequestRepositoryRef);
|
||||
private BeanMetadataElement getAuthorizationRequestRepository(Element element) {
|
||||
BeanMetadataElement authorizationRequestRepository;
|
||||
String authorizationRequestRepositoryRef = element.getAttribute(ATT_AUTHORIZATION_REQUEST_REPOSITORY_REF);
|
||||
if (!StringUtils.isEmpty(authorizationRequestRepositoryRef)) {
|
||||
authorizationRequestRepository = new RuntimeBeanReference(authorizationRequestRepositoryRef);
|
||||
} else {
|
||||
oauth2AuthRequestRepository = BeanDefinitionBuilder.rootBeanDefinition(
|
||||
authorizationRequestRepository = BeanDefinitionBuilder.rootBeanDefinition(
|
||||
"org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository")
|
||||
.getBeanDefinition();
|
||||
}
|
||||
return oauth2AuthRequestRepository;
|
||||
return authorizationRequestRepository;
|
||||
}
|
||||
|
||||
private BeanMetadataElement getAuthorizedClientRepository(Element element,
|
||||
BeanMetadataElement clientRegistrationRepository) {
|
||||
BeanMetadataElement authorizedClientRepository = null;
|
||||
|
||||
BeanMetadataElement authorizedClientRepository;
|
||||
String authorizedClientRepositoryRef = element.getAttribute(ATT_AUTHORIZED_CLIENT_REPOSITORY_REF);
|
||||
if (!StringUtils.isEmpty(authorizedClientRepositoryRef)) {
|
||||
authorizedClientRepository = new RuntimeBeanReference(authorizedClientRepositoryRef);
|
||||
} else {
|
||||
BeanMetadataElement oauth2AuthorizedClientService = null;
|
||||
BeanMetadataElement authorizedClientService;
|
||||
String authorizedClientServiceRef = element.getAttribute(ATT_AUTHORIZED_CLIENT_SERVICE_REF);
|
||||
if (!StringUtils.isEmpty(authorizedClientServiceRef)) {
|
||||
oauth2AuthorizedClientService = new RuntimeBeanReference(authorizedClientServiceRef);
|
||||
authorizedClientService = new RuntimeBeanReference(authorizedClientServiceRef);
|
||||
} else {
|
||||
oauth2AuthorizedClientService = BeanDefinitionBuilder
|
||||
authorizedClientService = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(
|
||||
"org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService")
|
||||
.addConstructorArgValue(clientRegistrationRepository).getBeanDefinition();
|
||||
}
|
||||
|
||||
authorizedClientRepository = BeanDefinitionBuilder.rootBeanDefinition(
|
||||
"org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository")
|
||||
.addConstructorArgValue(oauth2AuthorizedClientService).getBeanDefinition();
|
||||
.addConstructorArgValue(authorizedClientService).getBeanDefinition();
|
||||
}
|
||||
|
||||
return authorizedClientRepository;
|
||||
}
|
||||
|
||||
private BeanMetadataElement getClientRegistrationRepository(Element element) {
|
||||
BeanMetadataElement clientRegistrationRepository = null;
|
||||
|
||||
BeanMetadataElement clientRegistrationRepository;
|
||||
String clientRegistrationRepositoryRef = element.getAttribute(ATT_CLIENT_REGISTRATION_REPOSITORY_REF);
|
||||
if (!StringUtils.isEmpty(clientRegistrationRepositoryRef)) {
|
||||
clientRegistrationRepository = new RuntimeBeanReference(clientRegistrationRepositoryRef);
|
||||
|
|
@ -281,52 +286,49 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
|
|||
return clientRegistrationRepository;
|
||||
}
|
||||
|
||||
private BeanDefinition getOAuth2OidcAuthProvider(Element element, BeanMetadataElement accessTokenResponseClient,
|
||||
String oauth2UserAuthMapperRef, ParserContext parserContext) {
|
||||
BeanDefinition oauth2OidcAuthProvider = null;
|
||||
boolean oidcAuthenticationProviderEnabled = ClassUtils
|
||||
.isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
|
||||
private BeanDefinition getOidcAuthProvider(Element element,
|
||||
BeanMetadataElement accessTokenResponseClient, String userAuthoritiesMapperRef) {
|
||||
|
||||
if (oidcAuthenticationProviderEnabled) {
|
||||
BeanMetadataElement oidcUserService = getOAuth2OidcUserService(element);
|
||||
|
||||
BeanDefinitionBuilder oauth2OidcAuthProviderBuilder = BeanDefinitionBuilder.rootBeanDefinition(
|
||||
"org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider")
|
||||
.addConstructorArgValue(accessTokenResponseClient).addConstructorArgValue(oidcUserService);
|
||||
|
||||
if (!StringUtils.isEmpty(oauth2UserAuthMapperRef)) {
|
||||
oauth2OidcAuthProviderBuilder.addPropertyReference("authoritiesMapper", oauth2UserAuthMapperRef);
|
||||
}
|
||||
|
||||
String jwtDecoderFactoryRef = element.getAttribute(ATT_JWT_DECODER_FACTORY_REF);
|
||||
if (!StringUtils.isEmpty(jwtDecoderFactoryRef)) {
|
||||
oauth2OidcAuthProviderBuilder.addPropertyReference("jwtDecoderFactory", jwtDecoderFactoryRef);
|
||||
}
|
||||
|
||||
oauth2OidcAuthProvider = oauth2OidcAuthProviderBuilder.getBeanDefinition();
|
||||
} else {
|
||||
oauth2OidcAuthProvider = BeanDefinitionBuilder.rootBeanDefinition(OidcAuthenticationRequestChecker.class)
|
||||
.getBeanDefinition();
|
||||
boolean oidcAuthenticationProviderEnabled = ClassUtils.isPresent(
|
||||
"org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
|
||||
if (!oidcAuthenticationProviderEnabled) {
|
||||
return BeanDefinitionBuilder.rootBeanDefinition(OidcAuthenticationRequestChecker.class).getBeanDefinition();
|
||||
}
|
||||
|
||||
return oauth2OidcAuthProvider;
|
||||
BeanMetadataElement oidcUserService = getOidcUserService(element);
|
||||
|
||||
BeanDefinitionBuilder oidcAuthProviderBuilder = BeanDefinitionBuilder.rootBeanDefinition(
|
||||
"org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider")
|
||||
.addConstructorArgValue(accessTokenResponseClient)
|
||||
.addConstructorArgValue(oidcUserService);
|
||||
|
||||
if (!StringUtils.isEmpty(userAuthoritiesMapperRef)) {
|
||||
oidcAuthProviderBuilder.addPropertyReference("authoritiesMapper", userAuthoritiesMapperRef);
|
||||
}
|
||||
|
||||
String jwtDecoderFactoryRef = element.getAttribute(ATT_JWT_DECODER_FACTORY_REF);
|
||||
if (!StringUtils.isEmpty(jwtDecoderFactoryRef)) {
|
||||
oidcAuthProviderBuilder.addPropertyReference("jwtDecoderFactory", jwtDecoderFactoryRef);
|
||||
}
|
||||
|
||||
return oidcAuthProviderBuilder.getBeanDefinition();
|
||||
}
|
||||
|
||||
private BeanMetadataElement getOAuth2OidcUserService(Element element) {
|
||||
BeanMetadataElement oauth2OidcUserService = null;
|
||||
String oauth2UserServiceRef = element.getAttribute(ATT_OIDC_USER_SERVICE_REF);
|
||||
if (!StringUtils.isEmpty(oauth2UserServiceRef)) {
|
||||
oauth2OidcUserService = new RuntimeBeanReference(oauth2UserServiceRef);
|
||||
private BeanMetadataElement getOidcUserService(Element element) {
|
||||
BeanMetadataElement oidcUserService;
|
||||
String oidcUserServiceRef = element.getAttribute(ATT_OIDC_USER_SERVICE_REF);
|
||||
if (!StringUtils.isEmpty(oidcUserServiceRef)) {
|
||||
oidcUserService = new RuntimeBeanReference(oidcUserServiceRef);
|
||||
} else {
|
||||
oauth2OidcUserService = BeanDefinitionBuilder
|
||||
oidcUserService = BeanDefinitionBuilder
|
||||
.rootBeanDefinition("org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService")
|
||||
.getBeanDefinition();
|
||||
}
|
||||
return oauth2OidcUserService;
|
||||
return oidcUserService;
|
||||
}
|
||||
|
||||
private BeanMetadataElement getOAuth2UserService(Element element) {
|
||||
BeanMetadataElement oauth2UserService = null;
|
||||
BeanMetadataElement oauth2UserService;
|
||||
String oauth2UserServiceRef = element.getAttribute(ATT_USER_SERVICE_REF);
|
||||
if (!StringUtils.isEmpty(oauth2UserServiceRef)) {
|
||||
oauth2UserService = new RuntimeBeanReference(oauth2UserServiceRef);
|
||||
|
|
@ -339,8 +341,7 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
|
|||
}
|
||||
|
||||
private BeanMetadataElement getAccessTokenResponseClient(Element element) {
|
||||
BeanMetadataElement accessTokenResponseClient = null;
|
||||
|
||||
BeanMetadataElement accessTokenResponseClient;
|
||||
String accessTokenResponseClientRef = element.getAttribute(ATT_ACCESS_TOKEN_RESPONSE_CLIENT_REF);
|
||||
if (!StringUtils.isEmpty(accessTokenResponseClientRef)) {
|
||||
accessTokenResponseClient = new RuntimeBeanReference(accessTokenResponseClientRef);
|
||||
|
|
@ -372,15 +373,12 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
|
|||
return oauth2LoginLinks;
|
||||
}
|
||||
|
||||
private Map<RequestMatcher, AuthenticationEntryPoint> getLoginEntryPoint(Element element,
|
||||
ParserContext parserContext) {
|
||||
private Map<RequestMatcher, AuthenticationEntryPoint> getLoginEntryPoint(Element element) {
|
||||
Map<RequestMatcher, AuthenticationEntryPoint> entryPoints = null;
|
||||
Element clientRegsElt = DomUtils.getChildElementByTagName(element.getOwnerDocument().getDocumentElement(),
|
||||
Elements.CLIENT_REGISTRATIONS);
|
||||
|
||||
if (clientRegsElt != null) {
|
||||
List<Element> clientRegList = DomUtils.getChildElementsByTagName(clientRegsElt, ELT_CLIENT_REGISTRATION);
|
||||
|
||||
if (clientRegList.size() == 1) {
|
||||
RequestMatcher loginPageMatcher = new AntPathRequestMatcher(DEFAULT_LOGIN_URI);
|
||||
RequestMatcher faviconMatcher = new AntPathRequestMatcher("/favicon.ico");
|
||||
|
|
@ -397,24 +395,19 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
|
|||
new AndRequestMatcher(notXRequestedWith, new NegatedRequestMatcher(defaultLoginPageMatcher)),
|
||||
new LoginUrlAuthenticationEntryPoint(DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/"
|
||||
+ clientRegElt.getAttribute(ATT_REGISTRATION_ID)));
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
return entryPoints;
|
||||
}
|
||||
|
||||
private RequestMatcher getAuthenticationEntryPointMatcher() {
|
||||
ContentNegotiationStrategy contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
|
||||
|
||||
MediaTypeRequestMatcher mediaMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy,
|
||||
MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML,
|
||||
MediaType.TEXT_PLAIN);
|
||||
mediaMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
|
||||
|
||||
RequestMatcher notXRequestedWith = new NegatedRequestMatcher(
|
||||
new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
|
||||
|
||||
return new AndRequestMatcher(Arrays.asList(notXRequestedWith, mediaMatcher));
|
||||
}
|
||||
|
||||
|
|
@ -452,17 +445,17 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
|
|||
*/
|
||||
private static class OAuth2LoginBeanConfig implements ApplicationContextAware {
|
||||
|
||||
private ApplicationContext appContext;
|
||||
private ApplicationContext context;
|
||||
|
||||
@Override
|
||||
public void setApplicationContext(ApplicationContext appContext) throws BeansException {
|
||||
this.appContext = appContext;
|
||||
public void setApplicationContext(ApplicationContext context) throws BeansException {
|
||||
this.context = context;
|
||||
}
|
||||
|
||||
@SuppressWarnings({ "unchecked", "unused" })
|
||||
public Map<String, String> getLoginLinks() {
|
||||
Iterable<ClientRegistration> clientRegistrations = null;
|
||||
ClientRegistrationRepository clientRegistrationRepository = appContext
|
||||
ClientRegistrationRepository clientRegistrationRepository = context
|
||||
.getBean(ClientRegistrationRepository.class);
|
||||
ResolvableType type = ResolvableType.forInstance(clientRegistrationRepository).as(Iterable.class);
|
||||
if (type != ResolvableType.NONE && ClientRegistration.class.isAssignableFrom(type.resolveGenerics()[0])) {
|
||||
|
|
@ -480,6 +473,5 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
return loginUrlToClientName;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ enum SecurityFilters {
|
|||
HEADERS_FILTER, CORS_FILTER,
|
||||
CSRF_FILTER,
|
||||
LOGOUT_FILTER,
|
||||
OAUTH2_REDIRECT_FILTER,
|
||||
OAUTH2_AUTHORIZATION_REQUEST_FILTER,
|
||||
X509_FILTER,
|
||||
PRE_AUTH_FILTER,
|
||||
CAS_FILTER,
|
||||
|
|
|
|||
|
|
@ -15,14 +15,6 @@
|
|||
*/
|
||||
package org.springframework.security.config.oauth2.client;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.EnumSet;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
import java.util.Set;
|
||||
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.beans.factory.parsing.BeanComponentDefinition;
|
||||
import org.springframework.beans.factory.parsing.CompositeComponentDefinition;
|
||||
|
|
@ -39,6 +31,13 @@ import org.springframework.util.StringUtils;
|
|||
import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.EnumSet;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
|
||||
/**
|
||||
* @author Ruby Hartono
|
||||
* @since 5.3
|
||||
|
|
@ -70,85 +69,94 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
|
|||
parserContext.extractSource(element));
|
||||
parserContext.pushContainingComponent(compositeDef);
|
||||
|
||||
Map<String, Map<String, String>> providerDetailMap = getProviders(element);
|
||||
Map<String, Map<String, String>> providers = getProviders(element);
|
||||
List<ClientRegistration> clientRegistrations = getClientRegistrations(element, parserContext, providers);
|
||||
|
||||
List<ClientRegistration> clientRegs = getClientRegistrations(element, parserContext, providerDetailMap);
|
||||
|
||||
BeanDefinition inMemClientRegRepoBeanDef = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(InMemoryClientRegistrationRepository.class).addConstructorArgValue(clientRegs)
|
||||
BeanDefinition clientRegistrationRepositoryBean = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(InMemoryClientRegistrationRepository.class)
|
||||
.addConstructorArgValue(clientRegistrations)
|
||||
.getBeanDefinition();
|
||||
String beanName = parserContext.getReaderContext().generateBeanName(inMemClientRegRepoBeanDef);
|
||||
parserContext.registerBeanComponent(new BeanComponentDefinition(inMemClientRegRepoBeanDef, beanName));
|
||||
String clientRegistrationRepositoryId = parserContext.getReaderContext().generateBeanName(
|
||||
clientRegistrationRepositoryBean);
|
||||
parserContext.registerBeanComponent(new BeanComponentDefinition(
|
||||
clientRegistrationRepositoryBean, clientRegistrationRepositoryId));
|
||||
|
||||
parserContext.popAndRegisterContainingComponent();
|
||||
return null;
|
||||
}
|
||||
|
||||
private List<ClientRegistration> getClientRegistrations(Element element, ParserContext parserContext,
|
||||
Map<String, Map<String, String>> providerDetailMap) {
|
||||
List<Element> clientRegElts = DomUtils.getChildElementsByTagName(element, ELT_CLIENT_REGISTRATION);
|
||||
List<ClientRegistration> clientRegs = new ArrayList<>();
|
||||
Map<String, Map<String, String>> providers) {
|
||||
List<Element> clientRegistrationElts = DomUtils.getChildElementsByTagName(element, ELT_CLIENT_REGISTRATION);
|
||||
List<ClientRegistration> clientRegistrations = new ArrayList<>();
|
||||
|
||||
for (Element clientRegElt : clientRegElts) {
|
||||
String regId = clientRegElt.getAttribute(ATT_REGISTRATION_ID);
|
||||
String clientId = clientRegElt.getAttribute(ATT_CLIENT_ID);
|
||||
String clientSecret = clientRegElt.getAttribute(ATT_CLIENT_SECRET);
|
||||
String clientAuthMethod = clientRegElt.getAttribute(ATT_CLIENT_AUTHENTICATION_METHOD);
|
||||
String authGrantType = clientRegElt.getAttribute(ATT_AUTHORIZATION_GRANT_TYPE);
|
||||
String redirectUri = clientRegElt.getAttribute(ATT_REDIRECT_URI);
|
||||
String scope = clientRegElt.getAttribute(ATT_SCOPE);
|
||||
String clientName = clientRegElt.getAttribute(ATT_CLIENT_NAME);
|
||||
String providerId = clientRegElt.getAttribute(ATT_PROVIDER_ID);
|
||||
|
||||
Set<String> scopes = StringUtils.commaDelimitedListToSet(scope);
|
||||
ClientRegistration.Builder builder = getBuilderFromIssuerIfPossible(regId, providerId, providerDetailMap);
|
||||
for (Element clientRegistrationElt : clientRegistrationElts) {
|
||||
String registrationId = clientRegistrationElt.getAttribute(ATT_REGISTRATION_ID);
|
||||
String providerId = clientRegistrationElt.getAttribute(ATT_PROVIDER_ID);
|
||||
ClientRegistration.Builder builder = getBuilderFromIssuerIfPossible(registrationId, providerId, providers);
|
||||
if (builder == null) {
|
||||
builder = getBuilder(regId, providerId, providerDetailMap);
|
||||
builder = getBuilder(registrationId, providerId, providers);
|
||||
if (builder == null) {
|
||||
Object source = parserContext.extractSource(element);
|
||||
parserContext.getReaderContext().error(getErrorMessage(providerId, regId), source);
|
||||
parserContext.getReaderContext().error(getErrorMessage(providerId, registrationId), source);
|
||||
// error on the config skip to next element
|
||||
break;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
ClientRegistration clientReg = builder.clientId(clientId)
|
||||
.clientSecret(clientSecret)
|
||||
.clientAuthenticationMethod(new ClientAuthenticationMethod(clientAuthMethod))
|
||||
.authorizationGrantType(new AuthorizationGrantType(authGrantType))
|
||||
.redirectUriTemplate(redirectUri)
|
||||
.scope(scopes)
|
||||
.clientName(clientName)
|
||||
.build();
|
||||
clientRegs.add(clientReg);
|
||||
getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_CLIENT_ID))
|
||||
.ifPresent(builder::clientId);
|
||||
getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_CLIENT_SECRET))
|
||||
.ifPresent(builder::clientSecret);
|
||||
getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_CLIENT_AUTHENTICATION_METHOD))
|
||||
.map(ClientAuthenticationMethod::new)
|
||||
.ifPresent(builder::clientAuthenticationMethod);
|
||||
getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_AUTHORIZATION_GRANT_TYPE))
|
||||
.map(AuthorizationGrantType::new)
|
||||
.ifPresent(builder::authorizationGrantType);
|
||||
getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_REDIRECT_URI))
|
||||
.ifPresent(builder::redirectUriTemplate);
|
||||
getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_SCOPE))
|
||||
.map(StringUtils::commaDelimitedListToSet)
|
||||
.ifPresent(builder::scope);
|
||||
getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_CLIENT_NAME))
|
||||
.ifPresent(builder::clientName);
|
||||
clientRegistrations.add(builder.build());
|
||||
}
|
||||
return clientRegs;
|
||||
|
||||
return clientRegistrations;
|
||||
}
|
||||
|
||||
private Map<String, Map<String, String>> getProviders(Element element) {
|
||||
List<Element> providerRegElts = DomUtils.getChildElementsByTagName(element, ELT_PROVIDER);
|
||||
Map<String, Map<String, String>> providerDetailMap = new HashMap<>();
|
||||
for (Element providerRegElt : providerRegElts) {
|
||||
Map<String, String> detail = new HashMap<String, String>();
|
||||
String providerId = providerRegElt.getAttribute(ATT_PROVIDER_ID);
|
||||
detail.put(ATT_PROVIDER_ID, providerId);
|
||||
detail.put(ATT_AUTHORIZATION_URI, providerRegElt.getAttribute(ATT_AUTHORIZATION_URI));
|
||||
detail.put(ATT_TOKEN_URI, providerRegElt.getAttribute(ATT_TOKEN_URI));
|
||||
detail.put(ATT_USERINFO_URI, providerRegElt.getAttribute(ATT_USERINFO_URI));
|
||||
detail.put(ATT_USERINFO_AUTHENTICATION_METHOD,
|
||||
providerRegElt.getAttribute(ATT_USERINFO_AUTHENTICATION_METHOD));
|
||||
detail.put(ATT_USERNAME_ATTRIBUTE_NAME, providerRegElt.getAttribute(ATT_USERNAME_ATTRIBUTE_NAME));
|
||||
detail.put(ATT_JWKSET_URI, providerRegElt.getAttribute(ATT_JWKSET_URI));
|
||||
detail.put(ATT_ISSUER_URI, providerRegElt.getAttribute(ATT_ISSUER_URI));
|
||||
List<Element> providerElts = DomUtils.getChildElementsByTagName(element, ELT_PROVIDER);
|
||||
Map<String, Map<String, String>> providers = new HashMap<>();
|
||||
|
||||
providerDetailMap.put(providerId, detail);
|
||||
for (Element providerElt : providerElts) {
|
||||
Map<String, String> provider = new HashMap<>();
|
||||
String providerId = providerElt.getAttribute(ATT_PROVIDER_ID);
|
||||
provider.put(ATT_PROVIDER_ID, providerId);
|
||||
getOptionalIfNotEmpty(providerElt.getAttribute(ATT_AUTHORIZATION_URI))
|
||||
.ifPresent(value -> provider.put(ATT_AUTHORIZATION_URI, value));
|
||||
getOptionalIfNotEmpty(providerElt.getAttribute(ATT_TOKEN_URI))
|
||||
.ifPresent(value -> provider.put(ATT_TOKEN_URI, value));
|
||||
getOptionalIfNotEmpty(providerElt.getAttribute(ATT_USERINFO_URI))
|
||||
.ifPresent(value -> provider.put(ATT_USERINFO_URI, value));
|
||||
getOptionalIfNotEmpty(providerElt.getAttribute(ATT_USERINFO_AUTHENTICATION_METHOD))
|
||||
.ifPresent(value -> provider.put(ATT_USERINFO_AUTHENTICATION_METHOD, value));
|
||||
getOptionalIfNotEmpty(providerElt.getAttribute(ATT_USERNAME_ATTRIBUTE_NAME))
|
||||
.ifPresent(value -> provider.put(ATT_USERNAME_ATTRIBUTE_NAME, value));
|
||||
getOptionalIfNotEmpty(providerElt.getAttribute(ATT_JWKSET_URI))
|
||||
.ifPresent(value -> provider.put(ATT_JWKSET_URI, value));
|
||||
getOptionalIfNotEmpty(providerElt.getAttribute(ATT_ISSUER_URI))
|
||||
.ifPresent(value -> provider.put(ATT_ISSUER_URI, value));
|
||||
providers.put(providerId, provider);
|
||||
}
|
||||
return providerDetailMap;
|
||||
|
||||
return providers;
|
||||
}
|
||||
|
||||
private static ClientRegistration.Builder getBuilderFromIssuerIfPossible(String registrationId,
|
||||
String configuredProviderId, Map<String, Map<String, String>> providers) {
|
||||
String providerId = (configuredProviderId != null) ? configuredProviderId : registrationId;
|
||||
String providerId = configuredProviderId != null ? configuredProviderId : registrationId;
|
||||
if (providers.containsKey(providerId)) {
|
||||
Map<String, String> provider = providers.get(providerId);
|
||||
String issuer = provider.get(ATT_ISSUER_URI);
|
||||
|
|
@ -168,7 +176,7 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
|
|||
if (provider == null && !providers.containsKey(providerId)) {
|
||||
return null;
|
||||
}
|
||||
ClientRegistration.Builder builder = (provider != null) ? provider.getBuilder(registrationId)
|
||||
ClientRegistration.Builder builder = provider != null ? provider.getBuilder(registrationId)
|
||||
: ClientRegistration.withRegistrationId(registrationId);
|
||||
if (providers.containsKey(providerId)) {
|
||||
return getBuilder(builder, providers.get(providerId));
|
||||
|
|
@ -178,13 +186,19 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
|
|||
|
||||
private static ClientRegistration.Builder getBuilder(ClientRegistration.Builder builder,
|
||||
Map<String, String> provider) {
|
||||
getOptionalIfNotEmpty(provider.get(ATT_AUTHORIZATION_URI)).ifPresent(builder::authorizationUri);
|
||||
getOptionalIfNotEmpty(provider.get(ATT_TOKEN_URI)).ifPresent(builder::tokenUri);
|
||||
getOptionalIfNotEmpty(provider.get(ATT_USERINFO_URI)).ifPresent(builder::userInfoUri);
|
||||
getOptionalIfNotEmpty(provider.get(ATT_USERINFO_AUTHENTICATION_METHOD)).map(AuthenticationMethod::new)
|
||||
getOptionalIfNotEmpty(provider.get(ATT_AUTHORIZATION_URI))
|
||||
.ifPresent(builder::authorizationUri);
|
||||
getOptionalIfNotEmpty(provider.get(ATT_TOKEN_URI))
|
||||
.ifPresent(builder::tokenUri);
|
||||
getOptionalIfNotEmpty(provider.get(ATT_USERINFO_URI))
|
||||
.ifPresent(builder::userInfoUri);
|
||||
getOptionalIfNotEmpty(provider.get(ATT_USERINFO_AUTHENTICATION_METHOD))
|
||||
.map(AuthenticationMethod::new)
|
||||
.ifPresent(builder::userInfoAuthenticationMethod);
|
||||
getOptionalIfNotEmpty(provider.get(ATT_JWKSET_URI)).ifPresent(builder::jwkSetUri);
|
||||
getOptionalIfNotEmpty(provider.get(ATT_USERNAME_ATTRIBUTE_NAME)).ifPresent(builder::userNameAttributeName);
|
||||
getOptionalIfNotEmpty(provider.get(ATT_JWKSET_URI))
|
||||
.ifPresent(builder::jwkSetUri);
|
||||
getOptionalIfNotEmpty(provider.get(ATT_USERNAME_ATTRIBUTE_NAME))
|
||||
.ifPresent(builder::userNameAttributeName);
|
||||
return builder;
|
||||
}
|
||||
|
||||
|
|
@ -194,7 +208,7 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
|
|||
|
||||
private static CommonOAuth2Provider getCommonProvider(String providerId) {
|
||||
try {
|
||||
String value = providerId.toString().trim();
|
||||
String value = providerId.trim();
|
||||
if (value.isEmpty()) {
|
||||
return null;
|
||||
}
|
||||
|
|
@ -223,12 +237,12 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
|
|||
private static String getCanonicalName(String name) {
|
||||
StringBuilder canonicalName = new StringBuilder(name.length());
|
||||
name.chars().filter(Character::isLetterOrDigit).map(Character::toLowerCase)
|
||||
.forEach((c) -> canonicalName.append((char) c));
|
||||
.forEach(c -> canonicalName.append((char) c));
|
||||
return canonicalName.toString();
|
||||
}
|
||||
|
||||
private static String getErrorMessage(String configuredProviderId, String registrationId) {
|
||||
return ((configuredProviderId != null) ? "Unknown provider ID '" + configuredProviderId + "'"
|
||||
: "Provider ID must be specified for client registration '" + registrationId + "'");
|
||||
return configuredProviderId != null ? "Unknown provider ID '" + configuredProviderId + "'"
|
||||
: "Provider ID must be specified for client registration '" + registrationId + "'";
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -441,46 +441,46 @@ oauth2-login =
|
|||
## Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.
|
||||
element oauth2-login {oauth2-login.attlist}
|
||||
oauth2-login.attlist &=
|
||||
## Reference to ClientRegistrationRepository
|
||||
## Reference to the ClientRegistrationRepository
|
||||
attribute client-registration-repository-ref {xsd:token}?
|
||||
oauth2-login.attlist &=
|
||||
## Reference to OAuth2AuthorizedClientRepository
|
||||
## Reference to the OAuth2AuthorizedClientRepository
|
||||
attribute authorized-client-repository-ref {xsd:token}?
|
||||
oauth2-login.attlist &=
|
||||
## Reference to OAuth2AuthorizedClientService
|
||||
## Reference to the OAuth2AuthorizedClientService
|
||||
attribute authorized-client-service-ref {xsd:token}?
|
||||
oauth2-login.attlist &=
|
||||
## Reference to AuthorizationRequestRepository
|
||||
## Reference to the AuthorizationRequestRepository
|
||||
attribute authorization-request-repository-ref {xsd:token}?
|
||||
oauth2-login.attlist &=
|
||||
## Reference to OAuth2AuthorizationRequestResolver
|
||||
## Reference to the OAuth2AuthorizationRequestResolver
|
||||
attribute authorization-request-resolver-ref {xsd:token}?
|
||||
oauth2-login.attlist &=
|
||||
## Reference to OAuth2AccessTokenResponseClient
|
||||
## Reference to the OAuth2AccessTokenResponseClient
|
||||
attribute access-token-response-client-ref {xsd:token}?
|
||||
oauth2-login.attlist &=
|
||||
## Reference to GrantedAuthoritiesMapper
|
||||
## Reference to the GrantedAuthoritiesMapper
|
||||
attribute user-authorities-mapper-ref {xsd:token}?
|
||||
oauth2-login.attlist &=
|
||||
## Reference to OAuth2UserService
|
||||
## Reference to the OAuth2UserService
|
||||
attribute user-service-ref {xsd:token}?
|
||||
oauth2-login.attlist &=
|
||||
## Reference to OidcUserService
|
||||
## Reference to the OpenID Connect OAuth2UserService
|
||||
attribute oidc-user-service-ref {xsd:token}?
|
||||
oauth2-login.attlist &=
|
||||
## Specifies the URL to validate the credentials.
|
||||
## The URI where the filter processes authentication requests
|
||||
attribute login-processing-url {xsd:token}?
|
||||
oauth2-login.attlist &=
|
||||
## Specifies the URL to send users to if login is required
|
||||
## The URI to send users to login
|
||||
attribute login-page {xsd:token}?
|
||||
oauth2-login.attlist &=
|
||||
## Specifies authentication success handler
|
||||
## Reference to the AuthenticationSuccessHandler
|
||||
attribute authentication-success-handler-ref {xsd:token}?
|
||||
oauth2-login.attlist &=
|
||||
## Specifies authentication failure handler
|
||||
## Reference to the AuthenticationFailureHandler
|
||||
attribute authentication-failure-handler-ref {xsd:token}?
|
||||
oauth2-login.attlist &=
|
||||
## Specifies JWT decoder factory for OidcAuthorizationCodeAuthenticationProvider
|
||||
## Reference to the JwtDecoderFactory used by OidcAuthorizationCodeAuthenticationProvider
|
||||
attribute jwt-decoder-factory-ref {xsd:token}?
|
||||
|
||||
client-registrations =
|
||||
|
|
@ -504,7 +504,7 @@ client-registration.attlist &=
|
|||
attribute client-authentication-method {"basic" | "post" | "none"}?
|
||||
client-registration.attlist &=
|
||||
## The OAuth 2.0 Authorization Framework defines four Authorization Grant types. The supported values are authorization_code, client_credentials, password and implicit.
|
||||
attribute authorization-grant-type {"authorization_code" | "client_credentials" | "password" | "implicit"}
|
||||
attribute authorization-grant-type {"authorization_code" | "client_credentials" | "password" | "implicit"}?
|
||||
client-registration.attlist &=
|
||||
## The client’s registered redirect URI that the Authorization Server redirects the end-user’s user-agent to after the end-user has authenticated and authorized access to the client.
|
||||
attribute redirect-uri {xsd:token}?
|
||||
|
|
@ -1024,4 +1024,4 @@ position =
|
|||
## The explicit position at which the custom-filter should be placed in the chain. Use if you are replacing a standard filter.
|
||||
attribute position {named-security-filter}
|
||||
|
||||
named-security-filter = "FIRST" | "CHANNEL_FILTER" | "SECURITY_CONTEXT_FILTER" | "CONCURRENT_SESSION_FILTER" | "WEB_ASYNC_MANAGER_FILTER" | "HEADERS_FILTER" | "CORS_FILTER" | "CSRF_FILTER" | "LOGOUT_FILTER" | "OAUTH2_REDIRECT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_FILTER" | "OAUTH2_LOGIN_FILTER" | "FORM_LOGIN_FILTER" | "OPENID_FILTER" | "LOGIN_PAGE_FILTER" |"LOGOUT_PAGE_FILTER" | "DIGEST_AUTH_FILTER" | "BEARER_TOKEN_AUTH_FILTER" | "BASIC_AUTH_FILTER" | "REQUEST_CACHE_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "JAAS_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "SESSION_MANAGEMENT_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER" | "LAST"
|
||||
named-security-filter = "FIRST" | "CHANNEL_FILTER" | "SECURITY_CONTEXT_FILTER" | "CONCURRENT_SESSION_FILTER" | "WEB_ASYNC_MANAGER_FILTER" | "HEADERS_FILTER" | "CORS_FILTER" | "CSRF_FILTER" | "LOGOUT_FILTER" | "OAUTH2_AUTHORIZATION_REQUEST_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_FILTER" | "OAUTH2_LOGIN_FILTER" | "FORM_LOGIN_FILTER" | "OPENID_FILTER" | "LOGIN_PAGE_FILTER" |"LOGOUT_PAGE_FILTER" | "DIGEST_AUTH_FILTER" | "BEARER_TOKEN_AUTH_FILTER" | "BASIC_AUTH_FILTER" | "REQUEST_CACHE_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "JAAS_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "SESSION_MANAGEMENT_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER" | "LAST"
|
||||
|
|
|
|||
|
|
@ -1463,85 +1463,85 @@
|
|||
<xs:attributeGroup name="oauth2-login.attlist">
|
||||
<xs:attribute name="client-registration-repository-ref" type="xs:token">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Reference to ClientRegistrationRepository
|
||||
<xs:documentation>Reference to the ClientRegistrationRepository
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="authorized-client-repository-ref" type="xs:token">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Reference to OAuth2AuthorizedClientRepository
|
||||
<xs:documentation>Reference to the OAuth2AuthorizedClientRepository
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="authorized-client-service-ref" type="xs:token">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Reference to OAuth2AuthorizedClientService
|
||||
<xs:documentation>Reference to the OAuth2AuthorizedClientService
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="authorization-request-repository-ref" type="xs:token">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Reference to AuthorizationRequestRepository
|
||||
<xs:documentation>Reference to the AuthorizationRequestRepository
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="authorization-request-resolver-ref" type="xs:token">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Reference to OAuth2AuthorizationRequestResolver
|
||||
<xs:documentation>Reference to the OAuth2AuthorizationRequestResolver
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="access-token-response-client-ref" type="xs:token">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Reference to OAuth2AccessTokenResponseClient
|
||||
<xs:documentation>Reference to the OAuth2AccessTokenResponseClient
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="user-authorities-mapper-ref" type="xs:token">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Reference to GrantedAuthoritiesMapper
|
||||
<xs:documentation>Reference to the GrantedAuthoritiesMapper
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="user-service-ref" type="xs:token">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Reference to OAuth2UserService
|
||||
<xs:documentation>Reference to the OAuth2UserService
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="oidc-user-service-ref" type="xs:token">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Reference to OidcUserService
|
||||
<xs:documentation>Reference to the OpenID Connect OAuth2UserService
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="login-processing-url" type="xs:token">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Specifies the URL to validate the credentials.
|
||||
<xs:documentation>The URI where the filter processes authentication requests
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="login-page" type="xs:token">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Specifies the URL to send users to if login is required
|
||||
<xs:documentation>The URI to send users to login
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="authentication-success-handler-ref" type="xs:token">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Specifies authentication success handler
|
||||
<xs:documentation>Reference to the AuthenticationSuccessHandler
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="authentication-failure-handler-ref" type="xs:token">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Specifies authentication failure handler
|
||||
<xs:documentation>Reference to the AuthenticationFailureHandler
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="jwt-decoder-factory-ref" type="xs:token">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Specifies JWT decoder factory for OidcAuthorizationCodeAuthenticationProvider
|
||||
<xs:documentation>Reference to the JwtDecoderFactory used by OidcAuthorizationCodeAuthenticationProvider
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
|
|
@ -1601,7 +1601,7 @@
|
|||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="authorization-grant-type" use="required">
|
||||
<xs:attribute name="authorization-grant-type">
|
||||
<xs:annotation>
|
||||
<xs:documentation>The OAuth 2.0 Authorization Framework defines four Authorization Grant types. The
|
||||
supported values are authorization_code, client_credentials, password and implicit.
|
||||
|
|
@ -2989,7 +2989,7 @@
|
|||
<xs:enumeration value="CORS_FILTER"/>
|
||||
<xs:enumeration value="CSRF_FILTER"/>
|
||||
<xs:enumeration value="LOGOUT_FILTER"/>
|
||||
<xs:enumeration value="OAUTH2_REDIRECT_FILTER"/>
|
||||
<xs:enumeration value="OAUTH2_AUTHORIZATION_REQUEST_FILTER"/>
|
||||
<xs:enumeration value="X509_FILTER"/>
|
||||
<xs:enumeration value="PRE_AUTH_FILTER"/>
|
||||
<xs:enumeration value="CAS_FILTER"/>
|
||||
|
|
|
|||
|
|
@ -18,16 +18,14 @@ package org.springframework.security.config.http;
|
|||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.mockito.ArgumentCaptor;
|
||||
import org.mockito.internal.util.MockUtil;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.ApplicationListener;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
|
||||
import org.springframework.security.config.test.SpringTestRule;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
|
||||
|
|
@ -38,17 +36,15 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
|
|||
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
|
||||
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
|
||||
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
|
||||
import org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
|
||||
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver;
|
||||
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
|
||||
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
|
||||
import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests;
|
||||
import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
|
||||
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.security.oauth2.core.user.TestOAuth2Users;
|
||||
import org.springframework.security.oauth2.jwt.Jwt;
|
||||
|
|
@ -56,7 +52,7 @@ import org.springframework.security.oauth2.jwt.JwtDecoderFactory;
|
|||
import org.springframework.security.oauth2.jwt.TestJwts;
|
||||
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.context.SecurityContextRepository;
|
||||
import org.springframework.security.web.savedrequest.RequestCache;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.MvcResult;
|
||||
import org.springframework.util.LinkedMultiValueMap;
|
||||
|
|
@ -68,19 +64,15 @@ import static org.mockito.Mockito.times;
|
|||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses.accessTokenResponse;
|
||||
import static org.springframework.security.oauth2.core.endpoint.TestOAuth2AccessTokenResponses.oidcAccessTokenResponse;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import java.lang.reflect.Field;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
/**
|
||||
* Tests for {@link OAuth2LoginBeanDefinitionParser}.
|
||||
*
|
||||
|
|
@ -95,17 +87,11 @@ public class OAuth2LoginBeanDefinitionParserTests {
|
|||
@Autowired
|
||||
private ClientRegistrationRepository clientRegistrationRepository;
|
||||
|
||||
@Autowired
|
||||
private OAuth2LoginAuthenticationFilter oauth2LoginAuthenticationFilter;
|
||||
@Autowired(required = false)
|
||||
private OAuth2AuthorizedClientRepository authorizedClientRepository;
|
||||
|
||||
@Autowired(required = false)
|
||||
private OAuth2AuthorizedClientRepository oauth2AuthorizedClientRepository;
|
||||
|
||||
@Autowired(required = false)
|
||||
private OAuth2AuthorizedClientService oauth2AuthorizedClientService;
|
||||
|
||||
@Autowired
|
||||
SecurityContextRepository securityContextRepository;
|
||||
private OAuth2AuthorizedClientService authorizedClientService;
|
||||
|
||||
@Autowired(required = false)
|
||||
private ApplicationListener<AuthenticationSuccessEvent> authenticationSuccessListener;
|
||||
|
|
@ -113,6 +99,9 @@ public class OAuth2LoginBeanDefinitionParserTests {
|
|||
@Autowired(required = false)
|
||||
private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
|
||||
|
||||
@Autowired(required = false)
|
||||
private OAuth2AuthorizationRequestResolver authorizationRequestResolver;
|
||||
|
||||
@Autowired(required = false)
|
||||
private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
|
||||
|
||||
|
|
@ -123,10 +112,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
|
|||
private JwtDecoderFactory<ClientRegistration> jwtDecoderFactory;
|
||||
|
||||
@Autowired(required = false)
|
||||
private OAuth2AuthorizationRequestResolver oauth2AuthorizationRequestResolver;
|
||||
|
||||
@Autowired(required = false)
|
||||
private GrantedAuthoritiesMapper grantedAuthoritiesMapper;
|
||||
private GrantedAuthoritiesMapper userAuthoritiesMapper;
|
||||
|
||||
@Autowired(required = false)
|
||||
private AuthenticationFailureHandler authenticationFailureHandler;
|
||||
|
|
@ -134,14 +120,19 @@ public class OAuth2LoginBeanDefinitionParserTests {
|
|||
@Autowired(required = false)
|
||||
private AuthenticationSuccessHandler authenticationSuccessHandler;
|
||||
|
||||
@Autowired(required = false)
|
||||
private RequestCache requestCache;
|
||||
|
||||
@Autowired
|
||||
private MockMvc mvc;
|
||||
|
||||
@Test
|
||||
public void requestLoginWhenMultiClientRegistrationThenReturnLoginPageWithOauth2Login() throws Exception {
|
||||
public void requestLoginWhenMultiClientRegistrationThenReturnLoginPageWithClients() throws Exception {
|
||||
this.spring.configLocations(this.xml("MultiClientRegistration")).autowire();
|
||||
|
||||
MvcResult result = this.mvc.perform(get("/login")).andExpect(status().is2xxSuccessful()).andReturn();
|
||||
MvcResult result = this.mvc.perform(get("/login"))
|
||||
.andExpect(status().is2xxSuccessful())
|
||||
.andReturn();
|
||||
|
||||
assertThat(result.getResponse().getContentAsString())
|
||||
.contains("<a href=\"/oauth2/authorization/google-login\">Google</a>");
|
||||
|
|
@ -152,10 +143,13 @@ public class OAuth2LoginBeanDefinitionParserTests {
|
|||
// gh-5347
|
||||
@Test
|
||||
public void requestWhenSingleClientRegistrationThenAutoRedirect() throws Exception {
|
||||
this.spring.configLocations(this.xml("SingleClientRegistration-WithinSameFile")).autowire();
|
||||
this.spring.configLocations(this.xml("SingleClientRegistration")).autowire();
|
||||
|
||||
this.mvc.perform(get("/")).andExpect(status().is3xxRedirection())
|
||||
this.mvc.perform(get("/"))
|
||||
.andExpect(status().is3xxRedirection())
|
||||
.andExpect(redirectedUrl("http://localhost/oauth2/authorization/google-login"));
|
||||
|
||||
verify(requestCache).saveRequest(any(), any());
|
||||
}
|
||||
|
||||
// gh-5347
|
||||
|
|
@ -164,7 +158,8 @@ public class OAuth2LoginBeanDefinitionParserTests {
|
|||
throws Exception {
|
||||
this.spring.configLocations(this.xml("SingleClientRegistration")).autowire();
|
||||
|
||||
this.mvc.perform(get("/favicon.ico").accept(new MediaType("image", "*"))).andExpect(status().is3xxRedirection())
|
||||
this.mvc.perform(get("/favicon.ico").accept(new MediaType("image", "*")))
|
||||
.andExpect(status().is3xxRedirection())
|
||||
.andExpect(redirectedUrl("http://localhost/login"));
|
||||
}
|
||||
|
||||
|
|
@ -174,7 +169,8 @@ public class OAuth2LoginBeanDefinitionParserTests {
|
|||
throws Exception {
|
||||
this.spring.configLocations(this.xml("SingleClientRegistration")).autowire();
|
||||
|
||||
this.mvc.perform(get("/").header("X-Requested-With", "XMLHttpRequest")).andExpect(status().is3xxRedirection())
|
||||
this.mvc.perform(get("/").header("X-Requested-With", "XMLHttpRequest"))
|
||||
.andExpect(status().is3xxRedirection())
|
||||
.andExpect(redirectedUrl("http://localhost/login"));
|
||||
}
|
||||
|
||||
|
|
@ -188,66 +184,65 @@ public class OAuth2LoginBeanDefinitionParserTests {
|
|||
params.add("state", "state123");
|
||||
this.mvc.perform(get("/login/oauth2/code/google").params(params));
|
||||
|
||||
// assertions
|
||||
ArgumentCaptor<AuthenticationException> exceptionCaptor = ArgumentCaptor
|
||||
.forClass(AuthenticationException.class);
|
||||
verify(authenticationFailureHandler).onAuthenticationFailure(any(), any(), exceptionCaptor.capture());
|
||||
AuthenticationException excValue = exceptionCaptor.getValue();
|
||||
assertThat(excValue).isInstanceOf(OAuth2AuthenticationException.class);
|
||||
assertThat(((OAuth2AuthenticationException) excValue).getError().getErrorCode())
|
||||
AuthenticationException exception = exceptionCaptor.getValue();
|
||||
assertThat(exception).isInstanceOf(OAuth2AuthenticationException.class);
|
||||
assertThat(((OAuth2AuthenticationException) exception).getError().getErrorCode())
|
||||
.isEqualTo("authorization_request_not_found");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenAuthorizationResponseValidThenAuthenticate() throws Exception {
|
||||
this.spring.configLocations(this.xml("SingleClientRegistration-WithTestConfiguration")).autowire();
|
||||
this.spring.configLocations(this.xml("MultiClientRegistration-WithCustomConfiguration")).autowire();
|
||||
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login");
|
||||
OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
|
||||
.attributes(attributes).build();
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authorizationRequest);
|
||||
|
||||
OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
|
||||
when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
|
||||
|
||||
OAuth2User oauth2User = TestOAuth2Users.create();
|
||||
when(this.oauth2UserService.loadUser(any())).thenReturn(oauth2User);
|
||||
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login");
|
||||
OAuth2AuthorizationRequest authRequest = TestOAuth2AuthorizationRequests.request().attributes(attributes)
|
||||
.build();
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authRequest);
|
||||
|
||||
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
|
||||
params.add("code", "code123");
|
||||
params.add("state", authRequest.getState());
|
||||
this.mvc.perform(get("/login/oauth2/code/google").params(params)).andExpect(status().is2xxSuccessful());
|
||||
params.add("state", authorizationRequest.getState());
|
||||
this.mvc.perform(get("/login/oauth2/code/github-login").params(params))
|
||||
.andExpect(status().is2xxSuccessful());
|
||||
|
||||
ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
|
||||
verify(authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
|
||||
Authentication authenticationValue = authenticationCaptor.getValue();
|
||||
assertThat(authenticationValue.getAuthorities()).hasSize(1);
|
||||
assertThat(authenticationValue.getAuthorities()).first().isInstanceOf(SimpleGrantedAuthority.class)
|
||||
.hasToString("ROLE_USER");
|
||||
Authentication authentication = authenticationCaptor.getValue();
|
||||
assertThat(authentication.getPrincipal()).isInstanceOf(OAuth2User.class);
|
||||
}
|
||||
|
||||
// gh-6009
|
||||
@Test
|
||||
public void requestWhenAuthorizationResponseValidThenAuthenticationSuccessEventPublished() throws Exception {
|
||||
this.spring.configLocations(this.xml("SingleClientRegistration-WithTestConfiguration")).autowire();
|
||||
this.spring.configLocations(this.xml("MultiClientRegistration-WithCustomConfiguration")).autowire();
|
||||
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login");
|
||||
OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
|
||||
.attributes(attributes).build();
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authorizationRequest);
|
||||
|
||||
OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
|
||||
when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
|
||||
|
||||
OAuth2User oauth2User = TestOAuth2Users.create();
|
||||
when(this.oauth2UserService.loadUser(any())).thenReturn(oauth2User);
|
||||
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login");
|
||||
OAuth2AuthorizationRequest authRequest = TestOAuth2AuthorizationRequests.request().attributes(attributes)
|
||||
.build();
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authRequest);
|
||||
|
||||
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
|
||||
params.add("code", "code123");
|
||||
params.add("state", authRequest.getState());
|
||||
this.mvc.perform(get("/login/oauth2/code/google").params(params));
|
||||
params.add("state", authorizationRequest.getState());
|
||||
this.mvc.perform(get("/login/oauth2/code/github-login").params(params));
|
||||
|
||||
// assertions
|
||||
verify(authenticationSuccessListener).onApplicationEvent(any(AuthenticationSuccessEvent.class));
|
||||
}
|
||||
|
||||
|
|
@ -255,149 +250,120 @@ public class OAuth2LoginBeanDefinitionParserTests {
|
|||
public void requestWhenOidcAuthenticationResponseValidThenJwtDecoderFactoryCalled() throws Exception {
|
||||
this.spring.configLocations(this.xml("SingleClientRegistration-WithJwtDecoderFactoryAndDefaultSuccessHandler"))
|
||||
.autowire();
|
||||
Map<String, Object> additionalParameters = new HashMap<>();
|
||||
additionalParameters.put(OidcParameterNames.ID_TOKEN, "token123");
|
||||
OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().additionalParameters(additionalParameters)
|
||||
.build();
|
||||
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login");
|
||||
OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.oidcRequest()
|
||||
.attributes(attributes).build();
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authorizationRequest);
|
||||
|
||||
OAuth2AccessTokenResponse accessTokenResponse = oidcAccessTokenResponse().build();
|
||||
when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
|
||||
|
||||
Jwt jwt = TestJwts.user();
|
||||
when(this.jwtDecoderFactory.createDecoder(any())).thenReturn(token -> jwt);
|
||||
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login");
|
||||
OAuth2AuthorizationRequest authRequest = TestOAuth2AuthorizationRequests.request().attributes(attributes)
|
||||
.scope("openid").build();
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authRequest);
|
||||
|
||||
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
|
||||
params.add("code", "code123");
|
||||
params.add("state", authRequest.getState());
|
||||
this.mvc.perform(get("/login/oauth2/code/google").params(params)).andExpect(status().is3xxRedirection())
|
||||
params.add("state", authorizationRequest.getState());
|
||||
this.mvc.perform(get("/login/oauth2/code/google-login").params(params))
|
||||
.andExpect(status().is3xxRedirection())
|
||||
.andExpect(redirectedUrl("/"));
|
||||
|
||||
verify(this.jwtDecoderFactory).createDecoder(any());
|
||||
verify(this.requestCache).getRequest(any(), any());
|
||||
}
|
||||
|
||||
@SuppressWarnings({ "unchecked", "rawtypes" })
|
||||
@Test
|
||||
public void requestWhenCustomGrantedAuthoritiesMapperThenCalled() throws Exception {
|
||||
this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomGrantedAuthorities")).autowire();
|
||||
Map<String, Object> additionalParameters = new HashMap<>();
|
||||
additionalParameters.put(OidcParameterNames.ID_TOKEN, "token123");
|
||||
OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().additionalParameters(additionalParameters)
|
||||
.build();
|
||||
when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
|
||||
|
||||
OAuth2User oauth2User = TestOAuth2Users.create();
|
||||
when(this.oauth2UserService.loadUser(any())).thenReturn(oauth2User);
|
||||
|
||||
GrantedAuthority grantedAuthority = new SimpleGrantedAuthority("ROLE_OAUTH2_USER");
|
||||
when(this.grantedAuthoritiesMapper.mapAuthorities(any()))
|
||||
.thenReturn((Collection) Collections.singletonList(grantedAuthority));
|
||||
this.spring.configLocations(this.xml("MultiClientRegistration-WithCustomGrantedAuthorities")).autowire();
|
||||
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login");
|
||||
OAuth2AuthorizationRequest authRequest = TestOAuth2AuthorizationRequests.request().attributes(attributes)
|
||||
.build();
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authRequest);
|
||||
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login");
|
||||
OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
|
||||
.attributes(attributes).build();
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authorizationRequest);
|
||||
|
||||
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
|
||||
params.add("code", "code123");
|
||||
params.add("state", authRequest.getState());
|
||||
this.mvc.perform(get("/login/oauth2/code/google").params(params)).andExpect(status().is2xxSuccessful());
|
||||
|
||||
ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
|
||||
verify(authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
|
||||
Authentication authenticationValue = authenticationCaptor.getValue();
|
||||
assertThat(authenticationValue.getAuthorities()).hasSize(1);
|
||||
assertThat(authenticationValue.getAuthorities()).first().isInstanceOf(SimpleGrantedAuthority.class)
|
||||
.hasToString("ROLE_OAUTH2_USER");
|
||||
|
||||
// re-setup for OIDC test
|
||||
Jwt jwt = TestJwts.user();
|
||||
when(this.jwtDecoderFactory.createDecoder(any())).thenReturn(token -> jwt);
|
||||
|
||||
grantedAuthority = new SimpleGrantedAuthority("ROLE_OIDC_USER");
|
||||
when(this.grantedAuthoritiesMapper.mapAuthorities(any()))
|
||||
.thenReturn((Collection) Collections.singletonList(grantedAuthority));
|
||||
|
||||
authRequest = TestOAuth2AuthorizationRequests.request().attributes(attributes).scope("openid").build();
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authRequest);
|
||||
|
||||
this.mvc.perform(get("/login/oauth2/code/google").params(params)).andExpect(status().is2xxSuccessful());
|
||||
|
||||
authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
|
||||
verify(authenticationSuccessHandler, times(2)).onAuthenticationSuccess(any(), any(),
|
||||
authenticationCaptor.capture());
|
||||
authenticationValue = authenticationCaptor.getValue();
|
||||
assertThat(authenticationValue.getAuthorities()).hasSize(1);
|
||||
assertThat(authenticationValue.getAuthorities()).first().isInstanceOf(SimpleGrantedAuthority.class)
|
||||
.hasToString("ROLE_OIDC_USER");
|
||||
}
|
||||
|
||||
@SuppressWarnings({ "unchecked", "rawtypes" })
|
||||
@Test
|
||||
public void successOidcLoginWhenSingleClientRegistrationAndCustomAuthoritiesThenReturnSuccessWithCorrectAuthorities()
|
||||
throws Exception {
|
||||
this.spring.configLocations(this.xml("SingleClientRegistration-WithJwtDecoderFactory")).autowire();
|
||||
Map<String, Object> additionalParameters = new HashMap<>();
|
||||
additionalParameters.put(OidcParameterNames.ID_TOKEN, "token123");
|
||||
OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().additionalParameters(additionalParameters)
|
||||
.build();
|
||||
when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
|
||||
|
||||
Jwt jwt = TestJwts.user();
|
||||
when(this.jwtDecoderFactory.createDecoder(any())).thenReturn(token -> jwt);
|
||||
|
||||
GrantedAuthority grantedAuthority = new SimpleGrantedAuthority("ROLE_OIDC_USER");
|
||||
when(this.grantedAuthoritiesMapper.mapAuthorities(any()))
|
||||
.thenReturn((Collection) Collections.singletonList(grantedAuthority));
|
||||
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login");
|
||||
OAuth2AuthorizationRequest authRequest = TestOAuth2AuthorizationRequests.request().attributes(attributes)
|
||||
.scope("openid").build();
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authRequest);
|
||||
|
||||
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
|
||||
params.add("code", "code123");
|
||||
params.add("state", authRequest.getState());
|
||||
this.mvc.perform(get("/login/oauth2/code/google").params(params)).andExpect(status().is2xxSuccessful());
|
||||
|
||||
ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
|
||||
verify(authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
|
||||
Authentication authenticationValue = authenticationCaptor.getValue();
|
||||
assertThat(authenticationValue.getAuthorities()).hasSize(1);
|
||||
assertThat(authenticationValue.getAuthorities()).first().isInstanceOf(SimpleGrantedAuthority.class)
|
||||
.hasToString("ROLE_OIDC_USER");
|
||||
}
|
||||
|
||||
// gh-5488
|
||||
@Test
|
||||
public void requestWhenCustomLoginProcessingUrlThenProcessAuthentication() throws Exception {
|
||||
this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomLoginProcessingUrl")).autowire();
|
||||
OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
|
||||
when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
|
||||
|
||||
OAuth2User oauth2User = TestOAuth2Users.create();
|
||||
when(this.oauth2UserService.loadUser(any())).thenReturn(oauth2User);
|
||||
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login");
|
||||
OAuth2AuthorizationRequest authRequest = TestOAuth2AuthorizationRequests.request().attributes(attributes)
|
||||
.build();
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authRequest);
|
||||
when(this.userAuthoritiesMapper.mapAuthorities(any())).thenReturn(
|
||||
(Collection) AuthorityUtils.createAuthorityList("ROLE_OAUTH2_USER"));
|
||||
|
||||
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
|
||||
params.add("code", "code123");
|
||||
params.add("state", authRequest.getState());
|
||||
this.mvc.perform(get("/login/oauth2/google").params(params)).andExpect(status().is2xxSuccessful());
|
||||
params.add("state", authorizationRequest.getState());
|
||||
this.mvc.perform(get("/login/oauth2/code/github-login").params(params))
|
||||
.andExpect(status().is2xxSuccessful());
|
||||
|
||||
ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
|
||||
verify(authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
|
||||
Authentication authenticationValue = authenticationCaptor.getValue();
|
||||
assertThat(authenticationValue.getAuthorities()).hasSize(1);
|
||||
assertThat(authenticationValue.getAuthorities()).first().isInstanceOf(SimpleGrantedAuthority.class)
|
||||
.hasToString("ROLE_USER");
|
||||
Authentication authentication = authenticationCaptor.getValue();
|
||||
assertThat(authentication.getPrincipal()).isInstanceOf(OAuth2User.class);
|
||||
assertThat(authentication.getAuthorities()).hasSize(1);
|
||||
assertThat(authentication.getAuthorities()).first().isInstanceOf(SimpleGrantedAuthority.class)
|
||||
.hasToString("ROLE_OAUTH2_USER");
|
||||
|
||||
// re-setup for OIDC test
|
||||
attributes = new HashMap<>();
|
||||
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login");
|
||||
authorizationRequest = TestOAuth2AuthorizationRequests.oidcRequest()
|
||||
.attributes(attributes).build();
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authorizationRequest);
|
||||
|
||||
accessTokenResponse = oidcAccessTokenResponse().build();
|
||||
when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
|
||||
|
||||
Jwt jwt = TestJwts.user();
|
||||
when(this.jwtDecoderFactory.createDecoder(any())).thenReturn(token -> jwt);
|
||||
|
||||
when(this.userAuthoritiesMapper.mapAuthorities(any()))
|
||||
.thenReturn((Collection) AuthorityUtils.createAuthorityList("ROLE_OIDC_USER"));
|
||||
|
||||
this.mvc.perform(get("/login/oauth2/code/google-login").params(params))
|
||||
.andExpect(status().is2xxSuccessful());
|
||||
|
||||
authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
|
||||
verify(authenticationSuccessHandler, times(2)).onAuthenticationSuccess(any(), any(),
|
||||
authenticationCaptor.capture());
|
||||
authentication = authenticationCaptor.getValue();
|
||||
assertThat(authentication.getPrincipal()).isInstanceOf(OidcUser.class);
|
||||
assertThat(authentication.getAuthorities()).hasSize(1);
|
||||
assertThat(authentication.getAuthorities()).first().isInstanceOf(SimpleGrantedAuthority.class)
|
||||
.hasToString("ROLE_OIDC_USER");
|
||||
}
|
||||
|
||||
// gh-5488
|
||||
@Test
|
||||
public void requestWhenCustomLoginProcessingUrlThenProcessAuthentication() throws Exception {
|
||||
this.spring.configLocations(this.xml("MultiClientRegistration-WithCustomLoginProcessingUrl")).autowire();
|
||||
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login");
|
||||
OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
|
||||
.attributes(attributes).build();
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authorizationRequest);
|
||||
|
||||
OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
|
||||
when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
|
||||
|
||||
OAuth2User oauth2User = TestOAuth2Users.create();
|
||||
when(this.oauth2UserService.loadUser(any())).thenReturn(oauth2User);
|
||||
|
||||
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
|
||||
params.add("code", "code123");
|
||||
params.add("state", authorizationRequest.getState());
|
||||
this.mvc.perform(get("/login/oauth2/github-login").params(params))
|
||||
.andExpect(status().is2xxSuccessful());
|
||||
|
||||
ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
|
||||
verify(authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
|
||||
Authentication authentication = authenticationCaptor.getValue();
|
||||
assertThat(authentication.getPrincipal()).isInstanceOf(OAuth2User.class);
|
||||
}
|
||||
|
||||
// gh-5521
|
||||
|
|
@ -406,17 +372,19 @@ public class OAuth2LoginBeanDefinitionParserTests {
|
|||
this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomAuthorizationRequestResolver"))
|
||||
.autowire();
|
||||
|
||||
this.mvc.perform(get("/oauth2/authorization/google")).andExpect(status().is3xxRedirection());
|
||||
this.mvc.perform(get("/oauth2/authorization/google-login"))
|
||||
.andExpect(status().is3xxRedirection());
|
||||
|
||||
verify(oauth2AuthorizationRequestResolver).resolve(any());
|
||||
verify(authorizationRequestResolver).resolve(any());
|
||||
}
|
||||
|
||||
// gh-5347
|
||||
@Test
|
||||
public void requestWhenMultipleClientsConfiguredThenRedirectDefaultLoginPage() throws Exception {
|
||||
public void requestWhenMultiClientRegistrationThenRedirectDefaultLoginPage() throws Exception {
|
||||
this.spring.configLocations(this.xml("MultiClientRegistration")).autowire();
|
||||
|
||||
this.mvc.perform(get("/")).andExpect(status().is3xxRedirection())
|
||||
this.mvc.perform(get("/"))
|
||||
.andExpect(status().is3xxRedirection())
|
||||
.andExpect(redirectedUrl("http://localhost/login"));
|
||||
}
|
||||
|
||||
|
|
@ -424,7 +392,8 @@ public class OAuth2LoginBeanDefinitionParserTests {
|
|||
public void requestWhenCustomLoginPageThenRedirectCustomLoginPage() throws Exception {
|
||||
this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomLoginPage")).autowire();
|
||||
|
||||
this.mvc.perform(get("/")).andExpect(status().is3xxRedirection())
|
||||
this.mvc.perform(get("/"))
|
||||
.andExpect(status().is3xxRedirection())
|
||||
.andExpect(redirectedUrl("http://localhost/custom-login"));
|
||||
}
|
||||
|
||||
|
|
@ -434,7 +403,8 @@ public class OAuth2LoginBeanDefinitionParserTests {
|
|||
throws Exception {
|
||||
this.spring.configLocations(this.xml("SingleClientRegistration-WithFormLogin")).autowire();
|
||||
|
||||
this.mvc.perform(get("/")).andExpect(status().is3xxRedirection())
|
||||
this.mvc.perform(get("/"))
|
||||
.andExpect(status().is3xxRedirection())
|
||||
.andExpect(redirectedUrl("http://localhost/login"));
|
||||
}
|
||||
|
||||
|
|
@ -442,39 +412,41 @@ public class OAuth2LoginBeanDefinitionParserTests {
|
|||
public void requestWhenCustomClientRegistrationRepositoryThenCalled() throws Exception {
|
||||
this.spring.configLocations(this.xml("WithCustomClientRegistrationRepository")).autowire();
|
||||
|
||||
ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
|
||||
when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(clientRegistration);
|
||||
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
|
||||
OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
|
||||
.attributes(attributes).build();
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authorizationRequest);
|
||||
|
||||
OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
|
||||
when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
|
||||
|
||||
OAuth2User oauth2User = TestOAuth2Users.create();
|
||||
when(this.oauth2UserService.loadUser(any())).thenReturn(oauth2User);
|
||||
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login");
|
||||
OAuth2AuthorizationRequest authRequest = TestOAuth2AuthorizationRequests.request().attributes(attributes)
|
||||
.build();
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authRequest);
|
||||
|
||||
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
|
||||
params.add("code", "code123");
|
||||
params.add("state", authRequest.getState());
|
||||
this.mvc.perform(get("/login/oauth2/code/google").params(params));
|
||||
params.add("state", authorizationRequest.getState());
|
||||
this.mvc.perform(get("/login/oauth2/code/" + clientRegistration.getRegistrationId()).params(params));
|
||||
|
||||
assertThat(MockUtil.isMock(clientRegistrationRepository)).isTrue();
|
||||
verify(clientRegistrationRepository).findByRegistrationId("google-login");
|
||||
|
||||
Field field = oauth2LoginAuthenticationFilter.getClass().getDeclaredField("clientRegistrationRepository");
|
||||
field.setAccessible(true);
|
||||
Object fieldVal = field.get(oauth2LoginAuthenticationFilter);
|
||||
assertThat(MockUtil.isMock(fieldVal)).isTrue();
|
||||
assertThat(fieldVal).isSameAs(clientRegistrationRepository);
|
||||
verify(clientRegistrationRepository).findByRegistrationId(clientRegistration.getRegistrationId());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenCustomAuthorizedClientRepositoryThenCalled() throws Exception {
|
||||
this.spring.configLocations(this.xml("WithCustomAuthorizedClientRepository")).autowire();
|
||||
|
||||
ClientRegistration clientReg = TestClientRegistrations.clientRegistration().build();
|
||||
when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(clientReg);
|
||||
ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
|
||||
when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(clientRegistration);
|
||||
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
|
||||
OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
|
||||
.attributes(attributes).build();
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authorizationRequest);
|
||||
|
||||
OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
|
||||
when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
|
||||
|
|
@ -482,76 +454,26 @@ public class OAuth2LoginBeanDefinitionParserTests {
|
|||
OAuth2User oauth2User = TestOAuth2Users.create();
|
||||
when(this.oauth2UserService.loadUser(any())).thenReturn(oauth2User);
|
||||
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login");
|
||||
OAuth2AuthorizationRequest authRequest = TestOAuth2AuthorizationRequests.request().attributes(attributes)
|
||||
.build();
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authRequest);
|
||||
|
||||
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
|
||||
params.add("code", "code123");
|
||||
params.add("state", authRequest.getState());
|
||||
this.mvc.perform(get("/login/oauth2/code/registration-id").params(params));
|
||||
params.add("state", authorizationRequest.getState());
|
||||
this.mvc.perform(get("/login/oauth2/code/" + clientRegistration.getRegistrationId()).params(params));
|
||||
|
||||
assertThat(MockUtil.isMock(oauth2AuthorizedClientRepository)).isTrue();
|
||||
verify(oauth2AuthorizedClientRepository).saveAuthorizedClient(any(), any(), any(), any());
|
||||
|
||||
Field field = oauth2LoginAuthenticationFilter.getClass().getDeclaredField("authorizedClientRepository");
|
||||
field.setAccessible(true);
|
||||
Object fieldVal = field.get(oauth2LoginAuthenticationFilter);
|
||||
assertThat(MockUtil.isMock(fieldVal)).isTrue();
|
||||
assertThat(fieldVal).isSameAs(oauth2AuthorizedClientRepository);
|
||||
verify(authorizedClientRepository).saveAuthorizedClient(any(), any(), any(), any());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenCustomAuthorizedClientServiceThenCalled() throws Exception {
|
||||
this.spring.configLocations(this.xml("WithCustomAuthorizedClientService")).autowire();
|
||||
|
||||
ClientRegistration clientReg = TestClientRegistrations.clientRegistration().build();
|
||||
when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(clientReg);
|
||||
|
||||
OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
|
||||
when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
|
||||
|
||||
OAuth2User oauth2User = TestOAuth2Users.create();
|
||||
when(this.oauth2UserService.loadUser(any())).thenReturn(oauth2User);
|
||||
ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
|
||||
when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(clientRegistration);
|
||||
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login");
|
||||
OAuth2AuthorizationRequest authRequest = TestOAuth2AuthorizationRequests.request().attributes(attributes)
|
||||
.build();
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authRequest);
|
||||
|
||||
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
|
||||
params.add("code", "code123");
|
||||
params.add("state", authRequest.getState());
|
||||
this.mvc.perform(get("/login/oauth2/code/registration-id").params(params));
|
||||
|
||||
assertThat(MockUtil.isMock(oauth2AuthorizedClientService)).isTrue();
|
||||
verify(oauth2AuthorizedClientService).saveAuthorizedClient(any(), any());
|
||||
|
||||
Field authorizedClientRepositoryField = oauth2LoginAuthenticationFilter.getClass()
|
||||
.getDeclaredField("authorizedClientRepository");
|
||||
authorizedClientRepositoryField.setAccessible(true);
|
||||
Object authorizedClientRepositoryFieldVal = authorizedClientRepositoryField
|
||||
.get(oauth2LoginAuthenticationFilter);
|
||||
assertThat(authorizedClientRepositoryFieldVal)
|
||||
.isInstanceOf(AuthenticatedPrincipalOAuth2AuthorizedClientRepository.class);
|
||||
|
||||
Field authorizedClientServiceField = authorizedClientRepositoryFieldVal.getClass()
|
||||
.getDeclaredField("authorizedClientService");
|
||||
authorizedClientServiceField.setAccessible(true);
|
||||
Object authorizedClientServiceFieldVal = authorizedClientServiceField.get(authorizedClientRepositoryFieldVal);
|
||||
assertThat(MockUtil.isMock(authorizedClientServiceFieldVal)).isTrue();
|
||||
assertThat(authorizedClientServiceFieldVal).isSameAs(oauth2AuthorizedClientService);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenCustomAuthorizationRequestRepositoryThenCalled() throws Exception {
|
||||
this.spring.configLocations(this.xml("WithCustomAuthorizationRequestRepository")).autowire();
|
||||
|
||||
ClientRegistration clientReg = TestClientRegistrations.clientRegistration().build();
|
||||
when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(clientReg);
|
||||
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
|
||||
OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
|
||||
.attributes(attributes).build();
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authorizationRequest);
|
||||
|
||||
OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
|
||||
when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
|
||||
|
|
@ -561,78 +483,13 @@ public class OAuth2LoginBeanDefinitionParserTests {
|
|||
|
||||
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
|
||||
params.add("code", "code123");
|
||||
params.add("state", "state");
|
||||
this.mvc.perform(get("/login/oauth2/code/registration-id").params(params));
|
||||
params.add("state", authorizationRequest.getState());
|
||||
this.mvc.perform(get("/login/oauth2/code/" + clientRegistration.getRegistrationId()).params(params));
|
||||
|
||||
assertThat(MockUtil.isMock(authorizationRequestRepository)).isTrue();
|
||||
verify(authorizationRequestRepository).removeAuthorizationRequest(any(), any());
|
||||
|
||||
Field authorizationRequestRepositoryField = oauth2LoginAuthenticationFilter.getClass()
|
||||
.getDeclaredField("authorizationRequestRepository");
|
||||
authorizationRequestRepositoryField.setAccessible(true);
|
||||
Object authorizationRequestRepositoryFieldVal = authorizationRequestRepositoryField
|
||||
.get(oauth2LoginAuthenticationFilter);
|
||||
assertThat(MockUtil.isMock(authorizationRequestRepositoryFieldVal)).isTrue();
|
||||
assertThat(authorizationRequestRepositoryFieldVal).isSameAs(authorizationRequestRepository);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenCustomAuthenticationSuccessHandlerThenCalled() throws Exception {
|
||||
this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomAuthenticationHandler")).autowire();
|
||||
OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().build();
|
||||
when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse);
|
||||
|
||||
OAuth2User oauth2User = TestOAuth2Users.create();
|
||||
when(this.oauth2UserService.loadUser(any())).thenReturn(oauth2User);
|
||||
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login");
|
||||
OAuth2AuthorizationRequest authRequest = TestOAuth2AuthorizationRequests.request().attributes(attributes)
|
||||
.build();
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).thenReturn(authRequest);
|
||||
|
||||
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
|
||||
params.add("code", "code123");
|
||||
params.add("state", authRequest.getState());
|
||||
this.mvc.perform(get("/login/oauth2/code/google").params(params)).andExpect(status().is2xxSuccessful());
|
||||
|
||||
ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
|
||||
verify(authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
|
||||
Authentication authenticationValue = authenticationCaptor.getValue();
|
||||
assertThat(authenticationValue.getAuthorities()).hasSize(1);
|
||||
assertThat(authenticationValue.getAuthorities()).first().isInstanceOf(SimpleGrantedAuthority.class)
|
||||
.hasToString("ROLE_USER");
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenCustomAuthenticationFailureHandlerThenCalled() throws Exception {
|
||||
this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomAuthenticationHandler")).autowire();
|
||||
|
||||
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
|
||||
params.add("code", "code123");
|
||||
params.add("state", "state123");
|
||||
this.mvc.perform(get("/login/oauth2/code/google").params(params)).andExpect(status().isIAmATeapot());
|
||||
verify(authorizedClientService).saveAuthorizedClient(any(), any());
|
||||
}
|
||||
|
||||
private String xml(String configName) {
|
||||
return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
|
||||
}
|
||||
|
||||
public static class TeapotAuthenticationHandler
|
||||
implements AuthenticationSuccessHandler, AuthenticationFailureHandler {
|
||||
|
||||
@Override
|
||||
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
|
||||
AuthenticationException exception) {
|
||||
response.setStatus(HttpStatus.I_AM_A_TEAPOT.value());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
|
||||
Authentication authentication) {
|
||||
response.setStatus(HttpStatus.I_AM_A_TEAPOT.value());
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,9 +15,9 @@
|
|||
*/
|
||||
package org.springframework.security.config.oauth2.client;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
import java.util.Map;
|
||||
import okhttp3.mockwebserver.MockResponse;
|
||||
import okhttp3.mockwebserver.MockWebServer;
|
||||
import org.junit.After;
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
|
|
@ -33,13 +33,7 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
|||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
import com.fasterxml.jackson.core.type.TypeReference;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
|
||||
import okhttp3.mockwebserver.Dispatcher;
|
||||
import okhttp3.mockwebserver.MockResponse;
|
||||
import okhttp3.mockwebserver.MockWebServer;
|
||||
import okhttp3.mockwebserver.RecordedRequest;
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
/**
|
||||
* Tests for {@link ClientRegistrationsBeanDefinitionParser}.
|
||||
|
|
@ -49,13 +43,24 @@ import okhttp3.mockwebserver.RecordedRequest;
|
|||
public class ClientRegistrationsBeanDefinitionParserTests {
|
||||
private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests";
|
||||
|
||||
@Rule
|
||||
public final SpringTestRule spring = new SpringTestRule();
|
||||
private static final String ISSUER_URI_XML_CONFIG = "<b:beans xmlns:b=\"http://www.springframework.org/schema/beans\"\n" +
|
||||
"\t\txmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n" +
|
||||
"\t\txmlns=\"http://www.springframework.org/schema/security\"\n" +
|
||||
"\t\txsi:schemaLocation=\"\n" +
|
||||
"\t\t\thttp://www.springframework.org/schema/security\n" +
|
||||
"\t\t\thttps://www.springframework.org/schema/security/spring-security.xsd\n" +
|
||||
"\t\t\thttp://www.springframework.org/schema/beans\n" +
|
||||
"\t\t\thttps://www.springframework.org/schema/beans/spring-beans.xsd\">\n" +
|
||||
"\n" +
|
||||
"\t<client-registrations>\n" +
|
||||
"\t\t<client-registration registration-id=\"google-login\" client-id=\"google-client-id\" \n" +
|
||||
"\t\t\t\t\t\t\t client-secret=\"google-client-secret\" provider-id=\"google\"/>\n" +
|
||||
"\t\t<provider provider-id=\"google\" issuer-uri=\"${issuer-uri}\"/>\n" +
|
||||
"\t</client-registrations>\n" +
|
||||
"\n" +
|
||||
"</b:beans>\n";
|
||||
|
||||
@Autowired
|
||||
private ClientRegistrationRepository clientRegistrationRepository;
|
||||
|
||||
private static final String DEFAULT_RESPONSE =
|
||||
private static final String OIDC_DISCOVERY_RESPONSE =
|
||||
"{\n"
|
||||
+ " \"authorization_endpoint\": \"https://example.com/o/oauth2/v2/auth\", \n"
|
||||
+ " \"claims_supported\": [\n"
|
||||
|
|
@ -79,7 +84,7 @@ public class ClientRegistrationsBeanDefinitionParserTests {
|
|||
+ " \"id_token_signing_alg_values_supported\": [\n"
|
||||
+ " \"RS256\"\n"
|
||||
+ " ], \n"
|
||||
+ " \"issuer\": \"http://localhost:49259\", \n"
|
||||
+ " \"issuer\": \"${issuer-uri}\", \n"
|
||||
+ " \"jwks_uri\": \"https://example.com/oauth2/v3/certs\", \n"
|
||||
+ " \"response_types_supported\": [\n"
|
||||
+ " \"code\", \n"
|
||||
|
|
@ -110,71 +115,47 @@ public class ClientRegistrationsBeanDefinitionParserTests {
|
|||
+ " \"userinfo_endpoint\": \"https://example.com/oauth2/v3/userinfo\"\n"
|
||||
+ "}";
|
||||
|
||||
@Autowired
|
||||
private ClientRegistrationRepository clientRegistrationRepository;
|
||||
|
||||
@Rule
|
||||
public final SpringTestRule spring = new SpringTestRule();
|
||||
|
||||
private MockWebServer server;
|
||||
|
||||
@After
|
||||
public void cleanup() throws Exception {
|
||||
if (this.server != null) {
|
||||
this.server.shutdown();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void parseWhenIssuerUriConfiguredThenRequestConfigFromIssuer() throws Exception {
|
||||
MockWebServer server = new MockWebServer();
|
||||
ObjectMapper mapper = new ObjectMapper();
|
||||
server.start(49259);
|
||||
Map<String, Object> response = mapper.readValue(DEFAULT_RESPONSE, new TypeReference<Map<String, Object>>() {
|
||||
});
|
||||
final String responseBody = mapper.writeValueAsString(response);
|
||||
this.server = new MockWebServer();
|
||||
this.server.start();
|
||||
String serverUrl = this.server.url("/").toString();
|
||||
|
||||
final Dispatcher oidcDispatcher = new Dispatcher() {
|
||||
@Override
|
||||
public MockResponse dispatch(RecordedRequest request) {
|
||||
switch (request.getPath()) {
|
||||
case "/issuer1/.well-known/openid-configuration":
|
||||
case "/.well-known/openid-configuration":
|
||||
return new MockResponse().setResponseCode(200).setBody(responseBody)
|
||||
.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
|
||||
}
|
||||
return new MockResponse().setResponseCode(404);
|
||||
}
|
||||
};
|
||||
String discoveryResponse = OIDC_DISCOVERY_RESPONSE.replace("${issuer-uri}", serverUrl);
|
||||
this.server.enqueue(jsonResponse(discoveryResponse));
|
||||
|
||||
final Dispatcher oauthDispatcher = new Dispatcher() {
|
||||
@Override
|
||||
public MockResponse dispatch(RecordedRequest request) {
|
||||
switch (request.getPath()) {
|
||||
case "/.well-known/oauth-authorization-server/issuer1":
|
||||
case "/.well-known/oauth-authorization-server":
|
||||
return new MockResponse().setResponseCode(200).setBody(responseBody)
|
||||
.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
|
||||
}
|
||||
return new MockResponse().setResponseCode(404);
|
||||
}
|
||||
};
|
||||
|
||||
server.setDispatcher(oidcDispatcher);
|
||||
|
||||
this.spring.configLocations(this.xml("FromIssuerUri")).autowire();
|
||||
String contextConfig = ISSUER_URI_XML_CONFIG.replace("${issuer-uri}", serverUrl);
|
||||
this.spring.context(contextConfig).autowire();
|
||||
|
||||
assertThat(clientRegistrationRepository).isInstanceOf(InMemoryClientRegistrationRepository.class);
|
||||
|
||||
testIssuerUriResponse(clientRegistrationRepository);
|
||||
ClientRegistration googleRegistration = clientRegistrationRepository.findByRegistrationId("google-login");
|
||||
assertThat(googleRegistration).isNotNull();
|
||||
assertThat(googleRegistration.getRegistrationId()).isEqualTo("google-login");
|
||||
assertThat(googleRegistration.getClientId()).isEqualTo("google-client-id");
|
||||
assertThat(googleRegistration.getClientSecret()).isEqualTo("google-client-secret");
|
||||
assertThat(googleRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
|
||||
assertThat(googleRegistration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
assertThat(googleRegistration.getRedirectUriTemplate()).isEqualTo("{baseUrl}/{action}/oauth2/code/{registrationId}");
|
||||
assertThat(googleRegistration.getScopes()).isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
|
||||
assertThat(googleRegistration.getClientName()).isEqualTo(serverUrl);
|
||||
|
||||
// test oauth
|
||||
server.setDispatcher(oauthDispatcher);
|
||||
this.spring.configLocations(this.xml("FromIssuerUri")).autowire();
|
||||
testIssuerUriResponse(clientRegistrationRepository);
|
||||
|
||||
server.shutdown();
|
||||
server.close();
|
||||
}
|
||||
|
||||
private void testIssuerUriResponse(ClientRegistrationRepository clientRegistrationRepository) {
|
||||
ClientRegistration googleLogin = clientRegistrationRepository.findByRegistrationId("google-login");
|
||||
assertThat(googleLogin).isNotNull();
|
||||
assertThat(googleLogin.getRegistrationId()).isEqualTo("google-login");
|
||||
assertThat(googleLogin.getClientId()).isEqualTo("google-client-id");
|
||||
assertThat(googleLogin.getClientSecret()).isEqualTo("google-client-secret");
|
||||
assertThat(googleLogin.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
|
||||
assertThat(googleLogin.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
assertThat(googleLogin.getRedirectUriTemplate()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}");
|
||||
assertThat(googleLogin.getScopes()).isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
|
||||
assertThat(googleLogin.getClientName()).isEqualTo("Google");
|
||||
|
||||
ProviderDetails googleProviderDetails = googleLogin.getProviderDetails();
|
||||
ProviderDetails googleProviderDetails = googleRegistration.getProviderDetails();
|
||||
assertThat(googleProviderDetails).isNotNull();
|
||||
assertThat(googleProviderDetails.getAuthorizationUri()).isEqualTo("https://example.com/o/oauth2/v2/auth");
|
||||
assertThat(googleProviderDetails.getTokenUri()).isEqualTo("https://example.com/oauth2/v4/token");
|
||||
|
|
@ -187,23 +168,23 @@ public class ClientRegistrationsBeanDefinitionParserTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void parseWhenMultipleClientsConfiguredThenAvailableInRepository() throws Exception {
|
||||
public void parseWhenMultipleClientsConfiguredThenAvailableInRepository() {
|
||||
this.spring.configLocations(this.xml("MultiClientRegistration")).autowire();
|
||||
|
||||
assertThat(clientRegistrationRepository).isInstanceOf(InMemoryClientRegistrationRepository.class);
|
||||
|
||||
ClientRegistration googleLogin = clientRegistrationRepository.findByRegistrationId("google-login");
|
||||
assertThat(googleLogin).isNotNull();
|
||||
assertThat(googleLogin.getRegistrationId()).isEqualTo("google-login");
|
||||
assertThat(googleLogin.getClientId()).isEqualTo("google-client-id");
|
||||
assertThat(googleLogin.getClientSecret()).isEqualTo("google-client-secret");
|
||||
assertThat(googleLogin.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
|
||||
assertThat(googleLogin.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
assertThat(googleLogin.getRedirectUriTemplate()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}");
|
||||
assertThat(googleLogin.getScopes()).isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
|
||||
assertThat(googleLogin.getClientName()).isEqualTo("Google");
|
||||
ClientRegistration googleRegistration = clientRegistrationRepository.findByRegistrationId("google-login");
|
||||
assertThat(googleRegistration).isNotNull();
|
||||
assertThat(googleRegistration.getRegistrationId()).isEqualTo("google-login");
|
||||
assertThat(googleRegistration.getClientId()).isEqualTo("google-client-id");
|
||||
assertThat(googleRegistration.getClientSecret()).isEqualTo("google-client-secret");
|
||||
assertThat(googleRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
|
||||
assertThat(googleRegistration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
assertThat(googleRegistration.getRedirectUriTemplate()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}");
|
||||
assertThat(googleRegistration.getScopes()).isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
|
||||
assertThat(googleRegistration.getClientName()).isEqualTo("Google");
|
||||
|
||||
ProviderDetails googleProviderDetails = googleLogin.getProviderDetails();
|
||||
ProviderDetails googleProviderDetails = googleRegistration.getProviderDetails();
|
||||
assertThat(googleProviderDetails).isNotNull();
|
||||
assertThat(googleProviderDetails.getAuthorizationUri())
|
||||
.isEqualTo("https://accounts.google.com/o/oauth2/v2/auth");
|
||||
|
|
@ -215,18 +196,18 @@ public class ClientRegistrationsBeanDefinitionParserTests {
|
|||
assertThat(googleProviderDetails.getUserInfoEndpoint().getUserNameAttributeName()).isEqualTo("sub");
|
||||
assertThat(googleProviderDetails.getJwkSetUri()).isEqualTo("https://www.googleapis.com/oauth2/v3/certs");
|
||||
|
||||
ClientRegistration githubLogin = clientRegistrationRepository.findByRegistrationId("github-login");
|
||||
assertThat(githubLogin).isNotNull();
|
||||
assertThat(githubLogin.getRegistrationId()).isEqualTo("github-login");
|
||||
assertThat(githubLogin.getClientId()).isEqualTo("github-client-id");
|
||||
assertThat(githubLogin.getClientSecret()).isEqualTo("github-client-secret");
|
||||
assertThat(githubLogin.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
|
||||
assertThat(githubLogin.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
assertThat(githubLogin.getRedirectUriTemplate()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}");
|
||||
assertThat(googleLogin.getScopes()).isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
|
||||
assertThat(githubLogin.getClientName()).isEqualTo("Github");
|
||||
ClientRegistration githubRegistration = clientRegistrationRepository.findByRegistrationId("github-login");
|
||||
assertThat(githubRegistration).isNotNull();
|
||||
assertThat(githubRegistration.getRegistrationId()).isEqualTo("github-login");
|
||||
assertThat(githubRegistration.getClientId()).isEqualTo("github-client-id");
|
||||
assertThat(githubRegistration.getClientSecret()).isEqualTo("github-client-secret");
|
||||
assertThat(githubRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
|
||||
assertThat(githubRegistration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
assertThat(githubRegistration.getRedirectUriTemplate()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}");
|
||||
assertThat(googleRegistration.getScopes()).isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
|
||||
assertThat(githubRegistration.getClientName()).isEqualTo("Github");
|
||||
|
||||
ProviderDetails githubProviderDetails = githubLogin.getProviderDetails();
|
||||
ProviderDetails githubProviderDetails = githubRegistration.getProviderDetails();
|
||||
assertThat(githubProviderDetails).isNotNull();
|
||||
assertThat(githubProviderDetails.getAuthorizationUri()).isEqualTo("https://github.com/login/oauth/authorize");
|
||||
assertThat(githubProviderDetails.getTokenUri()).isEqualTo("https://github.com/login/oauth/access_token");
|
||||
|
|
@ -236,7 +217,13 @@ public class ClientRegistrationsBeanDefinitionParserTests {
|
|||
assertThat(githubProviderDetails.getUserInfoEndpoint().getUserNameAttributeName()).isEqualTo("id");
|
||||
}
|
||||
|
||||
private String xml(String configName) {
|
||||
private static MockResponse jsonResponse(String json) {
|
||||
return new MockResponse()
|
||||
.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
|
||||
.setBody(json);
|
||||
}
|
||||
|
||||
private static String xml(String configName) {
|
||||
return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,25 +29,25 @@
|
|||
<oauth2-login access-token-response-client-ref="accessTokenResponseClient"
|
||||
user-service-ref="oauth2UserService"
|
||||
authorization-request-repository-ref="authorizationRequestRepository"
|
||||
authentication-success-handler-ref="authenticationSuccessHandler"
|
||||
authentication-failure-handler-ref="testHandler"/>
|
||||
authentication-success-handler-ref="authenticationSuccessHandler"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="accessTokenResponseClient" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="accessTokenResponseClient" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient"/>
|
||||
</b:bean>
|
||||
<b:bean name="oauth2UserService" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="oauth2UserService" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.userinfo.OAuth2UserService"/>
|
||||
</b:bean>
|
||||
<b:bean name="authorizationRequestRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="authenticationSuccessListener" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.context.ApplicationListener"/>
|
||||
</b:bean>
|
||||
<b:bean id="authorizationRequestRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.web.AuthorizationRequestRepository"/>
|
||||
</b:bean>
|
||||
<b:bean name="authenticationSuccessHandler" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="authenticationSuccessHandler" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.web.authentication.AuthenticationSuccessHandler"/>
|
||||
</b:bean>
|
||||
|
||||
<b:bean id="testHandler" class="org.springframework.security.config.http.OAuth2LoginBeanDefinitionParserTests.TeapotAuthenticationHandler"/>
|
||||
|
||||
<b:import resource="../oauth2/client/google-registration.xml"/>
|
||||
<b:import resource="../oauth2/client/google-github-registration.xml"/>
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -28,31 +28,31 @@
|
|||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<oauth2-login access-token-response-client-ref="accessTokenResponseClient"
|
||||
user-service-ref="oauth2UserService"
|
||||
user-authorities-mapper-ref="grantedAuthoritiesMapper"
|
||||
user-authorities-mapper-ref="userAuthoritiesMapper"
|
||||
jwt-decoder-factory-ref="jwtDecoderFactory"
|
||||
authorization-request-repository-ref="authorizationRequestRepository"
|
||||
authentication-success-handler-ref="authenticationSuccessHandler"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="accessTokenResponseClient" class="org.mockito.Mockito" factory-method="mock">
|
||||
|
||||
<b:bean id="accessTokenResponseClient" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient"/>
|
||||
</b:bean>
|
||||
<b:bean name="oauth2UserService" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="oauth2UserService" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.userinfo.OAuth2UserService"/>
|
||||
</b:bean>
|
||||
<b:bean name="grantedAuthoritiesMapper" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="userAuthoritiesMapper" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper"/>
|
||||
</b:bean>
|
||||
<b:bean name="authorizationRequestRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="authorizationRequestRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.web.AuthorizationRequestRepository"/>
|
||||
</b:bean>
|
||||
<b:bean name="authenticationSuccessHandler" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="authenticationSuccessHandler" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.web.authentication.AuthenticationSuccessHandler"/>
|
||||
</b:bean>
|
||||
<b:bean name="jwtDecoderFactory" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="jwtDecoderFactory" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.jwt.JwtDecoderFactory"/>
|
||||
</b:bean>
|
||||
|
||||
<b:import resource="../oauth2/client/google-registration.xml"/>
|
||||
<b:import resource="../oauth2/client/google-github-registration.xml"/>
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -32,20 +32,20 @@
|
|||
authorization-request-repository-ref="authorizationRequestRepository"
|
||||
authentication-success-handler-ref="authenticationSuccessHandler" />
|
||||
</http>
|
||||
|
||||
<b:bean name="accessTokenResponseClient" class="org.mockito.Mockito" factory-method="mock">
|
||||
|
||||
<b:bean id="accessTokenResponseClient" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient"/>
|
||||
</b:bean>
|
||||
<b:bean name="oauth2UserService" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="oauth2UserService" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.userinfo.OAuth2UserService"/>
|
||||
</b:bean>
|
||||
<b:bean name="authorizationRequestRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="authorizationRequestRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.web.AuthorizationRequestRepository"/>
|
||||
</b:bean>
|
||||
<b:bean name="authenticationSuccessHandler" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="authenticationSuccessHandler" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.web.authentication.AuthenticationSuccessHandler"/>
|
||||
</b:bean>
|
||||
|
||||
<b:import resource="../oauth2/client/google-registration.xml"/>
|
||||
<b:import resource="../oauth2/client/google-github-registration.xml"/>
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -29,7 +29,7 @@
|
|||
<oauth2-login authentication-failure-handler-ref="authenticationFailureHandler"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="authenticationFailureHandler" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="authenticationFailureHandler" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.web.authentication.AuthenticationFailureHandler"/>
|
||||
</b:bean>
|
||||
|
||||
|
|
|
|||
|
|
@ -26,10 +26,10 @@
|
|||
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<oauth2-login authorization-request-resolver-ref="oauth2AuthorizationRequestResolver"/>
|
||||
<oauth2-login authorization-request-resolver-ref="authorizationRequestResolver"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="oauth2AuthorizationRequestResolver" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="authorizationRequestResolver" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver"/>
|
||||
</b:bean>
|
||||
|
||||
|
|
|
|||
|
|
@ -28,24 +28,24 @@
|
|||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<oauth2-login access-token-response-client-ref="accessTokenResponseClient"
|
||||
jwt-decoder-factory-ref="jwtDecoderFactory"
|
||||
user-authorities-mapper-ref="grantedAuthoritiesMapper"
|
||||
user-authorities-mapper-ref="userAuthoritiesMapper"
|
||||
authorization-request-repository-ref="authorizationRequestRepository"
|
||||
authentication-success-handler-ref="authenticationSuccessHandler"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="accessTokenResponseClient" class="org.mockito.Mockito" factory-method="mock">
|
||||
|
||||
<b:bean id="accessTokenResponseClient" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient"/>
|
||||
</b:bean>
|
||||
<b:bean name="jwtDecoderFactory" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="jwtDecoderFactory" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.jwt.JwtDecoderFactory"/>
|
||||
</b:bean>
|
||||
<b:bean name="grantedAuthoritiesMapper" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="userAuthoritiesMapper" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper"/>
|
||||
</b:bean>
|
||||
<b:bean name="authorizationRequestRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="authorizationRequestRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.web.AuthorizationRequestRepository"/>
|
||||
</b:bean>
|
||||
<b:bean name="authenticationSuccessHandler" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="authenticationSuccessHandler" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.web.authentication.AuthenticationSuccessHandler"/>
|
||||
</b:bean>
|
||||
|
||||
|
|
|
|||
|
|
@ -28,23 +28,22 @@
|
|||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<oauth2-login access-token-response-client-ref="accessTokenResponseClient"
|
||||
jwt-decoder-factory-ref="jwtDecoderFactory"
|
||||
user-authorities-mapper-ref="grantedAuthoritiesMapper"
|
||||
authorization-request-repository-ref="authorizationRequestRepository"
|
||||
/>
|
||||
authorization-request-repository-ref="authorizationRequestRepository"/>
|
||||
<request-cache ref="requestCache" />
|
||||
</http>
|
||||
|
||||
<b:bean name="accessTokenResponseClient" class="org.mockito.Mockito" factory-method="mock">
|
||||
|
||||
<b:bean id="accessTokenResponseClient" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient"/>
|
||||
</b:bean>
|
||||
<b:bean name="jwtDecoderFactory" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="jwtDecoderFactory" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.jwt.JwtDecoderFactory"/>
|
||||
</b:bean>
|
||||
<b:bean name="grantedAuthoritiesMapper" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper"/>
|
||||
</b:bean>
|
||||
<b:bean name="authorizationRequestRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="authorizationRequestRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.web.AuthorizationRequestRepository"/>
|
||||
</b:bean>
|
||||
<b:bean id="requestCache" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.web.savedrequest.RequestCache"/>
|
||||
</b:bean>
|
||||
|
||||
<b:import resource="../oauth2/client/google-registration.xml"/>
|
||||
<b:import resource="userservice.xml"/>
|
||||
|
|
|
|||
|
|
@ -1,57 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2020 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ https://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
https://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<oauth2-login access-token-response-client-ref="accessTokenResponseClient"
|
||||
user-service-ref="oauth2UserService"
|
||||
oidc-user-service-ref="oauth2UserService"
|
||||
authorization-request-repository-ref="authorizationRequestRepository"
|
||||
authentication-success-handler-ref="authenticationSuccessHandler"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="accessTokenResponseClient" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient"/>
|
||||
</b:bean>
|
||||
<b:bean name="oauth2UserService" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.userinfo.OAuth2UserService"/>
|
||||
</b:bean>
|
||||
<b:bean name="jwtDecoderFactory" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.jwt.JwtDecoderFactory"/>
|
||||
</b:bean>
|
||||
<b:bean name="authenticationSuccessListener" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.context.ApplicationListener"/>
|
||||
</b:bean>
|
||||
<b:bean name="authorizationRequestRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.web.AuthorizationRequestRepository"/>
|
||||
</b:bean>
|
||||
<b:bean name="authenticationSuccessHandler" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.web.authentication.AuthenticationSuccessHandler"/>
|
||||
</b:bean>
|
||||
|
||||
<b:import resource="../oauth2/client/google-registration.xml"/>
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -1,52 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2020 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ https://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
https://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<oauth2-login/>
|
||||
</http>
|
||||
|
||||
<client-registrations>
|
||||
<client-registration registration-id="google-login"
|
||||
client-id="google-client-id"
|
||||
client-secret="google-client-secret"
|
||||
client-authentication-method="basic"
|
||||
authorization-grant-type="authorization_code"
|
||||
redirect-uri="{baseUrl}/login/oauth2/code/{registrationId}"
|
||||
scope="openid,profile,email"
|
||||
client-name="Google"
|
||||
provider-id="google"/>
|
||||
<provider provider-id="google"
|
||||
authorization-uri="https://accounts.google.com/o/oauth2/v2/auth"
|
||||
token-uri="https://www.googleapis.com/oauth2/v4/token"
|
||||
userinfo-uri="https://www.googleapis.com/oauth2/v3/userinfo"
|
||||
userinfo-authentication-method="header"
|
||||
username-attribute-name="sub"
|
||||
jwkset-uri="https://www.googleapis.com/oauth2/v3/certs"/>
|
||||
</client-registrations>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -27,8 +27,31 @@
|
|||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<oauth2-login/>
|
||||
<request-cache ref="requestCache" />
|
||||
</http>
|
||||
|
||||
<b:import resource="../oauth2/client/google-registration.xml"/>
|
||||
<client-registrations>
|
||||
<client-registration registration-id="google-login"
|
||||
client-id="google-client-id"
|
||||
client-secret="google-client-secret"
|
||||
client-authentication-method="basic"
|
||||
authorization-grant-type="authorization_code"
|
||||
redirect-uri="{baseUrl}/login/oauth2/code/{registrationId}"
|
||||
scope="openid,profile,email"
|
||||
client-name="Google"
|
||||
provider-id="google"/>
|
||||
<provider provider-id="google"
|
||||
authorization-uri="https://accounts.google.com/o/oauth2/v2/auth"
|
||||
token-uri="https://www.googleapis.com/oauth2/v4/token"
|
||||
userinfo-uri="https://www.googleapis.com/oauth2/v3/userinfo"
|
||||
userinfo-authentication-method="header"
|
||||
username-attribute-name="sub"
|
||||
jwkset-uri="https://www.googleapis.com/oauth2/v3/certs"/>
|
||||
</client-registrations>
|
||||
|
||||
<b:bean id="requestCache" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.web.savedrequest.RequestCache"/>
|
||||
</b:bean>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
|
|||
|
|
@ -1,49 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2020 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ https://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
https://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<oauth2-login client-registration-repository-ref="clientRegistrationRepository"
|
||||
access-token-response-client-ref="accessTokenResponseClient"
|
||||
user-service-ref="oauth2UserService"
|
||||
authorization-request-repository-ref="authorizationRequestRepository"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="accessTokenResponseClient" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient"/>
|
||||
</b:bean>
|
||||
<b:bean name="oauth2UserService" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.userinfo.OAuth2UserService"/>
|
||||
</b:bean>
|
||||
<b:bean name="clientRegistrationRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.registration.ClientRegistrationRepository"/>
|
||||
</b:bean>
|
||||
<b:bean name="authorizationRequestRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.web.AuthorizationRequestRepository"/>
|
||||
</b:bean>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -33,19 +33,19 @@
|
|||
authorization-request-repository-ref="authorizationRequestRepository"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="accessTokenResponseClient" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="accessTokenResponseClient" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient"/>
|
||||
</b:bean>
|
||||
<b:bean name="oauth2UserService" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="oauth2UserService" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.userinfo.OAuth2UserService"/>
|
||||
</b:bean>
|
||||
<b:bean name="authorizationRequestRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="authorizationRequestRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.web.AuthorizationRequestRepository"/>
|
||||
</b:bean>
|
||||
<b:bean name="clientRegistrationRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="clientRegistrationRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.registration.ClientRegistrationRepository"/>
|
||||
</b:bean>
|
||||
<b:bean name="authorizedClientRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="authorizedClientRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository"/>
|
||||
</b:bean>
|
||||
|
||||
|
|
|
|||
|
|
@ -33,19 +33,19 @@
|
|||
authorized-client-service-ref="authorizedClientService"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="accessTokenResponseClient" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="accessTokenResponseClient" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient"/>
|
||||
</b:bean>
|
||||
<b:bean name="oauth2UserService" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="oauth2UserService" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.userinfo.OAuth2UserService"/>
|
||||
</b:bean>
|
||||
<b:bean name="authorizationRequestRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="authorizationRequestRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.web.AuthorizationRequestRepository"/>
|
||||
</b:bean>
|
||||
<b:bean name="clientRegistrationRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="clientRegistrationRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.registration.ClientRegistrationRepository"/>
|
||||
</b:bean>
|
||||
<b:bean name="authorizedClientService" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="authorizedClientService" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.OAuth2AuthorizedClientService"/>
|
||||
</b:bean>
|
||||
|
||||
|
|
|
|||
|
|
@ -32,19 +32,18 @@
|
|||
authorization-request-repository-ref="authorizationRequestRepository"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="accessTokenResponseClient" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="accessTokenResponseClient" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient"/>
|
||||
</b:bean>
|
||||
<b:bean name="oauth2UserService" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="oauth2UserService" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.userinfo.OAuth2UserService"/>
|
||||
</b:bean>
|
||||
<b:bean name="authorizationRequestRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="authorizationRequestRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.web.AuthorizationRequestRepository"/>
|
||||
</b:bean>
|
||||
<b:bean name="clientRegistrationRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:bean id="clientRegistrationRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.oauth2.client.registration.ClientRegistrationRepository"/>
|
||||
</b:bean>
|
||||
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
|
|||
|
|
@ -1,39 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2020 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ https://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
https://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
<client-registrations>
|
||||
<client-registration registration-id="google-login"
|
||||
client-id="google-client-id"
|
||||
client-secret="google-client-secret"
|
||||
client-authentication-method="basic"
|
||||
authorization-grant-type="authorization_code"
|
||||
redirect-uri="{baseUrl}/login/oauth2/code/{registrationId}"
|
||||
scope="openid,profile,email"
|
||||
client-name="Google"
|
||||
provider-id="google"/>
|
||||
<provider provider-id="google"
|
||||
issuer-uri="http://localhost:49259"/>
|
||||
</client-registrations>
|
||||
</b:beans>
|
||||
|
|
@ -39,7 +39,7 @@
|
|||
client-authentication-method="basic"
|
||||
authorization-grant-type="authorization_code"
|
||||
redirect-uri="{baseUrl}/login/oauth2/code/{registrationId}"
|
||||
scope="openid,profile,email"
|
||||
scope="read:user"
|
||||
client-name="Github"
|
||||
provider-id="github"/>
|
||||
<provider provider-id="google"
|
||||
|
|
|
|||
|
|
@ -897,72 +897,72 @@ The <<oauth2login,OAuth 2.0 Login>> feature configures authentication support us
|
|||
|
||||
[[nsa-oauth2-login-client-registration-repository-ref]]
|
||||
* **client-registration-repository-ref**
|
||||
Reference to `ClientRegistrationRepository`.
|
||||
Reference to the `ClientRegistrationRepository`.
|
||||
|
||||
|
||||
[[nsa-oauth2-login-authorized-client-repository-ref]]
|
||||
* **authorized-client-repository-ref**
|
||||
Reference to `OAuth2AuthorizedClientRepository`.
|
||||
Reference to the `OAuth2AuthorizedClientRepository`.
|
||||
|
||||
|
||||
[[nsa-oauth2-login-authorized-client-service-ref]]
|
||||
* **authorized-client-service-ref**
|
||||
Reference to `OAuth2AuthorizedClientService`.
|
||||
Reference to the `OAuth2AuthorizedClientService`.
|
||||
|
||||
|
||||
[[nsa-oauth2-login-authorization-request-repository-ref]]
|
||||
* **authorization-request-repository-ref**
|
||||
Reference to `AuthorizationRequestRepository`.
|
||||
Reference to the `AuthorizationRequestRepository`.
|
||||
|
||||
|
||||
[[nsa-oauth2-login-authorization-request-resolver-ref]]
|
||||
* **authorization-request-resolver-ref**
|
||||
Reference to `OAuth2AuthorizationRequestResolver`.
|
||||
Reference to the `OAuth2AuthorizationRequestResolver`.
|
||||
|
||||
|
||||
[[nsa-oauth2-login-access-token-response-client-ref]]
|
||||
* **access-token-response-client-ref**
|
||||
Reference to `OAuth2AccessTokenResponseClient`.
|
||||
Reference to the `OAuth2AccessTokenResponseClient`.
|
||||
|
||||
|
||||
[[nsa-oauth2-login-user-authorities-mapper-ref]]
|
||||
* **user-authorities-mapper-ref**
|
||||
Reference to `GrantedAuthoritiesMapper`.
|
||||
Reference to the `GrantedAuthoritiesMapper`.
|
||||
|
||||
|
||||
[[nsa-oauth2-login-user-service-ref]]
|
||||
* **user-service-ref**
|
||||
Reference to `OAuth2UserService`.
|
||||
Reference to the `OAuth2UserService`.
|
||||
|
||||
|
||||
[[nsa-oauth2-login-oidc-user-service-ref]]
|
||||
* **oidc-user-service-ref**
|
||||
Reference to `OidcUserService`.
|
||||
Reference to the OpenID Connect `OAuth2UserService`.
|
||||
|
||||
|
||||
[[nsa-oauth2-login-login-processing-url]]
|
||||
* **login-processing-url**
|
||||
Specifies the URL to validate the credentials.
|
||||
The URI where the filter processes authentication requests.
|
||||
|
||||
|
||||
[[nsa-oauth2-login-login-page]]
|
||||
* **login-page**
|
||||
Specifies the URL to send users to if login is required
|
||||
The URI to send users to login.
|
||||
|
||||
|
||||
[[nsa-oauth2-login-authentication-success-handler-ref]]
|
||||
* **authentication-success-handler-ref**
|
||||
Specifies authentication success handler
|
||||
Reference to the `AuthenticationSuccessHandler`.
|
||||
|
||||
|
||||
[[nsa-oauth2-login-authentication-failure-handler-ref]]
|
||||
* **authentication-failure-handler-ref**
|
||||
Specifies authentication failure handler
|
||||
Reference to the `AuthenticationFailureHandler`.
|
||||
|
||||
|
||||
[[nsa-oauth2-login-jwt-decoder-factory-ref]]
|
||||
* **jwt-decoder-factory-ref**
|
||||
Specifies JWT decoder factory for OidcAuthorizationCodeAuthenticationProvider
|
||||
Reference to the `JwtDecoderFactory` used by `OidcAuthorizationCodeAuthenticationProvider`.
|
||||
|
||||
|
||||
[[nsa-client-registrations]]
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2018 the original author or authors.
|
||||
* Copyright 2002-2020 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -17,6 +17,10 @@
|
|||
package org.springframework.security.oauth2.core.endpoint;
|
||||
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
|
|
@ -27,4 +31,11 @@ public class TestOAuth2AccessTokenResponses {
|
|||
return OAuth2AccessTokenResponse.withToken("token")
|
||||
.tokenType(OAuth2AccessToken.TokenType.BEARER);
|
||||
}
|
||||
|
||||
public static OAuth2AccessTokenResponse.Builder oidcAccessTokenResponse() {
|
||||
Map<String, Object> additionalParameters = new HashMap<>();
|
||||
additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token");
|
||||
return accessTokenResponse()
|
||||
.additionalParameters(additionalParameters);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2019 the original author or authors.
|
||||
* Copyright 2002-2020 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -36,4 +36,8 @@ public class TestOAuth2AuthorizationRequests {
|
|||
.state("state")
|
||||
.attributes(attributes);
|
||||
}
|
||||
|
||||
public static OAuth2AuthorizationRequest.Builder oidcRequest() {
|
||||
return request().scope("openid");
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue