Merge branch '1.3.x'

This commit is contained in:
Joe Grandja
2024-07-19 15:55:40 -04:00
2 changed files with 40 additions and 4 deletions

View File

@@ -241,10 +241,13 @@ public final class OAuth2AuthorizationEndpointConfigurer extends AbstractOAuth2C
? OAuth2ConfigurerUtils
.withMultipleIssuersPattern(authorizationServerSettings.getAuthorizationEndpoint())
: authorizationServerSettings.getAuthorizationEndpoint();
this.requestMatcher = new OrRequestMatcher(
new AntPathRequestMatcher(authorizationEndpointUri, HttpMethod.GET.name()),
new AntPathRequestMatcher(authorizationEndpointUri, HttpMethod.POST.name()));
List<RequestMatcher> requestMatchers = new ArrayList<>();
requestMatchers.add(new AntPathRequestMatcher(authorizationEndpointUri, HttpMethod.GET.name()));
requestMatchers.add(new AntPathRequestMatcher(authorizationEndpointUri, HttpMethod.POST.name()));
if (StringUtils.hasText(this.consentPage)) {
requestMatchers.add(new AntPathRequestMatcher(this.consentPage));
}
this.requestMatcher = new OrRequestMatcher(requestMatchers);
List<AuthenticationProvider> authenticationProviders = createDefaultAuthenticationProviders(httpSecurity);
if (!this.authenticationProviders.isEmpty()) {
authenticationProviders.addAll(0, this.authenticationProviders);

View File

@@ -104,6 +104,7 @@ import org.springframework.security.oauth2.server.authorization.client.Registere
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.jackson2.TestingAuthenticationTokenMixin;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
@@ -125,11 +126,14 @@ import org.springframework.security.web.authentication.AuthenticationSuccessHand
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.stereotype.Controller;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.MvcResult;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.util.UriComponents;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.web.util.UriUtils;
@@ -746,6 +750,15 @@ public class OAuth2AuthorizationCodeGrantTests {
assertThat(authorization).isNotNull();
}
// gh-1668
@Test
public void requestWhenCustomConsentPageConfiguredThenAuthorizationServerContextIsAccessible() throws Exception {
this.spring.register(AuthorizationServerConfigurationCustomConsentPageAccessAuthorizationServerContext.class)
.autowire();
this.mvc.perform(get(consentPage).with(user("user"))).andExpect(status().isOk());
}
@Test
public void requestWhenCustomConsentCustomizerConfiguredThenUsed() throws Exception {
this.spring.register(AuthorizationServerConfigurationCustomConsentRequest.class).autowire();
@@ -1209,6 +1222,26 @@ public class OAuth2AuthorizationCodeGrantTests {
}
@EnableWebSecurity
@Configuration(proxyBeanMethods = false)
static class AuthorizationServerConfigurationCustomConsentPageAccessAuthorizationServerContext
extends AuthorizationServerConfigurationCustomConsentPage {
@Controller
class ConsentController {
@GetMapping("/oauth2/consent")
@ResponseBody
String consent() {
// Ensure the AuthorizationServerContext is accessible
AuthorizationServerContextHolder.getContext().getIssuer();
return "";
}
}
}
@EnableWebSecurity
@Configuration(proxyBeanMethods = false)
static class AuthorizationServerConfigurationCustomConsentRequest extends AuthorizationServerConfiguration {