Rename ProviderContext

Closes gh-865
This commit is contained in:
Joe Grandja
2022-08-22 13:55:31 -04:00
parent c60ae4532f
commit 3efee494ad
30 changed files with 211 additions and 211 deletions

View File

@@ -173,17 +173,17 @@ public AuthorizationServerSettings authorizationServerSettings() {
}
----
The `ProviderContext` is a context object that holds information about the provider.
The `AuthorizationServerContext` is a context object that holds information of the Authorization Server runtime environment.
It provides access to the `AuthorizationServerSettings` and the "`current`" issuer identifier.
[NOTE]
If the issuer identifier is not configured in `AuthorizationServerSettings.builder().issuer(String)`, it is resolved from the current request.
[NOTE]
The `ProviderContext` is accessible through the `ProviderContextHolder`, which associates it with the current request thread by using a `ThreadLocal`.
The `AuthorizationServerContext` is accessible through the `AuthorizationServerContextHolder`, which associates it with the current request thread by using a `ThreadLocal`.
[NOTE]
The `ProviderContextFilter` associates the `ProviderContext` with the `ProviderContextHolder`.
The `AuthorizationServerContextFilter` associates the `AuthorizationServerContext` with the `AuthorizationServerContextHolder`.
[[configuring-client-authentication]]
== Configuring Client Authentication

View File

@@ -316,7 +316,7 @@ public interface OAuth2TokenContext extends Context {
default <T extends Authentication> T getPrincipal() ... <2>
default ProviderContext getProviderContext() ... <3>
default AuthorizationServerContext getAuthorizationServerContext() ... <3>
@Nullable
default OAuth2Authorization getAuthorization() ... <4>
@@ -335,7 +335,7 @@ public interface OAuth2TokenContext extends Context {
----
<1> `getRegisteredClient()`: The <<registered-client, RegisteredClient>> associated with the authorization grant.
<2> `getPrincipal()`: The `Authentication` instance of the resource owner (or client).
<3> `getProviderContext()`: The xref:configuration-model.adoc#configuring-authorization-server-settings[`ProviderContext`] object that holds information related to the provider.
<3> `getAuthorizationServerContext()`: The xref:configuration-model.adoc#configuring-authorization-server-settings[`AuthorizationServerContext`] object that holds information of the Authorization Server runtime environment.
<4> `getAuthorization()`: The <<oauth2-authorization, OAuth2Authorization>> associated with the authorization grant.
<5> `getAuthorizedScopes()`: The scope(s) authorized for the client.
<6> `getTokenType()`: The `OAuth2TokenType` to generate. The supported values are `code`, `access_token`, `refresh_token`, and `id_token`.

View File

@@ -51,8 +51,8 @@ import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
@@ -221,20 +221,20 @@ public final class JwtClientAssertionAuthenticationProvider implements Authentic
return new DelegatingOAuth2TokenValidator<>(
new JwtClaimValidator<>(JwtClaimNames.ISS, clientId::equals),
new JwtClaimValidator<>(JwtClaimNames.SUB, clientId::equals),
new JwtClaimValidator<>(JwtClaimNames.AUD, containsProviderAudience()),
new JwtClaimValidator<>(JwtClaimNames.AUD, containsAudience()),
new JwtClaimValidator<>(JwtClaimNames.EXP, Objects::nonNull),
new JwtTimestampValidator()
);
}
private static Predicate<List<String>> containsProviderAudience() {
private static Predicate<List<String>> containsAudience() {
return (audienceClaim) -> {
if (CollectionUtils.isEmpty(audienceClaim)) {
return false;
}
List<String> providerAudience = getProviderAudience();
List<String> audienceList = getAudience();
for (String audience : audienceClaim) {
if (providerAudience.contains(audience)) {
if (audienceList.contains(audience)) {
return true;
}
}
@@ -242,19 +242,19 @@ public final class JwtClientAssertionAuthenticationProvider implements Authentic
};
}
private static List<String> getProviderAudience() {
ProviderContext providerContext = ProviderContextHolder.getProviderContext();
if (!StringUtils.hasText(providerContext.getIssuer())) {
private static List<String> getAudience() {
AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext();
if (!StringUtils.hasText(authorizationServerContext.getIssuer())) {
return Collections.emptyList();
}
AuthorizationServerSettings authorizationServerSettings = providerContext.getAuthorizationServerSettings();
List<String> providerAudience = new ArrayList<>();
providerAudience.add(providerContext.getIssuer());
providerAudience.add(asUrl(providerContext.getIssuer(), authorizationServerSettings.getTokenEndpoint()));
providerAudience.add(asUrl(providerContext.getIssuer(), authorizationServerSettings.getTokenIntrospectionEndpoint()));
providerAudience.add(asUrl(providerContext.getIssuer(), authorizationServerSettings.getTokenRevocationEndpoint()));
return providerAudience;
AuthorizationServerSettings authorizationServerSettings = authorizationServerContext.getAuthorizationServerSettings();
List<String> audience = new ArrayList<>();
audience.add(authorizationServerContext.getIssuer());
audience.add(asUrl(authorizationServerContext.getIssuer(), authorizationServerSettings.getTokenEndpoint()));
audience.add(asUrl(authorizationServerContext.getIssuer(), authorizationServerSettings.getTokenIntrospectionEndpoint()));
audience.add(asUrl(authorizationServerContext.getIssuer(), authorizationServerSettings.getTokenRevocationEndpoint()));
return audience;
}
private static String asUrl(String issuer, String endpoint) {

View File

@@ -43,7 +43,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
@@ -132,7 +132,7 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth
DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
.registeredClient(registeredClient)
.principal(authorization.getAttribute(Principal.class.getName()))
.providerContext(ProviderContextHolder.getProviderContext())
.authorizationServerContext(AuthorizationServerContextHolder.getContext())
.authorization(authorization)
.authorizedScopes(authorization.getAuthorizedScopes())
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)

View File

@@ -49,7 +49,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
@@ -438,7 +438,7 @@ public final class OAuth2AuthorizationCodeRequestAuthenticationProvider implemen
DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
.registeredClient(registeredClient)
.principal((Authentication) authorizationCodeRequestAuthentication.getPrincipal())
.providerContext(ProviderContextHolder.getProviderContext())
.authorizationServerContext(AuthorizationServerContextHolder.getContext())
.tokenType(new OAuth2TokenType(OAuth2ParameterNames.CODE))
.authorizedScopes(authorizedScopes)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)

View File

@@ -33,7 +33,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
@@ -102,7 +102,7 @@ public final class OAuth2ClientCredentialsAuthenticationProvider implements Auth
OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder()
.registeredClient(registeredClient)
.principal(clientPrincipal)
.providerContext(ProviderContextHolder.getProviderContext())
.authorizationServerContext(AuthorizationServerContextHolder.getContext())
.authorizedScopes(authorizedScopes)
.tokenType(OAuth2TokenType.ACCESS_TOKEN)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)

View File

@@ -40,7 +40,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
@@ -130,7 +130,7 @@ public final class OAuth2RefreshTokenAuthenticationProvider implements Authentic
DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
.registeredClient(registeredClient)
.principal(authorization.getAttribute(Principal.class.getName()))
.providerContext(ProviderContextHolder.getProviderContext())
.authorizationServerContext(AuthorizationServerContextHolder.getContext())
.authorization(authorization)
.authorizedScopes(scopes)
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)

View File

@@ -33,9 +33,9 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
import org.springframework.security.oauth2.server.authorization.web.AuthorizationServerContextFilter;
import org.springframework.security.oauth2.server.authorization.web.NimbusJwkSetEndpointFilter;
import org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationServerMetadataEndpointFilter;
import org.springframework.security.oauth2.server.authorization.web.ProviderContextFilter;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.security.web.context.SecurityContextHolderFilter;
@@ -245,8 +245,8 @@ public final class OAuth2AuthorizationServerConfigurer
AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity);
ProviderContextFilter providerContextFilter = new ProviderContextFilter(authorizationServerSettings);
httpSecurity.addFilterAfter(postProcess(providerContextFilter), SecurityContextHolderFilter.class);
AuthorizationServerContextFilter authorizationServerContextFilter = new AuthorizationServerContextFilter(authorizationServerSettings);
httpSecurity.addFilterAfter(postProcess(authorizationServerContextFilter), SecurityContextHolderFilter.class);
JWKSource<com.nimbusds.jose.proc.SecurityContext> jwkSource = OAuth2ConfigurerUtils.getJwkSource(httpSecurity);
if (jwkSource != null) {

View File

@@ -22,24 +22,24 @@ import org.springframework.security.oauth2.server.authorization.settings.Authori
import org.springframework.util.Assert;
/**
* A context that holds information of the Provider.
* A context that holds information of the Authorization Server runtime environment.
*
* @author Joe Grandja
* @since 0.2.2
* @see AuthorizationServerSettings
* @see ProviderContextHolder
* @see AuthorizationServerContextHolder
*/
public final class ProviderContext {
public final class AuthorizationServerContext {
private final AuthorizationServerSettings authorizationServerSettings;
private final Supplier<String> issuerSupplier;
/**
* Constructs a {@code ProviderContext} using the provided parameters.
* Constructs an {@code AuthorizationServerContext} using the provided parameters.
*
* @param authorizationServerSettings the authorization server settings
* @param issuerSupplier a {@code Supplier} for the {@code URL} of the Provider's issuer identifier
* @param issuerSupplier a {@code Supplier} for the {@code URL} of the Authorization Server's issuer identifier
*/
public ProviderContext(AuthorizationServerSettings authorizationServerSettings, @Nullable Supplier<String> issuerSupplier) {
public AuthorizationServerContext(AuthorizationServerSettings authorizationServerSettings, @Nullable Supplier<String> issuerSupplier) {
Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null");
this.authorizationServerSettings = authorizationServerSettings;
this.issuerSupplier = issuerSupplier;
@@ -55,11 +55,11 @@ public final class ProviderContext {
}
/**
* Returns the {@code URL} of the Provider's issuer identifier.
* Returns the {@code URL} of the Authorization Server's issuer identifier.
* The issuer identifier is resolved from the constructor parameter {@code Supplier<String>}
* or if not provided then defaults to {@link AuthorizationServerSettings#getIssuer()}.
*
* @return the {@code URL} of the Provider's issuer identifier
* @return the {@code URL} of the Authorization Server's issuer identifier
*/
public String getIssuer() {
return this.issuerSupplier != null ?

View File

@@ -0,0 +1,63 @@
/*
* Copyright 2020-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.oauth2.server.authorization.context;
import org.springframework.security.oauth2.server.authorization.web.AuthorizationServerContextFilter;
/**
* A holder of the {@link AuthorizationServerContext} that associates it with the current thread using a {@code ThreadLocal}.
*
* @author Joe Grandja
* @since 0.2.2
* @see AuthorizationServerContext
* @see AuthorizationServerContextFilter
*/
public final class AuthorizationServerContextHolder {
private static final ThreadLocal<AuthorizationServerContext> holder = new ThreadLocal<>();
private AuthorizationServerContextHolder() {
}
/**
* Returns the {@link AuthorizationServerContext} bound to the current thread.
*
* @return the {@link AuthorizationServerContext}
*/
public static AuthorizationServerContext getContext() {
return holder.get();
}
/**
* Bind the given {@link AuthorizationServerContext} to the current thread.
*
* @param authorizationServerContext the {@link AuthorizationServerContext}
*/
public static void setContext(AuthorizationServerContext authorizationServerContext) {
if (authorizationServerContext == null) {
resetContext();
} else {
holder.set(authorizationServerContext);
}
}
/**
* Reset the {@link AuthorizationServerContext} bound to the current thread.
*/
public static void resetContext() {
holder.remove();
}
}

View File

@@ -1,63 +0,0 @@
/*
* Copyright 2020-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.oauth2.server.authorization.context;
import org.springframework.security.oauth2.server.authorization.web.ProviderContextFilter;
/**
* A holder of {@link ProviderContext} that associates it with the current thread using a {@code ThreadLocal}.
*
* @author Joe Grandja
* @since 0.2.2
* @see ProviderContext
* @see ProviderContextFilter
*/
public final class ProviderContextHolder {
private static final ThreadLocal<ProviderContext> holder = new ThreadLocal<>();
private ProviderContextHolder() {
}
/**
* Returns the {@link ProviderContext} bound to the current thread.
*
* @return the {@link ProviderContext}
*/
public static ProviderContext getProviderContext() {
return holder.get();
}
/**
* Bind the given {@link ProviderContext} to the current thread.
*
* @param providerContext the {@link ProviderContext}
*/
public static void setProviderContext(ProviderContext providerContext) {
if (providerContext == null) {
resetProviderContext();
} else {
holder.set(providerContext);
}
}
/**
* Reset the {@link ProviderContext} bound to the current thread.
*/
public static void resetProviderContext() {
holder.remove();
}
}

View File

@@ -49,8 +49,8 @@ import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.oidc.OidcClientMetadataClaimNames;
import org.springframework.security.oauth2.server.authorization.oidc.OidcClientRegistration;
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
@@ -212,7 +212,7 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe
OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder()
.registeredClient(registeredClient)
.principal(clientPrincipal)
.providerContext(ProviderContextHolder.getProviderContext())
.authorizationServerContext(AuthorizationServerContextHolder.getContext())
.authorizedScopes(authorizedScopes)
.tokenType(OAuth2TokenType.ACCESS_TOKEN)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
@@ -276,9 +276,9 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe
scopes.addAll(registeredClient.getScopes()));
}
ProviderContext providerContext = ProviderContextHolder.getProviderContext();
String registrationClientUri = UriComponentsBuilder.fromUriString(providerContext.getIssuer())
.path(providerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint())
AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext();
String registrationClientUri = UriComponentsBuilder.fromUriString(authorizationServerContext.getIssuer())
.path(authorizationServerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint())
.queryParam(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId())
.toUriString();

View File

@@ -32,7 +32,7 @@ import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType;
import org.springframework.security.oauth2.core.oidc.OidcScopes;
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.oidc.OidcProviderConfiguration;
import org.springframework.security.oauth2.server.authorization.oidc.http.converter.OidcProviderConfigurationHttpMessageConverter;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
@@ -80,7 +80,7 @@ public final class OidcProviderConfigurationEndpointFilter extends OncePerReques
return;
}
String issuer = ProviderContextHolder.getProviderContext().getIssuer();
String issuer = AuthorizationServerContextHolder.getContext().getIssuer();
OidcProviderConfiguration providerConfiguration = OidcProviderConfiguration.builder()
.issuer(issuer)

View File

@@ -82,8 +82,8 @@ public final class JwtGenerator implements OAuth2TokenGenerator<Jwt> {
}
String issuer = null;
if (context.getProviderContext() != null) {
issuer = context.getProviderContext().getIssuer();
if (context.getAuthorizationServerContext() != null) {
issuer = context.getAuthorizationServerContext().getIssuer();
}
RegisteredClient registeredClient = context.getRegisteredClient();
@@ -132,7 +132,7 @@ public final class JwtGenerator implements OAuth2TokenGenerator<Jwt> {
JwtEncodingContext.Builder jwtContextBuilder = JwtEncodingContext.with(jwsHeaderBuilder, claimsBuilder)
.registeredClient(context.getRegisteredClient())
.principal(context.getPrincipal())
.providerContext(context.getProviderContext())
.authorizationServerContext(context.getAuthorizationServerContext())
.authorizedScopes(context.getAuthorizedScopes())
.tokenType(context.getTokenType())
.authorizationGrantType(context.getAuthorizationGrantType());

View File

@@ -61,8 +61,8 @@ public final class OAuth2AccessTokenGenerator implements OAuth2TokenGenerator<OA
}
String issuer = null;
if (context.getProviderContext() != null) {
issuer = context.getProviderContext().getIssuer();
if (context.getAuthorizationServerContext() != null) {
issuer = context.getAuthorizationServerContext().getIssuer();
}
RegisteredClient registeredClient = context.getRegisteredClient();
@@ -91,7 +91,7 @@ public final class OAuth2AccessTokenGenerator implements OAuth2TokenGenerator<OA
OAuth2TokenClaimsContext.Builder accessTokenContextBuilder = OAuth2TokenClaimsContext.with(claimsBuilder)
.registeredClient(context.getRegisteredClient())
.principal(context.getPrincipal())
.providerContext(context.getProviderContext())
.authorizationServerContext(context.getAuthorizationServerContext())
.authorizedScopes(context.getAuthorizedScopes())
.tokenType(context.getTokenType())
.authorizationGrantType(context.getAuthorizationGrantType());

View File

@@ -27,8 +27,8 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
import org.springframework.security.oauth2.server.authorization.context.Context;
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
import org.springframework.util.Assert;
/**
@@ -63,13 +63,13 @@ public interface OAuth2TokenContext extends Context {
}
/**
* Returns the {@link ProviderContext provider context}.
* Returns the {@link AuthorizationServerContext authorization server context}.
*
* @return the {@link ProviderContext}
* @return the {@link AuthorizationServerContext}
* @since 0.2.3
*/
default ProviderContext getProviderContext() {
return get(ProviderContext.class);
default AuthorizationServerContext getAuthorizationServerContext() {
return get(AuthorizationServerContext.class);
}
/**
@@ -157,14 +157,14 @@ public interface OAuth2TokenContext extends Context {
}
/**
* Sets the {@link ProviderContext provider context}.
* Sets the {@link AuthorizationServerContext authorization server context}.
*
* @param providerContext the {@link ProviderContext}
* @param authorizationServerContext the {@link AuthorizationServerContext}
* @return the {@link AbstractBuilder} for further configuration
* @since 0.2.3
*/
public B providerContext(ProviderContext providerContext) {
return put(ProviderContext.class, providerContext);
public B authorizationServerContext(AuthorizationServerContext authorizationServerContext) {
return put(AuthorizationServerContext.class, authorizationServerContext);
}
/**

View File

@@ -22,8 +22,8 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert;
@@ -31,23 +31,23 @@ import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.UriComponentsBuilder;
/**
* A {@code Filter} that associates the {@link ProviderContext} to the {@link ProviderContextHolder}.
* A {@code Filter} that associates the {@link AuthorizationServerContext} to the {@link AuthorizationServerContextHolder}.
*
* @author Joe Grandja
* @since 0.2.2
* @see ProviderContext
* @see ProviderContextHolder
* @see AuthorizationServerContext
* @see AuthorizationServerContextHolder
* @see AuthorizationServerSettings
*/
public final class ProviderContextFilter extends OncePerRequestFilter {
public final class AuthorizationServerContextFilter extends OncePerRequestFilter {
private final AuthorizationServerSettings authorizationServerSettings;
/**
* Constructs a {@code ProviderContextFilter} using the provided parameters.
* Constructs an {@code AuthorizationServerContextFilter} using the provided parameters.
*
* @param authorizationServerSettings the authorization server settings
*/
public ProviderContextFilter(AuthorizationServerSettings authorizationServerSettings) {
public AuthorizationServerContextFilter(AuthorizationServerSettings authorizationServerSettings) {
Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null");
this.authorizationServerSettings = authorizationServerSettings;
}
@@ -57,12 +57,12 @@ public final class ProviderContextFilter extends OncePerRequestFilter {
throws ServletException, IOException {
try {
ProviderContext providerContext = new ProviderContext(
AuthorizationServerContext authorizationServerContext = new AuthorizationServerContext(
this.authorizationServerSettings, () -> resolveIssuer(this.authorizationServerSettings, request));
ProviderContextHolder.setProviderContext(providerContext);
AuthorizationServerContextHolder.setContext(authorizationServerContext);
filterChain.doFilter(request, response);
} finally {
ProviderContextHolder.resetProviderContext();
AuthorizationServerContextHolder.resetContext();
}
}

View File

@@ -31,7 +31,7 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationServerMetadata;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.http.converter.OAuth2AuthorizationServerMetadataHttpMessageConverter;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@@ -78,7 +78,7 @@ public final class OAuth2AuthorizationServerMetadataEndpointFilter extends OnceP
return;
}
String issuer = ProviderContextHolder.getProviderContext().getIssuer();
String issuer = AuthorizationServerContextHolder.getContext().getIssuer();
OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.builder()
.issuer(issuer)

View File

@@ -57,8 +57,8 @@ import org.springframework.security.oauth2.server.authorization.TestOAuth2Author
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
import org.springframework.web.util.UriComponentsBuilder;
@@ -100,7 +100,7 @@ public class JwtClientAssertionAuthenticationProviderTests {
this.authenticationProvider = new JwtClientAssertionAuthenticationProvider(
this.registeredClientRepository, this.authorizationService);
this.authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://auth-server.com").build();
ProviderContextHolder.setProviderContext(new ProviderContext(this.authorizationServerSettings, null));
AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(this.authorizationServerSettings, null));
}
@Test

View File

@@ -54,8 +54,8 @@ import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
@@ -119,12 +119,12 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
this.authenticationProvider = new OAuth2AuthorizationCodeAuthenticationProvider(
this.authorizationService, this.tokenGenerator);
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build();
ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null));
AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null));
}
@After
public void cleanup() {
ProviderContextHolder.resetProviderContext();
AuthorizationServerContextHolder.resetContext();
}
@Test

View File

@@ -48,8 +48,8 @@ import org.springframework.security.oauth2.server.authorization.TestOAuth2Author
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
@@ -88,7 +88,7 @@ public class OAuth2AuthorizationCodeRequestAuthenticationProviderTests {
this.principal = new TestingAuthenticationToken("principalName", "password");
this.principal.setAuthenticated(true);
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build();
ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null));
AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null));
}
@Test

View File

@@ -42,8 +42,8 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
@@ -100,12 +100,12 @@ public class OAuth2ClientCredentialsAuthenticationProviderTests {
this.authenticationProvider = new OAuth2ClientCredentialsAuthenticationProvider(
this.authorizationService, this.tokenGenerator);
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build();
ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null));
AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null));
}
@After
public void cleanup() {
ProviderContextHolder.resetProviderContext();
AuthorizationServerContextHolder.resetContext();
}
@Test

View File

@@ -51,8 +51,8 @@ import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
@@ -117,12 +117,12 @@ public class OAuth2RefreshTokenAuthenticationProviderTests {
this.authenticationProvider = new OAuth2RefreshTokenAuthenticationProvider(
this.authorizationService, this.tokenGenerator);
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build();
ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null));
AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null));
}
@After
public void cleanup() {
ProviderContextHolder.resetProviderContext();
AuthorizationServerContextHolder.resetContext();
}
@Test

View File

@@ -52,8 +52,8 @@ import org.springframework.security.oauth2.server.authorization.TestOAuth2Author
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.oidc.OidcClientMetadataClaimNames;
import org.springframework.security.oauth2.server.authorization.oidc.OidcClientRegistration;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
@@ -104,14 +104,14 @@ public class OidcClientRegistrationAuthenticationProviderTests {
}
});
this.authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build();
ProviderContextHolder.setProviderContext(new ProviderContext(this.authorizationServerSettings, null));
AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(this.authorizationServerSettings, null));
this.authenticationProvider = new OidcClientRegistrationAuthenticationProvider(
this.registeredClientRepository, this.authorizationService, this.tokenGenerator);
}
@After
public void cleanup() {
ProviderContextHolder.resetProviderContext();
AuthorizationServerContextHolder.resetContext();
}
@Test
@@ -612,9 +612,9 @@ public class OidcClientRegistrationAuthenticationProviderTests {
assertThat(clientRegistrationResult.getIdTokenSignedResponseAlgorithm())
.isEqualTo(registeredClientResult.getTokenSettings().getIdTokenSignatureAlgorithm().getName());
ProviderContext providerContext = ProviderContextHolder.getProviderContext();
String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(providerContext.getIssuer())
.path(providerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint())
AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext();
String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(authorizationServerContext.getIssuer())
.path(authorizationServerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint())
.queryParam(OAuth2ParameterNames.CLIENT_ID, registeredClientResult.getClientId()).toUriString();
assertThat(clientRegistrationResult.getRegistrationClientUrl().toString()).isEqualTo(expectedRegistrationClientUrl);
@@ -808,9 +808,9 @@ public class OidcClientRegistrationAuthenticationProviderTests {
assertThat(clientRegistrationResult.getIdTokenSignedResponseAlgorithm())
.isEqualTo(registeredClient.getTokenSettings().getIdTokenSignatureAlgorithm().getName());
ProviderContext providerContext = ProviderContextHolder.getProviderContext();
String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(providerContext.getIssuer())
.path(providerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint())
AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext();
String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(authorizationServerContext.getIssuer())
.path(authorizationServerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint())
.queryParam(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId()).toUriString();
assertThat(clientRegistrationResult.getRegistrationClientUrl().toString()).isEqualTo(expectedRegistrationClientUrl);

View File

@@ -25,8 +25,8 @@ import org.junit.Test;
import org.springframework.http.MediaType;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import static org.assertj.core.api.Assertions.assertThat;
@@ -46,7 +46,7 @@ public class OidcProviderConfigurationEndpointFilterTests {
@After
public void cleanup() {
ProviderContextHolder.resetProviderContext();
AuthorizationServerContextHolder.resetContext();
}
@Test
@@ -107,7 +107,7 @@ public class OidcProviderConfigurationEndpointFilterTests {
.tokenRevocationEndpoint(tokenRevocationEndpoint)
.tokenIntrospectionEndpoint(tokenIntrospectionEndpoint)
.build();
ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null));
AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null));
OidcProviderConfigurationEndpointFilter filter =
new OidcProviderConfigurationEndpointFilter(authorizationServerSettings);
@@ -145,7 +145,7 @@ public class OidcProviderConfigurationEndpointFilterTests {
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder()
.issuer("https://this is an invalid URL")
.build();
ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null));
AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null));
OidcProviderConfigurationEndpointFilter filter =
new OidcProviderConfigurationEndpointFilter(authorizationServerSettings);

View File

@@ -46,7 +46,7 @@ import org.springframework.security.oauth2.server.authorization.authentication.O
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
@@ -66,7 +66,7 @@ public class JwtGeneratorTests {
private JwtEncoder jwtEncoder;
private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer;
private JwtGenerator jwtGenerator;
private ProviderContext providerContext;
private AuthorizationServerContext authorizationServerContext;
@Before
public void setUp() {
@@ -75,7 +75,7 @@ public class JwtGeneratorTests {
this.jwtGenerator = new JwtGenerator(this.jwtEncoder);
this.jwtGenerator.setJwtCustomizer(this.jwtCustomizer);
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build();
this.providerContext = new ProviderContext(authorizationServerSettings, null);
this.authorizationServerContext = new AuthorizationServerContext(authorizationServerSettings, null);
}
@Test
@@ -137,7 +137,7 @@ public class JwtGeneratorTests {
OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder()
.registeredClient(registeredClient)
.principal(authorization.getAttribute(Principal.class.getName()))
.providerContext(this.providerContext)
.authorizationServerContext(this.authorizationServerContext)
.authorization(authorization)
.authorizedScopes(authorization.getAuthorizedScopes())
.tokenType(OAuth2TokenType.ACCESS_TOKEN)
@@ -168,7 +168,7 @@ public class JwtGeneratorTests {
OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder()
.registeredClient(registeredClient)
.principal(authorization.getAttribute(Principal.class.getName()))
.providerContext(this.providerContext)
.authorizationServerContext(this.authorizationServerContext)
.authorization(authorization)
.authorizedScopes(authorization.getAuthorizedScopes())
.tokenType(ID_TOKEN_TOKEN_TYPE)
@@ -204,7 +204,7 @@ public class JwtGeneratorTests {
assertThat(jwsHeader.getAlgorithm()).isEqualTo(SignatureAlgorithm.RS256);
JwtClaimsSet jwtClaimsSet = jwtEncoderParametersCaptor.getValue().getClaims();
assertThat(jwtClaimsSet.getIssuer().toExternalForm()).isEqualTo(tokenContext.getProviderContext().getIssuer());
assertThat(jwtClaimsSet.getIssuer().toExternalForm()).isEqualTo(tokenContext.getAuthorizationServerContext().getIssuer());
assertThat(jwtClaimsSet.getSubject()).isEqualTo(tokenContext.getAuthorization().getPrincipalName());
assertThat(jwtClaimsSet.getAudience()).containsExactly(tokenContext.getRegisteredClient().getClientId());

View File

@@ -38,7 +38,7 @@ import org.springframework.security.oauth2.server.authorization.authentication.O
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
@@ -56,7 +56,7 @@ import static org.mockito.Mockito.verify;
public class OAuth2AccessTokenGeneratorTests {
private OAuth2TokenCustomizer<OAuth2TokenClaimsContext> accessTokenCustomizer;
private OAuth2AccessTokenGenerator accessTokenGenerator;
private ProviderContext providerContext;
private AuthorizationServerContext authorizationServerContext;
@Before
public void setUp() {
@@ -64,7 +64,7 @@ public class OAuth2AccessTokenGeneratorTests {
this.accessTokenGenerator = new OAuth2AccessTokenGenerator();
this.accessTokenGenerator.setAccessTokenCustomizer(this.accessTokenCustomizer);
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build();
this.providerContext = new ProviderContext(authorizationServerSettings, null);
this.authorizationServerContext = new AuthorizationServerContext(authorizationServerSettings, null);
}
@Test
@@ -134,7 +134,7 @@ public class OAuth2AccessTokenGeneratorTests {
OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder()
.registeredClient(registeredClient)
.principal(principal)
.providerContext(this.providerContext)
.authorizationServerContext(this.authorizationServerContext)
.authorization(authorization)
.authorizedScopes(authorization.getAuthorizedScopes())
.tokenType(OAuth2TokenType.ACCESS_TOKEN)
@@ -156,7 +156,7 @@ public class OAuth2AccessTokenGeneratorTests {
OAuth2TokenClaimAccessor accessTokenClaims = ((ClaimAccessor) accessToken)::getClaims;
assertThat(accessTokenClaims.getClaims()).isNotEmpty();
assertThat(accessTokenClaims.getIssuer().toExternalForm()).isEqualTo(tokenContext.getProviderContext().getIssuer());
assertThat(accessTokenClaims.getIssuer().toExternalForm()).isEqualTo(tokenContext.getAuthorizationServerContext().getIssuer());
assertThat(accessTokenClaims.getSubject()).isEqualTo(tokenContext.getPrincipal().getName());
assertThat(accessTokenClaims.getAudience()).isEqualTo(
Collections.singletonList(tokenContext.getRegisteredClient().getClientId()));
@@ -175,7 +175,7 @@ public class OAuth2AccessTokenGeneratorTests {
assertThat(tokenClaimsContext.getClaims()).isNotNull();
assertThat(tokenClaimsContext.getRegisteredClient()).isEqualTo(tokenContext.getRegisteredClient());
assertThat(tokenClaimsContext.<Authentication>getPrincipal()).isEqualTo(tokenContext.getPrincipal());
assertThat(tokenClaimsContext.getProviderContext()).isEqualTo(tokenContext.getProviderContext());
assertThat(tokenClaimsContext.getAuthorizationServerContext()).isEqualTo(tokenContext.getAuthorizationServerContext());
assertThat(tokenClaimsContext.getAuthorization()).isEqualTo(tokenContext.getAuthorization());
assertThat(tokenClaimsContext.getAuthorizedScopes()).isEqualTo(tokenContext.getAuthorizedScopes());
assertThat(tokenClaimsContext.getTokenType()).isEqualTo(tokenContext.getTokenType());

View File

@@ -34,7 +34,7 @@ import org.springframework.security.oauth2.server.authorization.authentication.O
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import static org.assertj.core.api.Assertions.assertThat;
@@ -75,7 +75,7 @@ public class OAuth2TokenClaimsContextTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
Authentication principal = authorization.getAttribute(Principal.class.getName());
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer(issuer).build();
ProviderContext providerContext = new ProviderContext(authorizationServerSettings, null);
AuthorizationServerContext authorizationServerContext = new AuthorizationServerContext(authorizationServerSettings, null);
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(
registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute(
@@ -88,7 +88,7 @@ public class OAuth2TokenClaimsContextTests {
OAuth2TokenClaimsContext context = OAuth2TokenClaimsContext.with(claims)
.registeredClient(registeredClient)
.principal(principal)
.providerContext(providerContext)
.authorizationServerContext(authorizationServerContext)
.authorization(authorization)
.tokenType(OAuth2TokenType.ACCESS_TOKEN)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
@@ -101,7 +101,7 @@ public class OAuth2TokenClaimsContextTests {
assertThat(context.getClaims()).isEqualTo(claims);
assertThat(context.getRegisteredClient()).isEqualTo(registeredClient);
assertThat(context.<Authentication>getPrincipal()).isEqualTo(principal);
assertThat(context.getProviderContext()).isEqualTo(providerContext);
assertThat(context.getAuthorizationServerContext()).isEqualTo(authorizationServerContext);
assertThat(context.getAuthorization()).isEqualTo(authorization);
assertThat(context.getTokenType()).isEqualTo(OAuth2TokenType.ACCESS_TOKEN);
assertThat(context.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);

View File

@@ -22,8 +22,8 @@ import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import static org.assertj.core.api.Assertions.assertThat;
@@ -33,20 +33,20 @@ import static org.mockito.Mockito.doAnswer;
import static org.mockito.Mockito.mock;
/**
* Tests for {@link ProviderContextFilter}.
* Tests for {@link AuthorizationServerContextFilter}.
*
* @author Joe Grandja
*/
public class ProviderContextFilterTests {
public class AuthorizationServerContextFilterTests {
@After
public void cleanup() {
ProviderContextHolder.resetProviderContext();
AuthorizationServerContextHolder.resetContext();
}
@Test
public void constructorWhenAuthorizationServerSettingsNullThenThrowIllegalArgumentException() {
assertThatThrownBy(() -> new ProviderContextFilter(null))
assertThatThrownBy(() -> new AuthorizationServerContextFilter(null))
.isInstanceOf(IllegalArgumentException.class)
.hasMessage("authorizationServerSettings cannot be null");
}
@@ -55,7 +55,7 @@ public class ProviderContextFilterTests {
public void doFilterWhenIssuerConfiguredThenUsed() throws Exception {
String issuer = "https://provider.com";
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer(issuer).build();
ProviderContextFilter filter = new ProviderContextFilter(authorizationServerSettings);
AuthorizationServerContextFilter filter = new AuthorizationServerContextFilter(authorizationServerSettings);
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
request.setServletPath("/");
@@ -63,22 +63,22 @@ public class ProviderContextFilterTests {
FilterChain filterChain = mock(FilterChain.class);
doAnswer(invocation -> {
ProviderContext providerContext = ProviderContextHolder.getProviderContext();
assertThat(providerContext).isNotNull();
assertThat(providerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings);
assertThat(providerContext.getIssuer()).isEqualTo(issuer);
AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext();
assertThat(authorizationServerContext).isNotNull();
assertThat(authorizationServerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings);
assertThat(authorizationServerContext.getIssuer()).isEqualTo(issuer);
return null;
}).when(filterChain).doFilter(any(), any());
filter.doFilter(request, response, filterChain);
assertThat(ProviderContextHolder.getProviderContext()).isNull();
assertThat(AuthorizationServerContextHolder.getContext()).isNull();
}
@Test
public void doFilterWhenIssuerNotConfiguredThenResolveFromRequest() throws Exception {
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().build();
ProviderContextFilter filter = new ProviderContextFilter(authorizationServerSettings);
AuthorizationServerContextFilter filter = new AuthorizationServerContextFilter(authorizationServerSettings);
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
request.setServletPath("/");
@@ -86,16 +86,16 @@ public class ProviderContextFilterTests {
FilterChain filterChain = mock(FilterChain.class);
doAnswer(invocation -> {
ProviderContext providerContext = ProviderContextHolder.getProviderContext();
assertThat(providerContext).isNotNull();
assertThat(providerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings);
assertThat(providerContext.getIssuer()).isEqualTo("http://localhost");
AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext();
assertThat(authorizationServerContext).isNotNull();
assertThat(authorizationServerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings);
assertThat(authorizationServerContext.getIssuer()).isEqualTo("http://localhost");
return null;
}).when(filterChain).doFilter(any(), any());
filter.doFilter(request, response, filterChain);
assertThat(ProviderContextHolder.getProviderContext()).isNull();
assertThat(AuthorizationServerContextHolder.getContext()).isNull();
}
}

View File

@@ -25,8 +25,8 @@ import org.junit.Test;
import org.springframework.http.MediaType;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import static org.assertj.core.api.Assertions.assertThat;
@@ -46,7 +46,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests {
@After
public void cleanup() {
ProviderContextHolder.resetProviderContext();
AuthorizationServerContextHolder.resetContext();
}
@Test
@@ -105,7 +105,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests {
.tokenRevocationEndpoint(tokenRevocationEndpoint)
.tokenIntrospectionEndpoint(tokenIntrospectionEndpoint)
.build();
ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null));
AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null));
OAuth2AuthorizationServerMetadataEndpointFilter filter =
new OAuth2AuthorizationServerMetadataEndpointFilter(authorizationServerSettings);
@@ -140,7 +140,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests {
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder()
.issuer("https://this is an invalid URL")
.build();
ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null));
AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null));
OAuth2AuthorizationServerMetadataEndpointFilter filter =
new OAuth2AuthorizationServerMetadataEndpointFilter(authorizationServerSettings);