Rename ProviderContext
Closes gh-865
This commit is contained in:
@@ -173,17 +173,17 @@ public AuthorizationServerSettings authorizationServerSettings() {
|
||||
}
|
||||
----
|
||||
|
||||
The `ProviderContext` is a context object that holds information about the provider.
|
||||
The `AuthorizationServerContext` is a context object that holds information of the Authorization Server runtime environment.
|
||||
It provides access to the `AuthorizationServerSettings` and the "`current`" issuer identifier.
|
||||
|
||||
[NOTE]
|
||||
If the issuer identifier is not configured in `AuthorizationServerSettings.builder().issuer(String)`, it is resolved from the current request.
|
||||
|
||||
[NOTE]
|
||||
The `ProviderContext` is accessible through the `ProviderContextHolder`, which associates it with the current request thread by using a `ThreadLocal`.
|
||||
The `AuthorizationServerContext` is accessible through the `AuthorizationServerContextHolder`, which associates it with the current request thread by using a `ThreadLocal`.
|
||||
|
||||
[NOTE]
|
||||
The `ProviderContextFilter` associates the `ProviderContext` with the `ProviderContextHolder`.
|
||||
The `AuthorizationServerContextFilter` associates the `AuthorizationServerContext` with the `AuthorizationServerContextHolder`.
|
||||
|
||||
[[configuring-client-authentication]]
|
||||
== Configuring Client Authentication
|
||||
|
||||
@@ -316,7 +316,7 @@ public interface OAuth2TokenContext extends Context {
|
||||
|
||||
default <T extends Authentication> T getPrincipal() ... <2>
|
||||
|
||||
default ProviderContext getProviderContext() ... <3>
|
||||
default AuthorizationServerContext getAuthorizationServerContext() ... <3>
|
||||
|
||||
@Nullable
|
||||
default OAuth2Authorization getAuthorization() ... <4>
|
||||
@@ -335,7 +335,7 @@ public interface OAuth2TokenContext extends Context {
|
||||
----
|
||||
<1> `getRegisteredClient()`: The <<registered-client, RegisteredClient>> associated with the authorization grant.
|
||||
<2> `getPrincipal()`: The `Authentication` instance of the resource owner (or client).
|
||||
<3> `getProviderContext()`: The xref:configuration-model.adoc#configuring-authorization-server-settings[`ProviderContext`] object that holds information related to the provider.
|
||||
<3> `getAuthorizationServerContext()`: The xref:configuration-model.adoc#configuring-authorization-server-settings[`AuthorizationServerContext`] object that holds information of the Authorization Server runtime environment.
|
||||
<4> `getAuthorization()`: The <<oauth2-authorization, OAuth2Authorization>> associated with the authorization grant.
|
||||
<5> `getAuthorizedScopes()`: The scope(s) authorized for the client.
|
||||
<6> `getTokenType()`: The `OAuth2TokenType` to generate. The supported values are `code`, `access_token`, `refresh_token`, and `id_token`.
|
||||
|
||||
@@ -51,8 +51,8 @@ import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.CollectionUtils;
|
||||
@@ -221,20 +221,20 @@ public final class JwtClientAssertionAuthenticationProvider implements Authentic
|
||||
return new DelegatingOAuth2TokenValidator<>(
|
||||
new JwtClaimValidator<>(JwtClaimNames.ISS, clientId::equals),
|
||||
new JwtClaimValidator<>(JwtClaimNames.SUB, clientId::equals),
|
||||
new JwtClaimValidator<>(JwtClaimNames.AUD, containsProviderAudience()),
|
||||
new JwtClaimValidator<>(JwtClaimNames.AUD, containsAudience()),
|
||||
new JwtClaimValidator<>(JwtClaimNames.EXP, Objects::nonNull),
|
||||
new JwtTimestampValidator()
|
||||
);
|
||||
}
|
||||
|
||||
private static Predicate<List<String>> containsProviderAudience() {
|
||||
private static Predicate<List<String>> containsAudience() {
|
||||
return (audienceClaim) -> {
|
||||
if (CollectionUtils.isEmpty(audienceClaim)) {
|
||||
return false;
|
||||
}
|
||||
List<String> providerAudience = getProviderAudience();
|
||||
List<String> audienceList = getAudience();
|
||||
for (String audience : audienceClaim) {
|
||||
if (providerAudience.contains(audience)) {
|
||||
if (audienceList.contains(audience)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@@ -242,19 +242,19 @@ public final class JwtClientAssertionAuthenticationProvider implements Authentic
|
||||
};
|
||||
}
|
||||
|
||||
private static List<String> getProviderAudience() {
|
||||
ProviderContext providerContext = ProviderContextHolder.getProviderContext();
|
||||
if (!StringUtils.hasText(providerContext.getIssuer())) {
|
||||
private static List<String> getAudience() {
|
||||
AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext();
|
||||
if (!StringUtils.hasText(authorizationServerContext.getIssuer())) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
AuthorizationServerSettings authorizationServerSettings = providerContext.getAuthorizationServerSettings();
|
||||
List<String> providerAudience = new ArrayList<>();
|
||||
providerAudience.add(providerContext.getIssuer());
|
||||
providerAudience.add(asUrl(providerContext.getIssuer(), authorizationServerSettings.getTokenEndpoint()));
|
||||
providerAudience.add(asUrl(providerContext.getIssuer(), authorizationServerSettings.getTokenIntrospectionEndpoint()));
|
||||
providerAudience.add(asUrl(providerContext.getIssuer(), authorizationServerSettings.getTokenRevocationEndpoint()));
|
||||
return providerAudience;
|
||||
AuthorizationServerSettings authorizationServerSettings = authorizationServerContext.getAuthorizationServerSettings();
|
||||
List<String> audience = new ArrayList<>();
|
||||
audience.add(authorizationServerContext.getIssuer());
|
||||
audience.add(asUrl(authorizationServerContext.getIssuer(), authorizationServerSettings.getTokenEndpoint()));
|
||||
audience.add(asUrl(authorizationServerContext.getIssuer(), authorizationServerSettings.getTokenIntrospectionEndpoint()));
|
||||
audience.add(asUrl(authorizationServerContext.getIssuer(), authorizationServerSettings.getTokenRevocationEndpoint()));
|
||||
return audience;
|
||||
}
|
||||
|
||||
private static String asUrl(String issuer, String endpoint) {
|
||||
|
||||
@@ -43,7 +43,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
|
||||
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
|
||||
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
|
||||
@@ -132,7 +132,7 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth
|
||||
DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
|
||||
.registeredClient(registeredClient)
|
||||
.principal(authorization.getAttribute(Principal.class.getName()))
|
||||
.providerContext(ProviderContextHolder.getProviderContext())
|
||||
.authorizationServerContext(AuthorizationServerContextHolder.getContext())
|
||||
.authorization(authorization)
|
||||
.authorizedScopes(authorization.getAuthorizedScopes())
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
|
||||
@@ -49,7 +49,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
|
||||
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
|
||||
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
|
||||
@@ -438,7 +438,7 @@ public final class OAuth2AuthorizationCodeRequestAuthenticationProvider implemen
|
||||
DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
|
||||
.registeredClient(registeredClient)
|
||||
.principal((Authentication) authorizationCodeRequestAuthentication.getPrincipal())
|
||||
.providerContext(ProviderContextHolder.getProviderContext())
|
||||
.authorizationServerContext(AuthorizationServerContextHolder.getContext())
|
||||
.tokenType(new OAuth2TokenType(OAuth2ParameterNames.CODE))
|
||||
.authorizedScopes(authorizedScopes)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
|
||||
@@ -33,7 +33,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
|
||||
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
|
||||
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
|
||||
@@ -102,7 +102,7 @@ public final class OAuth2ClientCredentialsAuthenticationProvider implements Auth
|
||||
OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder()
|
||||
.registeredClient(registeredClient)
|
||||
.principal(clientPrincipal)
|
||||
.providerContext(ProviderContextHolder.getProviderContext())
|
||||
.authorizationServerContext(AuthorizationServerContextHolder.getContext())
|
||||
.authorizedScopes(authorizedScopes)
|
||||
.tokenType(OAuth2TokenType.ACCESS_TOKEN)
|
||||
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
|
||||
|
||||
@@ -40,7 +40,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
|
||||
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
|
||||
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
|
||||
@@ -130,7 +130,7 @@ public final class OAuth2RefreshTokenAuthenticationProvider implements Authentic
|
||||
DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
|
||||
.registeredClient(registeredClient)
|
||||
.principal(authorization.getAttribute(Principal.class.getName()))
|
||||
.providerContext(ProviderContextHolder.getProviderContext())
|
||||
.authorizationServerContext(AuthorizationServerContextHolder.getContext())
|
||||
.authorization(authorization)
|
||||
.authorizedScopes(scopes)
|
||||
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
|
||||
|
||||
@@ -33,9 +33,9 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
|
||||
import org.springframework.security.oauth2.server.authorization.web.AuthorizationServerContextFilter;
|
||||
import org.springframework.security.oauth2.server.authorization.web.NimbusJwkSetEndpointFilter;
|
||||
import org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationServerMetadataEndpointFilter;
|
||||
import org.springframework.security.oauth2.server.authorization.web.ProviderContextFilter;
|
||||
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
|
||||
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
|
||||
import org.springframework.security.web.context.SecurityContextHolderFilter;
|
||||
@@ -245,8 +245,8 @@ public final class OAuth2AuthorizationServerConfigurer
|
||||
|
||||
AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity);
|
||||
|
||||
ProviderContextFilter providerContextFilter = new ProviderContextFilter(authorizationServerSettings);
|
||||
httpSecurity.addFilterAfter(postProcess(providerContextFilter), SecurityContextHolderFilter.class);
|
||||
AuthorizationServerContextFilter authorizationServerContextFilter = new AuthorizationServerContextFilter(authorizationServerSettings);
|
||||
httpSecurity.addFilterAfter(postProcess(authorizationServerContextFilter), SecurityContextHolderFilter.class);
|
||||
|
||||
JWKSource<com.nimbusds.jose.proc.SecurityContext> jwkSource = OAuth2ConfigurerUtils.getJwkSource(httpSecurity);
|
||||
if (jwkSource != null) {
|
||||
|
||||
@@ -22,24 +22,24 @@ import org.springframework.security.oauth2.server.authorization.settings.Authori
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* A context that holds information of the Provider.
|
||||
* A context that holds information of the Authorization Server runtime environment.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 0.2.2
|
||||
* @see AuthorizationServerSettings
|
||||
* @see ProviderContextHolder
|
||||
* @see AuthorizationServerContextHolder
|
||||
*/
|
||||
public final class ProviderContext {
|
||||
public final class AuthorizationServerContext {
|
||||
private final AuthorizationServerSettings authorizationServerSettings;
|
||||
private final Supplier<String> issuerSupplier;
|
||||
|
||||
/**
|
||||
* Constructs a {@code ProviderContext} using the provided parameters.
|
||||
* Constructs an {@code AuthorizationServerContext} using the provided parameters.
|
||||
*
|
||||
* @param authorizationServerSettings the authorization server settings
|
||||
* @param issuerSupplier a {@code Supplier} for the {@code URL} of the Provider's issuer identifier
|
||||
* @param issuerSupplier a {@code Supplier} for the {@code URL} of the Authorization Server's issuer identifier
|
||||
*/
|
||||
public ProviderContext(AuthorizationServerSettings authorizationServerSettings, @Nullable Supplier<String> issuerSupplier) {
|
||||
public AuthorizationServerContext(AuthorizationServerSettings authorizationServerSettings, @Nullable Supplier<String> issuerSupplier) {
|
||||
Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null");
|
||||
this.authorizationServerSettings = authorizationServerSettings;
|
||||
this.issuerSupplier = issuerSupplier;
|
||||
@@ -55,11 +55,11 @@ public final class ProviderContext {
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the {@code URL} of the Provider's issuer identifier.
|
||||
* Returns the {@code URL} of the Authorization Server's issuer identifier.
|
||||
* The issuer identifier is resolved from the constructor parameter {@code Supplier<String>}
|
||||
* or if not provided then defaults to {@link AuthorizationServerSettings#getIssuer()}.
|
||||
*
|
||||
* @return the {@code URL} of the Provider's issuer identifier
|
||||
* @return the {@code URL} of the Authorization Server's issuer identifier
|
||||
*/
|
||||
public String getIssuer() {
|
||||
return this.issuerSupplier != null ?
|
||||
@@ -0,0 +1,63 @@
|
||||
/*
|
||||
* Copyright 2020-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.server.authorization.context;
|
||||
|
||||
import org.springframework.security.oauth2.server.authorization.web.AuthorizationServerContextFilter;
|
||||
|
||||
/**
|
||||
* A holder of the {@link AuthorizationServerContext} that associates it with the current thread using a {@code ThreadLocal}.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 0.2.2
|
||||
* @see AuthorizationServerContext
|
||||
* @see AuthorizationServerContextFilter
|
||||
*/
|
||||
public final class AuthorizationServerContextHolder {
|
||||
private static final ThreadLocal<AuthorizationServerContext> holder = new ThreadLocal<>();
|
||||
|
||||
private AuthorizationServerContextHolder() {
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the {@link AuthorizationServerContext} bound to the current thread.
|
||||
*
|
||||
* @return the {@link AuthorizationServerContext}
|
||||
*/
|
||||
public static AuthorizationServerContext getContext() {
|
||||
return holder.get();
|
||||
}
|
||||
|
||||
/**
|
||||
* Bind the given {@link AuthorizationServerContext} to the current thread.
|
||||
*
|
||||
* @param authorizationServerContext the {@link AuthorizationServerContext}
|
||||
*/
|
||||
public static void setContext(AuthorizationServerContext authorizationServerContext) {
|
||||
if (authorizationServerContext == null) {
|
||||
resetContext();
|
||||
} else {
|
||||
holder.set(authorizationServerContext);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Reset the {@link AuthorizationServerContext} bound to the current thread.
|
||||
*/
|
||||
public static void resetContext() {
|
||||
holder.remove();
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,63 +0,0 @@
|
||||
/*
|
||||
* Copyright 2020-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.server.authorization.context;
|
||||
|
||||
import org.springframework.security.oauth2.server.authorization.web.ProviderContextFilter;
|
||||
|
||||
/**
|
||||
* A holder of {@link ProviderContext} that associates it with the current thread using a {@code ThreadLocal}.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 0.2.2
|
||||
* @see ProviderContext
|
||||
* @see ProviderContextFilter
|
||||
*/
|
||||
public final class ProviderContextHolder {
|
||||
private static final ThreadLocal<ProviderContext> holder = new ThreadLocal<>();
|
||||
|
||||
private ProviderContextHolder() {
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the {@link ProviderContext} bound to the current thread.
|
||||
*
|
||||
* @return the {@link ProviderContext}
|
||||
*/
|
||||
public static ProviderContext getProviderContext() {
|
||||
return holder.get();
|
||||
}
|
||||
|
||||
/**
|
||||
* Bind the given {@link ProviderContext} to the current thread.
|
||||
*
|
||||
* @param providerContext the {@link ProviderContext}
|
||||
*/
|
||||
public static void setProviderContext(ProviderContext providerContext) {
|
||||
if (providerContext == null) {
|
||||
resetProviderContext();
|
||||
} else {
|
||||
holder.set(providerContext);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Reset the {@link ProviderContext} bound to the current thread.
|
||||
*/
|
||||
public static void resetProviderContext() {
|
||||
holder.remove();
|
||||
}
|
||||
|
||||
}
|
||||
@@ -49,8 +49,8 @@ import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
|
||||
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.oidc.OidcClientMetadataClaimNames;
|
||||
import org.springframework.security.oauth2.server.authorization.oidc.OidcClientRegistration;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
|
||||
@@ -212,7 +212,7 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe
|
||||
OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder()
|
||||
.registeredClient(registeredClient)
|
||||
.principal(clientPrincipal)
|
||||
.providerContext(ProviderContextHolder.getProviderContext())
|
||||
.authorizationServerContext(AuthorizationServerContextHolder.getContext())
|
||||
.authorizedScopes(authorizedScopes)
|
||||
.tokenType(OAuth2TokenType.ACCESS_TOKEN)
|
||||
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
|
||||
@@ -276,9 +276,9 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe
|
||||
scopes.addAll(registeredClient.getScopes()));
|
||||
}
|
||||
|
||||
ProviderContext providerContext = ProviderContextHolder.getProviderContext();
|
||||
String registrationClientUri = UriComponentsBuilder.fromUriString(providerContext.getIssuer())
|
||||
.path(providerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint())
|
||||
AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext();
|
||||
String registrationClientUri = UriComponentsBuilder.fromUriString(authorizationServerContext.getIssuer())
|
||||
.path(authorizationServerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint())
|
||||
.queryParam(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId())
|
||||
.toUriString();
|
||||
|
||||
|
||||
@@ -32,7 +32,7 @@ import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcScopes;
|
||||
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.oidc.OidcProviderConfiguration;
|
||||
import org.springframework.security.oauth2.server.authorization.oidc.http.converter.OidcProviderConfigurationHttpMessageConverter;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
@@ -80,7 +80,7 @@ public final class OidcProviderConfigurationEndpointFilter extends OncePerReques
|
||||
return;
|
||||
}
|
||||
|
||||
String issuer = ProviderContextHolder.getProviderContext().getIssuer();
|
||||
String issuer = AuthorizationServerContextHolder.getContext().getIssuer();
|
||||
|
||||
OidcProviderConfiguration providerConfiguration = OidcProviderConfiguration.builder()
|
||||
.issuer(issuer)
|
||||
|
||||
@@ -82,8 +82,8 @@ public final class JwtGenerator implements OAuth2TokenGenerator<Jwt> {
|
||||
}
|
||||
|
||||
String issuer = null;
|
||||
if (context.getProviderContext() != null) {
|
||||
issuer = context.getProviderContext().getIssuer();
|
||||
if (context.getAuthorizationServerContext() != null) {
|
||||
issuer = context.getAuthorizationServerContext().getIssuer();
|
||||
}
|
||||
RegisteredClient registeredClient = context.getRegisteredClient();
|
||||
|
||||
@@ -132,7 +132,7 @@ public final class JwtGenerator implements OAuth2TokenGenerator<Jwt> {
|
||||
JwtEncodingContext.Builder jwtContextBuilder = JwtEncodingContext.with(jwsHeaderBuilder, claimsBuilder)
|
||||
.registeredClient(context.getRegisteredClient())
|
||||
.principal(context.getPrincipal())
|
||||
.providerContext(context.getProviderContext())
|
||||
.authorizationServerContext(context.getAuthorizationServerContext())
|
||||
.authorizedScopes(context.getAuthorizedScopes())
|
||||
.tokenType(context.getTokenType())
|
||||
.authorizationGrantType(context.getAuthorizationGrantType());
|
||||
|
||||
@@ -61,8 +61,8 @@ public final class OAuth2AccessTokenGenerator implements OAuth2TokenGenerator<OA
|
||||
}
|
||||
|
||||
String issuer = null;
|
||||
if (context.getProviderContext() != null) {
|
||||
issuer = context.getProviderContext().getIssuer();
|
||||
if (context.getAuthorizationServerContext() != null) {
|
||||
issuer = context.getAuthorizationServerContext().getIssuer();
|
||||
}
|
||||
RegisteredClient registeredClient = context.getRegisteredClient();
|
||||
|
||||
@@ -91,7 +91,7 @@ public final class OAuth2AccessTokenGenerator implements OAuth2TokenGenerator<OA
|
||||
OAuth2TokenClaimsContext.Builder accessTokenContextBuilder = OAuth2TokenClaimsContext.with(claimsBuilder)
|
||||
.registeredClient(context.getRegisteredClient())
|
||||
.principal(context.getPrincipal())
|
||||
.providerContext(context.getProviderContext())
|
||||
.authorizationServerContext(context.getAuthorizationServerContext())
|
||||
.authorizedScopes(context.getAuthorizedScopes())
|
||||
.tokenType(context.getTokenType())
|
||||
.authorizationGrantType(context.getAuthorizationGrantType());
|
||||
|
||||
@@ -27,8 +27,8 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.Context;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
@@ -63,13 +63,13 @@ public interface OAuth2TokenContext extends Context {
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the {@link ProviderContext provider context}.
|
||||
* Returns the {@link AuthorizationServerContext authorization server context}.
|
||||
*
|
||||
* @return the {@link ProviderContext}
|
||||
* @return the {@link AuthorizationServerContext}
|
||||
* @since 0.2.3
|
||||
*/
|
||||
default ProviderContext getProviderContext() {
|
||||
return get(ProviderContext.class);
|
||||
default AuthorizationServerContext getAuthorizationServerContext() {
|
||||
return get(AuthorizationServerContext.class);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -157,14 +157,14 @@ public interface OAuth2TokenContext extends Context {
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the {@link ProviderContext provider context}.
|
||||
* Sets the {@link AuthorizationServerContext authorization server context}.
|
||||
*
|
||||
* @param providerContext the {@link ProviderContext}
|
||||
* @param authorizationServerContext the {@link AuthorizationServerContext}
|
||||
* @return the {@link AbstractBuilder} for further configuration
|
||||
* @since 0.2.3
|
||||
*/
|
||||
public B providerContext(ProviderContext providerContext) {
|
||||
return put(ProviderContext.class, providerContext);
|
||||
public B authorizationServerContext(AuthorizationServerContext authorizationServerContext) {
|
||||
return put(AuthorizationServerContext.class, authorizationServerContext);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -22,8 +22,8 @@ import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
import org.springframework.security.web.util.UrlUtils;
|
||||
import org.springframework.util.Assert;
|
||||
@@ -31,23 +31,23 @@ import org.springframework.web.filter.OncePerRequestFilter;
|
||||
import org.springframework.web.util.UriComponentsBuilder;
|
||||
|
||||
/**
|
||||
* A {@code Filter} that associates the {@link ProviderContext} to the {@link ProviderContextHolder}.
|
||||
* A {@code Filter} that associates the {@link AuthorizationServerContext} to the {@link AuthorizationServerContextHolder}.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 0.2.2
|
||||
* @see ProviderContext
|
||||
* @see ProviderContextHolder
|
||||
* @see AuthorizationServerContext
|
||||
* @see AuthorizationServerContextHolder
|
||||
* @see AuthorizationServerSettings
|
||||
*/
|
||||
public final class ProviderContextFilter extends OncePerRequestFilter {
|
||||
public final class AuthorizationServerContextFilter extends OncePerRequestFilter {
|
||||
private final AuthorizationServerSettings authorizationServerSettings;
|
||||
|
||||
/**
|
||||
* Constructs a {@code ProviderContextFilter} using the provided parameters.
|
||||
* Constructs an {@code AuthorizationServerContextFilter} using the provided parameters.
|
||||
*
|
||||
* @param authorizationServerSettings the authorization server settings
|
||||
*/
|
||||
public ProviderContextFilter(AuthorizationServerSettings authorizationServerSettings) {
|
||||
public AuthorizationServerContextFilter(AuthorizationServerSettings authorizationServerSettings) {
|
||||
Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null");
|
||||
this.authorizationServerSettings = authorizationServerSettings;
|
||||
}
|
||||
@@ -57,12 +57,12 @@ public final class ProviderContextFilter extends OncePerRequestFilter {
|
||||
throws ServletException, IOException {
|
||||
|
||||
try {
|
||||
ProviderContext providerContext = new ProviderContext(
|
||||
AuthorizationServerContext authorizationServerContext = new AuthorizationServerContext(
|
||||
this.authorizationServerSettings, () -> resolveIssuer(this.authorizationServerSettings, request));
|
||||
ProviderContextHolder.setProviderContext(providerContext);
|
||||
AuthorizationServerContextHolder.setContext(authorizationServerContext);
|
||||
filterChain.doFilter(request, response);
|
||||
} finally {
|
||||
ProviderContextHolder.resetProviderContext();
|
||||
AuthorizationServerContextHolder.resetContext();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -31,7 +31,7 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType;
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationServerMetadata;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.http.converter.OAuth2AuthorizationServerMetadataHttpMessageConverter;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
@@ -78,7 +78,7 @@ public final class OAuth2AuthorizationServerMetadataEndpointFilter extends OnceP
|
||||
return;
|
||||
}
|
||||
|
||||
String issuer = ProviderContextHolder.getProviderContext().getIssuer();
|
||||
String issuer = AuthorizationServerContextHolder.getContext().getIssuer();
|
||||
|
||||
OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.builder()
|
||||
.issuer(issuer)
|
||||
|
||||
@@ -57,8 +57,8 @@ import org.springframework.security.oauth2.server.authorization.TestOAuth2Author
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
|
||||
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
|
||||
import org.springframework.web.util.UriComponentsBuilder;
|
||||
@@ -100,7 +100,7 @@ public class JwtClientAssertionAuthenticationProviderTests {
|
||||
this.authenticationProvider = new JwtClientAssertionAuthenticationProvider(
|
||||
this.registeredClientRepository, this.authorizationService);
|
||||
this.authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://auth-server.com").build();
|
||||
ProviderContextHolder.setProviderContext(new ProviderContext(this.authorizationServerSettings, null));
|
||||
AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(this.authorizationServerSettings, null));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -54,8 +54,8 @@ import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
|
||||
import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
|
||||
@@ -119,12 +119,12 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
|
||||
this.authenticationProvider = new OAuth2AuthorizationCodeAuthenticationProvider(
|
||||
this.authorizationService, this.tokenGenerator);
|
||||
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build();
|
||||
ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null));
|
||||
AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null));
|
||||
}
|
||||
|
||||
@After
|
||||
public void cleanup() {
|
||||
ProviderContextHolder.resetProviderContext();
|
||||
AuthorizationServerContextHolder.resetContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -48,8 +48,8 @@ import org.springframework.security.oauth2.server.authorization.TestOAuth2Author
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
|
||||
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
|
||||
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
|
||||
@@ -88,7 +88,7 @@ public class OAuth2AuthorizationCodeRequestAuthenticationProviderTests {
|
||||
this.principal = new TestingAuthenticationToken("principalName", "password");
|
||||
this.principal.setAuthenticated(true);
|
||||
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build();
|
||||
ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null));
|
||||
AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -42,8 +42,8 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
|
||||
@@ -100,12 +100,12 @@ public class OAuth2ClientCredentialsAuthenticationProviderTests {
|
||||
this.authenticationProvider = new OAuth2ClientCredentialsAuthenticationProvider(
|
||||
this.authorizationService, this.tokenGenerator);
|
||||
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build();
|
||||
ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null));
|
||||
AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null));
|
||||
}
|
||||
|
||||
@After
|
||||
public void cleanup() {
|
||||
ProviderContextHolder.resetProviderContext();
|
||||
AuthorizationServerContextHolder.resetContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -51,8 +51,8 @@ import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
|
||||
import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
|
||||
@@ -117,12 +117,12 @@ public class OAuth2RefreshTokenAuthenticationProviderTests {
|
||||
this.authenticationProvider = new OAuth2RefreshTokenAuthenticationProvider(
|
||||
this.authorizationService, this.tokenGenerator);
|
||||
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build();
|
||||
ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null));
|
||||
AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null));
|
||||
}
|
||||
|
||||
@After
|
||||
public void cleanup() {
|
||||
ProviderContextHolder.resetProviderContext();
|
||||
AuthorizationServerContextHolder.resetContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -52,8 +52,8 @@ import org.springframework.security.oauth2.server.authorization.TestOAuth2Author
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
|
||||
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.oidc.OidcClientMetadataClaimNames;
|
||||
import org.springframework.security.oauth2.server.authorization.oidc.OidcClientRegistration;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
@@ -104,14 +104,14 @@ public class OidcClientRegistrationAuthenticationProviderTests {
|
||||
}
|
||||
});
|
||||
this.authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build();
|
||||
ProviderContextHolder.setProviderContext(new ProviderContext(this.authorizationServerSettings, null));
|
||||
AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(this.authorizationServerSettings, null));
|
||||
this.authenticationProvider = new OidcClientRegistrationAuthenticationProvider(
|
||||
this.registeredClientRepository, this.authorizationService, this.tokenGenerator);
|
||||
}
|
||||
|
||||
@After
|
||||
public void cleanup() {
|
||||
ProviderContextHolder.resetProviderContext();
|
||||
AuthorizationServerContextHolder.resetContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -612,9 +612,9 @@ public class OidcClientRegistrationAuthenticationProviderTests {
|
||||
assertThat(clientRegistrationResult.getIdTokenSignedResponseAlgorithm())
|
||||
.isEqualTo(registeredClientResult.getTokenSettings().getIdTokenSignatureAlgorithm().getName());
|
||||
|
||||
ProviderContext providerContext = ProviderContextHolder.getProviderContext();
|
||||
String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(providerContext.getIssuer())
|
||||
.path(providerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint())
|
||||
AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext();
|
||||
String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(authorizationServerContext.getIssuer())
|
||||
.path(authorizationServerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint())
|
||||
.queryParam(OAuth2ParameterNames.CLIENT_ID, registeredClientResult.getClientId()).toUriString();
|
||||
|
||||
assertThat(clientRegistrationResult.getRegistrationClientUrl().toString()).isEqualTo(expectedRegistrationClientUrl);
|
||||
@@ -808,9 +808,9 @@ public class OidcClientRegistrationAuthenticationProviderTests {
|
||||
assertThat(clientRegistrationResult.getIdTokenSignedResponseAlgorithm())
|
||||
.isEqualTo(registeredClient.getTokenSettings().getIdTokenSignatureAlgorithm().getName());
|
||||
|
||||
ProviderContext providerContext = ProviderContextHolder.getProviderContext();
|
||||
String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(providerContext.getIssuer())
|
||||
.path(providerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint())
|
||||
AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext();
|
||||
String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(authorizationServerContext.getIssuer())
|
||||
.path(authorizationServerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint())
|
||||
.queryParam(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId()).toUriString();
|
||||
|
||||
assertThat(clientRegistrationResult.getRegistrationClientUrl().toString()).isEqualTo(expectedRegistrationClientUrl);
|
||||
|
||||
@@ -25,8 +25,8 @@ import org.junit.Test;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
@@ -46,7 +46,7 @@ public class OidcProviderConfigurationEndpointFilterTests {
|
||||
|
||||
@After
|
||||
public void cleanup() {
|
||||
ProviderContextHolder.resetProviderContext();
|
||||
AuthorizationServerContextHolder.resetContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -107,7 +107,7 @@ public class OidcProviderConfigurationEndpointFilterTests {
|
||||
.tokenRevocationEndpoint(tokenRevocationEndpoint)
|
||||
.tokenIntrospectionEndpoint(tokenIntrospectionEndpoint)
|
||||
.build();
|
||||
ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null));
|
||||
AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null));
|
||||
OidcProviderConfigurationEndpointFilter filter =
|
||||
new OidcProviderConfigurationEndpointFilter(authorizationServerSettings);
|
||||
|
||||
@@ -145,7 +145,7 @@ public class OidcProviderConfigurationEndpointFilterTests {
|
||||
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder()
|
||||
.issuer("https://this is an invalid URL")
|
||||
.build();
|
||||
ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null));
|
||||
AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null));
|
||||
OidcProviderConfigurationEndpointFilter filter =
|
||||
new OidcProviderConfigurationEndpointFilter(authorizationServerSettings);
|
||||
|
||||
|
||||
@@ -46,7 +46,7 @@ import org.springframework.security.oauth2.server.authorization.authentication.O
|
||||
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
|
||||
@@ -66,7 +66,7 @@ public class JwtGeneratorTests {
|
||||
private JwtEncoder jwtEncoder;
|
||||
private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer;
|
||||
private JwtGenerator jwtGenerator;
|
||||
private ProviderContext providerContext;
|
||||
private AuthorizationServerContext authorizationServerContext;
|
||||
|
||||
@Before
|
||||
public void setUp() {
|
||||
@@ -75,7 +75,7 @@ public class JwtGeneratorTests {
|
||||
this.jwtGenerator = new JwtGenerator(this.jwtEncoder);
|
||||
this.jwtGenerator.setJwtCustomizer(this.jwtCustomizer);
|
||||
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build();
|
||||
this.providerContext = new ProviderContext(authorizationServerSettings, null);
|
||||
this.authorizationServerContext = new AuthorizationServerContext(authorizationServerSettings, null);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -137,7 +137,7 @@ public class JwtGeneratorTests {
|
||||
OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder()
|
||||
.registeredClient(registeredClient)
|
||||
.principal(authorization.getAttribute(Principal.class.getName()))
|
||||
.providerContext(this.providerContext)
|
||||
.authorizationServerContext(this.authorizationServerContext)
|
||||
.authorization(authorization)
|
||||
.authorizedScopes(authorization.getAuthorizedScopes())
|
||||
.tokenType(OAuth2TokenType.ACCESS_TOKEN)
|
||||
@@ -168,7 +168,7 @@ public class JwtGeneratorTests {
|
||||
OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder()
|
||||
.registeredClient(registeredClient)
|
||||
.principal(authorization.getAttribute(Principal.class.getName()))
|
||||
.providerContext(this.providerContext)
|
||||
.authorizationServerContext(this.authorizationServerContext)
|
||||
.authorization(authorization)
|
||||
.authorizedScopes(authorization.getAuthorizedScopes())
|
||||
.tokenType(ID_TOKEN_TOKEN_TYPE)
|
||||
@@ -204,7 +204,7 @@ public class JwtGeneratorTests {
|
||||
assertThat(jwsHeader.getAlgorithm()).isEqualTo(SignatureAlgorithm.RS256);
|
||||
|
||||
JwtClaimsSet jwtClaimsSet = jwtEncoderParametersCaptor.getValue().getClaims();
|
||||
assertThat(jwtClaimsSet.getIssuer().toExternalForm()).isEqualTo(tokenContext.getProviderContext().getIssuer());
|
||||
assertThat(jwtClaimsSet.getIssuer().toExternalForm()).isEqualTo(tokenContext.getAuthorizationServerContext().getIssuer());
|
||||
assertThat(jwtClaimsSet.getSubject()).isEqualTo(tokenContext.getAuthorization().getPrincipalName());
|
||||
assertThat(jwtClaimsSet.getAudience()).containsExactly(tokenContext.getRegisteredClient().getClientId());
|
||||
|
||||
|
||||
@@ -38,7 +38,7 @@ import org.springframework.security.oauth2.server.authorization.authentication.O
|
||||
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
|
||||
@@ -56,7 +56,7 @@ import static org.mockito.Mockito.verify;
|
||||
public class OAuth2AccessTokenGeneratorTests {
|
||||
private OAuth2TokenCustomizer<OAuth2TokenClaimsContext> accessTokenCustomizer;
|
||||
private OAuth2AccessTokenGenerator accessTokenGenerator;
|
||||
private ProviderContext providerContext;
|
||||
private AuthorizationServerContext authorizationServerContext;
|
||||
|
||||
@Before
|
||||
public void setUp() {
|
||||
@@ -64,7 +64,7 @@ public class OAuth2AccessTokenGeneratorTests {
|
||||
this.accessTokenGenerator = new OAuth2AccessTokenGenerator();
|
||||
this.accessTokenGenerator.setAccessTokenCustomizer(this.accessTokenCustomizer);
|
||||
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build();
|
||||
this.providerContext = new ProviderContext(authorizationServerSettings, null);
|
||||
this.authorizationServerContext = new AuthorizationServerContext(authorizationServerSettings, null);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -134,7 +134,7 @@ public class OAuth2AccessTokenGeneratorTests {
|
||||
OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder()
|
||||
.registeredClient(registeredClient)
|
||||
.principal(principal)
|
||||
.providerContext(this.providerContext)
|
||||
.authorizationServerContext(this.authorizationServerContext)
|
||||
.authorization(authorization)
|
||||
.authorizedScopes(authorization.getAuthorizedScopes())
|
||||
.tokenType(OAuth2TokenType.ACCESS_TOKEN)
|
||||
@@ -156,7 +156,7 @@ public class OAuth2AccessTokenGeneratorTests {
|
||||
OAuth2TokenClaimAccessor accessTokenClaims = ((ClaimAccessor) accessToken)::getClaims;
|
||||
assertThat(accessTokenClaims.getClaims()).isNotEmpty();
|
||||
|
||||
assertThat(accessTokenClaims.getIssuer().toExternalForm()).isEqualTo(tokenContext.getProviderContext().getIssuer());
|
||||
assertThat(accessTokenClaims.getIssuer().toExternalForm()).isEqualTo(tokenContext.getAuthorizationServerContext().getIssuer());
|
||||
assertThat(accessTokenClaims.getSubject()).isEqualTo(tokenContext.getPrincipal().getName());
|
||||
assertThat(accessTokenClaims.getAudience()).isEqualTo(
|
||||
Collections.singletonList(tokenContext.getRegisteredClient().getClientId()));
|
||||
@@ -175,7 +175,7 @@ public class OAuth2AccessTokenGeneratorTests {
|
||||
assertThat(tokenClaimsContext.getClaims()).isNotNull();
|
||||
assertThat(tokenClaimsContext.getRegisteredClient()).isEqualTo(tokenContext.getRegisteredClient());
|
||||
assertThat(tokenClaimsContext.<Authentication>getPrincipal()).isEqualTo(tokenContext.getPrincipal());
|
||||
assertThat(tokenClaimsContext.getProviderContext()).isEqualTo(tokenContext.getProviderContext());
|
||||
assertThat(tokenClaimsContext.getAuthorizationServerContext()).isEqualTo(tokenContext.getAuthorizationServerContext());
|
||||
assertThat(tokenClaimsContext.getAuthorization()).isEqualTo(tokenContext.getAuthorization());
|
||||
assertThat(tokenClaimsContext.getAuthorizedScopes()).isEqualTo(tokenContext.getAuthorizedScopes());
|
||||
assertThat(tokenClaimsContext.getTokenType()).isEqualTo(tokenContext.getTokenType());
|
||||
|
||||
@@ -34,7 +34,7 @@ import org.springframework.security.oauth2.server.authorization.authentication.O
|
||||
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
@@ -75,7 +75,7 @@ public class OAuth2TokenClaimsContextTests {
|
||||
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
|
||||
Authentication principal = authorization.getAttribute(Principal.class.getName());
|
||||
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer(issuer).build();
|
||||
ProviderContext providerContext = new ProviderContext(authorizationServerSettings, null);
|
||||
AuthorizationServerContext authorizationServerContext = new AuthorizationServerContext(authorizationServerSettings, null);
|
||||
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(
|
||||
registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
|
||||
OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute(
|
||||
@@ -88,7 +88,7 @@ public class OAuth2TokenClaimsContextTests {
|
||||
OAuth2TokenClaimsContext context = OAuth2TokenClaimsContext.with(claims)
|
||||
.registeredClient(registeredClient)
|
||||
.principal(principal)
|
||||
.providerContext(providerContext)
|
||||
.authorizationServerContext(authorizationServerContext)
|
||||
.authorization(authorization)
|
||||
.tokenType(OAuth2TokenType.ACCESS_TOKEN)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
@@ -101,7 +101,7 @@ public class OAuth2TokenClaimsContextTests {
|
||||
assertThat(context.getClaims()).isEqualTo(claims);
|
||||
assertThat(context.getRegisteredClient()).isEqualTo(registeredClient);
|
||||
assertThat(context.<Authentication>getPrincipal()).isEqualTo(principal);
|
||||
assertThat(context.getProviderContext()).isEqualTo(providerContext);
|
||||
assertThat(context.getAuthorizationServerContext()).isEqualTo(authorizationServerContext);
|
||||
assertThat(context.getAuthorization()).isEqualTo(authorization);
|
||||
assertThat(context.getTokenType()).isEqualTo(OAuth2TokenType.ACCESS_TOKEN);
|
||||
assertThat(context.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
|
||||
@@ -22,8 +22,8 @@ import org.junit.Test;
|
||||
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
@@ -33,20 +33,20 @@ import static org.mockito.Mockito.doAnswer;
|
||||
import static org.mockito.Mockito.mock;
|
||||
|
||||
/**
|
||||
* Tests for {@link ProviderContextFilter}.
|
||||
* Tests for {@link AuthorizationServerContextFilter}.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
*/
|
||||
public class ProviderContextFilterTests {
|
||||
public class AuthorizationServerContextFilterTests {
|
||||
|
||||
@After
|
||||
public void cleanup() {
|
||||
ProviderContextHolder.resetProviderContext();
|
||||
AuthorizationServerContextHolder.resetContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void constructorWhenAuthorizationServerSettingsNullThenThrowIllegalArgumentException() {
|
||||
assertThatThrownBy(() -> new ProviderContextFilter(null))
|
||||
assertThatThrownBy(() -> new AuthorizationServerContextFilter(null))
|
||||
.isInstanceOf(IllegalArgumentException.class)
|
||||
.hasMessage("authorizationServerSettings cannot be null");
|
||||
}
|
||||
@@ -55,7 +55,7 @@ public class ProviderContextFilterTests {
|
||||
public void doFilterWhenIssuerConfiguredThenUsed() throws Exception {
|
||||
String issuer = "https://provider.com";
|
||||
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer(issuer).build();
|
||||
ProviderContextFilter filter = new ProviderContextFilter(authorizationServerSettings);
|
||||
AuthorizationServerContextFilter filter = new AuthorizationServerContextFilter(authorizationServerSettings);
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
|
||||
request.setServletPath("/");
|
||||
@@ -63,22 +63,22 @@ public class ProviderContextFilterTests {
|
||||
FilterChain filterChain = mock(FilterChain.class);
|
||||
|
||||
doAnswer(invocation -> {
|
||||
ProviderContext providerContext = ProviderContextHolder.getProviderContext();
|
||||
assertThat(providerContext).isNotNull();
|
||||
assertThat(providerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings);
|
||||
assertThat(providerContext.getIssuer()).isEqualTo(issuer);
|
||||
AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext();
|
||||
assertThat(authorizationServerContext).isNotNull();
|
||||
assertThat(authorizationServerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings);
|
||||
assertThat(authorizationServerContext.getIssuer()).isEqualTo(issuer);
|
||||
return null;
|
||||
}).when(filterChain).doFilter(any(), any());
|
||||
|
||||
filter.doFilter(request, response, filterChain);
|
||||
|
||||
assertThat(ProviderContextHolder.getProviderContext()).isNull();
|
||||
assertThat(AuthorizationServerContextHolder.getContext()).isNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void doFilterWhenIssuerNotConfiguredThenResolveFromRequest() throws Exception {
|
||||
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().build();
|
||||
ProviderContextFilter filter = new ProviderContextFilter(authorizationServerSettings);
|
||||
AuthorizationServerContextFilter filter = new AuthorizationServerContextFilter(authorizationServerSettings);
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
|
||||
request.setServletPath("/");
|
||||
@@ -86,16 +86,16 @@ public class ProviderContextFilterTests {
|
||||
FilterChain filterChain = mock(FilterChain.class);
|
||||
|
||||
doAnswer(invocation -> {
|
||||
ProviderContext providerContext = ProviderContextHolder.getProviderContext();
|
||||
assertThat(providerContext).isNotNull();
|
||||
assertThat(providerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings);
|
||||
assertThat(providerContext.getIssuer()).isEqualTo("http://localhost");
|
||||
AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext();
|
||||
assertThat(authorizationServerContext).isNotNull();
|
||||
assertThat(authorizationServerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings);
|
||||
assertThat(authorizationServerContext.getIssuer()).isEqualTo("http://localhost");
|
||||
return null;
|
||||
}).when(filterChain).doFilter(any(), any());
|
||||
|
||||
filter.doFilter(request, response, filterChain);
|
||||
|
||||
assertThat(ProviderContextHolder.getProviderContext()).isNull();
|
||||
assertThat(AuthorizationServerContextHolder.getContext()).isNull();
|
||||
}
|
||||
|
||||
}
|
||||
@@ -25,8 +25,8 @@ import org.junit.Test;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
@@ -46,7 +46,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests {
|
||||
|
||||
@After
|
||||
public void cleanup() {
|
||||
ProviderContextHolder.resetProviderContext();
|
||||
AuthorizationServerContextHolder.resetContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -105,7 +105,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests {
|
||||
.tokenRevocationEndpoint(tokenRevocationEndpoint)
|
||||
.tokenIntrospectionEndpoint(tokenIntrospectionEndpoint)
|
||||
.build();
|
||||
ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null));
|
||||
AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null));
|
||||
OAuth2AuthorizationServerMetadataEndpointFilter filter =
|
||||
new OAuth2AuthorizationServerMetadataEndpointFilter(authorizationServerSettings);
|
||||
|
||||
@@ -140,7 +140,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests {
|
||||
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder()
|
||||
.issuer("https://this is an invalid URL")
|
||||
.build();
|
||||
ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null));
|
||||
AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null));
|
||||
OAuth2AuthorizationServerMetadataEndpointFilter filter =
|
||||
new OAuth2AuthorizationServerMetadataEndpointFilter(authorizationServerSettings);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user