Merge branch '1.0.x' into 1.1.x

This commit is contained in:
Joe Grandja
2023-12-06 10:18:40 -05:00
2 changed files with 1 additions and 37 deletions

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2020-2023 the original author or authors.
* Copyright 2020-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -55,7 +55,6 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
/**
* An {@link AbstractHttpConfigurer} for OAuth 2.0 Authorization Server support.
@@ -388,9 +387,6 @@ public final class OAuth2AuthorizationServerConfigurer
} catch (Exception ex) {
throw new IllegalArgumentException("issuer must be a valid URL", ex);
}
if (StringUtils.hasText(issuerUri.getPath())) {
throw new IllegalArgumentException("Path component for issuer ('" + issuerUri.getPath() + "') is currently not supported");
}
// rfc8414 https://datatracker.ietf.org/doc/html/rfc8414#section-2
if (issuerUri.getQuery() != null || issuerUri.getFragment() != null) {
throw new IllegalArgumentException("issuer cannot contain query or fragment component");

View File

@@ -162,13 +162,6 @@ public class OidcProviderConfigurationTests {
);
}
@Test
public void loadContextWhenIssuerWithPathThenThrowException() {
assertThatThrownBy(
() -> this.spring.register(AuthorizationServerConfigurationWithIssuerPath.class).autowire()
);
}
@Test
public void loadContextWhenIssuerWithQueryThenThrowException() {
assertThatThrownBy(
@@ -190,13 +183,6 @@ public class OidcProviderConfigurationTests {
);
}
@Test
public void loadContextWhenIssuerWithEmptyPathThenThrowException() {
assertThatThrownBy(
() -> this.spring.register(AuthorizationServerConfigurationWithIssuerEmptyPath.class).autowire()
);
}
@Test
public void loadContextWhenIssuerWithEmptyQueryThenThrowException() {
assertThatThrownBy(
@@ -314,15 +300,6 @@ public class OidcProviderConfigurationTests {
}
}
@EnableWebSecurity
static class AuthorizationServerConfigurationWithIssuerPath extends AuthorizationServerConfiguration {
@Bean
AuthorizationServerSettings authorizationServerSettings() {
return AuthorizationServerSettings.builder().issuer(ISSUER_URL + "/issuer1").build();
}
}
@EnableWebSecurity
static class AuthorizationServerConfigurationWithIssuerQuery extends AuthorizationServerConfiguration {
@@ -350,15 +327,6 @@ public class OidcProviderConfigurationTests {
}
}
@EnableWebSecurity
static class AuthorizationServerConfigurationWithIssuerEmptyPath extends AuthorizationServerConfiguration {
@Bean
AuthorizationServerSettings authorizationServerSettings() {
return AuthorizationServerSettings.builder().issuer(ISSUER_URL + "/").build();
}
}
@EnableWebSecurity
static class AuthorizationServerConfigurationWithIssuerEmptyQuery extends AuthorizationServerConfiguration {