Merge branch '0.4.x' into 1.0.x

This commit is contained in:
Joe Grandja
2023-12-06 10:09:06 -05:00
2 changed files with 1 additions and 37 deletions

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2020-2023 the original author or authors.
* Copyright 2020-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -48,7 +48,6 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
/**
* An {@link AbstractHttpConfigurer} for OAuth 2.0 Authorization Server support.
@@ -332,9 +331,6 @@ public final class OAuth2AuthorizationServerConfigurer
} catch (Exception ex) {
throw new IllegalArgumentException("issuer must be a valid URL", ex);
}
if (StringUtils.hasText(issuerUri.getPath())) {
throw new IllegalArgumentException("Path component for issuer ('" + issuerUri.getPath() + "') is currently not supported");
}
// rfc8414 https://datatracker.ietf.org/doc/html/rfc8414#section-2
if (issuerUri.getQuery() != null || issuerUri.getFragment() != null) {
throw new IllegalArgumentException("issuer cannot contain query or fragment component");

View File

@@ -161,13 +161,6 @@ public class OidcProviderConfigurationTests {
);
}
@Test
public void loadContextWhenIssuerWithPathThenThrowException() {
assertThatThrownBy(
() -> this.spring.register(AuthorizationServerConfigurationWithIssuerPath.class).autowire()
);
}
@Test
public void loadContextWhenIssuerWithQueryThenThrowException() {
assertThatThrownBy(
@@ -189,13 +182,6 @@ public class OidcProviderConfigurationTests {
);
}
@Test
public void loadContextWhenIssuerWithEmptyPathThenThrowException() {
assertThatThrownBy(
() -> this.spring.register(AuthorizationServerConfigurationWithIssuerEmptyPath.class).autowire()
);
}
@Test
public void loadContextWhenIssuerWithEmptyQueryThenThrowException() {
assertThatThrownBy(
@@ -313,15 +299,6 @@ public class OidcProviderConfigurationTests {
}
}
@EnableWebSecurity
static class AuthorizationServerConfigurationWithIssuerPath extends AuthorizationServerConfiguration {
@Bean
AuthorizationServerSettings authorizationServerSettings() {
return AuthorizationServerSettings.builder().issuer(ISSUER_URL + "/issuer1").build();
}
}
@EnableWebSecurity
static class AuthorizationServerConfigurationWithIssuerQuery extends AuthorizationServerConfiguration {
@@ -349,15 +326,6 @@ public class OidcProviderConfigurationTests {
}
}
@EnableWebSecurity
static class AuthorizationServerConfigurationWithIssuerEmptyPath extends AuthorizationServerConfiguration {
@Bean
AuthorizationServerSettings authorizationServerSettings() {
return AuthorizationServerSettings.builder().issuer(ISSUER_URL + "/").build();
}
}
@EnableWebSecurity
static class AuthorizationServerConfigurationWithIssuerEmptyQuery extends AuthorizationServerConfiguration {