Make AuthorizationServerContextFilter private

Closes gh-866
This commit is contained in:
Joe Grandja
2022-08-22 16:09:11 -04:00
parent 3efee494ad
commit f583668a9c
6 changed files with 24 additions and 117 deletions

View File

@@ -182,9 +182,6 @@ If the issuer identifier is not configured in `AuthorizationServerSettings.build
[NOTE]
The `AuthorizationServerContext` is accessible through the `AuthorizationServerContextHolder`, which associates it with the current request thread by using a `ThreadLocal`.
[NOTE]
The `AuthorizationServerContextFilter` associates the `AuthorizationServerContext` with the `AuthorizationServerContextHolder`.
[[configuring-client-authentication]]
== Configuring Client Authentication

View File

@@ -13,7 +13,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.oauth2.server.authorization.web;
package org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers;
import java.io.IOException;
@@ -39,15 +39,10 @@ import org.springframework.web.util.UriComponentsBuilder;
* @see AuthorizationServerContextHolder
* @see AuthorizationServerSettings
*/
public final class AuthorizationServerContextFilter extends OncePerRequestFilter {
final class AuthorizationServerContextFilter extends OncePerRequestFilter {
private final AuthorizationServerSettings authorizationServerSettings;
/**
* Constructs an {@code AuthorizationServerContextFilter} using the provided parameters.
*
* @param authorizationServerSettings the authorization server settings
*/
public AuthorizationServerContextFilter(AuthorizationServerSettings authorizationServerSettings) {
AuthorizationServerContextFilter(AuthorizationServerSettings authorizationServerSettings) {
Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null");
this.authorizationServerSettings = authorizationServerSettings;
}

View File

@@ -33,7 +33,6 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
import org.springframework.security.oauth2.server.authorization.web.AuthorizationServerContextFilter;
import org.springframework.security.oauth2.server.authorization.web.NimbusJwkSetEndpointFilter;
import org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationServerMetadataEndpointFilter;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;

View File

@@ -15,15 +15,12 @@
*/
package org.springframework.security.oauth2.server.authorization.context;
import org.springframework.security.oauth2.server.authorization.web.AuthorizationServerContextFilter;
/**
* A holder of the {@link AuthorizationServerContext} that associates it with the current thread using a {@code ThreadLocal}.
*
* @author Joe Grandja
* @since 0.2.2
* @see AuthorizationServerContext
* @see AuthorizationServerContextFilter
*/
public final class AuthorizationServerContextHolder {
private static final ThreadLocal<AuthorizationServerContext> holder = new ThreadLocal<>();

View File

@@ -92,7 +92,7 @@ public class OAuth2AuthorizationServerMetadataTests {
}
@Test
public void requestWhenAuthorizationServerMetadataRequestAndIssuerSetThenReturnMetadataResponse() throws Exception {
public void requestWhenAuthorizationServerMetadataRequestAndIssuerSetThenUsed() throws Exception {
this.spring.register(AuthorizationServerConfiguration.class).autowire();
this.mvc.perform(get(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI))
@@ -101,6 +101,16 @@ public class OAuth2AuthorizationServerMetadataTests {
.andReturn();
}
@Test
public void requestWhenAuthorizationServerMetadataRequestAndIssuerNotSetThenResolveFromRequest() throws Exception {
this.spring.register(AuthorizationServerConfigurationWithIssuerNotSet.class).autowire();
this.mvc.perform(get(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI))
.andExpect(status().is2xxSuccessful())
.andExpect(jsonPath("issuer").value("http://localhost"))
.andReturn();
}
@EnableWebSecurity
@Import(OAuth2AuthorizationServerConfiguration.class)
static class AuthorizationServerConfiguration {
@@ -129,4 +139,14 @@ public class OAuth2AuthorizationServerMetadataTests {
}
}
@EnableWebSecurity
@Import(OAuth2AuthorizationServerConfiguration.class)
static class AuthorizationServerConfigurationWithIssuerNotSet extends AuthorizationServerConfiguration {
@Bean
AuthorizationServerSettings authorizationServerSettings() {
return AuthorizationServerSettings.builder().build();
}
}
}

View File

@@ -1,101 +0,0 @@
/*
* Copyright 2020-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.oauth2.server.authorization.web;
import javax.servlet.FilterChain;
import org.junit.After;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.doAnswer;
import static org.mockito.Mockito.mock;
/**
* Tests for {@link AuthorizationServerContextFilter}.
*
* @author Joe Grandja
*/
public class AuthorizationServerContextFilterTests {
@After
public void cleanup() {
AuthorizationServerContextHolder.resetContext();
}
@Test
public void constructorWhenAuthorizationServerSettingsNullThenThrowIllegalArgumentException() {
assertThatThrownBy(() -> new AuthorizationServerContextFilter(null))
.isInstanceOf(IllegalArgumentException.class)
.hasMessage("authorizationServerSettings cannot be null");
}
@Test
public void doFilterWhenIssuerConfiguredThenUsed() throws Exception {
String issuer = "https://provider.com";
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer(issuer).build();
AuthorizationServerContextFilter filter = new AuthorizationServerContextFilter(authorizationServerSettings);
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
request.setServletPath("/");
MockHttpServletResponse response = new MockHttpServletResponse();
FilterChain filterChain = mock(FilterChain.class);
doAnswer(invocation -> {
AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext();
assertThat(authorizationServerContext).isNotNull();
assertThat(authorizationServerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings);
assertThat(authorizationServerContext.getIssuer()).isEqualTo(issuer);
return null;
}).when(filterChain).doFilter(any(), any());
filter.doFilter(request, response, filterChain);
assertThat(AuthorizationServerContextHolder.getContext()).isNull();
}
@Test
public void doFilterWhenIssuerNotConfiguredThenResolveFromRequest() throws Exception {
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().build();
AuthorizationServerContextFilter filter = new AuthorizationServerContextFilter(authorizationServerSettings);
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
request.setServletPath("/");
MockHttpServletResponse response = new MockHttpServletResponse();
FilterChain filterChain = mock(FilterChain.class);
doAnswer(invocation -> {
AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext();
assertThat(authorizationServerContext).isNotNull();
assertThat(authorizationServerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings);
assertThat(authorizationServerContext.getIssuer()).isEqualTo("http://localhost");
return null;
}).when(filterChain).doFilter(any(), any());
filter.doFilter(request, response, filterChain);
assertThat(AuthorizationServerContextHolder.getContext()).isNull();
}
}