Make AuthorizationServerContextFilter private
Closes gh-866
This commit is contained in:
@@ -182,9 +182,6 @@ If the issuer identifier is not configured in `AuthorizationServerSettings.build
|
||||
[NOTE]
|
||||
The `AuthorizationServerContext` is accessible through the `AuthorizationServerContextHolder`, which associates it with the current request thread by using a `ThreadLocal`.
|
||||
|
||||
[NOTE]
|
||||
The `AuthorizationServerContextFilter` associates the `AuthorizationServerContext` with the `AuthorizationServerContextHolder`.
|
||||
|
||||
[[configuring-client-authentication]]
|
||||
== Configuring Client Authentication
|
||||
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.server.authorization.web;
|
||||
package org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
@@ -39,15 +39,10 @@ import org.springframework.web.util.UriComponentsBuilder;
|
||||
* @see AuthorizationServerContextHolder
|
||||
* @see AuthorizationServerSettings
|
||||
*/
|
||||
public final class AuthorizationServerContextFilter extends OncePerRequestFilter {
|
||||
final class AuthorizationServerContextFilter extends OncePerRequestFilter {
|
||||
private final AuthorizationServerSettings authorizationServerSettings;
|
||||
|
||||
/**
|
||||
* Constructs an {@code AuthorizationServerContextFilter} using the provided parameters.
|
||||
*
|
||||
* @param authorizationServerSettings the authorization server settings
|
||||
*/
|
||||
public AuthorizationServerContextFilter(AuthorizationServerSettings authorizationServerSettings) {
|
||||
AuthorizationServerContextFilter(AuthorizationServerSettings authorizationServerSettings) {
|
||||
Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null");
|
||||
this.authorizationServerSettings = authorizationServerSettings;
|
||||
}
|
||||
@@ -33,7 +33,6 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
|
||||
import org.springframework.security.oauth2.server.authorization.web.AuthorizationServerContextFilter;
|
||||
import org.springframework.security.oauth2.server.authorization.web.NimbusJwkSetEndpointFilter;
|
||||
import org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationServerMetadataEndpointFilter;
|
||||
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
|
||||
|
||||
@@ -15,15 +15,12 @@
|
||||
*/
|
||||
package org.springframework.security.oauth2.server.authorization.context;
|
||||
|
||||
import org.springframework.security.oauth2.server.authorization.web.AuthorizationServerContextFilter;
|
||||
|
||||
/**
|
||||
* A holder of the {@link AuthorizationServerContext} that associates it with the current thread using a {@code ThreadLocal}.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 0.2.2
|
||||
* @see AuthorizationServerContext
|
||||
* @see AuthorizationServerContextFilter
|
||||
*/
|
||||
public final class AuthorizationServerContextHolder {
|
||||
private static final ThreadLocal<AuthorizationServerContext> holder = new ThreadLocal<>();
|
||||
|
||||
@@ -92,7 +92,7 @@ public class OAuth2AuthorizationServerMetadataTests {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenAuthorizationServerMetadataRequestAndIssuerSetThenReturnMetadataResponse() throws Exception {
|
||||
public void requestWhenAuthorizationServerMetadataRequestAndIssuerSetThenUsed() throws Exception {
|
||||
this.spring.register(AuthorizationServerConfiguration.class).autowire();
|
||||
|
||||
this.mvc.perform(get(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI))
|
||||
@@ -101,6 +101,16 @@ public class OAuth2AuthorizationServerMetadataTests {
|
||||
.andReturn();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenAuthorizationServerMetadataRequestAndIssuerNotSetThenResolveFromRequest() throws Exception {
|
||||
this.spring.register(AuthorizationServerConfigurationWithIssuerNotSet.class).autowire();
|
||||
|
||||
this.mvc.perform(get(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI))
|
||||
.andExpect(status().is2xxSuccessful())
|
||||
.andExpect(jsonPath("issuer").value("http://localhost"))
|
||||
.andReturn();
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
@Import(OAuth2AuthorizationServerConfiguration.class)
|
||||
static class AuthorizationServerConfiguration {
|
||||
@@ -129,4 +139,14 @@ public class OAuth2AuthorizationServerMetadataTests {
|
||||
}
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
@Import(OAuth2AuthorizationServerConfiguration.class)
|
||||
static class AuthorizationServerConfigurationWithIssuerNotSet extends AuthorizationServerConfiguration {
|
||||
|
||||
@Bean
|
||||
AuthorizationServerSettings authorizationServerSettings() {
|
||||
return AuthorizationServerSettings.builder().build();
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -1,101 +0,0 @@
|
||||
/*
|
||||
* Copyright 2020-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.server.authorization.web;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Test;
|
||||
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatThrownBy;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.doAnswer;
|
||||
import static org.mockito.Mockito.mock;
|
||||
|
||||
/**
|
||||
* Tests for {@link AuthorizationServerContextFilter}.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
*/
|
||||
public class AuthorizationServerContextFilterTests {
|
||||
|
||||
@After
|
||||
public void cleanup() {
|
||||
AuthorizationServerContextHolder.resetContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void constructorWhenAuthorizationServerSettingsNullThenThrowIllegalArgumentException() {
|
||||
assertThatThrownBy(() -> new AuthorizationServerContextFilter(null))
|
||||
.isInstanceOf(IllegalArgumentException.class)
|
||||
.hasMessage("authorizationServerSettings cannot be null");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void doFilterWhenIssuerConfiguredThenUsed() throws Exception {
|
||||
String issuer = "https://provider.com";
|
||||
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer(issuer).build();
|
||||
AuthorizationServerContextFilter filter = new AuthorizationServerContextFilter(authorizationServerSettings);
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
|
||||
request.setServletPath("/");
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
FilterChain filterChain = mock(FilterChain.class);
|
||||
|
||||
doAnswer(invocation -> {
|
||||
AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext();
|
||||
assertThat(authorizationServerContext).isNotNull();
|
||||
assertThat(authorizationServerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings);
|
||||
assertThat(authorizationServerContext.getIssuer()).isEqualTo(issuer);
|
||||
return null;
|
||||
}).when(filterChain).doFilter(any(), any());
|
||||
|
||||
filter.doFilter(request, response, filterChain);
|
||||
|
||||
assertThat(AuthorizationServerContextHolder.getContext()).isNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void doFilterWhenIssuerNotConfiguredThenResolveFromRequest() throws Exception {
|
||||
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().build();
|
||||
AuthorizationServerContextFilter filter = new AuthorizationServerContextFilter(authorizationServerSettings);
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
|
||||
request.setServletPath("/");
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
FilterChain filterChain = mock(FilterChain.class);
|
||||
|
||||
doAnswer(invocation -> {
|
||||
AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext();
|
||||
assertThat(authorizationServerContext).isNotNull();
|
||||
assertThat(authorizationServerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings);
|
||||
assertThat(authorizationServerContext.getIssuer()).isEqualTo("http://localhost");
|
||||
return null;
|
||||
}).when(filterChain).doFilter(any(), any());
|
||||
|
||||
filter.doFilter(request, response, filterChain);
|
||||
|
||||
assertThat(AuthorizationServerContextHolder.getContext()).isNull();
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user