Add ServerRequestCache setter in OAuth2AuthorizationCodeGrantWebFilter

Fixes gh-8536
This commit is contained in:
Parikshit Dutta
2020-05-23 12:36:16 +05:30
committed by Joe Grandja
parent aa84c79e87
commit 28d2cfa14a
4 changed files with 104 additions and 6 deletions

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2019 the original author or authors.
* Copyright 2002-2020 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
package org.springframework.security.config.web.server;
import java.net.URI;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -48,6 +50,7 @@ import org.springframework.security.test.context.annotation.SecurityTestExecutio
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
import org.springframework.security.web.server.savedrequest.ServerRequestCache;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.reactive.server.WebTestClient;
import org.springframework.web.bind.annotation.GetMapping;
@@ -62,6 +65,7 @@ import static org.mockito.Mockito.when;
/**
* @author Rob Winch
* @author Parikshit Dutta
* @since 5.1
*/
@RunWith(SpringRunner.class)
@@ -146,6 +150,7 @@ public class OAuth2ClientSpecTests {
ServerAuthenticationConverter converter = config.authenticationConverter;
ReactiveAuthenticationManager manager = config.manager;
ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = config.authorizationRequestRepository;
ServerRequestCache requestCache = config.requestCache;
OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
.redirectUri("/authorize/oauth2/code/registration-id")
@@ -163,6 +168,7 @@ public class OAuth2ClientSpecTests {
when(authorizationRequestRepository.loadAuthorizationRequest(any())).thenReturn(Mono.just(authorizationRequest));
when(converter.convert(any())).thenReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
when(manager.authenticate(any())).thenReturn(Mono.just(result));
when(requestCache.getRedirectUri(any())).thenReturn(Mono.just(URI.create("/saved-request")));
this.client.get()
.uri(uriBuilder ->
@@ -175,6 +181,7 @@ public class OAuth2ClientSpecTests {
verify(converter).convert(any());
verify(manager).authenticate(any());
verify(requestCache).getRedirectUri(any());
}
@EnableWebFlux
@@ -197,13 +204,17 @@ public class OAuth2ClientSpecTests {
ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = mock(ServerAuthorizationRequestRepository.class);
ServerRequestCache requestCache = mock(ServerRequestCache.class);
@Bean
public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
http
.oauth2Client()
.authenticationConverter(this.authenticationConverter)
.authenticationManager(this.manager)
.authorizationRequestRepository(this.authorizationRequestRepository);
.authorizationRequestRepository(this.authorizationRequestRepository)
.and()
.requestCache(c -> c.requestCache(this.requestCache));
return http.build();
}
}
@@ -217,6 +228,7 @@ public class OAuth2ClientSpecTests {
ServerAuthenticationConverter converter = config.authenticationConverter;
ReactiveAuthenticationManager manager = config.manager;
ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = config.authorizationRequestRepository;
ServerRequestCache requestCache = config.requestCache;
OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request()
.redirectUri("/authorize/oauth2/code/registration-id")
@@ -234,6 +246,7 @@ public class OAuth2ClientSpecTests {
when(authorizationRequestRepository.loadAuthorizationRequest(any())).thenReturn(Mono.just(authorizationRequest));
when(converter.convert(any())).thenReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
when(manager.authenticate(any())).thenReturn(Mono.just(result));
when(requestCache.getRedirectUri(any())).thenReturn(Mono.just(URI.create("/saved-request")));
this.client.get()
.uri(uriBuilder ->
@@ -246,6 +259,7 @@ public class OAuth2ClientSpecTests {
verify(converter).convert(any());
verify(manager).authenticate(any());
verify(requestCache).getRedirectUri(any());
}
@Configuration
@@ -256,6 +270,8 @@ public class OAuth2ClientSpecTests {
ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = mock(ServerAuthorizationRequestRepository.class);
ServerRequestCache requestCache = mock(ServerRequestCache.class);
@Bean
public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
http
@@ -263,8 +279,8 @@ public class OAuth2ClientSpecTests {
oauth2Client
.authenticationConverter(this.authenticationConverter)
.authenticationManager(this.manager)
.authorizationRequestRepository(this.authorizationRequestRepository)
);
.authorizationRequestRepository(this.authorizationRequestRepository))
.requestCache(c -> c.requestCache(this.requestCache));
return http.build();
}
}