> requestEntityConverter) {
+ Assert.notNull(requestEntityConverter, "requestEntityConverter cannot be null");
+ this.requestEntityConverter = requestEntityConverter;
}
/**
- * Sets the {@link RestOperations} used when requesting the access token response.
+ * Sets the {@link RestOperations} used when requesting the OAuth 2.0 Access Token Response.
*
- * @param restOperations the {@link RestOperations} used when requesting the access token response
+ *
+ * NOTE: At a minimum, the supplied {@code restOperations} must be configured with the following:
+ *
+ * - {@link HttpMessageConverter}'s - {@link FormHttpMessageConverter} and {@link OAuth2AccessTokenResponseHttpMessageConverter}
+ * - {@link ResponseErrorHandler} - {@link OAuth2ErrorResponseErrorHandler}
+ *
+ *
+ * @param restOperations the {@link RestOperations} used when requesting the Access Token Response
*/
- public final void setRestOperations(RestOperations restOperations) {
+ public void setRestOperations(RestOperations restOperations) {
Assert.notNull(restOperations, "restOperations cannot be null");
this.restOperations = restOperations;
}
-
- private static class NoOpResponseErrorHandler implements ResponseErrorHandler {
-
- @Override
- public boolean hasError(ClientHttpResponse response) throws IOException {
- return false;
- }
-
- @Override
- public void handleError(ClientHttpResponse response) throws IOException {
- }
- }
}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverter.java
index db65cd9e95..c54045727d 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverter.java
@@ -18,9 +18,7 @@ package org.springframework.security.oauth2.client.endpoint;
import org.springframework.core.convert.converter.Converter;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
-import org.springframework.http.MediaType;
import org.springframework.http.RequestEntity;
-import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
@@ -30,9 +28,6 @@ import org.springframework.util.MultiValueMap;
import org.springframework.web.util.UriComponentsBuilder;
import java.net.URI;
-import java.util.Collections;
-
-import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
/**
* A {@link Converter} that converts the provided {@link OAuth2AuthorizationCodeGrantRequest}
@@ -57,7 +52,7 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverter implements Conve
public RequestEntity> convert(OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest) {
ClientRegistration clientRegistration = authorizationCodeGrantRequest.getClientRegistration();
- HttpHeaders headers = this.buildHeaders(authorizationCodeGrantRequest);
+ HttpHeaders headers = OAuth2AuthorizationGrantRequestEntityUtils.getTokenRequestHeaders(clientRegistration);
MultiValueMap formParameters = this.buildFormParameters(authorizationCodeGrantRequest);
URI uri = UriComponentsBuilder.fromUriString(clientRegistration.getProviderDetails().getTokenUri())
.build()
@@ -66,26 +61,6 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverter implements Conve
return new RequestEntity<>(formParameters, headers, HttpMethod.POST, uri);
}
- /**
- * Returns the {@link HttpHeaders} used for the Access Token Request.
- *
- * @param authorizationCodeGrantRequest the authorization code grant request
- * @return the {@link HttpHeaders} used for the Access Token Request
- */
- private HttpHeaders buildHeaders(OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest) {
- ClientRegistration clientRegistration = authorizationCodeGrantRequest.getClientRegistration();
-
- HttpHeaders headers = new HttpHeaders();
- headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON_UTF8));
- final MediaType contentType = MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
- headers.setContentType(contentType);
- if (ClientAuthenticationMethod.BASIC.equals(clientRegistration.getClientAuthenticationMethod())) {
- headers.setBasicAuth(clientRegistration.getClientId(), clientRegistration.getClientSecret());
- }
-
- return headers;
- }
-
/**
* Returns a {@link MultiValueMap} of the form parameters used for the Access Token Request body.
*
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java
new file mode 100644
index 0000000000..a9b53c9ce5
--- /dev/null
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2002-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.client.endpoint;
+
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+import org.springframework.http.RequestEntity;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
+
+import java.util.Collections;
+
+import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
+
+/**
+ * Utility methods used by the {@link Converter}'s that convert
+ * from an implementation of an {@link AbstractOAuth2AuthorizationGrantRequest}
+ * to a {@link RequestEntity} representation of an OAuth 2.0 Access Token Request
+ * for the specific Authorization Grant.
+ *
+ * @author Joe Grandja
+ * @since 5.1
+ * @see OAuth2AuthorizationCodeGrantRequestEntityConverter
+ * @see OAuth2ClientCredentialsGrantRequestEntityConverter
+ */
+final class OAuth2AuthorizationGrantRequestEntityUtils {
+ private static HttpHeaders DEFAULT_TOKEN_REQUEST_HEADERS = getDefaultTokenRequestHeaders();
+
+ static HttpHeaders getTokenRequestHeaders(ClientRegistration clientRegistration) {
+ HttpHeaders headers = new HttpHeaders();
+ headers.addAll(DEFAULT_TOKEN_REQUEST_HEADERS);
+ if (ClientAuthenticationMethod.BASIC.equals(clientRegistration.getClientAuthenticationMethod())) {
+ headers.setBasicAuth(clientRegistration.getClientId(), clientRegistration.getClientSecret());
+ }
+ return headers;
+ }
+
+ private static HttpHeaders getDefaultTokenRequestHeaders() {
+ HttpHeaders headers = new HttpHeaders();
+ headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON_UTF8));
+ final MediaType contentType = MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
+ headers.setContentType(contentType);
+ return headers;
+ }
+}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverter.java
new file mode 100644
index 0000000000..9ee2d68d17
--- /dev/null
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverter.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2002-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.client.endpoint;
+
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.RequestEntity;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.util.CollectionUtils;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import org.springframework.util.StringUtils;
+import org.springframework.web.util.UriComponentsBuilder;
+
+import java.net.URI;
+
+/**
+ * A {@link Converter} that converts the provided {@link OAuth2ClientCredentialsGrantRequest}
+ * to a {@link RequestEntity} representation of an OAuth 2.0 Access Token Request
+ * for the Client Credentials Grant.
+ *
+ * @author Joe Grandja
+ * @since 5.1
+ * @see Converter
+ * @see OAuth2ClientCredentialsGrantRequest
+ * @see RequestEntity
+ */
+public class OAuth2ClientCredentialsGrantRequestEntityConverter implements Converter> {
+
+ /**
+ * Returns the {@link RequestEntity} used for the Access Token Request.
+ *
+ * @param clientCredentialsGrantRequest the client credentials grant request
+ * @return the {@link RequestEntity} used for the Access Token Request
+ */
+ @Override
+ public RequestEntity> convert(OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest) {
+ ClientRegistration clientRegistration = clientCredentialsGrantRequest.getClientRegistration();
+
+ HttpHeaders headers = OAuth2AuthorizationGrantRequestEntityUtils.getTokenRequestHeaders(clientRegistration);
+ MultiValueMap formParameters = this.buildFormParameters(clientCredentialsGrantRequest);
+ URI uri = UriComponentsBuilder.fromUriString(clientRegistration.getProviderDetails().getTokenUri())
+ .build()
+ .toUri();
+
+ return new RequestEntity<>(formParameters, headers, HttpMethod.POST, uri);
+ }
+
+ /**
+ * Returns a {@link MultiValueMap} of the form parameters used for the Access Token Request body.
+ *
+ * @param clientCredentialsGrantRequest the client credentials grant request
+ * @return a {@link MultiValueMap} of the form parameters used for the Access Token Request body
+ */
+ private MultiValueMap buildFormParameters(OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest) {
+ ClientRegistration clientRegistration = clientCredentialsGrantRequest.getClientRegistration();
+
+ MultiValueMap formParameters = new LinkedMultiValueMap<>();
+ formParameters.add(OAuth2ParameterNames.GRANT_TYPE, clientCredentialsGrantRequest.getGrantType().getValue());
+ if (!CollectionUtils.isEmpty(clientRegistration.getScopes())) {
+ formParameters.add(OAuth2ParameterNames.SCOPE,
+ StringUtils.collectionToDelimitedString(clientRegistration.getScopes(), " "));
+ }
+ if (ClientAuthenticationMethod.POST.equals(clientRegistration.getClientAuthenticationMethod())) {
+ formParameters.add(OAuth2ParameterNames.CLIENT_ID, clientRegistration.getClientId());
+ formParameters.add(OAuth2ParameterNames.CLIENT_SECRET, clientRegistration.getClientSecret());
+ }
+
+ return formParameters;
+ }
+}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
index 117a17cb34..07a563d710 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
@@ -50,9 +50,7 @@ public class DefaultClientCredentialsTokenResponseClientTests {
public void setup() throws Exception {
this.server = new MockWebServer();
this.server.start();
-
String tokenUri = this.server.url("/oauth2/token").toString();
-
this.clientRegistration = ClientRegistration.withRegistrationId("registration-1")
.clientId("client-1")
.clientSecret("secret")
@@ -68,6 +66,12 @@ public class DefaultClientCredentialsTokenResponseClientTests {
this.server.shutdown();
}
+ @Test
+ public void setRequestEntityConverterWhenConverterIsNullThenThrowIllegalArgumentException() {
+ assertThatThrownBy(() -> this.tokenResponseClient.setRequestEntityConverter(null))
+ .isInstanceOf(IllegalArgumentException.class);
+ }
+
@Test
public void setRestOperationsWhenRestOperationsIsNullThenThrowIllegalArgumentException() {
assertThatThrownBy(() -> this.tokenResponseClient.setRestOperations(null))
@@ -103,8 +107,8 @@ public class DefaultClientCredentialsTokenResponseClientTests {
RecordedRequest recordedRequest = this.server.takeRequest();
assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString());
- assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON.toString());
- assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)).startsWith(MediaType.APPLICATION_FORM_URLENCODED.toString());
+ assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE);
+ assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)).isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
String formParameters = recordedRequest.getBody().readUtf8();
assertThat(formParameters).contains("grant_type=client_credentials");
@@ -178,7 +182,8 @@ public class DefaultClientCredentialsTokenResponseClientTests {
assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
.isInstanceOf(OAuth2AuthenticationException.class)
- .hasMessageContaining("[invalid_token_response] An error occurred parsing the Access Token response (200 OK): tokenType cannot be null");
+ .hasMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response")
+ .hasMessageContaining("tokenType cannot be null");
}
@Test
@@ -193,7 +198,8 @@ public class DefaultClientCredentialsTokenResponseClientTests {
assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
.isInstanceOf(OAuth2AuthenticationException.class)
- .hasMessageContaining("[invalid_token_response] An error occurred parsing the Access Token response (200 OK). Missing required parameters: access_token and/or token_type");
+ .hasMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response")
+ .hasMessageContaining("tokenType cannot be null");
}
@Test
@@ -231,21 +237,6 @@ public class DefaultClientCredentialsTokenResponseClientTests {
assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read", "write");
}
- @Test
- public void getTokenResponseWhenTokenUriMalformedThenThrowOAuth2AuthenticationException() {
- String malformedTokenUri = "http:\\provider.com\\oauth2\\token";
- ClientRegistration clientRegistration = this.from(this.clientRegistration)
- .tokenUri(malformedTokenUri)
- .build();
-
- OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest =
- new OAuth2ClientCredentialsGrantRequest(clientRegistration);
-
- assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
- .isInstanceOf(OAuth2AuthenticationException.class)
- .hasMessageContaining("[invalid_token_request] An error occurred while sending the Access Token Request:");
- }
-
@Test
public void getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthenticationException() {
String invalidTokenUri = "http://invalid-provider.com/oauth2/token";
@@ -258,7 +249,7 @@ public class DefaultClientCredentialsTokenResponseClientTests {
assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
.isInstanceOf(OAuth2AuthenticationException.class)
- .hasMessageContaining("[invalid_token_request] An error occurred while sending the Access Token Request:");
+ .hasMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
}
@Test
@@ -278,7 +269,7 @@ public class DefaultClientCredentialsTokenResponseClientTests {
assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
.isInstanceOf(OAuth2AuthenticationException.class)
- .hasMessageContaining("[invalid_token_request] An error occurred while sending the Access Token Request:");
+ .hasMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
}
@Test
@@ -305,7 +296,7 @@ public class DefaultClientCredentialsTokenResponseClientTests {
assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest))
.isInstanceOf(OAuth2AuthenticationException.class)
- .hasMessageContaining("[server_error]");
+ .hasMessage("[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: 500 Server Error");
}
private MockResponse jsonResponse(String json) {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java
new file mode 100644
index 0000000000..5c69692093
--- /dev/null
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2002-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.client.endpoint;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.MediaType;
+import org.springframework.http.RequestEntity;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.util.MultiValueMap;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
+
+/**
+ * Tests for {@link OAuth2ClientCredentialsGrantRequestEntityConverter}.
+ *
+ * @author Joe Grandja
+ */
+public class OAuth2ClientCredentialsGrantRequestEntityConverterTests {
+ private OAuth2ClientCredentialsGrantRequestEntityConverter converter = new OAuth2ClientCredentialsGrantRequestEntityConverter();
+ private OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest;
+
+ @Before
+ public void setup() {
+ ClientRegistration clientRegistration = ClientRegistration.withRegistrationId("registration-1")
+ .clientId("client-1")
+ .clientSecret("secret")
+ .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+ .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
+ .scope("read", "write")
+ .tokenUri("https://provider.com/oauth2/token")
+ .build();
+ this.clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(clientRegistration);
+ }
+
+ @SuppressWarnings("unchecked")
+ @Test
+ public void convertWhenGrantRequestValidThenConverts() {
+ RequestEntity> requestEntity = this.converter.convert(this.clientCredentialsGrantRequest);
+
+ ClientRegistration clientRegistration = this.clientCredentialsGrantRequest.getClientRegistration();
+
+ assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST);
+ assertThat(requestEntity.getUrl().toASCIIString()).isEqualTo(
+ clientRegistration.getProviderDetails().getTokenUri());
+
+ HttpHeaders headers = requestEntity.getHeaders();
+ assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8);
+ assertThat(headers.getContentType()).isEqualTo(
+ MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
+ assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
+
+ MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody();
+ assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)).isEqualTo(
+ AuthorizationGrantType.CLIENT_CREDENTIALS.getValue());
+ assertThat(formParameters.getFirst(OAuth2ParameterNames.SCOPE)).isEqualTo("read write");
+ }
+}