Add OAuth2AuthorizationRequestResolver.resolve(HttpServletRequest,String)
Previously there was a tangle between DefaultOAuth2AuthorizationRequestResolver and OAuth2AuthorizationRequestRedirectFilter with AUTHORIZATION_REQUIRED_EXCEPTION_ATTR_NAME This commit adds a new method that can be used for resolving the OAuth2AuthorizationRequest when the client registration id is known. Issue: gh-4911
This commit is contained in:
@@ -192,21 +192,16 @@ public class OAuth2ClientConfigurerTests {
|
||||
public void configureWhenCustomAuthorizationRequestResolverSetThenAuthorizationRequestIncludesCustomParameters() throws Exception {
|
||||
// Override default resolver
|
||||
OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver = authorizationRequestResolver;
|
||||
authorizationRequestResolver = request -> {
|
||||
OAuth2AuthorizationRequest defaultAuthorizationRequest = defaultAuthorizationRequestResolver.resolve(request);
|
||||
Map<String, Object> additionalParameters = new HashMap<>(defaultAuthorizationRequest.getAdditionalParameters());
|
||||
additionalParameters.put("param1", "value1");
|
||||
return OAuth2AuthorizationRequest.from(defaultAuthorizationRequest)
|
||||
.additionalParameters(additionalParameters)
|
||||
.build();
|
||||
};
|
||||
authorizationRequestResolver = mock(OAuth2AuthorizationRequestResolver.class);
|
||||
when(authorizationRequestResolver.resolve(any())).thenAnswer(invocation -> defaultAuthorizationRequestResolver.resolve(invocation.getArgument(0)));
|
||||
|
||||
this.spring.register(OAuth2ClientConfig.class).autowire();
|
||||
|
||||
MvcResult mvcResult = this.mockMvc.perform(get("/oauth2/authorization/registration-1"))
|
||||
this.mockMvc.perform(get("/oauth2/authorization/registration-1"))
|
||||
.andExpect(status().is3xxRedirection())
|
||||
.andReturn();
|
||||
assertThat(mvcResult.getResponse().getRedirectedUrl()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Fclient-1¶m1=value1");
|
||||
|
||||
verify(authorizationRequestResolver).resolve(any());
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
|
||||
@@ -44,7 +44,6 @@ import org.springframework.security.oauth2.client.registration.InMemoryClientReg
|
||||
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
|
||||
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
|
||||
import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver;
|
||||
import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository;
|
||||
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver;
|
||||
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
|
||||
@@ -78,6 +77,9 @@ import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
/**
|
||||
* Tests for {@link OAuth2LoginConfigurer}.
|
||||
@@ -236,6 +238,15 @@ public class OAuth2LoginConfigurerTests {
|
||||
@Test
|
||||
public void oauth2LoginWithCustomAuthorizationRequestParameters() throws Exception {
|
||||
loadConfig(OAuth2LoginConfigCustomAuthorizationRequestResolver.class);
|
||||
OAuth2AuthorizationRequestResolver resolver = this.context.getBean(
|
||||
OAuth2LoginConfigCustomAuthorizationRequestResolver.class).resolver;
|
||||
OAuth2AuthorizationRequest result = OAuth2AuthorizationRequest.authorizationCode()
|
||||
.authorizationUri("https://accounts.google.com/authorize")
|
||||
.clientId("client-id")
|
||||
.state("adsfa")
|
||||
.authorizationRequestUri("https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1")
|
||||
.build();
|
||||
when(resolver.resolve(any())).thenReturn(result);
|
||||
|
||||
String requestUri = "/oauth2/authorization/google";
|
||||
this.request = new MockHttpServletRequest("GET", requestUri);
|
||||
@@ -243,7 +254,7 @@ public class OAuth2LoginConfigurerTests {
|
||||
|
||||
this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
|
||||
|
||||
assertThat(this.response.getRedirectedUrl()).matches("https://accounts.google.com/o/oauth2/v2/auth\\?response_type=code&client_id=clientId&scope=openid\\+profile\\+email&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1");
|
||||
assertThat(this.response.getRedirectedUrl()).isEqualTo("https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1");
|
||||
}
|
||||
|
||||
// gh-5347
|
||||
@@ -492,28 +503,17 @@ public class OAuth2LoginConfigurerTests {
|
||||
private ClientRegistrationRepository clientRegistrationRepository =
|
||||
new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION);
|
||||
|
||||
OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class);
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Login()
|
||||
.clientRegistrationRepository(this.clientRegistrationRepository)
|
||||
.authorizationEndpoint()
|
||||
.authorizationRequestResolver(this.getAuthorizationRequestResolver());
|
||||
.authorizationRequestResolver(this.resolver);
|
||||
super.configure(http);
|
||||
}
|
||||
|
||||
private OAuth2AuthorizationRequestResolver getAuthorizationRequestResolver() {
|
||||
OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver =
|
||||
new DefaultOAuth2AuthorizationRequestResolver(this.clientRegistrationRepository, "/oauth2/authorization");
|
||||
return request -> {
|
||||
OAuth2AuthorizationRequest defaultAuthorizationRequest = defaultAuthorizationRequestResolver.resolve(request);
|
||||
Map<String, Object> additionalParameters = new HashMap<>(defaultAuthorizationRequest.getAdditionalParameters());
|
||||
additionalParameters.put("custom-param1", "custom-value1");
|
||||
return OAuth2AuthorizationRequest.from(defaultAuthorizationRequest)
|
||||
.additionalParameters(additionalParameters)
|
||||
.build();
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
|
||||
Reference in New Issue
Block a user