Add OAuth2AuthorizationRequestResolver.resolve(HttpServletRequest,String)

Previously there was a tangle between
DefaultOAuth2AuthorizationRequestResolver and
OAuth2AuthorizationRequestRedirectFilter with
AUTHORIZATION_REQUIRED_EXCEPTION_ATTR_NAME

This commit adds a new method that can be used for resolving the
OAuth2AuthorizationRequest when the client registration id is known.

Issue: gh-4911
This commit is contained in:
Rob Winch
2018-08-16 20:41:13 -05:00
parent 06df562d61
commit 938dbbf424
7 changed files with 87 additions and 100 deletions

View File

@@ -192,21 +192,16 @@ public class OAuth2ClientConfigurerTests {
public void configureWhenCustomAuthorizationRequestResolverSetThenAuthorizationRequestIncludesCustomParameters() throws Exception {
// Override default resolver
OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver = authorizationRequestResolver;
authorizationRequestResolver = request -> {
OAuth2AuthorizationRequest defaultAuthorizationRequest = defaultAuthorizationRequestResolver.resolve(request);
Map<String, Object> additionalParameters = new HashMap<>(defaultAuthorizationRequest.getAdditionalParameters());
additionalParameters.put("param1", "value1");
return OAuth2AuthorizationRequest.from(defaultAuthorizationRequest)
.additionalParameters(additionalParameters)
.build();
};
authorizationRequestResolver = mock(OAuth2AuthorizationRequestResolver.class);
when(authorizationRequestResolver.resolve(any())).thenAnswer(invocation -> defaultAuthorizationRequestResolver.resolve(invocation.getArgument(0)));
this.spring.register(OAuth2ClientConfig.class).autowire();
MvcResult mvcResult = this.mockMvc.perform(get("/oauth2/authorization/registration-1"))
this.mockMvc.perform(get("/oauth2/authorization/registration-1"))
.andExpect(status().is3xxRedirection())
.andReturn();
assertThat(mvcResult.getResponse().getRedirectedUrl()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Fclient-1&param1=value1");
verify(authorizationRequestResolver).resolve(any());
}
@EnableWebSecurity

View File

@@ -44,7 +44,6 @@ import org.springframework.security.oauth2.client.registration.InMemoryClientReg
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver;
import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver;
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
@@ -78,6 +77,9 @@ import java.util.List;
import java.util.Map;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
/**
* Tests for {@link OAuth2LoginConfigurer}.
@@ -236,6 +238,15 @@ public class OAuth2LoginConfigurerTests {
@Test
public void oauth2LoginWithCustomAuthorizationRequestParameters() throws Exception {
loadConfig(OAuth2LoginConfigCustomAuthorizationRequestResolver.class);
OAuth2AuthorizationRequestResolver resolver = this.context.getBean(
OAuth2LoginConfigCustomAuthorizationRequestResolver.class).resolver;
OAuth2AuthorizationRequest result = OAuth2AuthorizationRequest.authorizationCode()
.authorizationUri("https://accounts.google.com/authorize")
.clientId("client-id")
.state("adsfa")
.authorizationRequestUri("https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1")
.build();
when(resolver.resolve(any())).thenReturn(result);
String requestUri = "/oauth2/authorization/google";
this.request = new MockHttpServletRequest("GET", requestUri);
@@ -243,7 +254,7 @@ public class OAuth2LoginConfigurerTests {
this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
assertThat(this.response.getRedirectedUrl()).matches("https://accounts.google.com/o/oauth2/v2/auth\\?response_type=code&client_id=clientId&scope=openid\\+profile\\+email&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1");
assertThat(this.response.getRedirectedUrl()).isEqualTo("https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1");
}
// gh-5347
@@ -492,28 +503,17 @@ public class OAuth2LoginConfigurerTests {
private ClientRegistrationRepository clientRegistrationRepository =
new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION);
OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class);
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Login()
.clientRegistrationRepository(this.clientRegistrationRepository)
.authorizationEndpoint()
.authorizationRequestResolver(this.getAuthorizationRequestResolver());
.authorizationRequestResolver(this.resolver);
super.configure(http);
}
private OAuth2AuthorizationRequestResolver getAuthorizationRequestResolver() {
OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver =
new DefaultOAuth2AuthorizationRequestResolver(this.clientRegistrationRepository, "/oauth2/authorization");
return request -> {
OAuth2AuthorizationRequest defaultAuthorizationRequest = defaultAuthorizationRequestResolver.resolve(request);
Map<String, Object> additionalParameters = new HashMap<>(defaultAuthorizationRequest.getAdditionalParameters());
additionalParameters.put("custom-param1", "custom-value1");
return OAuth2AuthorizationRequest.from(defaultAuthorizationRequest)
.additionalParameters(additionalParameters)
.build();
};
}
}
@EnableWebSecurity