Use OAuth2AuthorizedClientRepository in filters and resolver
Fixes gh-5544
This commit is contained in:
@@ -21,22 +21,27 @@ import org.springframework.beans.factory.NoSuchBeanDefinitionException;
|
||||
import org.springframework.beans.factory.NoUniqueBeanDefinitionException;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.test.SpringTestRule;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThatThrownBy;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.ArgumentMatchers.eq;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
@@ -57,18 +62,20 @@ public class OAuth2ClientConfigurationTests {
|
||||
public void requestWhenAuthorizedClientFoundThenMethodArgumentResolved() throws Exception {
|
||||
String clientRegistrationId = "client1";
|
||||
String principalName = "user1";
|
||||
TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password");
|
||||
|
||||
OAuth2AuthorizedClientService authorizedClientService = mock(OAuth2AuthorizedClientService.class);
|
||||
OAuth2AuthorizedClientRepository authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class);
|
||||
OAuth2AuthorizedClient authorizedClient = mock(OAuth2AuthorizedClient.class);
|
||||
when(authorizedClientService.loadAuthorizedClient(clientRegistrationId, principalName)).thenReturn(authorizedClient);
|
||||
when(authorizedClientRepository.loadAuthorizedClient(
|
||||
eq(clientRegistrationId), eq(authentication), any(HttpServletRequest.class))).thenReturn(authorizedClient);
|
||||
|
||||
OAuth2AccessToken accessToken = mock(OAuth2AccessToken.class);
|
||||
when(authorizedClient.getAccessToken()).thenReturn(accessToken);
|
||||
|
||||
OAuth2AuthorizedClientArgumentResolverConfig.AUTHORIZED_CLIENT_SERVICE = authorizedClientService;
|
||||
OAuth2AuthorizedClientArgumentResolverConfig.AUTHORIZED_CLIENT_REPOSITORY = authorizedClientRepository;
|
||||
this.spring.register(OAuth2AuthorizedClientArgumentResolverConfig.class).autowire();
|
||||
|
||||
this.mockMvc.perform(get("/authorized-client").with(user(principalName)))
|
||||
this.mockMvc.perform(get("/authorized-client").with(authentication(authentication)))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(content().string("resolved"));
|
||||
}
|
||||
@@ -76,7 +83,7 @@ public class OAuth2ClientConfigurationTests {
|
||||
@EnableWebMvc
|
||||
@EnableWebSecurity
|
||||
static class OAuth2AuthorizedClientArgumentResolverConfig extends WebSecurityConfigurerAdapter {
|
||||
static OAuth2AuthorizedClientService AUTHORIZED_CLIENT_SERVICE;
|
||||
static OAuth2AuthorizedClientRepository AUTHORIZED_CLIENT_REPOSITORY;
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
@@ -92,23 +99,23 @@ public class OAuth2ClientConfigurationTests {
|
||||
}
|
||||
|
||||
@Bean
|
||||
public OAuth2AuthorizedClientService authorizedClientService() {
|
||||
return AUTHORIZED_CLIENT_SERVICE;
|
||||
public OAuth2AuthorizedClientRepository authorizedClientRepository() {
|
||||
return AUTHORIZED_CLIENT_REPOSITORY;
|
||||
}
|
||||
}
|
||||
|
||||
// gh-5321
|
||||
@Test
|
||||
public void loadContextWhenOAuth2AuthorizedClientServiceRegisteredTwiceThenThrowNoUniqueBeanDefinitionException() {
|
||||
assertThatThrownBy(() -> this.spring.register(OAuth2AuthorizedClientServiceRegisteredTwiceConfig.class).autowire())
|
||||
public void loadContextWhenOAuth2AuthorizedClientRepositoryRegisteredTwiceThenThrowNoUniqueBeanDefinitionException() {
|
||||
assertThatThrownBy(() -> this.spring.register(OAuth2AuthorizedClientRepositoryRegisteredTwiceConfig.class).autowire())
|
||||
.hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class)
|
||||
.hasMessageContaining("Expected single matching bean of type '" + OAuth2AuthorizedClientService.class.getName() +
|
||||
"' but found 2: authorizedClientService1,authorizedClientService2");
|
||||
.hasMessageContaining("Expected single matching bean of type '" + OAuth2AuthorizedClientRepository.class.getName() +
|
||||
"' but found 2: authorizedClientRepository1,authorizedClientRepository2");
|
||||
}
|
||||
|
||||
@EnableWebMvc
|
||||
@EnableWebSecurity
|
||||
static class OAuth2AuthorizedClientServiceRegisteredTwiceConfig extends WebSecurityConfigurerAdapter {
|
||||
static class OAuth2AuthorizedClientRepositoryRegisteredTwiceConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
@@ -127,13 +134,13 @@ public class OAuth2ClientConfigurationTests {
|
||||
}
|
||||
|
||||
@Bean
|
||||
public OAuth2AuthorizedClientService authorizedClientService1() {
|
||||
return mock(OAuth2AuthorizedClientService.class);
|
||||
public OAuth2AuthorizedClientRepository authorizedClientRepository1() {
|
||||
return mock(OAuth2AuthorizedClientRepository.class);
|
||||
}
|
||||
|
||||
@Bean
|
||||
public OAuth2AuthorizedClientService authorizedClientService2() {
|
||||
return mock(OAuth2AuthorizedClientService.class);
|
||||
public OAuth2AuthorizedClientRepository authorizedClientRepository2() {
|
||||
return mock(OAuth2AuthorizedClientRepository.class);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -194,8 +201,8 @@ public class OAuth2ClientConfigurationTests {
|
||||
}
|
||||
|
||||
@Bean
|
||||
public OAuth2AuthorizedClientService authorizedClientService() {
|
||||
return mock(OAuth2AuthorizedClientService.class);
|
||||
public OAuth2AuthorizedClientRepository authorizedClientRepository() {
|
||||
return mock(OAuth2AuthorizedClientRepository.class);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -23,6 +23,7 @@ import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.mock.web.MockHttpSession;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
@@ -36,10 +37,12 @@ import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCo
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
|
||||
import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver;
|
||||
import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository;
|
||||
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver;
|
||||
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
@@ -61,6 +64,7 @@ import java.util.Map;
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.*;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
|
||||
@@ -76,6 +80,8 @@ public class OAuth2ClientConfigurerTests {
|
||||
|
||||
private static OAuth2AuthorizedClientService authorizedClientService;
|
||||
|
||||
private static OAuth2AuthorizedClientRepository authorizedClientRepository;
|
||||
|
||||
private static OAuth2AuthorizationRequestResolver authorizationRequestResolver;
|
||||
|
||||
private static OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
|
||||
@@ -107,6 +113,7 @@ public class OAuth2ClientConfigurerTests {
|
||||
.build();
|
||||
clientRegistrationRepository = new InMemoryClientRegistrationRepository(this.registration1);
|
||||
authorizedClientService = new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository);
|
||||
authorizedClientRepository = new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(authorizedClientService);
|
||||
authorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(
|
||||
clientRegistrationRepository, "/oauth2/authorization");
|
||||
|
||||
@@ -153,17 +160,18 @@ public class OAuth2ClientConfigurerTests {
|
||||
MockHttpSession session = (MockHttpSession) request.getSession();
|
||||
|
||||
String principalName = "user1";
|
||||
TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password");
|
||||
|
||||
this.mockMvc.perform(get("/client-1")
|
||||
.param(OAuth2ParameterNames.CODE, "code")
|
||||
.param(OAuth2ParameterNames.STATE, "state")
|
||||
.with(user(principalName))
|
||||
.with(authentication(authentication))
|
||||
.session(session))
|
||||
.andExpect(status().is3xxRedirection())
|
||||
.andExpect(redirectedUrl("http://localhost/client-1"));
|
||||
|
||||
OAuth2AuthorizedClient authorizedClient = authorizedClientService.loadAuthorizedClient(
|
||||
this.registration1.getRegistrationId(), principalName);
|
||||
OAuth2AuthorizedClient authorizedClient = authorizedClientRepository.loadAuthorizedClient(
|
||||
this.registration1.getRegistrationId(), authentication, request);
|
||||
assertThat(authorizedClient).isNotNull();
|
||||
}
|
||||
|
||||
@@ -229,8 +237,8 @@ public class OAuth2ClientConfigurerTests {
|
||||
}
|
||||
|
||||
@Bean
|
||||
public OAuth2AuthorizedClientService authorizedClientService() {
|
||||
return authorizedClientService;
|
||||
public OAuth2AuthorizedClientRepository authorizedClientRepository() {
|
||||
return authorizedClientRepository;
|
||||
}
|
||||
|
||||
@RestController
|
||||
|
||||
Reference in New Issue
Block a user