1 年之前 · 41d3c30b49
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java
@@ -241,10 +241,13 @@ public final class OAuth2AuthorizationEndpointConfigurer extends AbstractOAuth2C
 
				 				? OAuth2ConfigurerUtils
			
 
				 					.withMultipleIssuersPattern(authorizationServerSettings.getAuthorizationEndpoint())
			
 
				 				: authorizationServerSettings.getAuthorizationEndpoint();
			
 
				-		this.requestMatcher = new OrRequestMatcher(
			
 
				-				new AntPathRequestMatcher(authorizationEndpointUri, HttpMethod.GET.name()),
			
 
				-				new AntPathRequestMatcher(authorizationEndpointUri, HttpMethod.POST.name()));
			
 
				-
			
 
				+		List<RequestMatcher> requestMatchers = new ArrayList<>();
			
 
				+		requestMatchers.add(new AntPathRequestMatcher(authorizationEndpointUri, HttpMethod.GET.name()));
			
 
				+		requestMatchers.add(new AntPathRequestMatcher(authorizationEndpointUri, HttpMethod.POST.name()));
			
 
				+		if (StringUtils.hasText(this.consentPage)) {
			
 
				+			requestMatchers.add(new AntPathRequestMatcher(this.consentPage));
			
 
				+		}
			
 
				+		this.requestMatcher = new OrRequestMatcher(requestMatchers);
			
 
				 		List<AuthenticationProvider> authenticationProviders = createDefaultAuthenticationProviders(httpSecurity);
			
 
				 		if (!this.authenticationProviders.isEmpty()) {
			
 
				 			authenticationProviders.addAll(0, this.authenticationProviders);
			
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java
@@ -104,6 +104,7 @@ import org.springframework.security.oauth2.server.authorization.client.Registere
 
				 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
			
 
				 import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
			
 
				 import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
			
 
				+import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
			
 
				 import org.springframework.security.oauth2.server.authorization.jackson2.TestingAuthenticationTokenMixin;
			
 
				 import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
			
 
				 import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
			
@@ -125,11 +126,14 @@ import org.springframework.security.web.authentication.AuthenticationSuccessHand
 
				 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
			
 
				 import org.springframework.security.web.context.SecurityContextRepository;
			
 
				 import org.springframework.security.web.util.matcher.RequestMatcher;
			
 
				+import org.springframework.stereotype.Controller;
			
 
				 import org.springframework.test.web.servlet.MockMvc;
			
 
				 import org.springframework.test.web.servlet.MvcResult;
			
 
				 import org.springframework.util.LinkedMultiValueMap;
			
 
				 import org.springframework.util.MultiValueMap;
			
 
				 import org.springframework.util.StringUtils;
			
 
				+import org.springframework.web.bind.annotation.GetMapping;
			
 
				+import org.springframework.web.bind.annotation.ResponseBody;
			
 
				 import org.springframework.web.util.UriComponents;
			
 
				 import org.springframework.web.util.UriComponentsBuilder;
			
 
				 import org.springframework.web.util.UriUtils;
			
@@ -746,6 +750,15 @@ public class OAuth2AuthorizationCodeGrantTests {
 
				 		assertThat(authorization).isNotNull();
			
 
				 	}
			
 
				 
			
 
				+	// gh-1668
			
 
				+	@Test
			
 
				+	public void requestWhenCustomConsentPageConfiguredThenAuthorizationServerContextIsAccessible() throws Exception {
			
 
				+		this.spring.register(AuthorizationServerConfigurationCustomConsentPageAccessAuthorizationServerContext.class)
			
 
				+			.autowire();
			
 
				+
			
 
				+		this.mvc.perform(get(consentPage).with(user("user"))).andExpect(status().isOk());
			
 
				+	}
			
 
				+
			
 
				 	@Test
			
 
				 	public void requestWhenCustomConsentCustomizerConfiguredThenUsed() throws Exception {
			
 
				 		this.spring.register(AuthorizationServerConfigurationCustomConsentRequest.class).autowire();
			
@@ -1209,6 +1222,26 @@ public class OAuth2AuthorizationCodeGrantTests {
 
				 
			
 
				 	}
			
 
				 
			
 
				+	@EnableWebSecurity
			
 
				+	@Configuration(proxyBeanMethods = false)
			
 
				+	static class AuthorizationServerConfigurationCustomConsentPageAccessAuthorizationServerContext
			
 
				+			extends AuthorizationServerConfigurationCustomConsentPage {
			
 
				+
			
 
				+		@Controller
			
 
				+		class ConsentController {
			
 
				+
			
 
				+			@GetMapping("/oauth2/consent")
			
 
				+			@ResponseBody
			
 
				+			String consent() {
			
 
				+				// Ensure the AuthorizationServerContext is accessible
			
 
				+				AuthorizationServerContextHolder.getContext().getIssuer();
			
 
				+				return "";
			
 
				+			}
			
 
				+
			
 
				+		}
			
 
				+
			
 
				+	}
			
 
				+
			
 
				 	@EnableWebSecurity
			
 
				 	@Configuration(proxyBeanMethods = false)
			
 
				 	static class AuthorizationServerConfigurationCustomConsentRequest extends AuthorizationServerConfiguration {