首页 发现 帮助
注册 登录
github
/
spring-authorization-server
镜像自地址 https://github.com/spring-projects/spring-authorization-server
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

Apply default settings for public client type

Closes gh-656
Joe Grandja 3 年之前
父节点
12ae92b366
当前提交
586c7daf2a
共有 2 个文件被更改,包括 56 次插入10 次删除
分列视图 显示文件统计
  1. 27 9
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/RegisteredClient.java
  2. 29 1
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/client/RegisteredClientTests.java

+ 27 - 9
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/RegisteredClient.java
查看文件 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright 2020-2021 the original author or authors.
 
+ * Copyright 2020-2022 the original author or authors.
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -250,10 +250,10 @@ public class RegisteredClient implements Serializable {
 
 		private String clientSecret;
 
 		private Instant clientSecretExpiresAt;
 
 		private String clientName;
 
-		private Set<ClientAuthenticationMethod> clientAuthenticationMethods = new HashSet<>();
 
-		private Set<AuthorizationGrantType> authorizationGrantTypes = new HashSet<>();
 
-		private Set<String> redirectUris = new HashSet<>();
 
-		private Set<String> scopes = new HashSet<>();
 
+		private final Set<ClientAuthenticationMethod> clientAuthenticationMethods = new HashSet<>();
 
+		private final Set<AuthorizationGrantType> authorizationGrantTypes = new HashSet<>();
 
+		private final Set<String> redirectUris = new HashSet<>();
 
+		private final Set<String> scopes = new HashSet<>();
 
 		private ClientSettings clientSettings;
 
 		private TokenSettings tokenSettings;
 
 
@@ -483,11 +483,31 @@ public class RegisteredClient implements Serializable {
 
 			if (CollectionUtils.isEmpty(this.clientAuthenticationMethods)) {
 
 				this.clientAuthenticationMethods.add(ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
 
 			}
 
+			if (this.clientSettings == null) {
 
+				ClientSettings.Builder builder = ClientSettings.builder();
 
+				if (isPublicClientType()) {
 
+					// @formatter:off
 
+					builder
 
+							.requireProofKey(true)
 
+							.requireAuthorizationConsent(true);
 
+					// @formatter:on
 
+				}
 
+				this.clientSettings = builder.build();
 
+			}
 
+			if (this.tokenSettings == null) {
 
+				this.tokenSettings = TokenSettings.builder().build();
 
+			}
 
 			validateScopes();
 
 			validateRedirectUris();
 
 			return create();
 
 		}
 
 
+		private boolean isPublicClientType() {
 
+			return this.authorizationGrantTypes.contains(AuthorizationGrantType.AUTHORIZATION_CODE) &&
 
+					this.clientAuthenticationMethods.size() == 1 &&
 
+					this.clientAuthenticationMethods.contains(ClientAuthenticationMethod.NONE);
 
+		}
 
+
 
 		private RegisteredClient create() {
 
 			RegisteredClient registeredClient = new RegisteredClient();
 
 
@@ -505,10 +525,8 @@ public class RegisteredClient implements Serializable {
 
 					new HashSet<>(this.redirectUris));
 
 			registeredClient.scopes = Collections.unmodifiableSet(
 
 					new HashSet<>(this.scopes));
 
-			registeredClient.clientSettings = this.clientSettings != null ?
 
-					this.clientSettings : ClientSettings.builder().build();
 
-			registeredClient.tokenSettings = this.tokenSettings != null ?
 
-					this.tokenSettings : TokenSettings.builder().build();
 
+			registeredClient.clientSettings = this.clientSettings;
 
+			registeredClient.tokenSettings = this.tokenSettings;
 
 
 			return registeredClient;
 
 		}

+ 29 - 1
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/client/RegisteredClientTests.java
查看文件 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright 2020-2021 the original author or authors.
 
+ * Copyright 2020-2022 the original author or authors.
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -382,4 +382,32 @@ public class RegisteredClientTests {
 
 		assertThat(registration.getRedirectUris()).doesNotContain(newRedirectUri);
 
 		assertThat(updated.getRedirectUris()).containsExactly(newRedirectUri);
 
 	}
 
+
 
+	@Test
 
+	public void buildWhenPublicClientTypeThenDefaultSettings() {
 
+		Instant clientIdIssuedAt = Instant.now();
 
+		RegisteredClient registration = RegisteredClient.withId(ID)
 
+				.clientId(CLIENT_ID)
 
+				.clientIdIssuedAt(clientIdIssuedAt)
 
+				.clientName("client-name")
 
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
 
+				.clientAuthenticationMethod(ClientAuthenticationMethod.NONE)
 
+				.redirectUris(redirectUris -> redirectUris.addAll(REDIRECT_URIS))
 
+				.scopes(scopes -> scopes.addAll(SCOPES))
 
+				.build();
 
+
 
+		assertThat(registration.getId()).isEqualTo(ID);
 
+		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
 
+		assertThat(registration.getClientIdIssuedAt()).isEqualTo(clientIdIssuedAt);
 
+		assertThat(registration.getClientName()).isEqualTo("client-name");
 
+		assertThat(registration.getAuthorizationGrantTypes())
 
+				.isEqualTo(Collections.singleton(AuthorizationGrantType.AUTHORIZATION_CODE));
 
+		assertThat(registration.getClientAuthenticationMethods())
 
+				.isEqualTo(Collections.singleton(ClientAuthenticationMethod.NONE));
 
+		assertThat(registration.getRedirectUris()).isEqualTo(REDIRECT_URIS);
 
+		assertThat(registration.getScopes()).isEqualTo(SCOPES);
 
+		assertThat(registration.getClientSettings().isRequireProofKey()).isTrue();
 
+		assertThat(registration.getClientSettings().isRequireAuthorizationConsent()).isTrue();
 
+	}
 
+
 
 }