2 лет назад · 6b6b2119f4
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/ClientSecretAuthenticationProvider.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/ClientSecretAuthenticationProvider.java
@@ -114,6 +114,9 @@ public final class ClientSecretAuthenticationProvider implements AuthenticationP
 
				 
			
 
				 		String clientSecret = clientAuthentication.getCredentials().toString();
			
 
				 		if (!this.passwordEncoder.matches(clientSecret, registeredClient.getClientSecret())) {
			
 
				+			if(this.logger.isDebugEnabled()){
			
 
				+				this.logger.debug("Invalid client_secret");
			
 
				+			}
			
 
				 			throwInvalidClient(OAuth2ParameterNames.CLIENT_SECRET);
			
 
				 		}
			
 
				 
			
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/CodeVerifierAuthenticator.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/CodeVerifierAuthenticator.java
@@ -96,6 +96,7 @@ final class CodeVerifierAuthenticator {
 
				 				.get(PkceParameterNames.CODE_CHALLENGE);
			
 
				 		if (!StringUtils.hasText(codeChallenge)) {
			
 
				 			if (registeredClient.getClientSettings().isRequireProofKey()) {
			
 
				+				logDebugMessage("Missing code_challenge");
			
 
				 				throwInvalidGrant(PkceParameterNames.CODE_CHALLENGE);
			
 
				 			} else {
			
 
				 				if (this.logger.isTraceEnabled()) {
			
@@ -129,8 +130,9 @@ final class CodeVerifierAuthenticator {
 
				 				parameters.get(OAuth2ParameterNames.CODE) != null;
			
 
				 	}
			
 
				 
			
 
				-	private static boolean codeVerifierValid(String codeVerifier, String codeChallenge, String codeChallengeMethod) {
			
 
				+	private boolean codeVerifierValid(String codeVerifier, String codeChallenge, String codeChallengeMethod) {
			
 
				 		if (!StringUtils.hasText(codeVerifier)) {
			
 
				+			logDebugMessage("Missing code_verifier");
			
 
				 			return false;
			
 
				 		} else if ("S256".equals(codeChallengeMethod)) {
			
 
				 			try {
			
@@ -156,4 +158,9 @@ final class CodeVerifierAuthenticator {
 
				 		throw new OAuth2AuthenticationException(error);
			
 
				 	}
			
 
				 
			
 
				+	private void logDebugMessage(String logMessage){
			
 
				+		if(this.logger.isDebugEnabled()){
			
 
				+			this.logger.debug(logMessage);
			
 
				+		}
			
 
				+	}
			
 
				 }
			
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationValidator.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationValidator.java
@@ -18,6 +18,8 @@ package org.springframework.security.oauth2.server.authorization.authentication;
 
				 import java.util.Set;
			
 
				 import java.util.function.Consumer;
			
 
				 
			
 
				+import org.apache.commons.logging.Log;
			
 
				+import org.apache.commons.logging.LogFactory;
			
 
				 import org.springframework.security.core.Authentication;
			
 
				 import org.springframework.security.oauth2.core.OAuth2Error;
			
 
				 import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
			
@@ -48,17 +50,18 @@ import org.springframework.web.util.UriComponentsBuilder;
 
				 public final class OAuth2AuthorizationCodeRequestAuthenticationValidator implements Consumer<OAuth2AuthorizationCodeRequestAuthenticationContext> {
			
 
				 	private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1";
			
 
				 
			
 
				+	private final Log logger = LogFactory.getLog(getClass());
			
 
				 	/**
			
 
				 	 * The default validator for {@link OAuth2AuthorizationCodeRequestAuthenticationToken#getScopes()}.
			
 
				 	 */
			
 
				-	public static final Consumer<OAuth2AuthorizationCodeRequestAuthenticationContext> DEFAULT_SCOPE_VALIDATOR =
			
 
				-			OAuth2AuthorizationCodeRequestAuthenticationValidator::validateScope;
			
 
				+	public final Consumer<OAuth2AuthorizationCodeRequestAuthenticationContext> DEFAULT_SCOPE_VALIDATOR =
			
 
				+			this::validateScope;
			
 
				 
			
 
				 	/**
			
 
				 	 * The default validator for {@link OAuth2AuthorizationCodeRequestAuthenticationToken#getRedirectUri()}.
			
 
				 	 */
			
 
				-	public static final Consumer<OAuth2AuthorizationCodeRequestAuthenticationContext> DEFAULT_REDIRECT_URI_VALIDATOR =
			
 
				-			OAuth2AuthorizationCodeRequestAuthenticationValidator::validateRedirectUri;
			
 
				+	public final Consumer<OAuth2AuthorizationCodeRequestAuthenticationContext> DEFAULT_REDIRECT_URI_VALIDATOR =
			
 
				+			this::validateRedirectUri;
			
 
				 
			
 
				 	private final Consumer<OAuth2AuthorizationCodeRequestAuthenticationContext> authenticationValidator =
			
 
				 			DEFAULT_REDIRECT_URI_VALIDATOR.andThen(DEFAULT_SCOPE_VALIDATOR);
			
@@ -68,7 +71,7 @@ public final class OAuth2AuthorizationCodeRequestAuthenticationValidator impleme
 
				 		this.authenticationValidator.accept(authenticationContext);
			
 
				 	}
			
 
				 
			
 
				-	private static void validateScope(OAuth2AuthorizationCodeRequestAuthenticationContext authenticationContext) {
			
 
				+	private void validateScope(OAuth2AuthorizationCodeRequestAuthenticationContext authenticationContext) {
			
 
				 		OAuth2AuthorizationCodeRequestAuthenticationToken authorizationCodeRequestAuthentication =
			
 
				 				authenticationContext.getAuthentication();
			
 
				 		RegisteredClient registeredClient = authenticationContext.getRegisteredClient();
			
@@ -76,12 +79,13 @@ public final class OAuth2AuthorizationCodeRequestAuthenticationValidator impleme
 
				 		Set<String> requestedScopes = authorizationCodeRequestAuthentication.getScopes();
			
 
				 		Set<String> allowedScopes = registeredClient.getScopes();
			
 
				 		if (!requestedScopes.isEmpty() && !allowedScopes.containsAll(requestedScopes)) {
			
 
				+			logDebugMessage("Invalid scope");
			
 
				 			throwError(OAuth2ErrorCodes.INVALID_SCOPE, OAuth2ParameterNames.SCOPE,
			
 
				 					authorizationCodeRequestAuthentication, registeredClient);
			
 
				 		}
			
 
				 	}
			
 
				 
			
 
				-	private static void validateRedirectUri(OAuth2AuthorizationCodeRequestAuthenticationContext authenticationContext) {
			
 
				+	private void validateRedirectUri(OAuth2AuthorizationCodeRequestAuthenticationContext authenticationContext) {
			
 
				 		OAuth2AuthorizationCodeRequestAuthenticationToken authorizationCodeRequestAuthentication =
			
 
				 				authenticationContext.getAuthentication();
			
 
				 		RegisteredClient registeredClient = authenticationContext.getRegisteredClient();
			
@@ -124,6 +128,7 @@ public final class OAuth2AuthorizationCodeRequestAuthenticationValidator impleme
 
				 					}
			
 
				 				}
			
 
				 				if (!validRedirectUri) {
			
 
				+					logDebugMessage("Invalid redirect_uri");
			
 
				 					throwError(OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ParameterNames.REDIRECT_URI,
			
 
				 							authorizationCodeRequestAuthentication, registeredClient);
			
 
				 				}
			
@@ -196,4 +201,10 @@ public final class OAuth2AuthorizationCodeRequestAuthenticationValidator impleme
 
				 		throw new OAuth2AuthorizationCodeRequestAuthenticationException(error, authorizationCodeRequestAuthenticationResult);
			
 
				 	}
			
 
				 
			
 
				+	private void logDebugMessage(String logMessage){
			
 
				+		if(this.logger.isDebugEnabled()){
			
 
				+			this.logger.debug(logMessage);
			
 
				+		}
			
 
				+	}
			
 
				+
			
 
				 }