Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Simplified oauth2().client() DSL

Fixes gh-5662
Joe Grandja 7 years ago
parent
d7dde707a2
commit
0f89e59707
4 changed files with 89 additions and 161 deletions
Unified View Show Diff Stats
  1. 85 152
      config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
  2. 2 5
      config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
  3. 1 2
      samples/boot/authcodegrant/src/integration-test/java/org/springframework/security/samples/OAuth2AuthorizationCodeGrantApplicationTests.java
  4. 1 2
      samples/boot/authcodegrant/src/main/java/sample/config/SecurityConfig.java

+ 85 - 152
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
View File 

@@ -42,7 +42,7 @@ import org.springframework.util.Assert;
 
  * The following configuration options are available:
 
  * The following configuration options are available:
 
  *
 
  *
 
  * <ul>
 
  * <ul>
 
- * <li>{@link #authorizationCodeGrant()} - enables the OAuth 2.0 Authorization Code Grant</li>
 
+ * <li>{@link #authorizationCodeGrant()} - support for the OAuth 2.0 Authorization Code Grant</li>
 
  * </ul>
 
  * </ul>
 
  *
 
  *
 
  * <p>
 
  * <p>
 
@@ -52,7 +52,7 @@ import org.springframework.util.Assert;
 
  *
 
  *
 
  * <h2>Security Filters</h2>
 
  * <h2>Security Filters</h2>
 
  *
 
  *
 
- * The following {@code Filter}'s are populated when {@link #authorizationCodeGrant()} is configured:
 
+ * The following {@code Filter}'s are populated for {@link #authorizationCodeGrant()}:
 
  *
 
  *
 
  * <ul>
 
  * <ul>
 
  * <li>{@link OAuth2AuthorizationRequestRedirectFilter}</li>
 
  * <li>{@link OAuth2AuthorizationRequestRedirectFilter}</li>
 
@@ -88,7 +88,7 @@ import org.springframework.util.Assert;
 
 public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> extends
 
 public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> extends
 
 	AbstractHttpConfigurer<OAuth2ClientConfigurer<B>, B> {
 
 	AbstractHttpConfigurer<OAuth2ClientConfigurer<B>, B> {
 
 
 
-	private AuthorizationCodeGrantConfigurer authorizationCodeGrantConfigurer;
 
+	private AuthorizationCodeGrantConfigurer authorizationCodeGrantConfigurer = new AuthorizationCodeGrantConfigurer();
 
 
 
 	/**
 
 	/**
 
 	 * Sets the repository of client registrations.
 
 	 * Sets the repository of client registrations.
 
@@ -132,9 +132,6 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> exte
 
 	 * @return the {@link AuthorizationCodeGrantConfigurer}
 
 	 * @return the {@link AuthorizationCodeGrantConfigurer}
 
 	 */
 
 	 */
 
 	public AuthorizationCodeGrantConfigurer authorizationCodeGrant() {
 
 	public AuthorizationCodeGrantConfigurer authorizationCodeGrant() {
 
-		if (this.authorizationCodeGrantConfigurer == null) {
 
-			this.authorizationCodeGrantConfigurer = new AuthorizationCodeGrantConfigurer();
 
-		}
 
 		return this.authorizationCodeGrantConfigurer;
 
 		return this.authorizationCodeGrantConfigurer;
 
 	}
 
 	}
 
 
 
@@ -142,153 +139,51 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> exte
 
 	 * Configuration options for the OAuth 2.0 Authorization Code Grant.
 
 	 * Configuration options for the OAuth 2.0 Authorization Code Grant.
 
 	 */
 
 	 */
 
 	public class AuthorizationCodeGrantConfigurer {
 
 	public class AuthorizationCodeGrantConfigurer {
 
-		private final AuthorizationEndpointConfig authorizationEndpointConfig = new AuthorizationEndpointConfig();
 
-		private final TokenEndpointConfig tokenEndpointConfig = new TokenEndpointConfig();
 
+		private OAuth2AuthorizationRequestResolver authorizationRequestResolver;
 
+		private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
 
+		private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
 
 
 
 		private AuthorizationCodeGrantConfigurer() {
 
 		private AuthorizationCodeGrantConfigurer() {
 
 		}
 
 		}
 
 
 
 		/**
 
 		/**
 
-		 * Returns the {@link AuthorizationEndpointConfig} for configuring the Authorization Server's Authorization Endpoint.
 
+		 * Sets the resolver used for resolving {@link OAuth2AuthorizationRequest}'s.
 
 		 *
 
 		 *
 
-		 * @return the {@link AuthorizationEndpointConfig}
 
+		 * @param authorizationRequestResolver the resolver used for resolving {@link OAuth2AuthorizationRequest}'s
 
+		 * @return the {@link AuthorizationCodeGrantConfigurer} for further configuration
 
 		 */
 
 		 */
 
-		public AuthorizationEndpointConfig authorizationEndpoint() {
 
-			return this.authorizationEndpointConfig;
 
+		public AuthorizationCodeGrantConfigurer authorizationRequestResolver(OAuth2AuthorizationRequestResolver authorizationRequestResolver) {
 
+			Assert.notNull(authorizationRequestResolver, "authorizationRequestResolver cannot be null");
 
+			this.authorizationRequestResolver = authorizationRequestResolver;
 
+			return this;
 
 		}
 
 		}
 
 
 
 		/**
 
 		/**
 
-		 * Configuration options for the Authorization Server's Authorization Endpoint.
 
+		 * Sets the repository used for storing {@link OAuth2AuthorizationRequest}'s.
 
+		 *
 
+		 * @param authorizationRequestRepository the repository used for storing {@link OAuth2AuthorizationRequest}'s
 
+		 * @return the {@link AuthorizationCodeGrantConfigurer} for further configuration
 
 		 */
 
 		 */
 
-		public class AuthorizationEndpointConfig {
 
-			private OAuth2AuthorizationRequestResolver authorizationRequestResolver;
 
-			private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
 
-
 
-			private AuthorizationEndpointConfig() {
 
-			}
 
-
 
-			/**
 
-			 * Sets the resolver used for resolving {@link OAuth2AuthorizationRequest}'s.
 
-			 *
 
-			 * @param authorizationRequestResolver the resolver used for resolving {@link OAuth2AuthorizationRequest}'s
 
-			 * @return the {@link AuthorizationEndpointConfig} for further configuration
 
-			 */
 
-			public AuthorizationEndpointConfig authorizationRequestResolver(OAuth2AuthorizationRequestResolver authorizationRequestResolver) {
 
-				Assert.notNull(authorizationRequestResolver, "authorizationRequestResolver cannot be null");
 
-				this.authorizationRequestResolver = authorizationRequestResolver;
 
-				return this;
 
-			}
 
-
 
-			/**
 
-			 * Sets the repository used for storing {@link OAuth2AuthorizationRequest}'s.
 
-			 *
 
-			 * @param authorizationRequestRepository the repository used for storing {@link OAuth2AuthorizationRequest}'s
 
-			 * @return the {@link AuthorizationEndpointConfig} for further configuration
 
-			 */
 
-			public AuthorizationEndpointConfig authorizationRequestRepository(
 
+		public AuthorizationCodeGrantConfigurer authorizationRequestRepository(
 
 				AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
 
 				AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
 
 
 
-				Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
 
-				this.authorizationRequestRepository = authorizationRequestRepository;
 
-				return this;
 
-			}
 
-
 
-			/**
 
-			 * Returns the {@link AuthorizationCodeGrantConfigurer} for further configuration.
 
-			 *
 
-			 * @return the {@link AuthorizationCodeGrantConfigurer}
 
-			 */
 
-			public AuthorizationCodeGrantConfigurer and() {
 
-				return AuthorizationCodeGrantConfigurer.this;
 
-			}
 
-
 
-			private OAuth2AuthorizationRequestResolver getAuthorizationRequestResolver() {
 
-				if (this.authorizationRequestResolver != null) {
 
-					return this.authorizationRequestResolver;
 
-				}
 
-				ClientRegistrationRepository clientRegistrationRepository = OAuth2ClientConfigurerUtils
 
-						.getClientRegistrationRepository(getBuilder());
 
-				return new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository,
 
-						OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI);
 
-			}
 
-
 
-			private OAuth2AuthorizationRequestRedirectFilter createAuthorizationRequestRedirectFilter(B builder) {
 
-				OAuth2AuthorizationRequestResolver resolver = getAuthorizationRequestResolver();
 
-				OAuth2AuthorizationRequestRedirectFilter authorizationRequestFilter = new OAuth2AuthorizationRequestRedirectFilter(resolver);
 
-
 
-				if (this.authorizationRequestRepository != null) {
 
-					authorizationRequestFilter.setAuthorizationRequestRepository(
 
-							this.authorizationRequestRepository);
 
-				}
 
-				RequestCache requestCache = builder.getSharedObject(RequestCache.class);
 
-				if (requestCache != null) {
 
-					authorizationRequestFilter.setRequestCache(requestCache);
 
-				}
 
-				return authorizationRequestFilter;
 
-			}
 
-
 
-			private OAuth2AuthorizationCodeGrantFilter createAuthorizationCodeGrantFilter(B builder) {
 
-				AuthenticationManager authenticationManager = builder.getSharedObject(AuthenticationManager.class);
 
-				OAuth2AuthorizationCodeGrantFilter authorizationCodeGrantFilter = new OAuth2AuthorizationCodeGrantFilter(
 
-						OAuth2ClientConfigurerUtils.getClientRegistrationRepository(builder),
 
-						OAuth2ClientConfigurerUtils.getAuthorizedClientRepository(builder),
 
-						authenticationManager);
 
-
 
-				if (this.authorizationRequestRepository != null) {
 
-					authorizationCodeGrantFilter.setAuthorizationRequestRepository(
 
-							this.authorizationRequestRepository);
 
-				}
 
-				return authorizationCodeGrantFilter;
 
-			}
 
-
 
-			private void configure(B builder) {
 
-				OAuth2AuthorizationRequestRedirectFilter authorizationRequestFilter = createAuthorizationRequestRedirectFilter(builder);
 
-				builder.addFilter(postProcess(authorizationRequestFilter));
 
-				OAuth2AuthorizationCodeGrantFilter authorizationCodeGrantFilter = createAuthorizationCodeGrantFilter(builder);
 
-				builder.addFilter(postProcess(authorizationCodeGrantFilter));
 
-			}
 
+			Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
 
+			this.authorizationRequestRepository = authorizationRequestRepository;
 
+			return this;
 
 		}
 
 		}
 
 
 
 		/**
 
 		/**
 
-		 * Returns the {@link TokenEndpointConfig} for configuring the Authorization Server's Token Endpoint.
 
+		 * Sets the client used for requesting the access token credential from the Token Endpoint.
 
 		 *
 
 		 *
 
-		 * @return the {@link TokenEndpointConfig}
 
+		 * @param accessTokenResponseClient the client used for requesting the access token credential from the Token Endpoint
 
+		 * @return the {@link AuthorizationCodeGrantConfigurer} for further configuration
 
 		 */
 
 		 */
 
-		public TokenEndpointConfig tokenEndpoint() {
 
-			return this.tokenEndpointConfig;
 
-		}
 
-
 
-		/**
 
-		 * Configuration options for the Authorization Server's Token Endpoint.
 
-		 */
 
-		public class TokenEndpointConfig {
 
-			private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
 
-
 
-			private TokenEndpointConfig() {
 
-			}
 
-
 
-			/**
 
-			 * Sets the client used for requesting the access token credential from the Token Endpoint.
 
-			 *
 
-			 * @param accessTokenResponseClient the client used for requesting the access token credential from the Token Endpoint
 
-			 * @return the {@link TokenEndpointConfig} for further configuration
 
-			 */
 
-			public TokenEndpointConfig accessTokenResponseClient(
 
+		public AuthorizationCodeGrantConfigurer accessTokenResponseClient(
 
 				OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient) {
 
 				OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient) {
 
 
 
-				Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
 
-				this.accessTokenResponseClient = accessTokenResponseClient;
 
-				return this;
 
-			}
 
-
 
-			/**
 
-			 * Returns the {@link AuthorizationCodeGrantConfigurer} for further configuration.
 
-			 *
 
-			 * @return the {@link AuthorizationCodeGrantConfigurer}
 
-			 */
 
-			public AuthorizationCodeGrantConfigurer and() {
 
-				return AuthorizationCodeGrantConfigurer.this;
 
-			}
 
+			Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
 
+			this.accessTokenResponseClient = accessTokenResponseClient;
 
+			return this;
 
 		}
 
 		}
 
 
 
 		/**
 
 		/**
 
@@ -300,34 +195,72 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> exte
 
 			return OAuth2ClientConfigurer.this;
 
 			return OAuth2ClientConfigurer.this;
 
 		}
 
 		}
 
 
 
+		private void init(B builder) {
 
+			OAuth2AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider =
 
+					new OAuth2AuthorizationCodeAuthenticationProvider(getAccessTokenResponseClient());
 
+			builder.authenticationProvider(postProcess(authorizationCodeAuthenticationProvider));
 
+		}
 
+
 
 		private void configure(B builder) {
 
 		private void configure(B builder) {
 
-			this.authorizationEndpointConfig.configure(builder);
 
+			OAuth2AuthorizationRequestRedirectFilter authorizationRequestRedirectFilter = createAuthorizationRequestRedirectFilter(builder);
 
+			builder.addFilter(postProcess(authorizationRequestRedirectFilter));
 
+			OAuth2AuthorizationCodeGrantFilter authorizationCodeGrantFilter = createAuthorizationCodeGrantFilter(builder);
 
+			builder.addFilter(postProcess(authorizationCodeGrantFilter));
 
+		}
 
+
 
+		private OAuth2AuthorizationRequestRedirectFilter createAuthorizationRequestRedirectFilter(B builder) {
 
+			OAuth2AuthorizationRequestResolver resolver = getAuthorizationRequestResolver();
 
+			OAuth2AuthorizationRequestRedirectFilter authorizationRequestRedirectFilter =
 
+					new OAuth2AuthorizationRequestRedirectFilter(resolver);
 
+
 
+			if (this.authorizationRequestRepository != null) {
 
+				authorizationRequestRedirectFilter.setAuthorizationRequestRepository(this.authorizationRequestRepository);
 
+			}
 
+			RequestCache requestCache = builder.getSharedObject(RequestCache.class);
 
+			if (requestCache != null) {
 
+				authorizationRequestRedirectFilter.setRequestCache(requestCache);
 
+			}
 
+			return authorizationRequestRedirectFilter;
 
+		}
 
+
 
+		private OAuth2AuthorizationRequestResolver getAuthorizationRequestResolver() {
 
+			if (this.authorizationRequestResolver != null) {
 
+				return this.authorizationRequestResolver;
 
+			}
 
+			ClientRegistrationRepository clientRegistrationRepository = OAuth2ClientConfigurerUtils
 
+					.getClientRegistrationRepository(getBuilder());
 
+			return new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository,
 
+					OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI);
 
+		}
 
+
 
+		private OAuth2AuthorizationCodeGrantFilter createAuthorizationCodeGrantFilter(B builder) {
 
+			AuthenticationManager authenticationManager = builder.getSharedObject(AuthenticationManager.class);
 
+			OAuth2AuthorizationCodeGrantFilter authorizationCodeGrantFilter = new OAuth2AuthorizationCodeGrantFilter(
 
+					OAuth2ClientConfigurerUtils.getClientRegistrationRepository(builder),
 
+					OAuth2ClientConfigurerUtils.getAuthorizedClientRepository(builder),
 
+					authenticationManager);
 
+
 
+			if (this.authorizationRequestRepository != null) {
 
+				authorizationCodeGrantFilter.setAuthorizationRequestRepository(this.authorizationRequestRepository);
 
+			}
 
+			return authorizationCodeGrantFilter;
 
+		}
 
+
 
+		private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> getAccessTokenResponseClient() {
 
+			if (this.accessTokenResponseClient != null) {
 
+				return this.accessTokenResponseClient;
 
+			}
 
+			return new NimbusAuthorizationCodeTokenResponseClient();
 
 		}
 
 		}
 
 	}
 
 	}
 
 
 
 	@Override
 
 	@Override
 
 	public void init(B builder) throws Exception {
 
 	public void init(B builder) throws Exception {
 
-		if (this.authorizationCodeGrantConfigurer != null) {
 
-			this.init(builder, this.authorizationCodeGrantConfigurer);
 
-		}
 
+		this.authorizationCodeGrantConfigurer.init(builder);
 
 	}
 
 	}
 
 
 
 	@Override
 
 	@Override
 
 	public void configure(B builder) throws Exception {
 
 	public void configure(B builder) throws Exception {
 
-		if (this.authorizationCodeGrantConfigurer != null) {
 
-			this.authorizationCodeGrantConfigurer.configure(builder);
 
-		}
 
-	}
 
-
 
-	private void init(B builder, AuthorizationCodeGrantConfigurer authorizationCodeGrantConfigurer) throws Exception {
 
-		OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient =
 
-			authorizationCodeGrantConfigurer.tokenEndpointConfig.accessTokenResponseClient;
 
-		if (accessTokenResponseClient == null) {
 
-			accessTokenResponseClient = new NimbusAuthorizationCodeTokenResponseClient();
 
-		}
 
-
 
-		OAuth2AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider =
 
-			new OAuth2AuthorizationCodeAuthenticationProvider(accessTokenResponseClient);
 
-		builder.authenticationProvider(this.postProcess(authorizationCodeAuthenticationProvider));
 
+		this.authorizationCodeGrantConfigurer.configure(builder);
 
 	}
 
 	}
 
 }
 
 }

+ 2 - 5
config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
View File 

@@ -221,11 +221,8 @@ public class OAuth2ClientConfigurerTests {
 
 				.oauth2()
 
 				.oauth2()
 
 					.client()
 
 					.client()
 
 						.authorizationCodeGrant()
 
 						.authorizationCodeGrant()
 
-							.authorizationEndpoint()
 
-								.authorizationRequestResolver(authorizationRequestResolver)
 
-								.and()
 
-							.tokenEndpoint()
 
-								.accessTokenResponseClient(accessTokenResponseClient);
 
+							.authorizationRequestResolver(authorizationRequestResolver)
 
+							.accessTokenResponseClient(accessTokenResponseClient);
 
 		}
 
 		}
 
 
 
 		@Bean
 
 		@Bean

+ 1 - 2
samples/boot/authcodegrant/src/integration-test/java/org/springframework/security/samples/OAuth2AuthorizationCodeGrantApplicationTests.java
View File 

@@ -150,8 +150,7 @@ public class OAuth2AuthorizationCodeGrantApplicationTests {
 
 				.oauth2()
 
 				.oauth2()
 
 					.client()
 
 					.client()
 
 						.authorizationCodeGrant()
 
 						.authorizationCodeGrant()
 
-							.tokenEndpoint()
 
-								.accessTokenResponseClient(this.accessTokenResponseClient());
 
+							.accessTokenResponseClient(this.accessTokenResponseClient());
 
 		}
 
 		}
 
 		// @formatter:on
 
 		// @formatter:on

+ 1 - 2
samples/boot/authcodegrant/src/main/java/sample/config/SecurityConfig.java
View File 

@@ -42,8 +42,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
 			.formLogin()
 
 			.formLogin()
 
 				.and()
 
 				.and()
 
 			.oauth2()
 
 			.oauth2()
 
-				.client()
 
-					.authorizationCodeGrant();
 
+				.client();
 
 	}
 
 	}
 
 
 
 	@Bean
 
 	@Bean