Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
github
/
spring-security
mirror de https://github.com/spring-projects/spring-security
2
0
Fork 0
Ficheiros Problemas 0 Wiki
Ver Fonte

Fix oauth2login loginProcessingUrl NPE for java config

Java Config http.oauth2Login().loginProcessingUrl("url"); throws NPE.
Override loginProcessingUrl method and cached config url.
Then when the config is initialized,
it calls the super method to complete the configuration.

Fixes gh-5488
mhyeon.lee há 7 anos atrás
pai
522bfe9e05
commit
2af69f08a9
2 ficheiros alterados com 52 adições e 3 exclusões
Visão Dividida Mostrar Estatísticas Diff
  1. 11 3
      config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
  2. 41 0
      config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java

+ 11 - 3
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
Ver Ficheiro 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright 2002-2017 the original author or authors.
 
+ * Copyright 2002-2018 the original author or authors.
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -124,6 +124,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 
 	private final RedirectionEndpointConfig redirectionEndpointConfig = new RedirectionEndpointConfig();
 
 	private final UserInfoEndpointConfig userInfoEndpointConfig = new UserInfoEndpointConfig();
 
 	private String loginPage;
 
+	private String loginProcessingUrl = OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
 
 
 	/**
 
 	 * Sets the repository of client registrations.
 
@@ -156,6 +157,13 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 
 		return this;
 
 	}
 
 
+	@Override
 
+	public OAuth2LoginConfigurer<B> loginProcessingUrl(String loginProcessingUrl) {
 
+		Assert.hasText(loginProcessingUrl, "loginProcessingUrl cannot be empty");
 
+		this.loginProcessingUrl = loginProcessingUrl;
 
+		return this;
 
+	}
 
+
 
 	/**
 
 	 * Returns the {@link AuthorizationEndpointConfig} for configuring the Authorization Server's Authorization Endpoint.
 
 	 *
 
@@ -378,9 +386,9 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 
 			new OAuth2LoginAuthenticationFilter(
 
 				OAuth2ClientConfigurerUtils.getClientRegistrationRepository(this.getBuilder()),
 
 				OAuth2ClientConfigurerUtils.getAuthorizedClientService(this.getBuilder()),
 
-				OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
 
+				this.loginProcessingUrl);
 
 		this.setAuthenticationFilter(authenticationFilter);
 
-		this.loginProcessingUrl(OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
 
+		super.loginProcessingUrl(this.loginProcessingUrl);
 
 		if (this.loginPage != null) {
 
 			super.loginPage(this.loginPage);
 
 		}

+ 41 - 0
config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
Ver Ficheiro 

@@ -197,6 +197,34 @@ public class OAuth2LoginConfigurerTests {
 
 		assertThat(authentication.getAuthorities()).last().hasToString("ROLE_OAUTH2_USER");
 
 	}
 
 
+	// gh-5488
 
+	@Test
 
+	public void oauth2LoginConfigLoginProcessingUrl() throws Exception {
 
+		// setup application context
 
+		loadConfig(OAuth2LoginConfigLoginProcessingUrl.class);
 
+
 
+		// setup authorization request
 
+		OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest();
 
+		this.request.setServletPath("/login/oauth2/google");
 
+		this.authorizationRequestRepository.saveAuthorizationRequest(
 
+				authorizationRequest, this.request, this.response);
 
+
 
+		// setup authentication parameters
 
+		this.request.setParameter("code", "code123");
 
+		this.request.setParameter("state", authorizationRequest.getState());
 
+
 
+		// perform test
 
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
 
+
 
+		// assertions
 
+		Authentication authentication = this.securityContextRepository
 
+				.loadContext(new HttpRequestResponseHolder(this.request, this.response))
 
+				.getAuthentication();
 
+		assertThat(authentication.getAuthorities()).hasSize(1);
 
+		assertThat(authentication.getAuthorities()).first()
 
+				.isInstanceOf(OAuth2UserAuthority.class).hasToString("ROLE_USER");
 
+	}
 
+
 
 	@Test
 
 	public void oidcLogin() throws Exception {
 
 		// setup application context
 
@@ -365,6 +393,19 @@ public class OAuth2LoginConfigurerTests {
 
 		}
 
 	}
 
 
+	@EnableWebSecurity
 
+	static class OAuth2LoginConfigLoginProcessingUrl extends CommonWebSecurityConfigurerAdapter {
 
+		@Override
 
+		protected void configure(HttpSecurity http) throws Exception {
 
+			http
 
+				.oauth2Login()
 
+					.clientRegistrationRepository(
 
+						new InMemoryClientRegistrationRepository(CLIENT_REGISTRATION))
 
+					.loginProcessingUrl("/login/oauth2/*");
 
+			super.configure(http);
 
+		}
 
+	}
 
+
 
 	private static abstract class CommonWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
 
 		@Override
 
 		protected void configure(HttpSecurity http) throws Exception {