4 jaren geleden · b774e91734
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
@@ -80,8 +80,8 @@ import org.springframework.web.accept.HeaderContentNegotiationStrategy;
 
				  * authentication failures are handled
			
 
				  * <li>{@link #bearerTokenResolver(BearerTokenResolver)} - customizes how to resolve a
			
 
				  * bearer token from the request</li>
			
 
				- * <li>{@link #bearerTokenAuthenticationConverter(AuthenticationConverter)}</li> -
			
 
				- * customizes how to convert a bear token authentication from the request
			
 
				+ * <li>{@link #authenticationConverter(AuthenticationConverter)}</li> - customizes how to
			
 
				+ * convert a bearer token authentication from the request
			
 
				  * <li>{@link #jwt(Customizer)} - enables Jwt-encoded bearer token support</li>
			
 
				  * <li>{@link #opaqueToken(Customizer)} - enables opaque bearer token support</li>
			
 
				  * </ul>
			
@@ -195,8 +195,7 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 
				 		return this;
			
 
				 	}
			
 
				 
			
 
				-	public OAuth2ResourceServerConfigurer<H> bearerTokenAuthenticationConverter(
			
 
				-			AuthenticationConverter authenticationConverter) {
			
 
				+	public OAuth2ResourceServerConfigurer<H> authenticationConverter(AuthenticationConverter authenticationConverter) {
			
 
				 		Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
			
 
				 		this.authenticationConverter = authenticationConverter;
			
 
				 		return this;
			
@@ -266,7 +265,7 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 
				 			resolver = (request) -> authenticationManager;
			
 
				 		}
			
 
				 
			
 
				-		this.authenticationConverter = getBearerTokenAuthenticationConverter();
			
 
				+		this.authenticationConverter = getAuthenticationConverter();
			
 
				 
			
 
				 		BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(resolver);
			
 
				 		filter.setAuthenticationConverter(this.authenticationConverter);
			
@@ -363,7 +362,7 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 
				 		return this.bearerTokenResolver;
			
 
				 	}
			
 
				 
			
 
				-	AuthenticationConverter getBearerTokenAuthenticationConverter() {
			
 
				+	AuthenticationConverter getAuthenticationConverter() {
			
 
				 		if (this.authenticationConverter == null) {
			
 
				 			if (this.context.getBeanNamesForType(BearerTokenAuthenticationConverter.class).length > 0) {
			
 
				 				this.authenticationConverter = this.context.getBean(BearerTokenAuthenticationConverter.class);
			
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
@@ -732,8 +732,8 @@ public class OAuth2ResourceServerConfigurerTests {
 
				 		context.registerBean("converterTwo", BearerTokenAuthenticationConverter.class, () -> converterBean);
			
 
				 		this.spring.context(context).autowire();
			
 
				 		OAuth2ResourceServerConfigurer oauth2 = new OAuth2ResourceServerConfigurer(context);
			
 
				-		oauth2.bearerTokenAuthenticationConverter(converter);
			
 
				-		assertThat(oauth2.getBearerTokenAuthenticationConverter()).isEqualTo(converter);
			
 
				+		oauth2.authenticationConverter(converter);
			
 
				+		assertThat(oauth2.getAuthenticationConverter()).isEqualTo(converter);
			
 
				 	}
			
 
				 
			
 
				 	@Test
			
@@ -751,16 +751,15 @@ public class OAuth2ResourceServerConfigurerTests {
 
				 		context.registerBean(BearerTokenAuthenticationConverter.class, () -> converterBean);
			
 
				 		this.spring.context(context).autowire();
			
 
				 		OAuth2ResourceServerConfigurer oauth2 = new OAuth2ResourceServerConfigurer(context);
			
 
				-		oauth2.bearerTokenAuthenticationConverter(converter);
			
 
				-		assertThat(oauth2.getBearerTokenAuthenticationConverter()).isEqualTo(converter);
			
 
				+		oauth2.authenticationConverter(converter);
			
 
				+		assertThat(oauth2.getAuthenticationConverter()).isEqualTo(converter);
			
 
				 	}
			
 
				 
			
 
				 	@Test
			
 
				 	public void getBearerTokenAuthenticationConverterWhenNoConverterSpecifiedThenTheDefaultIsUsed() {
			
 
				 		ApplicationContext context = this.spring.context(new GenericWebApplicationContext()).getContext();
			
 
				 		OAuth2ResourceServerConfigurer oauth2 = new OAuth2ResourceServerConfigurer(context);
			
 
				-		assertThat(oauth2.getBearerTokenAuthenticationConverter())
			
 
				-				.isInstanceOf(BearerTokenAuthenticationConverter.class);
			
 
				+		assertThat(oauth2.getAuthenticationConverter()).isInstanceOf(BearerTokenAuthenticationConverter.class);
			
 
				 	}
			
 
				 
			
 
				 	@Test
			
@@ -770,7 +769,7 @@ public class OAuth2ResourceServerConfigurerTests {
 
				 		context.registerBean(BearerTokenAuthenticationConverter.class, () -> converterBean);
			
 
				 		this.spring.context(context).autowire();
			
 
				 		OAuth2ResourceServerConfigurer oauth2 = new OAuth2ResourceServerConfigurer(context);
			
 
				-		assertThat(oauth2.getBearerTokenAuthenticationConverter()).isEqualTo(converterBean);
			
 
				+		assertThat(oauth2.getAuthenticationConverter()).isEqualTo(converterBean);
			
 
				 
			
 
				 	}
			
 
				 
			
@@ -783,7 +782,7 @@ public class OAuth2ResourceServerConfigurerTests {
 
				 		this.spring.context(context).autowire();
			
 
				 		OAuth2ResourceServerConfigurer oauth2 = new OAuth2ResourceServerConfigurer(context);
			
 
				 		BearerTokenAuthenticationToken bearerTokenAuthenticationToken = (BearerTokenAuthenticationToken) oauth2
			
 
				-				.getBearerTokenAuthenticationConverter().convert(servletRequest);
			
 
				+				.getAuthenticationConverter().convert(servletRequest);
			
 
				 		String token = bearerTokenAuthenticationToken.getToken();
			
 
				 		assertThat(token).isEqualTo("bearer customToken");
			
 
				 
			
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationConverter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationConverter.java
@@ -36,13 +36,9 @@ import org.springframework.util.Assert;
 
				  */
			
 
				 public final class BearerTokenAuthenticationConverter implements AuthenticationConverter {
			
 
				 
			
 
				-	private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
			
 
				-
			
 
				-	private BearerTokenResolver bearerTokenResolver;
			
 
				+	private BearerTokenResolver bearerTokenResolver = new DefaultBearerTokenResolver();
			
 
				 
			
 
				-	public BearerTokenAuthenticationConverter() {
			
 
				-		this.bearerTokenResolver = new DefaultBearerTokenResolver();
			
 
				-	}
			
 
				+	private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
			
 
				 
			
 
				 	@Override
			
 
				 	public BearerTokenAuthenticationToken convert(HttpServletRequest request) {
			
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java
@@ -153,6 +153,17 @@ public final class BearerTokenAuthenticationFilter extends OncePerRequestFilter
 
				 		((BearerTokenAuthenticationConverter) this.authenticationConverter).setBearerTokenResolver(bearerTokenResolver);
			
 
				 	}
			
 
				 
			
 
				+	/**
			
 
				+	 * Set the {@link AuthenticationConverter} to use. Defaults to
			
 
				+	 * {@link BearerTokenAuthenticationConverter}.
			
 
				+	 * @param authenticationConverter the {@code AuthenticationConverter} to use
			
 
				+	 * @since 5.5
			
 
				+	 */
			
 
				+	public void setAuthenticationConverter(AuthenticationConverter authenticationConverter) {
			
 
				+		Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
			
 
				+		this.authenticationConverter = authenticationConverter;
			
 
				+	}
			
 
				+
			
 
				 	/**
			
 
				 	 * Set the {@link AuthenticationEntryPoint} to use. Defaults to
			
 
				 	 * {@link BearerTokenAuthenticationEntryPoint}.
			
@@ -174,15 +185,4 @@ public final class BearerTokenAuthenticationFilter extends OncePerRequestFilter
 
				 		this.authenticationFailureHandler = authenticationFailureHandler;
			
 
				 	}
			
 
				 
			
 
				-	/**
			
 
				-	 * Set the {@link AuthenticationConverter} to use. Defaults to
			
 
				-	 * {@link BearerTokenAuthenticationConverter}.
			
 
				-	 * @param authenticationConverter the {@code AuthenticationConverter} to use
			
 
				-	 * @since 5.5
			
 
				-	 */
			
 
				-	public void setAuthenticationConverter(AuthenticationConverter authenticationConverter) {
			
 
				-		Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
			
 
				-		this.authenticationConverter = authenticationConverter;
			
 
				-	}
			
 
				-
			
 
				 }