Remove AuthorizationCodeRequestRedirectFilter. setAuthorizationRequestMatcher

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeGrantConfigurer.java

@@ -65,7 +65,7 @@ public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>>
 
 	// ***** Authorization Request members
 	private AuthorizationCodeRequestRedirectFilter authorizationRequestFilter;
-	private RequestMatcher authorizationRequestMatcher;
+	private String authorizationRequestBaseUri = AuthorizationCodeRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI;
 	private AuthorizationRequestUriBuilder authorizationRequestBuilder;
 	private AuthorizationRequestRepository authorizationRequestRepository;
 
@@ -80,9 +80,9 @@ public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>>
 	private Map<URI, Class<? extends OAuth2User>> customUserTypes = new HashMap<>();
 	private GrantedAuthoritiesMapper userAuthoritiesMapper;
 
-	public AuthorizationCodeGrantConfigurer<B> authorizationRequestMatcher(RequestMatcher authorizationRequestMatcher) {
-		Assert.notNull(authorizationRequestMatcher, "authorizationRequestMatcher cannot be null");
-		this.authorizationRequestMatcher = authorizationRequestMatcher;
+	public AuthorizationCodeGrantConfigurer<B> authorizationRequestBaseUri(String authorizationRequestBaseUri) {
+		Assert.hasText(authorizationRequestBaseUri, "authorizationRequestBaseUri cannot be empty");
+		this.authorizationRequestBaseUri = authorizationRequestBaseUri;
 		return this;
 	}
 
@@ -183,10 +183,7 @@ public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>>
 		//
 		// 	-> AuthorizationCodeRequestRedirectFilter
 		this.authorizationRequestFilter = new AuthorizationCodeRequestRedirectFilter(
-			this.getClientRegistrationRepository());
-		if (this.authorizationRequestMatcher != null) {
-			this.authorizationRequestFilter.setAuthorizationRequestMatcher(this.authorizationRequestMatcher);
-		}
+			this.authorizationRequestBaseUri, this.getClientRegistrationRepository());
 		if (this.authorizationRequestBuilder != null) {
 			this.authorizationRequestFilter.setAuthorizationUriBuilder(this.authorizationRequestBuilder);
 		}
@@ -221,8 +218,8 @@ public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>>
 		return this.authorizationRequestFilter;
 	}
 
-	RequestMatcher getAuthorizationRequestMatcher() {
-		return this.authorizationRequestMatcher;
+	String getAuthorizationRequestBaseUri() {
+		return this.authorizationRequestBaseUri;
 	}
 
 	AuthorizationCodeAuthenticationFilter getAuthorizationResponseFilter() {

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java

@@ -28,14 +28,12 @@ import org.springframework.security.oauth2.client.registration.InMemoryClientReg
 import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
 import org.springframework.security.oauth2.client.user.OAuth2UserService;
 import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationFilter;
-import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter;
 import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
 import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
 import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder;
 import org.springframework.security.oauth2.core.AccessToken;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
@@ -44,8 +42,6 @@ import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Map;
 
-import static org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter.REGISTRATION_ID_URI_VARIABLE_NAME;
-
 /**
  * A security configurer for OAuth 2.0 / OpenID Connect 1.0 login.
  *
@@ -85,9 +81,9 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 		private AuthorizationEndpointConfig() {
 		}
 
-		public AuthorizationEndpointConfig requestMatcher(RequestMatcher authorizationRequestMatcher) {
-			Assert.notNull(authorizationRequestMatcher, "authorizationRequestMatcher cannot be null");
-			authorizationCodeGrantConfigurer.authorizationRequestMatcher(authorizationRequestMatcher);
+		public AuthorizationEndpointConfig baseUri(String authorizationRequestBaseUri) {
+			Assert.hasText(authorizationRequestBaseUri, "authorizationRequestBaseUri cannot be empty");
+			authorizationCodeGrantConfigurer.authorizationRequestBaseUri(authorizationRequestBaseUri);
 			return this;
 		}
 
@@ -247,24 +243,10 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 			return;
 		}
 
-		String authorizationRequestBaseUri;
-		RequestMatcher authorizationRequestMatcher = authorizationCodeGrantConfigurer.getAuthorizationRequestMatcher();
-		if (authorizationRequestMatcher != null && AntPathRequestMatcher.class.isAssignableFrom(authorizationRequestMatcher.getClass())) {
-			String authorizationRequestPattern =  ((AntPathRequestMatcher)authorizationRequestMatcher).getPattern();
-			String registrationIdTemplateVariable = "{" + REGISTRATION_ID_URI_VARIABLE_NAME + "}";
-			if (authorizationRequestPattern.endsWith(registrationIdTemplateVariable)) {
-				authorizationRequestBaseUri = authorizationRequestPattern.substring(
-					0, authorizationRequestPattern.length() - registrationIdTemplateVariable.length() - 1);
-			} else {
-				authorizationRequestBaseUri = authorizationRequestPattern;
-			}
-		} else {
-			authorizationRequestBaseUri = AuthorizationCodeRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI;
-		}
-
 		Map<String, String> authenticationUrlToClientName = new HashMap<>();
 		clientRegistrations.forEach(registration -> authenticationUrlToClientName.put(
-			authorizationRequestBaseUri + "/" + registration.getRegistrationId(), registration.getClientName()));
+			authorizationCodeGrantConfigurer.getAuthorizationRequestBaseUri() + "/" + registration.getRegistrationId(),
+			registration.getClientName()));
 		loginPageGeneratingFilter.setOauth2LoginEnabled(true);
 		loginPageGeneratingFilter.setOauth2AuthenticationUrlToClientName(authenticationUrlToClientName);
 		loginPageGeneratingFilter.setLoginPageUrl(this.getLoginPage());

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeRequestRedirectFilter.java

@@ -64,8 +64,7 @@ import java.util.Map;
 public class AuthorizationCodeRequestRedirectFilter extends OncePerRequestFilter {
 	public static final String DEFAULT_AUTHORIZATION_REQUEST_BASE_URI = "/oauth2/authorization/code";
 	public static final String REGISTRATION_ID_URI_VARIABLE_NAME = "registrationId";
-	public static final String DEFAULT_AUTHORIZATION_REQUEST_URI = DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/{" + REGISTRATION_ID_URI_VARIABLE_NAME + "}";
-	private RequestMatcher authorizationRequestMatcher = new AntPathRequestMatcher(DEFAULT_AUTHORIZATION_REQUEST_URI);
+	private final RequestMatcher authorizationRequestMatcher;
 	private final ClientRegistrationRepository clientRegistrationRepository;
 	private AuthorizationRequestUriBuilder authorizationUriBuilder = new DefaultAuthorizationRequestUriBuilder();
 	private final RedirectStrategy authorizationRedirectStrategy = new DefaultRedirectStrategy();
@@ -73,15 +72,17 @@ public class AuthorizationCodeRequestRedirectFilter extends OncePerRequestFilter
 	private AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository();
 
 	public AuthorizationCodeRequestRedirectFilter(ClientRegistrationRepository clientRegistrationRepository) {
-		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
-		this.clientRegistrationRepository = clientRegistrationRepository;
+		this(DEFAULT_AUTHORIZATION_REQUEST_BASE_URI, clientRegistrationRepository);
 	}
 
-	public final void setAuthorizationRequestMatcher(RequestMatcher authorizationRequestMatcher) {
-		Assert.notNull(authorizationRequestMatcher, "authorizationRequestMatcher cannot be null");
-		Assert.isInstanceOf(RequestVariablesExtractor.class, authorizationRequestMatcher,
-			"authorizationRequestMatcher must also be a " + RequestVariablesExtractor.class.getName());
-		this.authorizationRequestMatcher = authorizationRequestMatcher;
+	public AuthorizationCodeRequestRedirectFilter(
+		String authorizationRequestBaseUri, ClientRegistrationRepository clientRegistrationRepository) {
+
+		Assert.hasText(authorizationRequestBaseUri, "authorizationRequestBaseUri cannot be empty");
+		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
+		this.authorizationRequestMatcher = new AntPathRequestMatcher(
+			authorizationRequestBaseUri + "/{" + REGISTRATION_ID_URI_VARIABLE_NAME + "}");
+		this.clientRegistrationRepository = clientRegistrationRepository;
 	}
 
 	public final void setAuthorizationUriBuilder(AuthorizationRequestUriBuilder authorizationUriBuilder) {