Example 1 with OAuth2ClientProperties
use of org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties in project okta-spring-boot by okta.
the class OktaOAuth2Configurer method init.
@SuppressWarnings("rawtypes")
@Override
public void init(HttpSecurity http) throws Exception {
ApplicationContext context = http.getSharedObject(ApplicationContext.class);
// make sure OktaOAuth2Properties are available
if (!context.getBeansOfType(OktaOAuth2Properties.class).isEmpty()) {
OktaOAuth2Properties oktaOAuth2Properties = context.getBean(OktaOAuth2Properties.class);
// Auth Code Flow Config
// if OAuth2ClientProperties bean is not available do NOT configure
OAuth2ClientProperties.Provider propertiesProvider;
OAuth2ClientProperties.Registration propertiesRegistration;
if (!context.getBeansOfType(OAuth2ClientProperties.class).isEmpty() && (propertiesProvider = context.getBean(OAuth2ClientProperties.class).getProvider().get("okta")) != null && (propertiesRegistration = context.getBean(OAuth2ClientProperties.class).getRegistration().get("okta")) != null && !isEmpty(propertiesProvider.getIssuerUri()) && !isEmpty(propertiesRegistration.getClientId())) {
// configure Okta user services
configureLogin(http, oktaOAuth2Properties, context.getBean(Environment.class));
// check for RP-Initiated logout
if (!context.getBeansOfType(OidcClientInitiatedLogoutSuccessHandler.class).isEmpty()) {
http.logout().logoutSuccessHandler(context.getBean(OidcClientInitiatedLogoutSuccessHandler.class));
}
// if issuer is root org, use opaque token validation
if (TokenUtil.isRootOrgIssuer(propertiesProvider.getIssuerUri())) {
log.debug("Opaque Token validation/introspection will be configured.");
configureResourceServerForOpaqueTokenValidation(http, oktaOAuth2Properties);
return;
}
OAuth2ResourceServerConfigurer oAuth2ResourceServerConfigurer = http.getConfigurer(OAuth2ResourceServerConfigurer.class);
if (getJwtConfigurer(oAuth2ResourceServerConfigurer).isPresent()) {
log.debug("JWT configurer is set in OAuth resource server configuration. " + "JWT validation will be configured.");
configureResourceServerForJwtValidation(http, oktaOAuth2Properties);
} else if (getOpaqueTokenConfigurer(oAuth2ResourceServerConfigurer).isPresent()) {
log.debug("Opaque Token configurer is set in OAuth resource server configuration. " + "Opaque Token validation/introspection will be configured.");
configureResourceServerForOpaqueTokenValidation(http, oktaOAuth2Properties);
} else {
log.debug("OAuth2ResourceServerConfigurer bean not configured, Resource Server support will not be enabled.");
}
} else {
log.debug("OAuth/OIDC Login not configured due to missing issuer, client-id, or client-secret property");
}
}
}
Also used :
ApplicationContext(org.springframework.context.ApplicationContext)
OidcClientInitiatedLogoutSuccessHandler(org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler)
OAuth2ResourceServerConfigurer(org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer)
Environment(org.springframework.core.env.Environment)
OktaOAuth2Properties(com.okta.spring.boot.oauth.config.OktaOAuth2Properties)
OAuth2ClientProperties(org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties)
Example 2 with OAuth2ClientProperties
use of org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties in project spring-boot by spring-projects.
the class OAuth2ClientPropertiesRegistrationAdapterTests method getClientRegistrationsWhenProviderNotSpecifiedShouldUseRegistrationId.
@Test
void getClientRegistrationsWhenProviderNotSpecifiedShouldUseRegistrationId() {
OAuth2ClientProperties properties = new OAuth2ClientProperties();
OAuth2ClientProperties.Registration registration = new OAuth2ClientProperties.Registration();
registration.setClientId("clientId");
registration.setClientSecret("clientSecret");
properties.getRegistration().put("google", registration);
Map<String, ClientRegistration> registrations = OAuth2ClientPropertiesRegistrationAdapter.getClientRegistrations(properties);
ClientRegistration adapted = registrations.get("google");
ProviderDetails adaptedProvider = adapted.getProviderDetails();
assertThat(adaptedProvider.getAuthorizationUri()).isEqualTo("https://accounts.google.com/o/oauth2/v2/auth");
assertThat(adaptedProvider.getTokenUri()).isEqualTo("https://www.googleapis.com/oauth2/v4/token");
UserInfoEndpoint userInfoEndpoint = adaptedProvider.getUserInfoEndpoint();
assertThat(userInfoEndpoint.getUri()).isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo");
assertThat(userInfoEndpoint.getAuthenticationMethod()).isEqualTo(org.springframework.security.oauth2.core.AuthenticationMethod.HEADER);
assertThat(adaptedProvider.getJwkSetUri()).isEqualTo("https://www.googleapis.com/oauth2/v3/certs");
assertThat(adapted.getRegistrationId()).isEqualTo("google");
assertThat(adapted.getClientId()).isEqualTo("clientId");
assertThat(adapted.getClientSecret()).isEqualTo("clientSecret");
assertThat(adapted.getClientAuthenticationMethod()).isEqualTo(org.springframework.security.oauth2.core.ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
assertThat(adapted.getAuthorizationGrantType()).isEqualTo(org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE);
assertThat(adapted.getRedirectUri()).isEqualTo("{baseUrl}/{action}/oauth2/code/{registrationId}");
assertThat(adapted.getScopes()).containsExactly("openid", "profile", "email");
assertThat(adapted.getClientName()).isEqualTo("Google");
}
Also used :
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
Registration(org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Registration)
Registration(org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Registration)
UserInfoEndpoint(org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint)
ProviderDetails(org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails)
Test(org.junit.jupiter.api.Test)
Example 3 with OAuth2ClientProperties
use of org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties in project spring-boot by spring-projects.
the class OAuth2ClientPropertiesRegistrationAdapterTests method getClientRegistrationsWhenUnknownProviderShouldThrowException.
@Test
void getClientRegistrationsWhenUnknownProviderShouldThrowException() {
OAuth2ClientProperties properties = new OAuth2ClientProperties();
OAuth2ClientProperties.Registration registration = new OAuth2ClientProperties.Registration();
registration.setProvider("missing");
properties.getRegistration().put("registration", registration);
assertThatIllegalStateException().isThrownBy(() -> OAuth2ClientPropertiesRegistrationAdapter.getClientRegistrations(properties)).withMessageContaining("Unknown provider ID 'missing'");
}
Also used :
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
Registration(org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Registration)
Registration(org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Registration)
Test(org.junit.jupiter.api.Test)
Example 4 with OAuth2ClientProperties
use of org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties in project spring-boot by spring-projects.
the class OAuth2ClientPropertiesRegistrationAdapterTests method getClientRegistrationsWhenUsingCommonProviderWithOverrideShouldAdapt.
@Test
void getClientRegistrationsWhenUsingCommonProviderWithOverrideShouldAdapt() {
OAuth2ClientProperties properties = new OAuth2ClientProperties();
OAuth2ClientProperties.Registration registration = createRegistration("google");
registration.setClientName("clientName");
properties.getRegistration().put("registration", registration);
Map<String, ClientRegistration> registrations = OAuth2ClientPropertiesRegistrationAdapter.getClientRegistrations(properties);
ClientRegistration adapted = registrations.get("registration");
ProviderDetails adaptedProvider = adapted.getProviderDetails();
assertThat(adaptedProvider.getAuthorizationUri()).isEqualTo("https://accounts.google.com/o/oauth2/v2/auth");
assertThat(adaptedProvider.getTokenUri()).isEqualTo("https://www.googleapis.com/oauth2/v4/token");
UserInfoEndpoint userInfoEndpoint = adaptedProvider.getUserInfoEndpoint();
assertThat(userInfoEndpoint.getUri()).isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo");
assertThat(userInfoEndpoint.getUserNameAttributeName()).isEqualTo(IdTokenClaimNames.SUB);
assertThat(userInfoEndpoint.getAuthenticationMethod()).isEqualTo(org.springframework.security.oauth2.core.AuthenticationMethod.HEADER);
assertThat(adaptedProvider.getJwkSetUri()).isEqualTo("https://www.googleapis.com/oauth2/v3/certs");
assertThat(adapted.getRegistrationId()).isEqualTo("registration");
assertThat(adapted.getClientId()).isEqualTo("clientId");
assertThat(adapted.getClientSecret()).isEqualTo("clientSecret");
assertThat(adapted.getClientAuthenticationMethod()).isEqualTo(org.springframework.security.oauth2.core.ClientAuthenticationMethod.CLIENT_SECRET_POST);
assertThat(adapted.getAuthorizationGrantType()).isEqualTo(org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE);
assertThat(adapted.getRedirectUri()).isEqualTo("https://example.com/redirect");
assertThat(adapted.getScopes()).containsExactly("user");
assertThat(adapted.getClientName()).isEqualTo("clientName");
}
Also used :
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
Registration(org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Registration)
UserInfoEndpoint(org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint)
ProviderDetails(org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails)
Test(org.junit.jupiter.api.Test)
Example 5 with OAuth2ClientProperties
use of org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties in project spring-boot by spring-projects.
the class OAuth2ClientPropertiesRegistrationAdapterTests method getClientRegistrationsWhenUsingDefinedProviderShouldAdapt.
@Test
void getClientRegistrationsWhenUsingDefinedProviderShouldAdapt() {
OAuth2ClientProperties properties = new OAuth2ClientProperties();
Provider provider = createProvider();
provider.setUserInfoAuthenticationMethod("form");
OAuth2ClientProperties.Registration registration = createRegistration("provider");
registration.setClientName("clientName");
properties.getRegistration().put("registration", registration);
properties.getProvider().put("provider", provider);
Map<String, ClientRegistration> registrations = OAuth2ClientPropertiesRegistrationAdapter.getClientRegistrations(properties);
ClientRegistration adapted = registrations.get("registration");
ProviderDetails adaptedProvider = adapted.getProviderDetails();
assertThat(adaptedProvider.getAuthorizationUri()).isEqualTo("https://example.com/auth");
assertThat(adaptedProvider.getTokenUri()).isEqualTo("https://example.com/token");
UserInfoEndpoint userInfoEndpoint = adaptedProvider.getUserInfoEndpoint();
assertThat(userInfoEndpoint.getUri()).isEqualTo("https://example.com/info");
assertThat(userInfoEndpoint.getAuthenticationMethod()).isEqualTo(org.springframework.security.oauth2.core.AuthenticationMethod.FORM);
assertThat(userInfoEndpoint.getUserNameAttributeName()).isEqualTo("sub");
assertThat(adaptedProvider.getJwkSetUri()).isEqualTo("https://example.com/jwk");
assertThat(adapted.getRegistrationId()).isEqualTo("registration");
assertThat(adapted.getClientId()).isEqualTo("clientId");
assertThat(adapted.getClientSecret()).isEqualTo("clientSecret");
assertThat(adapted.getClientAuthenticationMethod()).isEqualTo(org.springframework.security.oauth2.core.ClientAuthenticationMethod.CLIENT_SECRET_POST);
assertThat(adapted.getAuthorizationGrantType()).isEqualTo(org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE);
assertThat(adapted.getRedirectUri()).isEqualTo("https://example.com/redirect");
assertThat(adapted.getScopes()).containsExactly("user");
assertThat(adapted.getClientName()).isEqualTo("clientName");
}
Also used :
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
Registration(org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Registration)
UserInfoEndpoint(org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint)
ProviderDetails(org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails)
Provider(org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Provider)
Test(org.junit.jupiter.api.Test)
Aggregations
ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)10
Test (org.junit.jupiter.api.Test)7
Registration (org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Registration)7
ProviderDetails (org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails)6
UserInfoEndpoint (org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint)6
OAuth2ClientProperties (org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties)4
Provider (org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Provider)3
URI (java.net.URI)2
ArrayList (java.util.ArrayList)2
HashMap (java.util.HashMap)2
List (java.util.List)2
Map (java.util.Map)2
MockWebServer (okhttp3.mockwebserver.MockWebServer)2
OAuth2ClientPropertiesRegistrationAdapter (org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter)2
DataFlowTemplate (org.springframework.cloud.dataflow.rest.client.DataFlowTemplate)2
HttpClientConfigurer (org.springframework.cloud.dataflow.rest.util.HttpClientConfigurer)2
ClientHttpRequestInterceptor (org.springframework.http.client.ClientHttpRequestInterceptor)2
Nullable (org.springframework.lang.Nullable)2
AbstractAuthenticationToken (org.springframework.security.authentication.AbstractAuthenticationToken)2
Authentication (org.springframework.security.core.Authentication)2
