Search in sources :

Example 1 with AuthorizationRequestRepository

use of org.springframework.security.oauth2.client.web.AuthorizationRequestRepository in project spring-security by spring-projects.

the class OAuth2ClientBeanDefinitionParser method parse.

@Override
public BeanDefinition parse(Element element, ParserContext parserContext) {
    Element authorizationCodeGrantElt = DomUtils.getChildElementByTagName(element, ELT_AUTHORIZATION_CODE_GRANT);
    BeanMetadataElement clientRegistrationRepository = OAuth2ClientBeanDefinitionParserUtils.getClientRegistrationRepository(element);
    BeanMetadataElement authorizedClientRepository = OAuth2ClientBeanDefinitionParserUtils.getAuthorizedClientRepository(element);
    if (authorizedClientRepository == null) {
        BeanMetadataElement authorizedClientService = OAuth2ClientBeanDefinitionParserUtils.getAuthorizedClientService(element);
        this.defaultAuthorizedClientRepository = OAuth2ClientBeanDefinitionParserUtils.createDefaultAuthorizedClientRepository(clientRegistrationRepository, authorizedClientService);
        authorizedClientRepository = new RuntimeBeanReference(OAuth2AuthorizedClientRepository.class);
    }
    BeanMetadataElement authorizationRequestRepository = getAuthorizationRequestRepository(authorizationCodeGrantElt);
    BeanDefinitionBuilder authorizationRequestRedirectFilterBuilder = BeanDefinitionBuilder.rootBeanDefinition(OAuth2AuthorizationRequestRedirectFilter.class);
    String authorizationRequestResolverRef = (authorizationCodeGrantElt != null) ? authorizationCodeGrantElt.getAttribute(ATT_AUTHORIZATION_REQUEST_RESOLVER_REF) : null;
    if (!StringUtils.isEmpty(authorizationRequestResolverRef)) {
        authorizationRequestRedirectFilterBuilder.addConstructorArgReference(authorizationRequestResolverRef);
    } else {
        authorizationRequestRedirectFilterBuilder.addConstructorArgValue(clientRegistrationRepository);
    }
    this.authorizationRequestRedirectFilter = authorizationRequestRedirectFilterBuilder.addPropertyValue("authorizationRequestRepository", authorizationRequestRepository).addPropertyValue("requestCache", this.requestCache).getBeanDefinition();
    this.authorizationCodeGrantFilter = BeanDefinitionBuilder.rootBeanDefinition(OAuth2AuthorizationCodeGrantFilter.class).addConstructorArgValue(clientRegistrationRepository).addConstructorArgValue(authorizedClientRepository).addConstructorArgValue(this.authenticationManager).addPropertyValue("authorizationRequestRepository", authorizationRequestRepository).getBeanDefinition();
    BeanMetadataElement accessTokenResponseClient = getAccessTokenResponseClient(authorizationCodeGrantElt);
    this.authorizationCodeAuthenticationProvider = BeanDefinitionBuilder.rootBeanDefinition(OAuth2AuthorizationCodeAuthenticationProvider.class).addConstructorArgValue(accessTokenResponseClient).getBeanDefinition();
    return null;
}
Also used : BeanMetadataElement(org.springframework.beans.BeanMetadataElement) OAuth2AuthorizationCodeAuthenticationProvider(org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationProvider) BeanDefinitionBuilder(org.springframework.beans.factory.support.BeanDefinitionBuilder) BeanMetadataElement(org.springframework.beans.BeanMetadataElement) Element(org.w3c.dom.Element) RuntimeBeanReference(org.springframework.beans.factory.config.RuntimeBeanReference) OAuth2AuthorizedClientRepository(org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository)

Example 2 with AuthorizationRequestRepository

use of org.springframework.security.oauth2.client.web.AuthorizationRequestRepository in project spring-security by spring-projects.

the class OAuth2LoginTests method oauth2AuthorizeWhenCustomObjectsThenUsed.

@Test
public void oauth2AuthorizeWhenCustomObjectsThenUsed() {
    this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2AuthorizeWithMockObjectsConfig.class, AuthorizedClientController.class).autowire();
    OAuth2AuthorizeWithMockObjectsConfig config = this.spring.getContext().getBean(OAuth2AuthorizeWithMockObjectsConfig.class);
    ServerOAuth2AuthorizedClientRepository authorizedClientRepository = config.authorizedClientRepository;
    ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = config.authorizationRequestRepository;
    ServerRequestCache requestCache = config.requestCache;
    given(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
    given(authorizationRequestRepository.saveAuthorizationRequest(any(), any())).willReturn(Mono.empty());
    given(requestCache.removeMatchingRequest(any())).willReturn(Mono.empty());
    given(requestCache.saveRequest(any())).willReturn(Mono.empty());
    // @formatter:off
    this.client.get().uri("/").exchange().expectStatus().is3xxRedirection();
    // @formatter:on
    verify(authorizedClientRepository).loadAuthorizedClient(any(), any(), any());
    verify(authorizationRequestRepository).saveAuthorizationRequest(any(), any());
    verify(requestCache).saveRequest(any());
}
Also used : ServerOAuth2AuthorizedClientRepository(org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) ServerRequestCache(org.springframework.security.web.server.savedrequest.ServerRequestCache) Test(org.junit.jupiter.api.Test)

Example 3 with AuthorizationRequestRepository

use of org.springframework.security.oauth2.client.web.AuthorizationRequestRepository in project spring-security by spring-projects.

the class OAuth2AuthorizationRequestRedirectFilterTests method doFilterWhenAuthorizationRequestImplicitGrantThenAuthorizationRequestNotSaved.

@Test
public void doFilterWhenAuthorizationRequestImplicitGrantThenAuthorizationRequestNotSaved() throws Exception {
    String requestUri = OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/" + this.registration3.getRegistrationId();
    MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
    request.setServletPath(requestUri);
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = mock(AuthorizationRequestRepository.class);
    this.filter.setAuthorizationRequestRepository(authorizationRequestRepository);
    this.filter.doFilter(request, response, filterChain);
    verifyZeroInteractions(filterChain);
    verify(authorizationRequestRepository, times(0)).saveAuthorizationRequest(any(OAuth2AuthorizationRequest.class), any(HttpServletRequest.class), any(HttpServletResponse.class));
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(jakarta.servlet.FilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 4 with AuthorizationRequestRepository

use of org.springframework.security.oauth2.client.web.AuthorizationRequestRepository in project spring-security by spring-projects.

the class OAuth2ClientSpecTests method oauth2ClientWhenCustomObjectsThenUsed.

@Test
public void oauth2ClientWhenCustomObjectsThenUsed() {
    this.spring.register(ClientRegistrationConfig.class, OAuth2ClientCustomConfig.class, AuthorizedClientController.class).autowire();
    OAuth2ClientCustomConfig config = this.spring.getContext().getBean(OAuth2ClientCustomConfig.class);
    ServerAuthenticationConverter converter = config.authenticationConverter;
    ReactiveAuthenticationManager manager = config.manager;
    ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = config.authorizationRequestRepository;
    ServerRequestCache requestCache = config.requestCache;
    OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().redirectUri("/authorize/oauth2/code/registration-id").build();
    OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().redirectUri("/authorize/oauth2/code/registration-id").build();
    OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse);
    OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
    OAuth2AuthorizationCodeAuthenticationToken result = new OAuth2AuthorizationCodeAuthenticationToken(this.registration, authorizationExchange, accessToken);
    given(authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(Mono.just(authorizationRequest));
    given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
    given(manager.authenticate(any())).willReturn(Mono.just(result));
    given(requestCache.getRedirectUri(any())).willReturn(Mono.just(URI.create("/saved-request")));
    // @formatter:off
    this.client.get().uri((uriBuilder) -> uriBuilder.path("/authorize/oauth2/code/registration-id").queryParam(OAuth2ParameterNames.CODE, "code").queryParam(OAuth2ParameterNames.STATE, "state").build()).exchange().expectStatus().is3xxRedirection();
    // @formatter:on
    verify(converter).convert(any());
    verify(manager).authenticate(any());
    verify(requestCache).getRedirectUri(any());
}
Also used : ServerAuthorizationRequestRepository(org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) OAuth2ParameterNames(org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) TestOAuth2AccessTokens(org.springframework.security.oauth2.core.TestOAuth2AccessTokens) RegisteredOAuth2AuthorizedClient(org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient) TestOAuth2AuthorizationRequests(org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests) Autowired(org.springframework.beans.factory.annotation.Autowired) ServerAuthenticationConverter(org.springframework.security.web.server.authentication.ServerAuthenticationConverter) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) OAuth2AuthorizationCodeAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) EnableWebFlux(org.springframework.web.reactive.config.EnableWebFlux) EnableWebFluxSecurity(org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity) BDDMockito.given(org.mockito.BDDMockito.given) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) GetMapping(org.springframework.web.bind.annotation.GetMapping) URI(java.net.URI) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) TestClientRegistrations(org.springframework.security.oauth2.client.registration.TestClientRegistrations) OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse) ReactiveClientRegistrationRepository(org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository) SpringExtension(org.springframework.test.context.junit.jupiter.SpringExtension) ServerRequestCache(org.springframework.security.web.server.savedrequest.ServerRequestCache) OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) SecurityTestExecutionListeners(org.springframework.security.test.context.annotation.SecurityTestExecutionListeners) Mono(reactor.core.publisher.Mono) ApplicationContext(org.springframework.context.ApplicationContext) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) RestController(org.springframework.web.bind.annotation.RestController) OAuth2AuthorizedClient(org.springframework.security.oauth2.client.OAuth2AuthorizedClient) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) Configuration(org.springframework.context.annotation.Configuration) InMemoryReactiveClientRegistrationRepository(org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) WithMockUser(org.springframework.security.test.context.support.WithMockUser) SpringTestContext(org.springframework.security.config.test.SpringTestContext) TestOAuth2AuthorizationResponses(org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses) SpringTestContextExtension(org.springframework.security.config.test.SpringTestContextExtension) Bean(org.springframework.context.annotation.Bean) ServerOAuth2AuthorizedClientRepository(org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository) Mockito.mock(org.mockito.Mockito.mock) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) OAuth2AuthorizationCodeAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken) ServerAuthenticationConverter(org.springframework.security.web.server.authentication.ServerAuthenticationConverter) OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) ServerRequestCache(org.springframework.security.web.server.savedrequest.ServerRequestCache) Test(org.junit.jupiter.api.Test)

Example 5 with AuthorizationRequestRepository

use of org.springframework.security.oauth2.client.web.AuthorizationRequestRepository in project spring-security by spring-projects.

the class OAuth2ClientSpecTests method oauth2ClientWhenCustomObjectsInLambdaThenUsed.

@Test
public void oauth2ClientWhenCustomObjectsInLambdaThenUsed() {
    this.spring.register(ClientRegistrationConfig.class, OAuth2ClientInLambdaCustomConfig.class, AuthorizedClientController.class).autowire();
    OAuth2ClientInLambdaCustomConfig config = this.spring.getContext().getBean(OAuth2ClientInLambdaCustomConfig.class);
    ServerAuthenticationConverter converter = config.authenticationConverter;
    ReactiveAuthenticationManager manager = config.manager;
    ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = config.authorizationRequestRepository;
    ServerRequestCache requestCache = config.requestCache;
    OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().redirectUri("/authorize/oauth2/code/registration-id").build();
    OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().redirectUri("/authorize/oauth2/code/registration-id").build();
    OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse);
    OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
    OAuth2AuthorizationCodeAuthenticationToken result = new OAuth2AuthorizationCodeAuthenticationToken(this.registration, authorizationExchange, accessToken);
    given(authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(Mono.just(authorizationRequest));
    given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
    given(manager.authenticate(any())).willReturn(Mono.just(result));
    given(requestCache.getRedirectUri(any())).willReturn(Mono.just(URI.create("/saved-request")));
    // @formatter:off
    this.client.get().uri((uriBuilder) -> uriBuilder.path("/authorize/oauth2/code/registration-id").queryParam(OAuth2ParameterNames.CODE, "code").queryParam(OAuth2ParameterNames.STATE, "state").build()).exchange().expectStatus().is3xxRedirection();
    // @formatter:on
    verify(converter).convert(any());
    verify(manager).authenticate(any());
    verify(requestCache).getRedirectUri(any());
}
Also used : ServerAuthorizationRequestRepository(org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) OAuth2ParameterNames(org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) TestOAuth2AccessTokens(org.springframework.security.oauth2.core.TestOAuth2AccessTokens) RegisteredOAuth2AuthorizedClient(org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient) TestOAuth2AuthorizationRequests(org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests) Autowired(org.springframework.beans.factory.annotation.Autowired) ServerAuthenticationConverter(org.springframework.security.web.server.authentication.ServerAuthenticationConverter) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) OAuth2AuthorizationCodeAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) EnableWebFlux(org.springframework.web.reactive.config.EnableWebFlux) EnableWebFluxSecurity(org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity) BDDMockito.given(org.mockito.BDDMockito.given) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) GetMapping(org.springframework.web.bind.annotation.GetMapping) URI(java.net.URI) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) TestClientRegistrations(org.springframework.security.oauth2.client.registration.TestClientRegistrations) OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse) ReactiveClientRegistrationRepository(org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository) SpringExtension(org.springframework.test.context.junit.jupiter.SpringExtension) ServerRequestCache(org.springframework.security.web.server.savedrequest.ServerRequestCache) OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) SecurityTestExecutionListeners(org.springframework.security.test.context.annotation.SecurityTestExecutionListeners) Mono(reactor.core.publisher.Mono) ApplicationContext(org.springframework.context.ApplicationContext) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) RestController(org.springframework.web.bind.annotation.RestController) OAuth2AuthorizedClient(org.springframework.security.oauth2.client.OAuth2AuthorizedClient) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) Configuration(org.springframework.context.annotation.Configuration) InMemoryReactiveClientRegistrationRepository(org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) WithMockUser(org.springframework.security.test.context.support.WithMockUser) SpringTestContext(org.springframework.security.config.test.SpringTestContext) TestOAuth2AuthorizationResponses(org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses) SpringTestContextExtension(org.springframework.security.config.test.SpringTestContextExtension) Bean(org.springframework.context.annotation.Bean) ServerOAuth2AuthorizedClientRepository(org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository) Mockito.mock(org.mockito.Mockito.mock) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) OAuth2AuthorizationCodeAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken) ServerAuthenticationConverter(org.springframework.security.web.server.authentication.ServerAuthenticationConverter) OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) ServerRequestCache(org.springframework.security.web.server.savedrequest.ServerRequestCache) Test(org.junit.jupiter.api.Test)

Aggregations

Test (org.junit.jupiter.api.Test)8 OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)8 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)4 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)4 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)4 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)3 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)3 HashMap (java.util.HashMap)3 OAuth2AuthorizedClient (org.springframework.security.oauth2.client.OAuth2AuthorizedClient)3 RegisteredOAuth2AuthorizedClient (org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient)3 ReactiveClientRegistrationRepository (org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository)3 ServerOAuth2AuthorizedClientRepository (org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository)3 SecurityWebFilterChain (org.springframework.security.web.server.SecurityWebFilterChain)3 WebTestClient (org.springframework.test.web.reactive.server.WebTestClient)3 URI (java.net.URI)2 ExtendWith (org.junit.jupiter.api.extension.ExtendWith)2 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)2 BDDMockito.given (org.mockito.BDDMockito.given)2 Mockito.mock (org.mockito.Mockito.mock)2 Mockito.verify (org.mockito.Mockito.verify)2