diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/ClientSettings.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/ClientSettings.java index d49a4f8b..fcdf0af5 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/ClientSettings.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/ClientSettings.java @@ -25,11 +25,9 @@ import org.springframework.util.Assert; * @author Joe Grandja * @since 0.0.2 * @see AbstractSettings + * @see ConfigurationSettingNames.Client */ public final class ClientSettings extends AbstractSettings { - private static final String CLIENT_SETTING_BASE = "setting.client."; - public static final String REQUIRE_PROOF_KEY = CLIENT_SETTING_BASE.concat("require-proof-key"); - public static final String REQUIRE_AUTHORIZATION_CONSENT = CLIENT_SETTING_BASE.concat("require-authorization-consent"); private ClientSettings(Map settings) { super(settings); @@ -42,7 +40,7 @@ public final class ClientSettings extends AbstractSettings { * @return {@code true} if the client is required to provide a proof key challenge and verifier, {@code false} otherwise */ public boolean isRequireProofKey() { - return getSetting(REQUIRE_PROOF_KEY); + return getSetting(ConfigurationSettingNames.Client.REQUIRE_PROOF_KEY); } /** @@ -52,7 +50,7 @@ public final class ClientSettings extends AbstractSettings { * @return {@code true} if authorization consent is required when the client requests access, {@code false} otherwise */ public boolean isRequireAuthorizationConsent() { - return getSetting(REQUIRE_AUTHORIZATION_CONSENT); + return getSetting(ConfigurationSettingNames.Client.REQUIRE_AUTHORIZATION_CONSENT); } /** @@ -94,7 +92,7 @@ public final class ClientSettings extends AbstractSettings { * @return the {@link Builder} for further configuration */ public Builder requireProofKey(boolean requireProofKey) { - return setting(REQUIRE_PROOF_KEY, requireProofKey); + return setting(ConfigurationSettingNames.Client.REQUIRE_PROOF_KEY, requireProofKey); } /** @@ -105,7 +103,7 @@ public final class ClientSettings extends AbstractSettings { * @return the {@link Builder} for further configuration */ public Builder requireAuthorizationConsent(boolean requireAuthorizationConsent) { - return setting(REQUIRE_AUTHORIZATION_CONSENT, requireAuthorizationConsent); + return setting(ConfigurationSettingNames.Client.REQUIRE_AUTHORIZATION_CONSENT, requireAuthorizationConsent); } /** diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/ConfigurationSettingNames.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/ConfigurationSettingNames.java new file mode 100644 index 00000000..26e3aa0e --- /dev/null +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/ConfigurationSettingNames.java @@ -0,0 +1,134 @@ +/* + * Copyright 2020-2021 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.server.authorization.config; + +import org.springframework.security.oauth2.core.oidc.OidcIdToken; +import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm; + +/** + * The names for all the configuration settings. + * + * @author Joe Grandja + * @since 0.2.0 + */ +public final class ConfigurationSettingNames { + private static final String SETTINGS_NAMESPACE = "settings."; + + private ConfigurationSettingNames() { + } + + /** + * The names for client configuration settings. + */ + public static class Client { + private static final String CLIENT_SETTINGS_NAMESPACE = SETTINGS_NAMESPACE.concat("client."); + + /** + * Set to {@code true} if the client is required to provide a proof key challenge and verifier + * when performing the Authorization Code Grant flow. + */ + public static final String REQUIRE_PROOF_KEY = CLIENT_SETTINGS_NAMESPACE.concat("require-proof-key"); + + /** + * Set to {@code true} if authorization consent is required when the client requests access. + * This applies to all interactive flows (e.g. {@code authorization_code} and {@code device_code}). + */ + public static final String REQUIRE_AUTHORIZATION_CONSENT = CLIENT_SETTINGS_NAMESPACE.concat("require-authorization-consent"); + + private Client() { + } + + } + + /** + * The names for provider configuration settings. + */ + public static class Provider { + private static final String PROVIDER_SETTINGS_NAMESPACE = SETTINGS_NAMESPACE.concat("provider."); + + /** + * Set the URL the Provider uses as its Issuer Identifier. + */ + public static final String ISSUER = PROVIDER_SETTINGS_NAMESPACE.concat("issuer"); + + /** + * Set the Provider's OAuth 2.0 Authorization endpoint. + */ + public static final String AUTHORIZATION_ENDPOINT = PROVIDER_SETTINGS_NAMESPACE.concat("authorization-endpoint"); + + /** + * Set the Provider's OAuth 2.0 Token endpoint. + */ + public static final String TOKEN_ENDPOINT = PROVIDER_SETTINGS_NAMESPACE.concat("token-endpoint"); + + /** + * Set the Provider's JWK Set endpoint. + */ + public static final String JWK_SET_ENDPOINT = PROVIDER_SETTINGS_NAMESPACE.concat("jwk-set-endpoint"); + + /** + * Set the Provider's OAuth 2.0 Token Revocation endpoint. + */ + public static final String TOKEN_REVOCATION_ENDPOINT = PROVIDER_SETTINGS_NAMESPACE.concat("token-revocation-endpoint"); + + /** + * Set the Provider's OAuth 2.0 Token Introspection endpoint. + */ + public static final String TOKEN_INTROSPECTION_ENDPOINT = PROVIDER_SETTINGS_NAMESPACE.concat("token-introspection-endpoint"); + + /** + * Set the Provider's OpenID Connect 1.0 Client Registration endpoint. + */ + public static final String OIDC_CLIENT_REGISTRATION_ENDPOINT = PROVIDER_SETTINGS_NAMESPACE.concat("oidc-client-registration-endpoint"); + + private Provider() { + } + + } + + /** + * The names for token configuration settings. + */ + public static class Token { + private static final String TOKEN_SETTINGS_NAMESPACE = SETTINGS_NAMESPACE.concat("token."); + + /** + * Set the time-to-live for an access token. + */ + public static final String ACCESS_TOKEN_TIME_TO_LIVE = TOKEN_SETTINGS_NAMESPACE.concat("access-token-time-to-live"); + + /** + * Set to {@code true} if refresh tokens are reused when returning the access token response, + * or {@code false} if a new refresh token is issued. + */ + public static final String REUSE_REFRESH_TOKENS = TOKEN_SETTINGS_NAMESPACE.concat("reuse-refresh-tokens"); + + /** + * Set the time-to-live for a refresh token. + */ + public static final String REFRESH_TOKEN_TIME_TO_LIVE = TOKEN_SETTINGS_NAMESPACE.concat("refresh-token-time-to-live"); + + /** + * Set the {@link SignatureAlgorithm JWS} algorithm for signing the {@link OidcIdToken ID Token}. + */ + public static final String ID_TOKEN_SIGNATURE_ALGORITHM = TOKEN_SETTINGS_NAMESPACE.concat("id-token-signature-algorithm"); + + private Token() { + } + + } + +} diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/ProviderSettings.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/ProviderSettings.java index 7795b006..d2ff2e9f 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/ProviderSettings.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/ProviderSettings.java @@ -26,16 +26,9 @@ import org.springframework.util.Assert; * @author Joe Grandja * @since 0.1.0 * @see AbstractSettings + * @see ConfigurationSettingNames.Provider */ public final class ProviderSettings extends AbstractSettings { - private static final String PROVIDER_SETTING_BASE = "setting.provider."; - public static final String ISSUER = PROVIDER_SETTING_BASE.concat("issuer"); - public static final String AUTHORIZATION_ENDPOINT = PROVIDER_SETTING_BASE.concat("authorization-endpoint"); - public static final String TOKEN_ENDPOINT = PROVIDER_SETTING_BASE.concat("token-endpoint"); - public static final String JWK_SET_ENDPOINT = PROVIDER_SETTING_BASE.concat("jwk-set-endpoint"); - public static final String TOKEN_REVOCATION_ENDPOINT = PROVIDER_SETTING_BASE.concat("token-revocation-endpoint"); - public static final String TOKEN_INTROSPECTION_ENDPOINT = PROVIDER_SETTING_BASE.concat("token-introspection-endpoint"); - public static final String OIDC_CLIENT_REGISTRATION_ENDPOINT = PROVIDER_SETTING_BASE.concat("oidc-client-registration-endpoint"); private ProviderSettings(Map settings) { super(settings); @@ -47,7 +40,7 @@ public final class ProviderSettings extends AbstractSettings { * @return the URL of the Provider's Issuer Identifier */ public String getIssuer() { - return getSetting(ISSUER); + return getSetting(ConfigurationSettingNames.Provider.ISSUER); } /** @@ -56,7 +49,7 @@ public final class ProviderSettings extends AbstractSettings { * @return the Authorization endpoint */ public String getAuthorizationEndpoint() { - return getSetting(AUTHORIZATION_ENDPOINT); + return getSetting(ConfigurationSettingNames.Provider.AUTHORIZATION_ENDPOINT); } /** @@ -65,7 +58,7 @@ public final class ProviderSettings extends AbstractSettings { * @return the Token endpoint */ public String getTokenEndpoint() { - return getSetting(TOKEN_ENDPOINT); + return getSetting(ConfigurationSettingNames.Provider.TOKEN_ENDPOINT); } /** @@ -74,7 +67,7 @@ public final class ProviderSettings extends AbstractSettings { * @return the JWK Set endpoint */ public String getJwkSetEndpoint() { - return getSetting(JWK_SET_ENDPOINT); + return getSetting(ConfigurationSettingNames.Provider.JWK_SET_ENDPOINT); } /** @@ -83,7 +76,7 @@ public final class ProviderSettings extends AbstractSettings { * @return the Token Revocation endpoint */ public String getTokenRevocationEndpoint() { - return getSetting(TOKEN_REVOCATION_ENDPOINT); + return getSetting(ConfigurationSettingNames.Provider.TOKEN_REVOCATION_ENDPOINT); } /** @@ -92,7 +85,7 @@ public final class ProviderSettings extends AbstractSettings { * @return the Token Introspection endpoint */ public String getTokenIntrospectionEndpoint() { - return getSetting(TOKEN_INTROSPECTION_ENDPOINT); + return getSetting(ConfigurationSettingNames.Provider.TOKEN_INTROSPECTION_ENDPOINT); } /** @@ -101,7 +94,7 @@ public final class ProviderSettings extends AbstractSettings { * @return the OpenID Connect 1.0 Client Registration endpoint */ public String getOidcClientRegistrationEndpoint() { - return getSetting(OIDC_CLIENT_REGISTRATION_ENDPOINT); + return getSetting(ConfigurationSettingNames.Provider.OIDC_CLIENT_REGISTRATION_ENDPOINT); } /** @@ -146,7 +139,7 @@ public final class ProviderSettings extends AbstractSettings { * @return the {@link Builder} for further configuration */ public Builder issuer(String issuer) { - return setting(ISSUER, issuer); + return setting(ConfigurationSettingNames.Provider.ISSUER, issuer); } /** @@ -156,7 +149,7 @@ public final class ProviderSettings extends AbstractSettings { * @return the {@link Builder} for further configuration */ public Builder authorizationEndpoint(String authorizationEndpoint) { - return setting(AUTHORIZATION_ENDPOINT, authorizationEndpoint); + return setting(ConfigurationSettingNames.Provider.AUTHORIZATION_ENDPOINT, authorizationEndpoint); } /** @@ -166,7 +159,7 @@ public final class ProviderSettings extends AbstractSettings { * @return the {@link Builder} for further configuration */ public Builder tokenEndpoint(String tokenEndpoint) { - return setting(TOKEN_ENDPOINT, tokenEndpoint); + return setting(ConfigurationSettingNames.Provider.TOKEN_ENDPOINT, tokenEndpoint); } /** @@ -176,7 +169,7 @@ public final class ProviderSettings extends AbstractSettings { * @return the {@link Builder} for further configuration */ public Builder jwkSetEndpoint(String jwkSetEndpoint) { - return setting(JWK_SET_ENDPOINT, jwkSetEndpoint); + return setting(ConfigurationSettingNames.Provider.JWK_SET_ENDPOINT, jwkSetEndpoint); } /** @@ -186,7 +179,7 @@ public final class ProviderSettings extends AbstractSettings { * @return the {@link Builder} for further configuration */ public Builder tokenRevocationEndpoint(String tokenRevocationEndpoint) { - return setting(TOKEN_REVOCATION_ENDPOINT, tokenRevocationEndpoint); + return setting(ConfigurationSettingNames.Provider.TOKEN_REVOCATION_ENDPOINT, tokenRevocationEndpoint); } /** @@ -196,7 +189,7 @@ public final class ProviderSettings extends AbstractSettings { * @return the {@link Builder} for further configuration */ public Builder tokenIntrospectionEndpoint(String tokenIntrospectionEndpoint) { - return setting(TOKEN_INTROSPECTION_ENDPOINT, tokenIntrospectionEndpoint); + return setting(ConfigurationSettingNames.Provider.TOKEN_INTROSPECTION_ENDPOINT, tokenIntrospectionEndpoint); } /** @@ -206,7 +199,7 @@ public final class ProviderSettings extends AbstractSettings { * @return the {@link Builder} for further configuration */ public Builder oidcClientRegistrationEndpoint(String oidcClientRegistrationEndpoint) { - return setting(OIDC_CLIENT_REGISTRATION_ENDPOINT, oidcClientRegistrationEndpoint); + return setting(ConfigurationSettingNames.Provider.OIDC_CLIENT_REGISTRATION_ENDPOINT, oidcClientRegistrationEndpoint); } /** diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/TokenSettings.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/TokenSettings.java index cbdfc55a..5d34a17d 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/TokenSettings.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/TokenSettings.java @@ -28,13 +28,9 @@ import org.springframework.util.Assert; * @author Joe Grandja * @since 0.0.2 * @see AbstractSettings + * @see ConfigurationSettingNames.Token */ public final class TokenSettings extends AbstractSettings { - private static final String TOKEN_SETTING_BASE = "setting.token."; - public static final String ACCESS_TOKEN_TIME_TO_LIVE = TOKEN_SETTING_BASE.concat("access-token-time-to-live"); - public static final String REUSE_REFRESH_TOKENS = TOKEN_SETTING_BASE.concat("reuse-refresh-tokens"); - public static final String REFRESH_TOKEN_TIME_TO_LIVE = TOKEN_SETTING_BASE.concat("refresh-token-time-to-live"); - public static final String ID_TOKEN_SIGNATURE_ALGORITHM = TOKEN_SETTING_BASE.concat("id-token-signature-algorithm"); private TokenSettings(Map settings) { super(settings); @@ -46,7 +42,7 @@ public final class TokenSettings extends AbstractSettings { * @return the time-to-live for an access token */ public Duration getAccessTokenTimeToLive() { - return getSetting(ACCESS_TOKEN_TIME_TO_LIVE); + return getSetting(ConfigurationSettingNames.Token.ACCESS_TOKEN_TIME_TO_LIVE); } /** @@ -54,7 +50,7 @@ public final class TokenSettings extends AbstractSettings { * or {@code false} if a new refresh token is issued. The default is {@code true}. */ public boolean isReuseRefreshTokens() { - return getSetting(REUSE_REFRESH_TOKENS); + return getSetting(ConfigurationSettingNames.Token.REUSE_REFRESH_TOKENS); } /** @@ -63,7 +59,7 @@ public final class TokenSettings extends AbstractSettings { * @return the time-to-live for a refresh token */ public Duration getRefreshTokenTimeToLive() { - return getSetting(REFRESH_TOKEN_TIME_TO_LIVE); + return getSetting(ConfigurationSettingNames.Token.REFRESH_TOKEN_TIME_TO_LIVE); } /** @@ -73,7 +69,7 @@ public final class TokenSettings extends AbstractSettings { * @return the {@link SignatureAlgorithm JWS} algorithm for signing the {@link OidcIdToken ID Token} */ public SignatureAlgorithm getIdTokenSignatureAlgorithm() { - return getSetting(ID_TOKEN_SIGNATURE_ALGORITHM); + return getSetting(ConfigurationSettingNames.Token.ID_TOKEN_SIGNATURE_ALGORITHM); } /** @@ -118,7 +114,7 @@ public final class TokenSettings extends AbstractSettings { public Builder accessTokenTimeToLive(Duration accessTokenTimeToLive) { Assert.notNull(accessTokenTimeToLive, "accessTokenTimeToLive cannot be null"); Assert.isTrue(accessTokenTimeToLive.getSeconds() > 0, "accessTokenTimeToLive must be greater than Duration.ZERO"); - return setting(ACCESS_TOKEN_TIME_TO_LIVE, accessTokenTimeToLive); + return setting(ConfigurationSettingNames.Token.ACCESS_TOKEN_TIME_TO_LIVE, accessTokenTimeToLive); } /** @@ -129,7 +125,7 @@ public final class TokenSettings extends AbstractSettings { * @return the {@link Builder} for further configuration */ public Builder reuseRefreshTokens(boolean reuseRefreshTokens) { - return setting(REUSE_REFRESH_TOKENS, reuseRefreshTokens); + return setting(ConfigurationSettingNames.Token.REUSE_REFRESH_TOKENS, reuseRefreshTokens); } /** @@ -141,7 +137,7 @@ public final class TokenSettings extends AbstractSettings { public Builder refreshTokenTimeToLive(Duration refreshTokenTimeToLive) { Assert.notNull(refreshTokenTimeToLive, "refreshTokenTimeToLive cannot be null"); Assert.isTrue(refreshTokenTimeToLive.getSeconds() > 0, "refreshTokenTimeToLive must be greater than Duration.ZERO"); - return setting(REFRESH_TOKEN_TIME_TO_LIVE, refreshTokenTimeToLive); + return setting(ConfigurationSettingNames.Token.REFRESH_TOKEN_TIME_TO_LIVE, refreshTokenTimeToLive); } /** @@ -152,7 +148,7 @@ public final class TokenSettings extends AbstractSettings { */ public Builder idTokenSignatureAlgorithm(SignatureAlgorithm idTokenSignatureAlgorithm) { Assert.notNull(idTokenSignatureAlgorithm, "idTokenSignatureAlgorithm cannot be null"); - return setting(ID_TOKEN_SIGNATURE_ALGORITHM, idTokenSignatureAlgorithm); + return setting(ConfigurationSettingNames.Token.ID_TOKEN_SIGNATURE_ALGORITHM, idTokenSignatureAlgorithm); } /**