diff --git a/docs/src/docs/asciidoc/configuration-model.adoc b/docs/src/docs/asciidoc/configuration-model.adoc index 151417ef..011d33ee 100644 --- a/docs/src/docs/asciidoc/configuration-model.adoc +++ b/docs/src/docs/asciidoc/configuration-model.adoc @@ -173,17 +173,17 @@ public AuthorizationServerSettings authorizationServerSettings() { } ---- -The `ProviderContext` is a context object that holds information about the provider. +The `AuthorizationServerContext` is a context object that holds information of the Authorization Server runtime environment. It provides access to the `AuthorizationServerSettings` and the "`current`" issuer identifier. [NOTE] If the issuer identifier is not configured in `AuthorizationServerSettings.builder().issuer(String)`, it is resolved from the current request. [NOTE] -The `ProviderContext` is accessible through the `ProviderContextHolder`, which associates it with the current request thread by using a `ThreadLocal`. +The `AuthorizationServerContext` is accessible through the `AuthorizationServerContextHolder`, which associates it with the current request thread by using a `ThreadLocal`. [NOTE] -The `ProviderContextFilter` associates the `ProviderContext` with the `ProviderContextHolder`. +The `AuthorizationServerContextFilter` associates the `AuthorizationServerContext` with the `AuthorizationServerContextHolder`. [[configuring-client-authentication]] == Configuring Client Authentication diff --git a/docs/src/docs/asciidoc/core-model-components.adoc b/docs/src/docs/asciidoc/core-model-components.adoc index 75900e5e..6bf23d8a 100644 --- a/docs/src/docs/asciidoc/core-model-components.adoc +++ b/docs/src/docs/asciidoc/core-model-components.adoc @@ -316,7 +316,7 @@ public interface OAuth2TokenContext extends Context { default T getPrincipal() ... <2> - default ProviderContext getProviderContext() ... <3> + default AuthorizationServerContext getAuthorizationServerContext() ... <3> @Nullable default OAuth2Authorization getAuthorization() ... <4> @@ -335,7 +335,7 @@ public interface OAuth2TokenContext extends Context { ---- <1> `getRegisteredClient()`: The <> associated with the authorization grant. <2> `getPrincipal()`: The `Authentication` instance of the resource owner (or client). -<3> `getProviderContext()`: The xref:configuration-model.adoc#configuring-authorization-server-settings[`ProviderContext`] object that holds information related to the provider. +<3> `getAuthorizationServerContext()`: The xref:configuration-model.adoc#configuring-authorization-server-settings[`AuthorizationServerContext`] object that holds information of the Authorization Server runtime environment. <4> `getAuthorization()`: The <> associated with the authorization grant. <5> `getAuthorizedScopes()`: The scope(s) authorized for the client. <6> `getTokenType()`: The `OAuth2TokenType` to generate. The supported values are `code`, `access_token`, `refresh_token`, and `id_token`. diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProvider.java index 7c378f37..d6cba46d 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProvider.java @@ -51,8 +51,8 @@ import org.springframework.security.oauth2.jwt.NimbusJwtDecoder; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.util.Assert; import org.springframework.util.CollectionUtils; @@ -221,20 +221,20 @@ public final class JwtClientAssertionAuthenticationProvider implements Authentic return new DelegatingOAuth2TokenValidator<>( new JwtClaimValidator<>(JwtClaimNames.ISS, clientId::equals), new JwtClaimValidator<>(JwtClaimNames.SUB, clientId::equals), - new JwtClaimValidator<>(JwtClaimNames.AUD, containsProviderAudience()), + new JwtClaimValidator<>(JwtClaimNames.AUD, containsAudience()), new JwtClaimValidator<>(JwtClaimNames.EXP, Objects::nonNull), new JwtTimestampValidator() ); } - private static Predicate> containsProviderAudience() { + private static Predicate> containsAudience() { return (audienceClaim) -> { if (CollectionUtils.isEmpty(audienceClaim)) { return false; } - List providerAudience = getProviderAudience(); + List audienceList = getAudience(); for (String audience : audienceClaim) { - if (providerAudience.contains(audience)) { + if (audienceList.contains(audience)) { return true; } } @@ -242,19 +242,19 @@ public final class JwtClientAssertionAuthenticationProvider implements Authentic }; } - private static List getProviderAudience() { - ProviderContext providerContext = ProviderContextHolder.getProviderContext(); - if (!StringUtils.hasText(providerContext.getIssuer())) { + private static List getAudience() { + AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext(); + if (!StringUtils.hasText(authorizationServerContext.getIssuer())) { return Collections.emptyList(); } - AuthorizationServerSettings authorizationServerSettings = providerContext.getAuthorizationServerSettings(); - List providerAudience = new ArrayList<>(); - providerAudience.add(providerContext.getIssuer()); - providerAudience.add(asUrl(providerContext.getIssuer(), authorizationServerSettings.getTokenEndpoint())); - providerAudience.add(asUrl(providerContext.getIssuer(), authorizationServerSettings.getTokenIntrospectionEndpoint())); - providerAudience.add(asUrl(providerContext.getIssuer(), authorizationServerSettings.getTokenRevocationEndpoint())); - return providerAudience; + AuthorizationServerSettings authorizationServerSettings = authorizationServerContext.getAuthorizationServerSettings(); + List audience = new ArrayList<>(); + audience.add(authorizationServerContext.getIssuer()); + audience.add(asUrl(authorizationServerContext.getIssuer(), authorizationServerSettings.getTokenEndpoint())); + audience.add(asUrl(authorizationServerContext.getIssuer(), authorizationServerSettings.getTokenIntrospectionEndpoint())); + audience.add(asUrl(authorizationServerContext.getIssuer(), authorizationServerSettings.getTokenRevocationEndpoint())); + return audience; } private static String asUrl(String issuer, String endpoint) { diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java index 324538a8..4550dc7e 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java @@ -43,7 +43,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2TokenType; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; @@ -132,7 +132,7 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder() .registeredClient(registeredClient) .principal(authorization.getAttribute(Principal.class.getName())) - .providerContext(ProviderContextHolder.getProviderContext()) + .authorizationServerContext(AuthorizationServerContextHolder.getContext()) .authorization(authorization) .authorizedScopes(authorization.getAuthorizedScopes()) .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java index a2258b5f..f549c2b2 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java @@ -49,7 +49,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat import org.springframework.security.oauth2.server.authorization.OAuth2TokenType; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; @@ -438,7 +438,7 @@ public final class OAuth2AuthorizationCodeRequestAuthenticationProvider implemen DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder() .registeredClient(registeredClient) .principal((Authentication) authorizationCodeRequestAuthentication.getPrincipal()) - .providerContext(ProviderContextHolder.getProviderContext()) + .authorizationServerContext(AuthorizationServerContextHolder.getContext()) .tokenType(new OAuth2TokenType(OAuth2ParameterNames.CODE)) .authorizedScopes(authorizedScopes) .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java index a7405c42..0e4b7298 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java @@ -33,7 +33,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2TokenType; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; @@ -102,7 +102,7 @@ public final class OAuth2ClientCredentialsAuthenticationProvider implements Auth OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder() .registeredClient(registeredClient) .principal(clientPrincipal) - .providerContext(ProviderContextHolder.getProviderContext()) + .authorizationServerContext(AuthorizationServerContextHolder.getContext()) .authorizedScopes(authorizedScopes) .tokenType(OAuth2TokenType.ACCESS_TOKEN) .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java index 8ff1f162..ccdf5485 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java @@ -40,7 +40,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2TokenType; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; @@ -130,7 +130,7 @@ public final class OAuth2RefreshTokenAuthenticationProvider implements Authentic DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder() .registeredClient(registeredClient) .principal(authorization.getAttribute(Principal.class.getName())) - .providerContext(ProviderContextHolder.getProviderContext()) + .authorizationServerContext(AuthorizationServerContextHolder.getContext()) .authorization(authorization) .authorizedScopes(scopes) .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java index 26dbc2d9..56371ef2 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java @@ -33,9 +33,9 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; +import org.springframework.security.oauth2.server.authorization.web.AuthorizationServerContextFilter; import org.springframework.security.oauth2.server.authorization.web.NimbusJwkSetEndpointFilter; import org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationServerMetadataEndpointFilter; -import org.springframework.security.oauth2.server.authorization.web.ProviderContextFilter; import org.springframework.security.web.authentication.HttpStatusEntryPoint; import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter; import org.springframework.security.web.context.SecurityContextHolderFilter; @@ -245,8 +245,8 @@ public final class OAuth2AuthorizationServerConfigurer AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity); - ProviderContextFilter providerContextFilter = new ProviderContextFilter(authorizationServerSettings); - httpSecurity.addFilterAfter(postProcess(providerContextFilter), SecurityContextHolderFilter.class); + AuthorizationServerContextFilter authorizationServerContextFilter = new AuthorizationServerContextFilter(authorizationServerSettings); + httpSecurity.addFilterAfter(postProcess(authorizationServerContextFilter), SecurityContextHolderFilter.class); JWKSource jwkSource = OAuth2ConfigurerUtils.getJwkSource(httpSecurity); if (jwkSource != null) { diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/ProviderContext.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContext.java similarity index 77% rename from oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/ProviderContext.java rename to oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContext.java index a2ce5204..d0c76142 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/ProviderContext.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContext.java @@ -22,24 +22,24 @@ import org.springframework.security.oauth2.server.authorization.settings.Authori import org.springframework.util.Assert; /** - * A context that holds information of the Provider. + * A context that holds information of the Authorization Server runtime environment. * * @author Joe Grandja * @since 0.2.2 * @see AuthorizationServerSettings - * @see ProviderContextHolder + * @see AuthorizationServerContextHolder */ -public final class ProviderContext { +public final class AuthorizationServerContext { private final AuthorizationServerSettings authorizationServerSettings; private final Supplier issuerSupplier; /** - * Constructs a {@code ProviderContext} using the provided parameters. + * Constructs an {@code AuthorizationServerContext} using the provided parameters. * * @param authorizationServerSettings the authorization server settings - * @param issuerSupplier a {@code Supplier} for the {@code URL} of the Provider's issuer identifier + * @param issuerSupplier a {@code Supplier} for the {@code URL} of the Authorization Server's issuer identifier */ - public ProviderContext(AuthorizationServerSettings authorizationServerSettings, @Nullable Supplier issuerSupplier) { + public AuthorizationServerContext(AuthorizationServerSettings authorizationServerSettings, @Nullable Supplier issuerSupplier) { Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null"); this.authorizationServerSettings = authorizationServerSettings; this.issuerSupplier = issuerSupplier; @@ -55,11 +55,11 @@ public final class ProviderContext { } /** - * Returns the {@code URL} of the Provider's issuer identifier. + * Returns the {@code URL} of the Authorization Server's issuer identifier. * The issuer identifier is resolved from the constructor parameter {@code Supplier} * or if not provided then defaults to {@link AuthorizationServerSettings#getIssuer()}. * - * @return the {@code URL} of the Provider's issuer identifier + * @return the {@code URL} of the Authorization Server's issuer identifier */ public String getIssuer() { return this.issuerSupplier != null ? diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContextHolder.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContextHolder.java new file mode 100644 index 00000000..c15b4259 --- /dev/null +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContextHolder.java @@ -0,0 +1,63 @@ +/* + * Copyright 2020-2022 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.server.authorization.context; + +import org.springframework.security.oauth2.server.authorization.web.AuthorizationServerContextFilter; + +/** + * A holder of the {@link AuthorizationServerContext} that associates it with the current thread using a {@code ThreadLocal}. + * + * @author Joe Grandja + * @since 0.2.2 + * @see AuthorizationServerContext + * @see AuthorizationServerContextFilter + */ +public final class AuthorizationServerContextHolder { + private static final ThreadLocal holder = new ThreadLocal<>(); + + private AuthorizationServerContextHolder() { + } + + /** + * Returns the {@link AuthorizationServerContext} bound to the current thread. + * + * @return the {@link AuthorizationServerContext} + */ + public static AuthorizationServerContext getContext() { + return holder.get(); + } + + /** + * Bind the given {@link AuthorizationServerContext} to the current thread. + * + * @param authorizationServerContext the {@link AuthorizationServerContext} + */ + public static void setContext(AuthorizationServerContext authorizationServerContext) { + if (authorizationServerContext == null) { + resetContext(); + } else { + holder.set(authorizationServerContext); + } + } + + /** + * Reset the {@link AuthorizationServerContext} bound to the current thread. + */ + public static void resetContext() { + holder.remove(); + } + +} diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/ProviderContextHolder.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/ProviderContextHolder.java deleted file mode 100644 index dfeac7dd..00000000 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/ProviderContextHolder.java +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright 2020-2022 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.springframework.security.oauth2.server.authorization.context; - -import org.springframework.security.oauth2.server.authorization.web.ProviderContextFilter; - -/** - * A holder of {@link ProviderContext} that associates it with the current thread using a {@code ThreadLocal}. - * - * @author Joe Grandja - * @since 0.2.2 - * @see ProviderContext - * @see ProviderContextFilter - */ -public final class ProviderContextHolder { - private static final ThreadLocal holder = new ThreadLocal<>(); - - private ProviderContextHolder() { - } - - /** - * Returns the {@link ProviderContext} bound to the current thread. - * - * @return the {@link ProviderContext} - */ - public static ProviderContext getProviderContext() { - return holder.get(); - } - - /** - * Bind the given {@link ProviderContext} to the current thread. - * - * @param providerContext the {@link ProviderContext} - */ - public static void setProviderContext(ProviderContext providerContext) { - if (providerContext == null) { - resetProviderContext(); - } else { - holder.set(providerContext); - } - } - - /** - * Reset the {@link ProviderContext} bound to the current thread. - */ - public static void resetProviderContext() { - holder.remove(); - } - -} diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java index 3c210cbe..8880e605 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java @@ -49,8 +49,8 @@ import org.springframework.security.oauth2.server.authorization.OAuth2TokenType; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.oidc.OidcClientMetadataClaimNames; import org.springframework.security.oauth2.server.authorization.oidc.OidcClientRegistration; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; @@ -212,7 +212,7 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder() .registeredClient(registeredClient) .principal(clientPrincipal) - .providerContext(ProviderContextHolder.getProviderContext()) + .authorizationServerContext(AuthorizationServerContextHolder.getContext()) .authorizedScopes(authorizedScopes) .tokenType(OAuth2TokenType.ACCESS_TOKEN) .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS) @@ -276,9 +276,9 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe scopes.addAll(registeredClient.getScopes())); } - ProviderContext providerContext = ProviderContextHolder.getProviderContext(); - String registrationClientUri = UriComponentsBuilder.fromUriString(providerContext.getIssuer()) - .path(providerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint()) + AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext(); + String registrationClientUri = UriComponentsBuilder.fromUriString(authorizationServerContext.getIssuer()) + .path(authorizationServerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint()) .queryParam(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId()) .toUriString(); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java index 4d8afee7..ee01c55b 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java @@ -32,7 +32,7 @@ import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType; import org.springframework.security.oauth2.core.oidc.OidcScopes; import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.oidc.OidcProviderConfiguration; import org.springframework.security.oauth2.server.authorization.oidc.http.converter.OidcProviderConfigurationHttpMessageConverter; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; @@ -80,7 +80,7 @@ public final class OidcProviderConfigurationEndpointFilter extends OncePerReques return; } - String issuer = ProviderContextHolder.getProviderContext().getIssuer(); + String issuer = AuthorizationServerContextHolder.getContext().getIssuer(); OidcProviderConfiguration providerConfiguration = OidcProviderConfiguration.builder() .issuer(issuer) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/JwtGenerator.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/JwtGenerator.java index d5cf84ee..318cf6a6 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/JwtGenerator.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/JwtGenerator.java @@ -82,8 +82,8 @@ public final class JwtGenerator implements OAuth2TokenGenerator { } String issuer = null; - if (context.getProviderContext() != null) { - issuer = context.getProviderContext().getIssuer(); + if (context.getAuthorizationServerContext() != null) { + issuer = context.getAuthorizationServerContext().getIssuer(); } RegisteredClient registeredClient = context.getRegisteredClient(); @@ -132,7 +132,7 @@ public final class JwtGenerator implements OAuth2TokenGenerator { JwtEncodingContext.Builder jwtContextBuilder = JwtEncodingContext.with(jwsHeaderBuilder, claimsBuilder) .registeredClient(context.getRegisteredClient()) .principal(context.getPrincipal()) - .providerContext(context.getProviderContext()) + .authorizationServerContext(context.getAuthorizationServerContext()) .authorizedScopes(context.getAuthorizedScopes()) .tokenType(context.getTokenType()) .authorizationGrantType(context.getAuthorizationGrantType()); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGenerator.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGenerator.java index 88823c87..4e203335 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGenerator.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGenerator.java @@ -61,8 +61,8 @@ public final class OAuth2AccessTokenGenerator implements OAuth2TokenGenerator resolveIssuer(this.authorizationServerSettings, request)); - ProviderContextHolder.setProviderContext(providerContext); + AuthorizationServerContextHolder.setContext(authorizationServerContext); filterChain.doFilter(request, response); } finally { - ProviderContextHolder.resetProviderContext(); + AuthorizationServerContextHolder.resetContext(); } } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java index 8d78de0b..f2b78b69 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java @@ -31,7 +31,7 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationServerMetadata; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.http.converter.OAuth2AuthorizationServerMetadataHttpMessageConverter; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @@ -78,7 +78,7 @@ public final class OAuth2AuthorizationServerMetadataEndpointFilter extends OnceP return; } - String issuer = ProviderContextHolder.getProviderContext().getIssuer(); + String issuer = AuthorizationServerContextHolder.getContext().getIssuer(); OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.builder() .issuer(issuer) diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProviderTests.java index a9950ef5..de66519e 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProviderTests.java @@ -57,8 +57,8 @@ import org.springframework.security.oauth2.server.authorization.TestOAuth2Author import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; import org.springframework.web.util.UriComponentsBuilder; @@ -100,7 +100,7 @@ public class JwtClientAssertionAuthenticationProviderTests { this.authenticationProvider = new JwtClientAssertionAuthenticationProvider( this.registeredClientRepository, this.authorizationService); this.authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://auth-server.com").build(); - ProviderContextHolder.setProviderContext(new ProviderContext(this.authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(this.authorizationServerSettings, null)); } @Test diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java index e02659c1..90087e00 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java @@ -54,8 +54,8 @@ import org.springframework.security.oauth2.server.authorization.OAuth2TokenType; import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; @@ -119,12 +119,12 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { this.authenticationProvider = new OAuth2AuthorizationCodeAuthenticationProvider( this.authorizationService, this.tokenGenerator); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); } @After public void cleanup() { - ProviderContextHolder.resetProviderContext(); + AuthorizationServerContextHolder.resetContext(); } @Test diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProviderTests.java index db832690..a57e2c14 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProviderTests.java @@ -48,8 +48,8 @@ import org.springframework.security.oauth2.server.authorization.TestOAuth2Author import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; @@ -88,7 +88,7 @@ public class OAuth2AuthorizationCodeRequestAuthenticationProviderTests { this.principal = new TestingAuthenticationToken("principalName", "password"); this.principal.setAuthenticated(true); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); } @Test diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java index 9ce5b778..2ec7fda6 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java @@ -42,8 +42,8 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat import org.springframework.security.oauth2.server.authorization.OAuth2TokenType; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; @@ -100,12 +100,12 @@ public class OAuth2ClientCredentialsAuthenticationProviderTests { this.authenticationProvider = new OAuth2ClientCredentialsAuthenticationProvider( this.authorizationService, this.tokenGenerator); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); } @After public void cleanup() { - ProviderContextHolder.resetProviderContext(); + AuthorizationServerContextHolder.resetContext(); } @Test diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java index b116eee3..a17b5da8 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java @@ -51,8 +51,8 @@ import org.springframework.security.oauth2.server.authorization.OAuth2TokenType; import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; @@ -117,12 +117,12 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { this.authenticationProvider = new OAuth2RefreshTokenAuthenticationProvider( this.authorizationService, this.tokenGenerator); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); } @After public void cleanup() { - ProviderContextHolder.resetProviderContext(); + AuthorizationServerContextHolder.resetContext(); } @Test diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java index 9b4050a8..df053fa1 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java @@ -52,8 +52,8 @@ import org.springframework.security.oauth2.server.authorization.TestOAuth2Author import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.oidc.OidcClientMetadataClaimNames; import org.springframework.security.oauth2.server.authorization.oidc.OidcClientRegistration; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; @@ -104,14 +104,14 @@ public class OidcClientRegistrationAuthenticationProviderTests { } }); this.authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - ProviderContextHolder.setProviderContext(new ProviderContext(this.authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(this.authorizationServerSettings, null)); this.authenticationProvider = new OidcClientRegistrationAuthenticationProvider( this.registeredClientRepository, this.authorizationService, this.tokenGenerator); } @After public void cleanup() { - ProviderContextHolder.resetProviderContext(); + AuthorizationServerContextHolder.resetContext(); } @Test @@ -612,9 +612,9 @@ public class OidcClientRegistrationAuthenticationProviderTests { assertThat(clientRegistrationResult.getIdTokenSignedResponseAlgorithm()) .isEqualTo(registeredClientResult.getTokenSettings().getIdTokenSignatureAlgorithm().getName()); - ProviderContext providerContext = ProviderContextHolder.getProviderContext(); - String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(providerContext.getIssuer()) - .path(providerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint()) + AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext(); + String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(authorizationServerContext.getIssuer()) + .path(authorizationServerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint()) .queryParam(OAuth2ParameterNames.CLIENT_ID, registeredClientResult.getClientId()).toUriString(); assertThat(clientRegistrationResult.getRegistrationClientUrl().toString()).isEqualTo(expectedRegistrationClientUrl); @@ -808,9 +808,9 @@ public class OidcClientRegistrationAuthenticationProviderTests { assertThat(clientRegistrationResult.getIdTokenSignedResponseAlgorithm()) .isEqualTo(registeredClient.getTokenSettings().getIdTokenSignatureAlgorithm().getName()); - ProviderContext providerContext = ProviderContextHolder.getProviderContext(); - String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(providerContext.getIssuer()) - .path(providerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint()) + AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext(); + String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(authorizationServerContext.getIssuer()) + .path(authorizationServerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint()) .queryParam(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId()).toUriString(); assertThat(clientRegistrationResult.getRegistrationClientUrl().toString()).isEqualTo(expectedRegistrationClientUrl); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java index 2439e046..b41183f9 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java @@ -25,8 +25,8 @@ import org.junit.Test; import org.springframework.http.MediaType; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import static org.assertj.core.api.Assertions.assertThat; @@ -46,7 +46,7 @@ public class OidcProviderConfigurationEndpointFilterTests { @After public void cleanup() { - ProviderContextHolder.resetProviderContext(); + AuthorizationServerContextHolder.resetContext(); } @Test @@ -107,7 +107,7 @@ public class OidcProviderConfigurationEndpointFilterTests { .tokenRevocationEndpoint(tokenRevocationEndpoint) .tokenIntrospectionEndpoint(tokenIntrospectionEndpoint) .build(); - ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); OidcProviderConfigurationEndpointFilter filter = new OidcProviderConfigurationEndpointFilter(authorizationServerSettings); @@ -145,7 +145,7 @@ public class OidcProviderConfigurationEndpointFilterTests { AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder() .issuer("https://this is an invalid URL") .build(); - ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); OidcProviderConfigurationEndpointFilter filter = new OidcProviderConfigurationEndpointFilter(authorizationServerSettings); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java index 5fd725a1..a708cfa2 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java @@ -46,7 +46,7 @@ import org.springframework.security.oauth2.server.authorization.authentication.O import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; @@ -66,7 +66,7 @@ public class JwtGeneratorTests { private JwtEncoder jwtEncoder; private OAuth2TokenCustomizer jwtCustomizer; private JwtGenerator jwtGenerator; - private ProviderContext providerContext; + private AuthorizationServerContext authorizationServerContext; @Before public void setUp() { @@ -75,7 +75,7 @@ public class JwtGeneratorTests { this.jwtGenerator = new JwtGenerator(this.jwtEncoder); this.jwtGenerator.setJwtCustomizer(this.jwtCustomizer); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - this.providerContext = new ProviderContext(authorizationServerSettings, null); + this.authorizationServerContext = new AuthorizationServerContext(authorizationServerSettings, null); } @Test @@ -137,7 +137,7 @@ public class JwtGeneratorTests { OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder() .registeredClient(registeredClient) .principal(authorization.getAttribute(Principal.class.getName())) - .providerContext(this.providerContext) + .authorizationServerContext(this.authorizationServerContext) .authorization(authorization) .authorizedScopes(authorization.getAuthorizedScopes()) .tokenType(OAuth2TokenType.ACCESS_TOKEN) @@ -168,7 +168,7 @@ public class JwtGeneratorTests { OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder() .registeredClient(registeredClient) .principal(authorization.getAttribute(Principal.class.getName())) - .providerContext(this.providerContext) + .authorizationServerContext(this.authorizationServerContext) .authorization(authorization) .authorizedScopes(authorization.getAuthorizedScopes()) .tokenType(ID_TOKEN_TOKEN_TYPE) @@ -204,7 +204,7 @@ public class JwtGeneratorTests { assertThat(jwsHeader.getAlgorithm()).isEqualTo(SignatureAlgorithm.RS256); JwtClaimsSet jwtClaimsSet = jwtEncoderParametersCaptor.getValue().getClaims(); - assertThat(jwtClaimsSet.getIssuer().toExternalForm()).isEqualTo(tokenContext.getProviderContext().getIssuer()); + assertThat(jwtClaimsSet.getIssuer().toExternalForm()).isEqualTo(tokenContext.getAuthorizationServerContext().getIssuer()); assertThat(jwtClaimsSet.getSubject()).isEqualTo(tokenContext.getAuthorization().getPrincipalName()); assertThat(jwtClaimsSet.getAudience()).containsExactly(tokenContext.getRegisteredClient().getClientId()); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGeneratorTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGeneratorTests.java index 6d778a06..ea3b0b50 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGeneratorTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGeneratorTests.java @@ -38,7 +38,7 @@ import org.springframework.security.oauth2.server.authorization.authentication.O import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; @@ -56,7 +56,7 @@ import static org.mockito.Mockito.verify; public class OAuth2AccessTokenGeneratorTests { private OAuth2TokenCustomizer accessTokenCustomizer; private OAuth2AccessTokenGenerator accessTokenGenerator; - private ProviderContext providerContext; + private AuthorizationServerContext authorizationServerContext; @Before public void setUp() { @@ -64,7 +64,7 @@ public class OAuth2AccessTokenGeneratorTests { this.accessTokenGenerator = new OAuth2AccessTokenGenerator(); this.accessTokenGenerator.setAccessTokenCustomizer(this.accessTokenCustomizer); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - this.providerContext = new ProviderContext(authorizationServerSettings, null); + this.authorizationServerContext = new AuthorizationServerContext(authorizationServerSettings, null); } @Test @@ -134,7 +134,7 @@ public class OAuth2AccessTokenGeneratorTests { OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder() .registeredClient(registeredClient) .principal(principal) - .providerContext(this.providerContext) + .authorizationServerContext(this.authorizationServerContext) .authorization(authorization) .authorizedScopes(authorization.getAuthorizedScopes()) .tokenType(OAuth2TokenType.ACCESS_TOKEN) @@ -156,7 +156,7 @@ public class OAuth2AccessTokenGeneratorTests { OAuth2TokenClaimAccessor accessTokenClaims = ((ClaimAccessor) accessToken)::getClaims; assertThat(accessTokenClaims.getClaims()).isNotEmpty(); - assertThat(accessTokenClaims.getIssuer().toExternalForm()).isEqualTo(tokenContext.getProviderContext().getIssuer()); + assertThat(accessTokenClaims.getIssuer().toExternalForm()).isEqualTo(tokenContext.getAuthorizationServerContext().getIssuer()); assertThat(accessTokenClaims.getSubject()).isEqualTo(tokenContext.getPrincipal().getName()); assertThat(accessTokenClaims.getAudience()).isEqualTo( Collections.singletonList(tokenContext.getRegisteredClient().getClientId())); @@ -175,7 +175,7 @@ public class OAuth2AccessTokenGeneratorTests { assertThat(tokenClaimsContext.getClaims()).isNotNull(); assertThat(tokenClaimsContext.getRegisteredClient()).isEqualTo(tokenContext.getRegisteredClient()); assertThat(tokenClaimsContext.getPrincipal()).isEqualTo(tokenContext.getPrincipal()); - assertThat(tokenClaimsContext.getProviderContext()).isEqualTo(tokenContext.getProviderContext()); + assertThat(tokenClaimsContext.getAuthorizationServerContext()).isEqualTo(tokenContext.getAuthorizationServerContext()); assertThat(tokenClaimsContext.getAuthorization()).isEqualTo(tokenContext.getAuthorization()); assertThat(tokenClaimsContext.getAuthorizedScopes()).isEqualTo(tokenContext.getAuthorizedScopes()); assertThat(tokenClaimsContext.getTokenType()).isEqualTo(tokenContext.getTokenType()); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2TokenClaimsContextTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2TokenClaimsContextTests.java index 78bdde1d..2889e759 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2TokenClaimsContextTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2TokenClaimsContextTests.java @@ -34,7 +34,7 @@ import org.springframework.security.oauth2.server.authorization.authentication.O import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import static org.assertj.core.api.Assertions.assertThat; @@ -75,7 +75,7 @@ public class OAuth2TokenClaimsContextTests { OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); Authentication principal = authorization.getAttribute(Principal.class.getName()); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer(issuer).build(); - ProviderContext providerContext = new ProviderContext(authorizationServerSettings, null); + AuthorizationServerContext authorizationServerContext = new AuthorizationServerContext(authorizationServerSettings, null); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute( @@ -88,7 +88,7 @@ public class OAuth2TokenClaimsContextTests { OAuth2TokenClaimsContext context = OAuth2TokenClaimsContext.with(claims) .registeredClient(registeredClient) .principal(principal) - .providerContext(providerContext) + .authorizationServerContext(authorizationServerContext) .authorization(authorization) .tokenType(OAuth2TokenType.ACCESS_TOKEN) .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) @@ -101,7 +101,7 @@ public class OAuth2TokenClaimsContextTests { assertThat(context.getClaims()).isEqualTo(claims); assertThat(context.getRegisteredClient()).isEqualTo(registeredClient); assertThat(context.getPrincipal()).isEqualTo(principal); - assertThat(context.getProviderContext()).isEqualTo(providerContext); + assertThat(context.getAuthorizationServerContext()).isEqualTo(authorizationServerContext); assertThat(context.getAuthorization()).isEqualTo(authorization); assertThat(context.getTokenType()).isEqualTo(OAuth2TokenType.ACCESS_TOKEN); assertThat(context.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/ProviderContextFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/AuthorizationServerContextFilterTests.java similarity index 67% rename from oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/ProviderContextFilterTests.java rename to oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/AuthorizationServerContextFilterTests.java index 68d96126..9d4a9927 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/ProviderContextFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/AuthorizationServerContextFilterTests.java @@ -22,8 +22,8 @@ import org.junit.Test; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import static org.assertj.core.api.Assertions.assertThat; @@ -33,20 +33,20 @@ import static org.mockito.Mockito.doAnswer; import static org.mockito.Mockito.mock; /** - * Tests for {@link ProviderContextFilter}. + * Tests for {@link AuthorizationServerContextFilter}. * * @author Joe Grandja */ -public class ProviderContextFilterTests { +public class AuthorizationServerContextFilterTests { @After public void cleanup() { - ProviderContextHolder.resetProviderContext(); + AuthorizationServerContextHolder.resetContext(); } @Test public void constructorWhenAuthorizationServerSettingsNullThenThrowIllegalArgumentException() { - assertThatThrownBy(() -> new ProviderContextFilter(null)) + assertThatThrownBy(() -> new AuthorizationServerContextFilter(null)) .isInstanceOf(IllegalArgumentException.class) .hasMessage("authorizationServerSettings cannot be null"); } @@ -55,7 +55,7 @@ public class ProviderContextFilterTests { public void doFilterWhenIssuerConfiguredThenUsed() throws Exception { String issuer = "https://provider.com"; AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer(issuer).build(); - ProviderContextFilter filter = new ProviderContextFilter(authorizationServerSettings); + AuthorizationServerContextFilter filter = new AuthorizationServerContextFilter(authorizationServerSettings); MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); request.setServletPath("/"); @@ -63,22 +63,22 @@ public class ProviderContextFilterTests { FilterChain filterChain = mock(FilterChain.class); doAnswer(invocation -> { - ProviderContext providerContext = ProviderContextHolder.getProviderContext(); - assertThat(providerContext).isNotNull(); - assertThat(providerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings); - assertThat(providerContext.getIssuer()).isEqualTo(issuer); + AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext(); + assertThat(authorizationServerContext).isNotNull(); + assertThat(authorizationServerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings); + assertThat(authorizationServerContext.getIssuer()).isEqualTo(issuer); return null; }).when(filterChain).doFilter(any(), any()); filter.doFilter(request, response, filterChain); - assertThat(ProviderContextHolder.getProviderContext()).isNull(); + assertThat(AuthorizationServerContextHolder.getContext()).isNull(); } @Test public void doFilterWhenIssuerNotConfiguredThenResolveFromRequest() throws Exception { AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().build(); - ProviderContextFilter filter = new ProviderContextFilter(authorizationServerSettings); + AuthorizationServerContextFilter filter = new AuthorizationServerContextFilter(authorizationServerSettings); MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); request.setServletPath("/"); @@ -86,16 +86,16 @@ public class ProviderContextFilterTests { FilterChain filterChain = mock(FilterChain.class); doAnswer(invocation -> { - ProviderContext providerContext = ProviderContextHolder.getProviderContext(); - assertThat(providerContext).isNotNull(); - assertThat(providerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings); - assertThat(providerContext.getIssuer()).isEqualTo("http://localhost"); + AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext(); + assertThat(authorizationServerContext).isNotNull(); + assertThat(authorizationServerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings); + assertThat(authorizationServerContext.getIssuer()).isEqualTo("http://localhost"); return null; }).when(filterChain).doFilter(any(), any()); filter.doFilter(request, response, filterChain); - assertThat(ProviderContextHolder.getProviderContext()).isNull(); + assertThat(AuthorizationServerContextHolder.getContext()).isNull(); } } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java index d7c7e2aa..002e9807 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java @@ -25,8 +25,8 @@ import org.junit.Test; import org.springframework.http.MediaType; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import static org.assertj.core.api.Assertions.assertThat; @@ -46,7 +46,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { @After public void cleanup() { - ProviderContextHolder.resetProviderContext(); + AuthorizationServerContextHolder.resetContext(); } @Test @@ -105,7 +105,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { .tokenRevocationEndpoint(tokenRevocationEndpoint) .tokenIntrospectionEndpoint(tokenIntrospectionEndpoint) .build(); - ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); OAuth2AuthorizationServerMetadataEndpointFilter filter = new OAuth2AuthorizationServerMetadataEndpointFilter(authorizationServerSettings); @@ -140,7 +140,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder() .issuer("https://this is an invalid URL") .build(); - ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); OAuth2AuthorizationServerMetadataEndpointFilter filter = new OAuth2AuthorizationServerMetadataEndpointFilter(authorizationServerSettings);