From 830f55e5385524efb70aed87cbe883eef9292074 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Mon, 29 Nov 2021 01:49:26 -0500 Subject: [PATCH] Revert "Support resolving issuer from current request" This reverts commit 666d569b489c09fa98b7c7898efc49ef0a289adc. --- .../OAuth2AuthorizationServerConfigurer.java | 16 +++--- .../server/authorization/OidcConfigurer.java | 17 ++++--- ...thorizationCodeAuthenticationProvider.java | 7 ++- ...2AuthorizationCodeAuthenticationToken.java | 20 -------- ...AuthorizationGrantAuthenticationToken.java | 38 -------------- ...ientCredentialsAuthenticationProvider.java | 7 ++- ...2ClientCredentialsAuthenticationToken.java | 18 ------- ...th2RefreshTokenAuthenticationProvider.java | 7 ++- ...OAuth2RefreshTokenAuthenticationToken.java | 21 -------- ...entRegistrationAuthenticationProvider.java | 22 ++++----- ...ClientRegistrationAuthenticationToken.java | 39 +-------------- .../OidcClientRegistrationEndpointFilter.java | 10 +--- ...dcProviderConfigurationEndpointFilter.java | 25 ++++------ ...orizationServerMetadataEndpointFilter.java | 33 +++---------- .../authorization/web/WebAttributes.java | 37 -------------- ...horizationCodeAuthenticationConverter.java | 5 +- ...entCredentialsAuthenticationConverter.java | 6 +-- ...h2RefreshTokenAuthenticationConverter.java | 6 +-- .../OAuth2ClientCredentialsGrantTests.java | 3 +- .../JwtEncodingContextTests.java | 3 +- ...zationCodeAuthenticationProviderTests.java | 29 ++++++----- ...orizationCodeAuthenticationTokenTests.java | 17 ++----- ...redentialsAuthenticationProviderTests.java | 22 +++------ ...ntCredentialsAuthenticationTokenTests.java | 16 ++---- ...freshTokenAuthenticationProviderTests.java | 39 +++++---------- ...2RefreshTokenAuthenticationTokenTests.java | 17 ++----- ...gistrationAuthenticationProviderTests.java | 49 +++++++------------ ...tRegistrationAuthenticationTokenTests.java | 22 +++------ ...ClientRegistrationEndpointFilterTests.java | 11 +---- ...viderConfigurationEndpointFilterTests.java | 3 -- ...tionServerMetadataEndpointFilterTests.java | 32 ------------ .../web/OAuth2TokenEndpointFilterTests.java | 9 +--- .../config/AuthorizationServerConfig.java | 6 +++ .../config/AuthorizationServerConfig.java | 6 +++ 34 files changed, 150 insertions(+), 468 deletions(-) delete mode 100644 oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/WebAttributes.java diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.java index 10767522..1a10cb4b 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.java @@ -216,17 +216,9 @@ public final class OAuth2AuthorizationServerConfigurer configurer.configure(builder)); + ProviderSettings providerSettings = OAuth2ConfigurerUtils.getProviderSettings(builder); AuthenticationManager authenticationManager = builder.getSharedObject(AuthenticationManager.class); OAuth2TokenIntrospectionEndpointFilter tokenIntrospectionEndpointFilter = @@ -246,6 +238,12 @@ public final class OAuth2AuthorizationServerConfigurer, AbstractOAuth2Configurer> createConfigurers() { diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcConfigurer.java index 8e7962e6..dd17955a 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcConfigurer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcConfigurer.java @@ -85,13 +85,16 @@ public final class OidcConfigurer extends AbstractOAuth2Configurer { } List requestMatchers = new ArrayList<>(); - requestMatchers.add(new AntPathRequestMatcher( - "/.well-known/openid-configuration", HttpMethod.GET.name())); + ProviderSettings providerSettings = OAuth2ConfigurerUtils.getProviderSettings(builder); + if (providerSettings.getIssuer() != null) { + requestMatchers.add(new AntPathRequestMatcher( + "/.well-known/openid-configuration", HttpMethod.GET.name())); + } requestMatchers.add(this.userInfoEndpointConfigurer.getRequestMatcher()); if (this.clientRegistrationEndpointConfigurer != null) { requestMatchers.add(this.clientRegistrationEndpointConfigurer.getRequestMatcher()); } - this.requestMatcher = new OrRequestMatcher(requestMatchers); + this.requestMatcher = requestMatchers.size() > 1 ? new OrRequestMatcher(requestMatchers) : requestMatchers.get(0); } @Override @@ -102,9 +105,11 @@ public final class OidcConfigurer extends AbstractOAuth2Configurer { } ProviderSettings providerSettings = OAuth2ConfigurerUtils.getProviderSettings(builder); - OidcProviderConfigurationEndpointFilter oidcProviderConfigurationEndpointFilter = - new OidcProviderConfigurationEndpointFilter(providerSettings); - builder.addFilterBefore(postProcess(oidcProviderConfigurationEndpointFilter), AbstractPreAuthenticatedProcessingFilter.class); + if (providerSettings.getIssuer() != null) { + OidcProviderConfigurationEndpointFilter oidcProviderConfigurationEndpointFilter = + new OidcProviderConfigurationEndpointFilter(providerSettings); + builder.addFilterBefore(postProcess(oidcProviderConfigurationEndpointFilter), AbstractPreAuthenticatedProcessingFilter.class); + } } @Override diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java index a91b1e59..7417d558 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java @@ -26,6 +26,7 @@ import java.util.Set; import java.util.function.Consumer; import java.util.function.Supplier; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; @@ -86,6 +87,7 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth private final JwtEncoder jwtEncoder; private OAuth2TokenCustomizer jwtCustomizer = (context) -> {}; private Supplier refreshTokenGenerator = DEFAULT_REFRESH_TOKEN_GENERATOR::generateKey; + private ProviderSettings providerSettings; /** * Constructs an {@code OAuth2AuthorizationCodeAuthenticationProvider} using the provided parameters. @@ -122,8 +124,9 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth this.refreshTokenGenerator = refreshTokenGenerator; } - @Deprecated + @Autowired(required = false) protected void setProviderSettings(ProviderSettings providerSettings) { + this.providerSettings = providerSettings; } @Override @@ -164,7 +167,7 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_GRANT); } - String issuer = authorizationCodeAuthentication.getIssuer(); + String issuer = this.providerSettings != null ? this.providerSettings.getIssuer() : null; Set authorizedScopes = authorization.getAttribute( OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationToken.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationToken.java index 877edf5d..6f38750e 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationToken.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationToken.java @@ -43,9 +43,7 @@ public class OAuth2AuthorizationCodeAuthenticationToken extends OAuth2Authorizat * @param clientPrincipal the authenticated client principal * @param redirectUri the redirect uri * @param additionalParameters the additional parameters - * @deprecated Use {@link #OAuth2AuthorizationCodeAuthenticationToken(String, String, Authentication, String, Map)} instead */ - @Deprecated public OAuth2AuthorizationCodeAuthenticationToken(String code, Authentication clientPrincipal, @Nullable String redirectUri, @Nullable Map additionalParameters) { super(AuthorizationGrantType.AUTHORIZATION_CODE, clientPrincipal, additionalParameters); @@ -54,24 +52,6 @@ public class OAuth2AuthorizationCodeAuthenticationToken extends OAuth2Authorizat this.redirectUri = redirectUri; } - /** - * Constructs an {@code OAuth2AuthorizationCodeAuthenticationToken} using the provided parameters. - * - * @param issuer the issuer identifier - * @param code the authorization code - * @param clientPrincipal the authenticated client principal - * @param redirectUri the redirect uri - * @param additionalParameters the additional parameters - * @since 0.2.1 - */ - public OAuth2AuthorizationCodeAuthenticationToken(String issuer, String code, Authentication clientPrincipal, - @Nullable String redirectUri, @Nullable Map additionalParameters) { - super(AuthorizationGrantType.AUTHORIZATION_CODE, issuer, clientPrincipal, additionalParameters); - Assert.hasText(code, "code cannot be empty"); - this.code = code; - this.redirectUri = redirectUri; - } - /** * Returns the authorization code. * diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationGrantAuthenticationToken.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationGrantAuthenticationToken.java index 9871bec5..e43443d2 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationGrantAuthenticationToken.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationGrantAuthenticationToken.java @@ -39,7 +39,6 @@ import org.springframework.util.Assert; public class OAuth2AuthorizationGrantAuthenticationToken extends AbstractAuthenticationToken { private static final long serialVersionUID = Version.SERIAL_VERSION_UID; private final AuthorizationGrantType authorizationGrantType; - private final String issuer; private final Authentication clientPrincipal; private final Map additionalParameters; @@ -49,40 +48,13 @@ public class OAuth2AuthorizationGrantAuthenticationToken extends AbstractAuthent * @param authorizationGrantType the authorization grant type * @param clientPrincipal the authenticated client principal * @param additionalParameters the additional parameters - * @deprecated Use {@link #OAuth2AuthorizationGrantAuthenticationToken(AuthorizationGrantType, String, Authentication, Map)} instead */ - @Deprecated protected OAuth2AuthorizationGrantAuthenticationToken(AuthorizationGrantType authorizationGrantType, Authentication clientPrincipal, @Nullable Map additionalParameters) { super(Collections.emptyList()); Assert.notNull(authorizationGrantType, "authorizationGrantType cannot be null"); Assert.notNull(clientPrincipal, "clientPrincipal cannot be null"); this.authorizationGrantType = authorizationGrantType; - this.issuer = null; - this.clientPrincipal = clientPrincipal; - this.additionalParameters = Collections.unmodifiableMap( - additionalParameters != null ? - new HashMap<>(additionalParameters) : - Collections.emptyMap()); - } - - /** - * Sub-class constructor. - * - * @param authorizationGrantType the authorization grant type - * @param issuer the issuer identifier - * @param clientPrincipal the authenticated client principal - * @param additionalParameters the additional parameters - * @since 0.2.1 - */ - protected OAuth2AuthorizationGrantAuthenticationToken(AuthorizationGrantType authorizationGrantType, - String issuer, Authentication clientPrincipal, @Nullable Map additionalParameters) { - super(Collections.emptyList()); - Assert.notNull(authorizationGrantType, "authorizationGrantType cannot be null"); - Assert.hasText(issuer, "issuer cannot be empty"); - Assert.notNull(clientPrincipal, "clientPrincipal cannot be null"); - this.authorizationGrantType = authorizationGrantType; - this.issuer = issuer; this.clientPrincipal = clientPrincipal; this.additionalParameters = Collections.unmodifiableMap( additionalParameters != null ? @@ -99,16 +71,6 @@ public class OAuth2AuthorizationGrantAuthenticationToken extends AbstractAuthent return this.authorizationGrantType; } - /** - * Returns the issuer identifier. - * - * @return the issuer identifier - * @since 0.2.1 - */ - public String getIssuer() { - return this.issuer; - } - @Override public Object getPrincipal() { return this.clientPrincipal; diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java index b938ee90..34ac9731 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java @@ -19,6 +19,7 @@ import java.util.LinkedHashSet; import java.util.Set; import java.util.function.Consumer; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; @@ -61,6 +62,7 @@ public final class OAuth2ClientCredentialsAuthenticationProvider implements Auth private final OAuth2AuthorizationService authorizationService; private final JwtEncoder jwtEncoder; private OAuth2TokenCustomizer jwtCustomizer = (context) -> {}; + private ProviderSettings providerSettings; /** * Constructs an {@code OAuth2ClientCredentialsAuthenticationProvider} using the provided parameters. @@ -88,8 +90,9 @@ public final class OAuth2ClientCredentialsAuthenticationProvider implements Auth this.jwtCustomizer = jwtCustomizer; } - @Deprecated + @Autowired(required = false) protected void setProviderSettings(ProviderSettings providerSettings) { + this.providerSettings = providerSettings; } @Override @@ -115,7 +118,7 @@ public final class OAuth2ClientCredentialsAuthenticationProvider implements Auth authorizedScopes = new LinkedHashSet<>(clientCredentialsAuthentication.getScopes()); } - String issuer = clientCredentialsAuthentication.getIssuer(); + String issuer = this.providerSettings != null ? this.providerSettings.getIssuer() : null; JoseHeader.Builder headersBuilder = JwtUtils.headers(); JwtClaimsSet.Builder claimsBuilder = JwtUtils.accessTokenClaims( diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationToken.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationToken.java index 5ff5556c..83849489 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationToken.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationToken.java @@ -41,9 +41,7 @@ public class OAuth2ClientCredentialsAuthenticationToken extends OAuth2Authorizat * @param clientPrincipal the authenticated client principal * @param scopes the requested scope(s) * @param additionalParameters the additional parameters - * @deprecated Use {@link #OAuth2ClientCredentialsAuthenticationToken(String, Authentication, Set, Map)} instead */ - @Deprecated public OAuth2ClientCredentialsAuthenticationToken(Authentication clientPrincipal, @Nullable Set scopes, @Nullable Map additionalParameters) { super(AuthorizationGrantType.CLIENT_CREDENTIALS, clientPrincipal, additionalParameters); @@ -51,22 +49,6 @@ public class OAuth2ClientCredentialsAuthenticationToken extends OAuth2Authorizat scopes != null ? new HashSet<>(scopes) : Collections.emptySet()); } - /** - * Constructs an {@code OAuth2ClientCredentialsAuthenticationToken} using the provided parameters. - * - * @param issuer the issuer identifier - * @param clientPrincipal the authenticated client principal - * @param scopes the requested scope(s) - * @param additionalParameters the additional parameters - * @since 0.2.1 - */ - public OAuth2ClientCredentialsAuthenticationToken(String issuer, Authentication clientPrincipal, - @Nullable Set scopes, @Nullable Map additionalParameters) { - super(AuthorizationGrantType.CLIENT_CREDENTIALS, issuer, clientPrincipal, additionalParameters); - this.scopes = Collections.unmodifiableSet( - scopes != null ? new HashSet<>(scopes) : Collections.emptySet()); - } - /** * Returns the requested scope(s). * diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java index d930088e..b9e1dec0 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java @@ -26,6 +26,7 @@ import java.util.Set; import java.util.function.Consumer; import java.util.function.Supplier; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; @@ -79,6 +80,7 @@ public final class OAuth2RefreshTokenAuthenticationProvider implements Authentic private final JwtEncoder jwtEncoder; private OAuth2TokenCustomizer jwtCustomizer = (context) -> {}; private Supplier refreshTokenGenerator = DEFAULT_REFRESH_TOKEN_GENERATOR::generateKey; + private ProviderSettings providerSettings; /** * Constructs an {@code OAuth2RefreshTokenAuthenticationProvider} using the provided parameters. @@ -116,8 +118,9 @@ public final class OAuth2RefreshTokenAuthenticationProvider implements Authentic this.refreshTokenGenerator = refreshTokenGenerator; } - @Deprecated + @Autowired(required = false) protected void setProviderSettings(ProviderSettings providerSettings) { + this.providerSettings = providerSettings; } @Override @@ -163,7 +166,7 @@ public final class OAuth2RefreshTokenAuthenticationProvider implements Authentic scopes = authorizedScopes; } - String issuer = refreshTokenAuthentication.getIssuer(); + String issuer = this.providerSettings != null ? this.providerSettings.getIssuer() : null; JoseHeader.Builder headersBuilder = JwtUtils.headers(); JwtClaimsSet.Builder claimsBuilder = JwtUtils.accessTokenClaims( diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationToken.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationToken.java index a8f50599..26ce4ad0 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationToken.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationToken.java @@ -44,9 +44,7 @@ public class OAuth2RefreshTokenAuthenticationToken extends OAuth2AuthorizationGr * @param clientPrincipal the authenticated client principal * @param scopes the requested scope(s) * @param additionalParameters the additional parameters - * @deprecated Use {@link #OAuth2RefreshTokenAuthenticationToken(String, String, Authentication, Set, Map)} instead */ - @Deprecated public OAuth2RefreshTokenAuthenticationToken(String refreshToken, Authentication clientPrincipal, @Nullable Set scopes, @Nullable Map additionalParameters) { super(AuthorizationGrantType.REFRESH_TOKEN, clientPrincipal, additionalParameters); @@ -56,25 +54,6 @@ public class OAuth2RefreshTokenAuthenticationToken extends OAuth2AuthorizationGr scopes != null ? new HashSet<>(scopes) : Collections.emptySet()); } - /** - * Constructs an {@code OAuth2RefreshTokenAuthenticationToken} using the provided parameters. - * - * @param issuer the issuer identifier - * @param refreshToken the refresh token - * @param clientPrincipal the authenticated client principal - * @param scopes the requested scope(s) - * @param additionalParameters the additional parameters - * @since 0.2.1 - */ - public OAuth2RefreshTokenAuthenticationToken(String issuer, String refreshToken, Authentication clientPrincipal, - @Nullable Set scopes, @Nullable Map additionalParameters) { - super(AuthorizationGrantType.REFRESH_TOKEN, issuer, clientPrincipal, additionalParameters); - Assert.hasText(refreshToken, "refreshToken cannot be empty"); - this.refreshToken = refreshToken; - this.scopes = Collections.unmodifiableSet( - scopes != null ? new HashSet<>(scopes) : Collections.emptySet()); - } - /** * Returns the refresh token. * diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java index fb8f46ff..e07cf893 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java @@ -178,11 +178,9 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_CLIENT); } - OidcClientRegistration clientRegistration = buildRegistration( - registeredClient, clientRegistrationAuthentication.getIssuer()) - .build(); + OidcClientRegistration clientRegistration = buildRegistration(registeredClient).build(); - return new OidcClientRegistrationAuthenticationToken(clientRegistrationAuthentication.getIssuer(), + return new OidcClientRegistrationAuthenticationToken( (Authentication) clientRegistrationAuthentication.getPrincipal(), clientRegistration); } @@ -200,8 +198,7 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe RegisteredClient registeredClient = createClient(clientRegistrationAuthentication.getClientRegistration()); this.registeredClientRepository.save(registeredClient); - OAuth2Authorization registeredClientAuthorization = registerAccessToken( - registeredClient, clientRegistrationAuthentication.getIssuer()); + OAuth2Authorization registeredClientAuthorization = registerAccessToken(registeredClient); // Invalidate the "initial" access token as it can only be used once authorization = OidcAuthenticationProviderUtils.invalidate(authorization, authorizedAccessToken.getToken()); @@ -210,22 +207,21 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe } this.authorizationService.save(authorization); - OidcClientRegistration clientRegistration = buildRegistration( - registeredClient, clientRegistrationAuthentication.getIssuer()) + OidcClientRegistration clientRegistration = buildRegistration(registeredClient) .registrationAccessToken(registeredClientAuthorization.getAccessToken().getToken().getTokenValue()) .build(); - return new OidcClientRegistrationAuthenticationToken(clientRegistrationAuthentication.getIssuer(), + return new OidcClientRegistrationAuthenticationToken( (Authentication) clientRegistrationAuthentication.getPrincipal(), clientRegistration); } - private OAuth2Authorization registerAccessToken(RegisteredClient registeredClient, String issuer) { + private OAuth2Authorization registerAccessToken(RegisteredClient registeredClient) { JoseHeader headers = JwtUtils.headers().build(); Set authorizedScopes = Collections.singleton(DEFAULT_CLIENT_CONFIGURATION_AUTHORIZED_SCOPE); JwtClaimsSet claims = JwtUtils.accessTokenClaims( - registeredClient, issuer, registeredClient.getClientId(), authorizedScopes) + registeredClient, this.providerSettings.getIssuer(), registeredClient.getClientId(), authorizedScopes) .build(); Jwt registrationAccessToken = this.jwtEncoder.encode(headers, claims); @@ -250,7 +246,7 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe return registeredClientAuthorization; } - private OidcClientRegistration.Builder buildRegistration(RegisteredClient registeredClient, String issuer) { + private OidcClientRegistration.Builder buildRegistration(RegisteredClient registeredClient) { // @formatter:off OidcClientRegistration.Builder builder = OidcClientRegistration.builder() .clientId(registeredClient.getClientId()) @@ -274,7 +270,7 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe scopes.addAll(registeredClient.getScopes())); } - String registrationClientUri = UriComponentsBuilder.fromUriString(issuer) + String registrationClientUri = UriComponentsBuilder.fromUriString(this.providerSettings.getIssuer()) .path(this.providerSettings.getOidcClientRegistrationEndpoint()) .queryParam(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId()) .toUriString(); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationToken.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationToken.java index 83c00f65..6637f500 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationToken.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationToken.java @@ -36,7 +36,6 @@ import org.springframework.util.Assert; */ public class OidcClientRegistrationAuthenticationToken extends AbstractAuthenticationToken { private static final long serialVersionUID = Version.SERIAL_VERSION_UID; - private final String issuer; private final Authentication principal; private final OidcClientRegistration clientRegistration; private final String clientId; @@ -46,14 +45,11 @@ public class OidcClientRegistrationAuthenticationToken extends AbstractAuthentic * * @param principal the authenticated principal * @param clientRegistration the client registration - * @deprecated Use {@link #OidcClientRegistrationAuthenticationToken(String, Authentication, OidcClientRegistration)} instead */ - @Deprecated public OidcClientRegistrationAuthenticationToken(Authentication principal, OidcClientRegistration clientRegistration) { super(Collections.emptyList()); Assert.notNull(principal, "principal cannot be null"); Assert.notNull(clientRegistration, "clientRegistration cannot be null"); - this.issuer = null; this.principal = principal; this.clientRegistration = clientRegistration; this.clientId = null; @@ -63,53 +59,20 @@ public class OidcClientRegistrationAuthenticationToken extends AbstractAuthentic /** * Constructs an {@code OidcClientRegistrationAuthenticationToken} using the provided parameters. * - * @param issuer the issuer identifier - * @param principal the authenticated principal - * @param clientRegistration the client registration - * @since 0.2.1 - */ - public OidcClientRegistrationAuthenticationToken(String issuer, Authentication principal, OidcClientRegistration clientRegistration) { - super(Collections.emptyList()); - Assert.hasText(issuer, "issuer cannot be empty"); - Assert.notNull(principal, "principal cannot be null"); - Assert.notNull(clientRegistration, "clientRegistration cannot be null"); - this.issuer = issuer; - this.principal = principal; - this.clientRegistration = clientRegistration; - this.clientId = null; - setAuthenticated(principal.isAuthenticated()); - } - - /** - * Constructs an {@code OidcClientRegistrationAuthenticationToken} using the provided parameters. - * - * @param issuer the issuer identifier * @param principal the authenticated principal * @param clientId the client identifier * @since 0.2.1 */ - public OidcClientRegistrationAuthenticationToken(String issuer, Authentication principal, String clientId) { + public OidcClientRegistrationAuthenticationToken(Authentication principal, String clientId) { super(Collections.emptyList()); - Assert.hasText(issuer, "issuer cannot be empty"); Assert.notNull(principal, "principal cannot be null"); Assert.hasText(clientId, "clientId cannot be empty"); - this.issuer = issuer; this.principal = principal; this.clientRegistration = null; this.clientId = clientId; setAuthenticated(principal.isAuthenticated()); } - /** - * Returns the issuer identifier. - * - * @return the issuer identifier - * @since 0.2.1 - */ - public String getIssuer() { - return this.issuer; - } - @Override public Object getPrincipal() { return this.principal; diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcClientRegistrationEndpointFilter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcClientRegistrationEndpointFilter.java index 7e8a928a..7c4911f8 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcClientRegistrationEndpointFilter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcClientRegistrationEndpointFilter.java @@ -38,7 +38,6 @@ import org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMe import org.springframework.security.oauth2.core.oidc.OidcClientRegistration; import org.springframework.security.oauth2.core.oidc.http.converter.OidcClientRegistrationHttpMessageConverter; import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcClientRegistrationAuthenticationToken; -import org.springframework.security.oauth2.server.authorization.web.WebAttributes; import org.springframework.security.web.util.matcher.AndRequestMatcher; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.OrRequestMatcher; @@ -149,10 +148,7 @@ public final class OidcClientRegistrationEndpointFilter extends OncePerRequestFi if ("POST".equals(request.getMethod())) { OidcClientRegistration clientRegistration = this.clientRegistrationHttpMessageConverter.read( OidcClientRegistration.class, new ServletServerHttpRequest(request)); - - String issuer = (String) request.getAttribute(WebAttributes.ISSUER); - - return new OidcClientRegistrationAuthenticationToken(issuer, principal, clientRegistration); + return new OidcClientRegistrationAuthenticationToken(principal, clientRegistration); } // client_id (REQUIRED) @@ -162,9 +158,7 @@ public final class OidcClientRegistrationEndpointFilter extends OncePerRequestFi throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_REQUEST); } - String issuer = (String) request.getAttribute(WebAttributes.ISSUER); - - return new OidcClientRegistrationAuthenticationToken(issuer, principal, clientId); + return new OidcClientRegistrationAuthenticationToken(principal, clientId); } private void sendClientRegistrationResponse(HttpServletResponse response, HttpStatus httpStatus, OidcClientRegistration clientRegistration) throws IOException { diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java index 5697d5f0..b865575d 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java @@ -15,13 +15,6 @@ */ package org.springframework.security.oauth2.server.authorization.oidc.web; -import java.io.IOException; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - import org.springframework.http.HttpMethod; import org.springframework.http.MediaType; import org.springframework.http.server.ServletServerHttpResponse; @@ -33,13 +26,18 @@ import org.springframework.security.oauth2.core.oidc.OidcScopes; import org.springframework.security.oauth2.core.oidc.http.converter.OidcProviderConfigurationHttpMessageConverter; import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm; import org.springframework.security.oauth2.server.authorization.config.ProviderSettings; -import org.springframework.security.oauth2.server.authorization.web.WebAttributes; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; import org.springframework.web.filter.OncePerRequestFilter; import org.springframework.web.util.UriComponentsBuilder; +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + /** * A {@code Filter} that processes OpenID Provider Configuration Requests. * @@ -78,15 +76,13 @@ public final class OidcProviderConfigurationEndpointFilter extends OncePerReques return; } - String issuer = (String) request.getAttribute(WebAttributes.ISSUER); - OidcProviderConfiguration providerConfiguration = OidcProviderConfiguration.builder() - .issuer(issuer) - .authorizationEndpoint(asUrl(issuer, this.providerSettings.getAuthorizationEndpoint())) - .tokenEndpoint(asUrl(issuer, this.providerSettings.getTokenEndpoint())) + .issuer(this.providerSettings.getIssuer()) + .authorizationEndpoint(asUrl(this.providerSettings.getIssuer(), this.providerSettings.getAuthorizationEndpoint())) + .tokenEndpoint(asUrl(this.providerSettings.getIssuer(), this.providerSettings.getTokenEndpoint())) .tokenEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue()) .tokenEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST.getValue()) - .jwkSetUrl(asUrl(issuer, this.providerSettings.getJwkSetEndpoint())) + .jwkSetUrl(asUrl(this.providerSettings.getIssuer(), this.providerSettings.getJwkSetEndpoint())) .responseType(OAuth2AuthorizationResponseType.CODE.getValue()) .grantType(AuthorizationGrantType.AUTHORIZATION_CODE.getValue()) .grantType(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()) @@ -104,5 +100,4 @@ public final class OidcProviderConfigurationEndpointFilter extends OncePerReques private static String asUrl(String issuer, String endpoint) { return UriComponentsBuilder.fromUriString(issuer).path(endpoint).build().toUriString(); } - } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java index bf736ba1..97f13420 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java @@ -33,7 +33,6 @@ import org.springframework.security.oauth2.core.OAuth2AuthorizationServerMetadat import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType; import org.springframework.security.oauth2.core.http.converter.OAuth2AuthorizationServerMetadataHttpMessageConverter; import org.springframework.security.oauth2.server.authorization.config.ProviderSettings; -import org.springframework.security.web.util.UrlUtils; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; @@ -44,7 +43,6 @@ import org.springframework.web.util.UriComponentsBuilder; * A {@code Filter} that processes OAuth 2.0 Authorization Server Metadata Requests. * * @author Daniel Garnier-Moiroux - * @author Joe Grandja * @since 0.1.1 * @see OAuth2AuthorizationServerMetadata * @see ProviderSettings @@ -74,32 +72,24 @@ public final class OAuth2AuthorizationServerMetadataEndpointFilter extends OnceP protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { - // Resolve the current issuer identifier - String issuer = this.providerSettings.getIssuer(); - if (issuer == null) { - issuer = resolveIssuer(request); - } - // Set the current issuer identifier as a request attribute (for use by upstream components) - request.setAttribute(WebAttributes.ISSUER, issuer); - if (!this.requestMatcher.matches(request)) { filterChain.doFilter(request, response); return; } OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.builder() - .issuer(issuer) - .authorizationEndpoint(asUrl(issuer, this.providerSettings.getAuthorizationEndpoint())) - .tokenEndpoint(asUrl(issuer, this.providerSettings.getTokenEndpoint())) + .issuer(this.providerSettings.getIssuer()) + .authorizationEndpoint(asUrl(this.providerSettings.getIssuer(), this.providerSettings.getAuthorizationEndpoint())) + .tokenEndpoint(asUrl(this.providerSettings.getIssuer(), this.providerSettings.getTokenEndpoint())) .tokenEndpointAuthenticationMethods(clientAuthenticationMethods()) - .jwkSetUrl(asUrl(issuer, this.providerSettings.getJwkSetEndpoint())) + .jwkSetUrl(asUrl(this.providerSettings.getIssuer(), this.providerSettings.getJwkSetEndpoint())) .responseType(OAuth2AuthorizationResponseType.CODE.getValue()) .grantType(AuthorizationGrantType.AUTHORIZATION_CODE.getValue()) .grantType(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()) .grantType(AuthorizationGrantType.REFRESH_TOKEN.getValue()) - .tokenRevocationEndpoint(asUrl(issuer, this.providerSettings.getTokenRevocationEndpoint())) + .tokenRevocationEndpoint(asUrl(this.providerSettings.getIssuer(), this.providerSettings.getTokenRevocationEndpoint())) .tokenRevocationEndpointAuthenticationMethods(clientAuthenticationMethods()) - .tokenIntrospectionEndpoint(asUrl(issuer, this.providerSettings.getTokenIntrospectionEndpoint())) + .tokenIntrospectionEndpoint(asUrl(this.providerSettings.getIssuer(), this.providerSettings.getTokenIntrospectionEndpoint())) .tokenIntrospectionEndpointAuthenticationMethods(clientAuthenticationMethods()) .codeChallengeMethod("plain") .codeChallengeMethod("S256") @@ -110,17 +100,6 @@ public final class OAuth2AuthorizationServerMetadataEndpointFilter extends OnceP authorizationServerMetadata, MediaType.APPLICATION_JSON, httpResponse); } - private static String resolveIssuer(HttpServletRequest request) { - // @formatter:off - return UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request)) - .replacePath(request.getContextPath()) - .replaceQuery(null) - .fragment(null) - .build() - .toUriString(); - // @formatter:on - } - private static Consumer> clientAuthenticationMethods() { return (authenticationMethods) -> { authenticationMethods.add(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue()); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/WebAttributes.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/WebAttributes.java deleted file mode 100644 index 3d837266..00000000 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/WebAttributes.java +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright 2020-2021 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.springframework.security.oauth2.server.authorization.web; - -import org.springframework.security.oauth2.server.authorization.config.ProviderSettings; - -/** - * Well-known attribute names which are used to store information in request or session scope. - * - * @author Joe Grandja - * @since 0.2.1 - */ -public final class WebAttributes { - - private WebAttributes() { - } - - /** - * The {@link javax.servlet.http.HttpServletRequest#getAttribute(String) request attribute} name that holds the current issuer identifier. - * The issuer identifier is resolved from {@link ProviderSettings#getIssuer()} or dynamically from the current {@link javax.servlet.http.HttpServletRequest}. - */ - public static final String ISSUER = WebAttributes.class.getName().concat(".ISSUER"); - -} diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeAuthenticationConverter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeAuthenticationConverter.java index ec222c29..bd534891 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeAuthenticationConverter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeAuthenticationConverter.java @@ -28,7 +28,6 @@ import org.springframework.security.oauth2.core.OAuth2ErrorCodes; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationToken; import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter; -import org.springframework.security.oauth2.server.authorization.web.WebAttributes; import org.springframework.security.web.authentication.AuthenticationConverter; import org.springframework.util.MultiValueMap; import org.springframework.util.StringUtils; @@ -89,10 +88,8 @@ public final class OAuth2AuthorizationCodeAuthenticationConverter implements Aut } }); - String issuer = (String) request.getAttribute(WebAttributes.ISSUER); - return new OAuth2AuthorizationCodeAuthenticationToken( - issuer, code, clientPrincipal, redirectUri, additionalParameters); + code, clientPrincipal, redirectUri, additionalParameters); } } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2ClientCredentialsAuthenticationConverter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2ClientCredentialsAuthenticationConverter.java index 73d80e06..5bf12514 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2ClientCredentialsAuthenticationConverter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2ClientCredentialsAuthenticationConverter.java @@ -31,7 +31,6 @@ import org.springframework.security.oauth2.core.OAuth2ErrorCodes; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientCredentialsAuthenticationToken; import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter; -import org.springframework.security.oauth2.server.authorization.web.WebAttributes; import org.springframework.security.web.authentication.AuthenticationConverter; import org.springframework.util.MultiValueMap; import org.springframework.util.StringUtils; @@ -84,10 +83,7 @@ public final class OAuth2ClientCredentialsAuthenticationConverter implements Aut } }); - String issuer = (String) request.getAttribute(WebAttributes.ISSUER); - return new OAuth2ClientCredentialsAuthenticationToken( - issuer, clientPrincipal, requestedScopes, additionalParameters); + clientPrincipal, requestedScopes, additionalParameters); } - } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2RefreshTokenAuthenticationConverter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2RefreshTokenAuthenticationConverter.java index 7f08a11b..20882163 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2RefreshTokenAuthenticationConverter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2RefreshTokenAuthenticationConverter.java @@ -31,7 +31,6 @@ import org.springframework.security.oauth2.core.OAuth2ErrorCodes; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2RefreshTokenAuthenticationToken; import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter; -import org.springframework.security.oauth2.server.authorization.web.WebAttributes; import org.springframework.security.web.authentication.AuthenticationConverter; import org.springframework.util.MultiValueMap; import org.springframework.util.StringUtils; @@ -95,10 +94,7 @@ public final class OAuth2RefreshTokenAuthenticationConverter implements Authenti } }); - String issuer = (String) request.getAttribute(WebAttributes.ISSUER); - return new OAuth2RefreshTokenAuthenticationToken( - issuer, refreshToken, clientPrincipal, requestedScopes, additionalParameters); + refreshToken, clientPrincipal, requestedScopes, additionalParameters); } - } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2ClientCredentialsGrantTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2ClientCredentialsGrantTests.java index a50644eb..0a7a44c8 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2ClientCredentialsGrantTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2ClientCredentialsGrantTests.java @@ -213,11 +213,10 @@ public class OAuth2ClientCredentialsGrantTests { RegisteredClient registeredClient = TestRegisteredClients.registeredClient2().build(); this.registeredClientRepository.save(registeredClient); - String issuer = "https://example.com/issuer1"; OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); OAuth2ClientCredentialsAuthenticationToken clientCredentialsAuthentication = - new OAuth2ClientCredentialsAuthenticationToken(issuer, clientPrincipal, null, null); + new OAuth2ClientCredentialsAuthenticationToken(clientPrincipal, null, null); when(authenticationConverter.convert(any())).thenReturn(clientCredentialsAuthentication); OAuth2AccessToken accessToken = new OAuth2AccessToken( diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/JwtEncodingContextTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/JwtEncodingContextTests.java index 08f40abc..f6eefdef 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/JwtEncodingContextTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/JwtEncodingContextTests.java @@ -88,10 +88,9 @@ public class JwtEncodingContextTests { registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute( OAuth2AuthorizationRequest.class.getName()); - String issuer = "https://provider.com"; OAuth2AuthorizationCodeAuthenticationToken authorizationGrant = new OAuth2AuthorizationCodeAuthenticationToken( - issuer, "code", clientPrincipal, authorizationRequest.getRedirectUri(), null); + "code", clientPrincipal, authorizationRequest.getRedirectUri(), null); JwtEncodingContext context = JwtEncodingContext.with(headers, claims) .registeredClient(registeredClient) diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java index f3147233..a641f4e2 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java @@ -34,7 +34,6 @@ import org.springframework.security.core.Authentication; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; -import org.springframework.security.oauth2.core.OAuth2AuthorizationCode; import org.springframework.security.oauth2.core.OAuth2ErrorCodes; import org.springframework.security.oauth2.core.OAuth2TokenType; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; @@ -49,6 +48,7 @@ import org.springframework.security.oauth2.jwt.JwtClaimsSet; import org.springframework.security.oauth2.jwt.JwtEncoder; import org.springframework.security.oauth2.server.authorization.JwtEncodingContext; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; +import org.springframework.security.oauth2.core.OAuth2AuthorizationCode; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2TokenCustomizer; import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; @@ -74,7 +74,6 @@ import static org.mockito.Mockito.when; * @author Daniel Garnier-Moiroux */ public class OAuth2AuthorizationCodeAuthenticationProviderTests { - private static final String ISSUER = "https://example.com/issuer1"; private static final String AUTHORIZATION_CODE = "code"; private static final OAuth2TokenType AUTHORIZATION_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.CODE); private OAuth2AuthorizationService authorizationService; @@ -131,7 +130,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { TestingAuthenticationToken clientPrincipal = new TestingAuthenticationToken( registeredClient.getClientId(), registeredClient.getClientSecret()); OAuth2AuthorizationCodeAuthenticationToken authentication = - new OAuth2AuthorizationCodeAuthenticationToken(ISSUER, AUTHORIZATION_CODE, clientPrincipal, null, null); + new OAuth2AuthorizationCodeAuthenticationToken(AUTHORIZATION_CODE, clientPrincipal, null, null); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) .extracting(ex -> ((OAuth2AuthenticationException) ex).getError()) @@ -145,7 +144,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient.getClientId(), ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret(), null); OAuth2AuthorizationCodeAuthenticationToken authentication = - new OAuth2AuthorizationCodeAuthenticationToken(ISSUER, AUTHORIZATION_CODE, clientPrincipal, null, null); + new OAuth2AuthorizationCodeAuthenticationToken(AUTHORIZATION_CODE, clientPrincipal, null, null); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) .extracting(ex -> ((OAuth2AuthenticationException) ex).getError()) @@ -159,7 +158,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); OAuth2AuthorizationCodeAuthenticationToken authentication = - new OAuth2AuthorizationCodeAuthenticationToken(ISSUER, AUTHORIZATION_CODE, clientPrincipal, null, null); + new OAuth2AuthorizationCodeAuthenticationToken(AUTHORIZATION_CODE, clientPrincipal, null, null); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) .extracting(ex -> ((OAuth2AuthenticationException) ex).getError()) @@ -177,7 +176,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); OAuth2AuthorizationCodeAuthenticationToken authentication = - new OAuth2AuthorizationCodeAuthenticationToken(ISSUER, AUTHORIZATION_CODE, clientPrincipal, null, null); + new OAuth2AuthorizationCodeAuthenticationToken(AUTHORIZATION_CODE, clientPrincipal, null, null); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) .extracting(ex -> ((OAuth2AuthenticationException) ex).getError()) @@ -204,7 +203,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute( OAuth2AuthorizationRequest.class.getName()); OAuth2AuthorizationCodeAuthenticationToken authentication = - new OAuth2AuthorizationCodeAuthenticationToken(ISSUER, AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri() + "-invalid", null); + new OAuth2AuthorizationCodeAuthenticationToken(AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri() + "-invalid", null); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) .extracting(ex -> ((OAuth2AuthenticationException) ex).getError()) @@ -228,7 +227,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute( OAuth2AuthorizationRequest.class.getName()); OAuth2AuthorizationCodeAuthenticationToken authentication = - new OAuth2AuthorizationCodeAuthenticationToken(ISSUER, AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri(), null); + new OAuth2AuthorizationCodeAuthenticationToken(AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri(), null); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -254,7 +253,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute( OAuth2AuthorizationRequest.class.getName()); OAuth2AuthorizationCodeAuthenticationToken authentication = - new OAuth2AuthorizationCodeAuthenticationToken(ISSUER, AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri(), null); + new OAuth2AuthorizationCodeAuthenticationToken(AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri(), null); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -275,7 +274,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute( OAuth2AuthorizationRequest.class.getName()); OAuth2AuthorizationCodeAuthenticationToken authentication = - new OAuth2AuthorizationCodeAuthenticationToken(ISSUER, AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri(), null); + new OAuth2AuthorizationCodeAuthenticationToken(AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri(), null); when(this.jwtEncoder.encode(any(), any())).thenReturn(createJwt()); @@ -331,7 +330,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute( OAuth2AuthorizationRequest.class.getName()); OAuth2AuthorizationCodeAuthenticationToken authentication = - new OAuth2AuthorizationCodeAuthenticationToken(ISSUER, AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri(), null); + new OAuth2AuthorizationCodeAuthenticationToken(AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri(), null); when(this.jwtEncoder.encode(any(), any())).thenReturn(createJwt()); @@ -405,7 +404,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute( OAuth2AuthorizationRequest.class.getName()); OAuth2AuthorizationCodeAuthenticationToken authentication = - new OAuth2AuthorizationCodeAuthenticationToken(ISSUER, AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri(), null); + new OAuth2AuthorizationCodeAuthenticationToken(AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri(), null); when(this.jwtEncoder.encode(any(), any())).thenReturn(createJwt()); @@ -468,7 +467,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute( OAuth2AuthorizationRequest.class.getName()); OAuth2AuthorizationCodeAuthenticationToken authentication = - new OAuth2AuthorizationCodeAuthenticationToken(ISSUER, AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri(), null); + new OAuth2AuthorizationCodeAuthenticationToken(AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri(), null); Instant accessTokenIssuedAt = Instant.now(); Instant accessTokenExpiresAt = accessTokenIssuedAt.plus(accessTokenTTL); @@ -507,7 +506,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute( OAuth2AuthorizationRequest.class.getName()); OAuth2AuthorizationCodeAuthenticationToken authentication = - new OAuth2AuthorizationCodeAuthenticationToken(ISSUER, AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri(), null); + new OAuth2AuthorizationCodeAuthenticationToken(AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri(), null); when(this.jwtEncoder.encode(any(), any())).thenReturn(createJwt()); @@ -540,7 +539,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute( OAuth2AuthorizationRequest.class.getName()); OAuth2AuthorizationCodeAuthenticationToken authentication = - new OAuth2AuthorizationCodeAuthenticationToken(ISSUER, AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri(), null); + new OAuth2AuthorizationCodeAuthenticationToken(AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri(), null); OAuth2AccessTokenAuthenticationToken accessTokenAuthentication = (OAuth2AccessTokenAuthenticationToken) this.authenticationProvider.authenticate(authentication); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java index 6847f34e..9df894c4 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java @@ -35,7 +35,6 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy; * @author Daniel Garnier-Moiroux */ public class OAuth2AuthorizationCodeAuthenticationTokenTests { - private String issuer = "https://example.com/issuer1"; private String code = "code"; private RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build(); private OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( @@ -43,23 +42,16 @@ public class OAuth2AuthorizationCodeAuthenticationTokenTests { private String redirectUri = "redirectUri"; private Map additionalParameters = Collections.singletonMap("param1", "value1"); - @Test - public void constructorWhenIssuerNullThenThrowIllegalArgumentException() { - assertThatThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(null, this.code, this.clientPrincipal, this.redirectUri, null)) - .isInstanceOf(IllegalArgumentException.class) - .hasMessage("issuer cannot be empty"); - } - @Test public void constructorWhenCodeNullThenThrowIllegalArgumentException() { - assertThatThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(this.issuer, null, this.clientPrincipal, this.redirectUri, null)) + assertThatThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(null, this.clientPrincipal, this.redirectUri, null)) .isInstanceOf(IllegalArgumentException.class) .hasMessage("code cannot be empty"); } @Test public void constructorWhenClientPrincipalNullThenThrowIllegalArgumentException() { - assertThatThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(this.issuer, this.code, null, this.redirectUri, null)) + assertThatThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(this.code, null, this.redirectUri, null)) .isInstanceOf(IllegalArgumentException.class) .hasMessage("clientPrincipal cannot be null"); } @@ -67,9 +59,8 @@ public class OAuth2AuthorizationCodeAuthenticationTokenTests { @Test public void constructorWhenClientPrincipalProvidedThenCreated() { OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken( - this.issuer, this.code, this.clientPrincipal, this.redirectUri, this.additionalParameters); + this.code, this.clientPrincipal, this.redirectUri, this.additionalParameters); assertThat(authentication.getGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); - assertThat(authentication.getIssuer()).isEqualTo(this.issuer); assertThat(authentication.getPrincipal()).isEqualTo(this.clientPrincipal); assertThat(authentication.getCredentials().toString()).isEmpty(); assertThat(authentication.getCode()).isEqualTo(this.code); @@ -80,7 +71,7 @@ public class OAuth2AuthorizationCodeAuthenticationTokenTests { @Test public void getAdditionalParametersWhenUpdateThenThrowUnsupportedOperationException() { OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken( - this.issuer, this.code, this.clientPrincipal, this.redirectUri, this.additionalParameters); + this.code, this.clientPrincipal, this.redirectUri, this.additionalParameters); assertThatThrownBy(() -> authentication.getAdditionalParameters().put("another_key", 1)) .isInstanceOf(UnsupportedOperationException.class); assertThatThrownBy(() -> authentication.getAdditionalParameters().remove("some_key")) diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java index 341a9694..c02321c4 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java @@ -36,12 +36,12 @@ import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm; import org.springframework.security.oauth2.jwt.JoseHeaderNames; import org.springframework.security.oauth2.jwt.Jwt; import org.springframework.security.oauth2.jwt.JwtEncoder; -import org.springframework.security.oauth2.server.authorization.JwtEncodingContext; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; -import org.springframework.security.oauth2.server.authorization.OAuth2TokenCustomizer; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; +import org.springframework.security.oauth2.server.authorization.JwtEncodingContext; +import org.springframework.security.oauth2.server.authorization.OAuth2TokenCustomizer; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatThrownBy; @@ -105,12 +105,11 @@ public class OAuth2ClientCredentialsAuthenticationProviderTests { @Test public void authenticateWhenClientPrincipalNotOAuth2ClientAuthenticationTokenThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; RegisteredClient registeredClient = TestRegisteredClients.registeredClient2().build(); TestingAuthenticationToken clientPrincipal = new TestingAuthenticationToken( registeredClient.getClientId(), registeredClient.getClientSecret()); OAuth2ClientCredentialsAuthenticationToken authentication = - new OAuth2ClientCredentialsAuthenticationToken(issuer, clientPrincipal, null, null); + new OAuth2ClientCredentialsAuthenticationToken(clientPrincipal, null, null); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -121,12 +120,11 @@ public class OAuth2ClientCredentialsAuthenticationProviderTests { @Test public void authenticateWhenClientPrincipalNotAuthenticatedThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; RegisteredClient registeredClient = TestRegisteredClients.registeredClient2().build(); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient.getClientId(), ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret(), null); OAuth2ClientCredentialsAuthenticationToken authentication = - new OAuth2ClientCredentialsAuthenticationToken(issuer, clientPrincipal, null, null); + new OAuth2ClientCredentialsAuthenticationToken(clientPrincipal, null, null); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -137,14 +135,13 @@ public class OAuth2ClientCredentialsAuthenticationProviderTests { @Test public void authenticateWhenClientNotAuthorizedToRequestTokenThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; RegisteredClient registeredClient = TestRegisteredClients.registeredClient2() .authorizationGrantTypes(grantTypes -> grantTypes.remove(AuthorizationGrantType.CLIENT_CREDENTIALS)) .build(); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); OAuth2ClientCredentialsAuthenticationToken authentication = - new OAuth2ClientCredentialsAuthenticationToken(issuer, clientPrincipal, null, null); + new OAuth2ClientCredentialsAuthenticationToken(clientPrincipal, null, null); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -155,12 +152,11 @@ public class OAuth2ClientCredentialsAuthenticationProviderTests { @Test public void authenticateWhenInvalidScopeThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; RegisteredClient registeredClient = TestRegisteredClients.registeredClient2().build(); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); OAuth2ClientCredentialsAuthenticationToken authentication = new OAuth2ClientCredentialsAuthenticationToken( - issuer, clientPrincipal, Collections.singleton("invalid-scope"), null); + clientPrincipal, Collections.singleton("invalid-scope"), null); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -171,13 +167,12 @@ public class OAuth2ClientCredentialsAuthenticationProviderTests { @Test public void authenticateWhenScopeRequestedThenAccessTokenContainsScope() { - String issuer = "https://example.com/issuer1"; RegisteredClient registeredClient = TestRegisteredClients.registeredClient2().build(); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); Set requestedScope = Collections.singleton("scope1"); OAuth2ClientCredentialsAuthenticationToken authentication = - new OAuth2ClientCredentialsAuthenticationToken(issuer, clientPrincipal, requestedScope, null); + new OAuth2ClientCredentialsAuthenticationToken(clientPrincipal, requestedScope, null); when(this.jwtEncoder.encode(any(), any())) .thenReturn(createJwt(Collections.singleton("mapped-scoped"))); @@ -189,12 +184,11 @@ public class OAuth2ClientCredentialsAuthenticationProviderTests { @Test public void authenticateWhenValidAuthenticationThenReturnAccessToken() { - String issuer = "https://example.com/issuer1"; RegisteredClient registeredClient = TestRegisteredClients.registeredClient2().build(); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); OAuth2ClientCredentialsAuthenticationToken authentication = - new OAuth2ClientCredentialsAuthenticationToken(issuer, clientPrincipal, null, null); + new OAuth2ClientCredentialsAuthenticationToken(clientPrincipal, null, null); when(this.jwtEncoder.encode(any(), any())).thenReturn(createJwt(registeredClient.getScopes())); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationTokenTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationTokenTests.java index 64b64287..34b97c02 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationTokenTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationTokenTests.java @@ -35,23 +35,15 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy; * @author Alexey Nesterov */ public class OAuth2ClientCredentialsAuthenticationTokenTests { - private String issuer = "https://example.com/issuer1"; private final RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build(); private final OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( this.registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, this.registeredClient.getClientSecret()); private Set scopes = Collections.singleton("scope1"); private Map additionalParameters = Collections.singletonMap("param1", "value1"); - @Test - public void constructorWhenIssuerNullThenThrowIllegalArgumentException() { - assertThatThrownBy(() -> new OAuth2ClientCredentialsAuthenticationToken(null, this.clientPrincipal, this.scopes, this.additionalParameters)) - .isInstanceOf(IllegalArgumentException.class) - .hasMessage("issuer cannot be empty"); - } - @Test public void constructorWhenClientPrincipalNullThenThrowIllegalArgumentException() { - assertThatThrownBy(() -> new OAuth2ClientCredentialsAuthenticationToken(this.issuer, null, this.scopes, this.additionalParameters)) + assertThatThrownBy(() -> new OAuth2ClientCredentialsAuthenticationToken(null, this.scopes, this.additionalParameters)) .isInstanceOf(IllegalArgumentException.class) .hasMessage("clientPrincipal cannot be null"); } @@ -59,10 +51,9 @@ public class OAuth2ClientCredentialsAuthenticationTokenTests { @Test public void constructorWhenClientPrincipalProvidedThenCreated() { OAuth2ClientCredentialsAuthenticationToken authentication = new OAuth2ClientCredentialsAuthenticationToken( - this.issuer, this.clientPrincipal, this.scopes, this.additionalParameters); + this.clientPrincipal, this.scopes, this.additionalParameters); assertThat(authentication.getGrantType()).isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS); - assertThat(authentication.getIssuer()).isEqualTo(this.issuer); assertThat(authentication.getPrincipal()).isEqualTo(this.clientPrincipal); assertThat(authentication.getCredentials().toString()).isEmpty(); assertThat(authentication.getScopes()).isEqualTo(this.scopes); @@ -74,10 +65,9 @@ public class OAuth2ClientCredentialsAuthenticationTokenTests { Set expectedScopes = Collections.singleton("test-scope"); OAuth2ClientCredentialsAuthenticationToken authentication = new OAuth2ClientCredentialsAuthenticationToken( - this.issuer, this.clientPrincipal, expectedScopes, this.additionalParameters); + this.clientPrincipal, expectedScopes, this.additionalParameters); assertThat(authentication.getGrantType()).isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS); - assertThat(authentication.getIssuer()).isEqualTo(this.issuer); assertThat(authentication.getPrincipal()).isEqualTo(this.clientPrincipal); assertThat(authentication.getCredentials().toString()).isEmpty(); assertThat(authentication.getScopes()).isEqualTo(expectedScopes); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java index 91e3a39c..08c90677 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java @@ -132,7 +132,6 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { @Test public void authenticateWhenValidRefreshTokenThenReturnAccessToken() { - String issuer = "https://example.com/issuer1"; RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); when(this.authorizationService.findByToken( @@ -143,7 +142,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); OAuth2RefreshTokenAuthenticationToken authentication = new OAuth2RefreshTokenAuthenticationToken( - issuer, authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, null, null); + authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, null, null); OAuth2AccessTokenAuthenticationToken accessTokenAuthentication = (OAuth2AccessTokenAuthenticationToken) this.authenticationProvider.authenticate(authentication); @@ -177,7 +176,6 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { @Test public void authenticateWhenValidRefreshTokenThenReturnIdToken() { - String issuer = "https://example.com/issuer1"; RegisteredClient registeredClient = TestRegisteredClients.registeredClient().scope(OidcScopes.OPENID).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); when(this.authorizationService.findByToken( @@ -188,7 +186,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); OAuth2RefreshTokenAuthenticationToken authentication = new OAuth2RefreshTokenAuthenticationToken( - issuer, authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, null, null); + authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, null, null); OAuth2AccessTokenAuthenticationToken accessTokenAuthentication = (OAuth2AccessTokenAuthenticationToken) this.authenticationProvider.authenticate(authentication); @@ -245,7 +243,6 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { @Test public void authenticateWhenReuseRefreshTokensFalseThenReturnNewRefreshToken() { - String issuer = "https://example.com/issuer1"; RegisteredClient registeredClient = TestRegisteredClients.registeredClient() .tokenSettings(TokenSettings.builder().reuseRefreshTokens(false).build()) .build(); @@ -258,7 +255,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); OAuth2RefreshTokenAuthenticationToken authentication = new OAuth2RefreshTokenAuthenticationToken( - issuer, authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, null, null); + authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, null, null); OAuth2AccessTokenAuthenticationToken accessTokenAuthentication = (OAuth2AccessTokenAuthenticationToken) this.authenticationProvider.authenticate(authentication); @@ -273,7 +270,6 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { @Test public void authenticateWhenRequestedScopesAuthorizedThenAccessTokenIncludesScopes() { - String issuer = "https://example.com/issuer1"; RegisteredClient registeredClient = TestRegisteredClients.registeredClient() .scope("scope2") .scope("scope3") @@ -290,7 +286,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { Set requestedScopes = new HashSet<>(authorizedScopes); requestedScopes.remove("scope1"); OAuth2RefreshTokenAuthenticationToken authentication = new OAuth2RefreshTokenAuthenticationToken( - issuer, authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, requestedScopes, null); + authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, requestedScopes, null); OAuth2AccessTokenAuthenticationToken accessTokenAuthentication = (OAuth2AccessTokenAuthenticationToken) this.authenticationProvider.authenticate(authentication); @@ -300,7 +296,6 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { @Test public void authenticateWhenCustomRefreshTokenGeneratorThenUsed() { - String issuer = "https://example.com/issuer1"; RegisteredClient registeredClient = TestRegisteredClients.registeredClient() .tokenSettings(TokenSettings.builder().reuseRefreshTokens(false).build()) .build(); @@ -322,7 +317,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); OAuth2RefreshTokenAuthenticationToken authentication = new OAuth2RefreshTokenAuthenticationToken( - issuer, authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, null, null); + authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, null, null); OAuth2AccessTokenAuthenticationToken accessTokenAuthentication = (OAuth2AccessTokenAuthenticationToken) this.authenticationProvider.authenticate(authentication); @@ -333,7 +328,6 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { @Test public void authenticateWhenRequestedScopesNotAuthorizedThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); when(this.authorizationService.findByToken( @@ -347,7 +341,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { Set requestedScopes = new HashSet<>(authorizedScopes); requestedScopes.add("unauthorized"); OAuth2RefreshTokenAuthenticationToken authentication = new OAuth2RefreshTokenAuthenticationToken( - issuer, authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, requestedScopes, null); + authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, requestedScopes, null); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -358,12 +352,11 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { @Test public void authenticateWhenInvalidRefreshTokenThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build(); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); OAuth2RefreshTokenAuthenticationToken authentication = new OAuth2RefreshTokenAuthenticationToken( - issuer, "invalid", clientPrincipal, null, null); + "invalid", clientPrincipal, null, null); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -374,12 +367,11 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { @Test public void authenticateWhenClientPrincipalNotOAuth2ClientAuthenticationTokenThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build(); TestingAuthenticationToken clientPrincipal = new TestingAuthenticationToken( registeredClient.getClientId(), registeredClient.getClientSecret()); OAuth2RefreshTokenAuthenticationToken authentication = new OAuth2RefreshTokenAuthenticationToken( - issuer, "refresh-token", clientPrincipal, null, null); + "refresh-token", clientPrincipal, null, null); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -390,12 +382,11 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { @Test public void authenticateWhenClientPrincipalNotAuthenticatedThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build(); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient.getClientId(), ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret(), null); OAuth2RefreshTokenAuthenticationToken authentication = new OAuth2RefreshTokenAuthenticationToken( - issuer, "refresh-token", clientPrincipal, null, null); + "refresh-token", clientPrincipal, null, null); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -406,7 +397,6 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { @Test public void authenticateWhenRefreshTokenIssuedToAnotherClientThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); when(this.authorizationService.findByToken( @@ -418,7 +408,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient2, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient2.getClientSecret()); OAuth2RefreshTokenAuthenticationToken authentication = new OAuth2RefreshTokenAuthenticationToken( - issuer, authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, null, null); + authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, null, null); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -429,7 +419,6 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { @Test public void authenticateWhenClientNotAuthorizedToRefreshTokenThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; RegisteredClient registeredClient = TestRegisteredClients.registeredClient() .authorizationGrantTypes(grantTypes -> grantTypes.remove(AuthorizationGrantType.REFRESH_TOKEN)) .build(); @@ -442,7 +431,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); OAuth2RefreshTokenAuthenticationToken authentication = new OAuth2RefreshTokenAuthenticationToken( - issuer, authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, null, null); + authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, null, null); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -453,7 +442,6 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { @Test public void authenticateWhenExpiredRefreshTokenThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2RefreshToken expiredRefreshToken = new OAuth2RefreshToken( @@ -467,7 +455,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); OAuth2RefreshTokenAuthenticationToken authentication = new OAuth2RefreshTokenAuthenticationToken( - issuer, authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, null, null); + authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, null, null); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -478,7 +466,6 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { @Test public void authenticateWhenRevokedRefreshTokenThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build(); OAuth2RefreshToken refreshToken = new OAuth2RefreshToken( "refresh-token", Instant.now().minusSeconds(120), Instant.now().plusSeconds(1000)); @@ -493,7 +480,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); OAuth2RefreshTokenAuthenticationToken authentication = new OAuth2RefreshTokenAuthenticationToken( - issuer, authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, null, null); + authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, null, null); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationTokenTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationTokenTests.java index c34cb7e8..095b2d1a 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationTokenTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationTokenTests.java @@ -36,33 +36,25 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy; * @since 0.0.3 */ public class OAuth2RefreshTokenAuthenticationTokenTests { - private String issuer = "https://example.com/issuer1"; private RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build(); private OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( this.registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, this.registeredClient.getClientSecret()); private Set scopes = Collections.singleton("scope1"); private Map additionalParameters = Collections.singletonMap("param1", "value1"); - @Test - public void constructorWhenIssuerNullThenThrowIllegalArgumentException() { - assertThatThrownBy(() -> new OAuth2RefreshTokenAuthenticationToken(null, "refresh-token", this.clientPrincipal, this.scopes, this.additionalParameters)) - .isInstanceOf(IllegalArgumentException.class) - .hasMessage("issuer cannot be empty"); - } - @Test public void constructorWhenRefreshTokenNullOrEmptyThenThrowIllegalArgumentException() { - assertThatThrownBy(() -> new OAuth2RefreshTokenAuthenticationToken(this.issuer, null, this.clientPrincipal, this.scopes, this.additionalParameters)) + assertThatThrownBy(() -> new OAuth2RefreshTokenAuthenticationToken(null, this.clientPrincipal, this.scopes, this.additionalParameters)) .isInstanceOf(IllegalArgumentException.class) .hasMessage("refreshToken cannot be empty"); - assertThatThrownBy(() -> new OAuth2RefreshTokenAuthenticationToken(this.issuer, "", this.clientPrincipal, this.scopes, this.additionalParameters)) + assertThatThrownBy(() -> new OAuth2RefreshTokenAuthenticationToken("", this.clientPrincipal, this.scopes, this.additionalParameters)) .isInstanceOf(IllegalArgumentException.class) .hasMessage("refreshToken cannot be empty"); } @Test public void constructorWhenClientPrincipalNullThenThrowIllegalArgumentException() { - assertThatThrownBy(() -> new OAuth2RefreshTokenAuthenticationToken(this.issuer, "refresh-token", null, this.scopes, this.additionalParameters)) + assertThatThrownBy(() -> new OAuth2RefreshTokenAuthenticationToken("refresh-token", null, this.scopes, this.additionalParameters)) .isInstanceOf(IllegalArgumentException.class) .hasMessage("clientPrincipal cannot be null"); } @@ -70,9 +62,8 @@ public class OAuth2RefreshTokenAuthenticationTokenTests { @Test public void constructorWhenScopesProvidedThenCreated() { OAuth2RefreshTokenAuthenticationToken authentication = new OAuth2RefreshTokenAuthenticationToken( - this.issuer, "refresh-token", this.clientPrincipal, this.scopes, this.additionalParameters); + "refresh-token", this.clientPrincipal, this.scopes, this.additionalParameters); assertThat(authentication.getGrantType()).isEqualTo(AuthorizationGrantType.REFRESH_TOKEN); - assertThat(authentication.getIssuer()).isEqualTo(this.issuer); assertThat(authentication.getRefreshToken()).isEqualTo("refresh-token"); assertThat(authentication.getPrincipal()).isEqualTo(this.clientPrincipal); assertThat(authentication.getCredentials().toString()).isEmpty(); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java index b2640d8a..db9368dd 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java @@ -83,7 +83,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { this.registeredClientRepository = mock(RegisteredClientRepository.class); this.authorizationService = mock(OAuth2AuthorizationService.class); this.jwtEncoder = mock(JwtEncoder.class); - this.providerSettings = ProviderSettings.builder().build(); + this.providerSettings = ProviderSettings.builder().issuer("https://auth-server:9000").build(); this.authenticationProvider = new OidcClientRegistrationAuthenticationProvider( this.registeredClientRepository, this.authorizationService, this.jwtEncoder); this.authenticationProvider.setProviderSettings(this.providerSettings); @@ -117,14 +117,13 @@ public class OidcClientRegistrationAuthenticationProviderTests { @Test public void authenticateWhenPrincipalNotOAuth2TokenAuthenticationTokenThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; TestingAuthenticationToken principal = new TestingAuthenticationToken("principal", "credentials"); OidcClientRegistration clientRegistration = OidcClientRegistration.builder() .redirectUri("https://client.example.com") .build(); OidcClientRegistrationAuthenticationToken authentication = new OidcClientRegistrationAuthenticationToken( - issuer, principal, clientRegistration); + principal, clientRegistration); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -134,14 +133,13 @@ public class OidcClientRegistrationAuthenticationProviderTests { @Test public void authenticateWhenPrincipalNotAuthenticatedThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; JwtAuthenticationToken principal = new JwtAuthenticationToken(createJwtClientRegistration()); OidcClientRegistration clientRegistration = OidcClientRegistration.builder() .redirectUri("https://client.example.com") .build(); OidcClientRegistrationAuthenticationToken authentication = new OidcClientRegistrationAuthenticationToken( - issuer, principal, clientRegistration); + principal, clientRegistration); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -151,7 +149,6 @@ public class OidcClientRegistrationAuthenticationProviderTests { @Test public void authenticateWhenAccessTokenNotFoundThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; Jwt jwt = createJwtClientRegistration(); JwtAuthenticationToken principal = new JwtAuthenticationToken( jwt, AuthorityUtils.createAuthorityList("SCOPE_client.create")); @@ -160,7 +157,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { .build(); OidcClientRegistrationAuthenticationToken authentication = new OidcClientRegistrationAuthenticationToken( - issuer, principal, clientRegistration); + principal, clientRegistration); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -172,7 +169,6 @@ public class OidcClientRegistrationAuthenticationProviderTests { @Test public void authenticateWhenAccessTokenNotActiveThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; Jwt jwt = createJwtClientRegistration(); OAuth2AccessToken jwtAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, jwt.getTokenValue(), jwt.getIssuedAt(), @@ -192,7 +188,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { .build(); OidcClientRegistrationAuthenticationToken authentication = new OidcClientRegistrationAuthenticationToken( - issuer, principal, clientRegistration); + principal, clientRegistration); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -204,7 +200,6 @@ public class OidcClientRegistrationAuthenticationProviderTests { @Test public void authenticateWhenClientRegistrationRequestAndAccessTokenNotAuthorizedThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; Jwt jwt = createJwt(Collections.singleton("unauthorized.scope")); OAuth2AccessToken jwtAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, jwt.getTokenValue(), jwt.getIssuedAt(), @@ -223,7 +218,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { .build(); OidcClientRegistrationAuthenticationToken authentication = new OidcClientRegistrationAuthenticationToken( - issuer, principal, clientRegistration); + principal, clientRegistration); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -235,7 +230,6 @@ public class OidcClientRegistrationAuthenticationProviderTests { @Test public void authenticateWhenClientRegistrationRequestAndAccessTokenContainsRequiredScopeAndAdditionalScopeThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; Jwt jwt = createJwt(new HashSet<>(Arrays.asList("client.create", "scope1"))); OAuth2AccessToken jwtAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, jwt.getTokenValue(), jwt.getIssuedAt(), @@ -254,7 +248,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { .build(); OidcClientRegistrationAuthenticationToken authentication = new OidcClientRegistrationAuthenticationToken( - issuer, principal, clientRegistration); + principal, clientRegistration); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -266,7 +260,6 @@ public class OidcClientRegistrationAuthenticationProviderTests { @Test public void authenticateWhenClientRegistrationRequestAndInvalidRedirectUriThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; Jwt jwt = createJwtClientRegistration(); OAuth2AccessToken jwtAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, jwt.getTokenValue(), jwt.getIssuedAt(), @@ -287,7 +280,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { // @formatter:on OidcClientRegistrationAuthenticationToken authentication = new OidcClientRegistrationAuthenticationToken( - issuer, principal, clientRegistration); + principal, clientRegistration); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -299,7 +292,6 @@ public class OidcClientRegistrationAuthenticationProviderTests { @Test public void authenticateWhenClientRegistrationRequestAndRedirectUriContainsFragmentThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; Jwt jwt = createJwtClientRegistration(); OAuth2AccessToken jwtAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, jwt.getTokenValue(), jwt.getIssuedAt(), @@ -320,7 +312,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { // @formatter:on OidcClientRegistrationAuthenticationToken authentication = new OidcClientRegistrationAuthenticationToken( - issuer, principal, clientRegistration); + principal, clientRegistration); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -332,7 +324,6 @@ public class OidcClientRegistrationAuthenticationProviderTests { @Test public void authenticateWhenClientRegistrationRequestAndValidAccessTokenThenReturnClientRegistration() { - String issuer = "https://example.com/issuer1"; Jwt jwt = createJwtClientRegistration(); OAuth2AccessToken jwtAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, jwt.getTokenValue(), jwt.getIssuedAt(), @@ -359,8 +350,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { // @formatter:on OidcClientRegistrationAuthenticationToken authentication = new OidcClientRegistrationAuthenticationToken( - issuer, principal, clientRegistration); - + principal, clientRegistration); OidcClientRegistrationAuthenticationToken authenticationResult = (OidcClientRegistrationAuthenticationToken) this.authenticationProvider.authenticate(authentication); @@ -425,7 +415,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { assertThat(clientRegistrationResult.getIdTokenSignedResponseAlgorithm()) .isEqualTo(registeredClientResult.getTokenSettings().getIdTokenSignatureAlgorithm().getName()); - String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(issuer) + String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(this.providerSettings.getIssuer()) .path(this.providerSettings.getOidcClientRegistrationEndpoint()) .queryParam(OAuth2ParameterNames.CLIENT_ID, registeredClientResult.getClientId()).toUriString(); @@ -435,7 +425,6 @@ public class OidcClientRegistrationAuthenticationProviderTests { @Test public void authenticateWhenClientConfigurationRequestAndAccessTokenNotAuthorizedThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; Jwt jwt = createJwt(Collections.singleton("unauthorized.scope")); OAuth2AccessToken jwtAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, jwt.getTokenValue(), jwt.getIssuedAt(), @@ -451,7 +440,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { jwt, AuthorityUtils.createAuthorityList("SCOPE_unauthorized.scope")); OidcClientRegistrationAuthenticationToken authentication = new OidcClientRegistrationAuthenticationToken( - issuer, principal, registeredClient.getClientId()); + principal, registeredClient.getClientId()); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -463,7 +452,6 @@ public class OidcClientRegistrationAuthenticationProviderTests { @Test public void authenticateWhenClientConfigurationRequestAndAccessTokenContainsRequiredScopeAndAdditionalScopeThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; Jwt jwt = createJwt(new HashSet<>(Arrays.asList("client.read", "scope1"))); OAuth2AccessToken jwtAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, jwt.getTokenValue(), jwt.getIssuedAt(), @@ -479,7 +467,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { jwt, AuthorityUtils.createAuthorityList("SCOPE_client.read", "SCOPE_scope1")); OidcClientRegistrationAuthenticationToken authentication = new OidcClientRegistrationAuthenticationToken( - issuer, principal, registeredClient.getClientId()); + principal, registeredClient.getClientId()); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -491,7 +479,6 @@ public class OidcClientRegistrationAuthenticationProviderTests { @Test public void authenticateWhenClientConfigurationRequestAndRegisteredClientNotFoundThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; Jwt jwt = createJwtClientConfiguration(); OAuth2AccessToken jwtAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, jwt.getTokenValue(), jwt.getIssuedAt(), @@ -507,7 +494,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { jwt, AuthorityUtils.createAuthorityList("SCOPE_client.read")); OidcClientRegistrationAuthenticationToken authentication = new OidcClientRegistrationAuthenticationToken( - issuer, principal, registeredClient.getClientId()); + principal, registeredClient.getClientId()); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -521,7 +508,6 @@ public class OidcClientRegistrationAuthenticationProviderTests { @Test public void authenticateWhenClientConfigurationRequestClientIdNotEqualToAuthorizedClientThenThrowOAuth2AuthenticationException() { - String issuer = "https://example.com/issuer1"; Jwt jwt = createJwtClientConfiguration(); OAuth2AccessToken jwtAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, jwt.getTokenValue(), jwt.getIssuedAt(), @@ -541,7 +527,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { jwt, AuthorityUtils.createAuthorityList("SCOPE_client.read")); OidcClientRegistrationAuthenticationToken authentication = new OidcClientRegistrationAuthenticationToken( - issuer, principal, registeredClient.getClientId()); + principal, registeredClient.getClientId()); assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) .isInstanceOf(OAuth2AuthenticationException.class) @@ -555,7 +541,6 @@ public class OidcClientRegistrationAuthenticationProviderTests { @Test public void authenticateWhenClientConfigurationRequestAndValidAccessTokenThenReturnClientRegistration() { - String issuer = "https://example.com/issuer1"; Jwt jwt = createJwtClientConfiguration(); OAuth2AccessToken jwtAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, jwt.getTokenValue(), jwt.getIssuedAt(), @@ -575,7 +560,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { jwt, AuthorityUtils.createAuthorityList("SCOPE_client.read")); OidcClientRegistrationAuthenticationToken authentication = new OidcClientRegistrationAuthenticationToken( - issuer, principal, registeredClient.getClientId()); + principal, registeredClient.getClientId()); OidcClientRegistrationAuthenticationToken authenticationResult = (OidcClientRegistrationAuthenticationToken) this.authenticationProvider.authenticate(authentication); @@ -612,7 +597,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { assertThat(clientRegistrationResult.getIdTokenSignedResponseAlgorithm()) .isEqualTo(registeredClient.getTokenSettings().getIdTokenSignatureAlgorithm().getName()); - String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(issuer) + String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(this.providerSettings.getIssuer()) .path(this.providerSettings.getOidcClientRegistrationEndpoint()) .queryParam(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId()).toUriString(); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationTokenTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationTokenTests.java index 3bfe578a..7d1f83f6 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationTokenTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationTokenTests.java @@ -29,52 +29,43 @@ import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException * @author Joe Grandja */ public class OidcClientRegistrationAuthenticationTokenTests { - private String issuer = "https://example.com/issuer1"; private TestingAuthenticationToken principal = new TestingAuthenticationToken("principal", "credentials"); private OidcClientRegistration clientRegistration = OidcClientRegistration.builder() .redirectUri("https://client.example.com").build(); - @Test - public void constructorWhenIssuerNullThenThrowIllegalArgumentException() { - assertThatIllegalArgumentException() - .isThrownBy(() -> new OidcClientRegistrationAuthenticationToken(null, this.principal, this.clientRegistration)) - .withMessage("issuer cannot be empty"); - } - @Test public void constructorWhenPrincipalNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OidcClientRegistrationAuthenticationToken(this.issuer, null, this.clientRegistration)) + .isThrownBy(() -> new OidcClientRegistrationAuthenticationToken(null, this.clientRegistration)) .withMessage("principal cannot be null"); } @Test public void constructorWhenClientRegistrationNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OidcClientRegistrationAuthenticationToken(this.issuer, this.principal, (OidcClientRegistration) null)) + .isThrownBy(() -> new OidcClientRegistrationAuthenticationToken(this.principal, (OidcClientRegistration) null)) .withMessage("clientRegistration cannot be null"); } @Test public void constructorWhenClientIdNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OidcClientRegistrationAuthenticationToken(this.issuer, this.principal, (String) null)) + .isThrownBy(() -> new OidcClientRegistrationAuthenticationToken(this.principal, (String) null)) .withMessage("clientId cannot be empty"); } @Test public void constructorWhenClientIdEmptyThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OidcClientRegistrationAuthenticationToken(this.issuer, this.principal, "")) + .isThrownBy(() -> new OidcClientRegistrationAuthenticationToken(this.principal, "")) .withMessage("clientId cannot be empty"); } @Test public void constructorWhenOidcClientRegistrationProvidedThenCreated() { OidcClientRegistrationAuthenticationToken authentication = new OidcClientRegistrationAuthenticationToken( - this.issuer, this.principal, this.clientRegistration); + this.principal, this.clientRegistration); - assertThat(authentication.getIssuer()).isEqualTo(this.issuer); assertThat(authentication.getPrincipal()).isEqualTo(this.principal); assertThat(authentication.getCredentials().toString()).isEmpty(); assertThat(authentication.getClientRegistration()).isEqualTo(this.clientRegistration); @@ -85,9 +76,8 @@ public class OidcClientRegistrationAuthenticationTokenTests { @Test public void constructorWhenClientIdProvidedThenCreated() { OidcClientRegistrationAuthenticationToken authentication = new OidcClientRegistrationAuthenticationToken( - this.issuer, this.principal, "client-1"); + this.principal, "client-1"); - assertThat(authentication.getIssuer()).isEqualTo(this.issuer); assertThat(authentication.getPrincipal()).isEqualTo(this.principal); assertThat(authentication.getCredentials().toString()).isEmpty(); assertThat(authentication.getClientRegistration()).isNull(); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcClientRegistrationEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcClientRegistrationEndpointFilterTests.java index 4f71b8fa..9bb78136 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcClientRegistrationEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcClientRegistrationEndpointFilterTests.java @@ -53,7 +53,6 @@ import org.springframework.security.oauth2.jwt.JwtClaimsSet; import org.springframework.security.oauth2.jwt.TestJoseHeaders; import org.springframework.security.oauth2.jwt.TestJwtClaimsSets; import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcClientRegistrationAuthenticationToken; -import org.springframework.security.oauth2.server.authorization.web.WebAttributes; import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; import static org.assertj.core.api.Assertions.assertThat; @@ -189,7 +188,6 @@ public class OidcClientRegistrationEndpointFilterTests { MockHttpServletRequest request = new MockHttpServletRequest("POST", requestUri); request.setServletPath(requestUri); writeClientRegistrationRequest(request, clientRegistrationRequest); - request.setAttribute(WebAttributes.ISSUER, "https://example.com/issuer1"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); @@ -227,13 +225,12 @@ public class OidcClientRegistrationEndpointFilterTests { .build(); // @formatter:on - String issuer = "https://example.com/issuer1"; Jwt jwt = createJwt("client.create"); JwtAuthenticationToken principal = new JwtAuthenticationToken( jwt, AuthorityUtils.createAuthorityList("SCOPE_client.create")); OidcClientRegistrationAuthenticationToken clientRegistrationAuthenticationResult = - new OidcClientRegistrationAuthenticationToken(issuer, principal, expectedClientRegistrationResponse); + new OidcClientRegistrationAuthenticationToken(principal, expectedClientRegistrationResponse); when(this.authenticationManager.authenticate(any())).thenReturn(clientRegistrationAuthenticationResult); @@ -245,7 +242,6 @@ public class OidcClientRegistrationEndpointFilterTests { MockHttpServletRequest request = new MockHttpServletRequest("POST", requestUri); request.setServletPath(requestUri); writeClientRegistrationRequest(request, clientRegistrationRequest); - request.setAttribute(WebAttributes.ISSUER, issuer); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); @@ -374,7 +370,6 @@ public class OidcClientRegistrationEndpointFilterTests { MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); request.setParameter(OAuth2ParameterNames.CLIENT_ID, "client1"); - request.setAttribute(WebAttributes.ISSUER, "https://example.com/issuer1"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); @@ -407,13 +402,12 @@ public class OidcClientRegistrationEndpointFilterTests { .build(); // @formatter:on - String issuer = "https://example.com/issuer1"; Jwt jwt = createJwt("client.read"); JwtAuthenticationToken principal = new JwtAuthenticationToken( jwt, AuthorityUtils.createAuthorityList("SCOPE_client.read")); OidcClientRegistrationAuthenticationToken clientConfigurationAuthenticationResult = - new OidcClientRegistrationAuthenticationToken(issuer, principal, expectedClientRegistrationResponse); + new OidcClientRegistrationAuthenticationToken(principal, expectedClientRegistrationResponse); when(this.authenticationManager.authenticate(any())).thenReturn(clientConfigurationAuthenticationResult); @@ -425,7 +419,6 @@ public class OidcClientRegistrationEndpointFilterTests { MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); request.setParameter(OAuth2ParameterNames.CLIENT_ID, expectedClientRegistrationResponse.getClientId()); - request.setAttribute(WebAttributes.ISSUER, issuer); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java index 07aeac9b..d20ffe9c 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java @@ -25,7 +25,6 @@ import org.springframework.http.MediaType; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.oauth2.server.authorization.config.ProviderSettings; -import org.springframework.security.oauth2.server.authorization.web.WebAttributes; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; @@ -99,7 +98,6 @@ public class OidcProviderConfigurationEndpointFilterTests { String requestUri = DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - request.setAttribute(WebAttributes.ISSUER, providerSettings.getIssuer()); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); @@ -132,7 +130,6 @@ public class OidcProviderConfigurationEndpointFilterTests { String requestUri = DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); - request.setAttribute(WebAttributes.ISSUER, providerSettings.getIssuer()); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java index 26dbe70f..8874dd54 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java @@ -146,36 +146,4 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { .withMessage("issuer must be a valid URL"); } - @Test - public void doFilterWhenProviderSettingsWithIssuerNotSetThenIssuerResolvesFromRequest() throws Exception { - ProviderSettings providerSettings = ProviderSettings.builder().build(); - OAuth2AuthorizationServerMetadataEndpointFilter filter = - new OAuth2AuthorizationServerMetadataEndpointFilter(providerSettings); - - String requestUri = DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI; - MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); - request.setServletPath(requestUri); - MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain filterChain = mock(FilterChain.class); - - filter.doFilter(request, response, filterChain); - - verifyNoInteractions(filterChain); - - assertThat(response.getContentType()).isEqualTo(MediaType.APPLICATION_JSON_VALUE); - String authorizationServerMetadataResponse = response.getContentAsString(); - assertThat(authorizationServerMetadataResponse).contains("\"issuer\":\"http://localhost\""); - assertThat(authorizationServerMetadataResponse).contains("\"authorization_endpoint\":\"http://localhost/oauth2/authorize\""); - assertThat(authorizationServerMetadataResponse).contains("\"token_endpoint\":\"http://localhost/oauth2/token\""); - assertThat(authorizationServerMetadataResponse).contains("\"token_endpoint_auth_methods_supported\":[\"client_secret_basic\",\"client_secret_post\"]"); - assertThat(authorizationServerMetadataResponse).contains("\"jwks_uri\":\"http://localhost/oauth2/jwks\""); - assertThat(authorizationServerMetadataResponse).contains("\"response_types_supported\":[\"code\"]"); - assertThat(authorizationServerMetadataResponse).contains("\"grant_types_supported\":[\"authorization_code\",\"client_credentials\",\"refresh_token\"]"); - assertThat(authorizationServerMetadataResponse).contains("\"revocation_endpoint\":\"http://localhost/oauth2/revoke\""); - assertThat(authorizationServerMetadataResponse).contains("\"revocation_endpoint_auth_methods_supported\":[\"client_secret_basic\",\"client_secret_post\"]"); - assertThat(authorizationServerMetadataResponse).contains("\"introspection_endpoint\":\"http://localhost/oauth2/introspect\""); - assertThat(authorizationServerMetadataResponse).contains("\"introspection_endpoint_auth_methods_supported\":[\"client_secret_basic\",\"client_secret_post\"]"); - assertThat(authorizationServerMetadataResponse).contains("\"code_challenge_methods_supported\":[\"plain\",\"S256\"]"); - } - } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilterTests.java index 1102211c..73529b58 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilterTests.java @@ -489,13 +489,12 @@ public class OAuth2TokenEndpointFilterTests { @Test public void doFilterWhenCustomAuthenticationConverterThenUsed() throws Exception { - String issuer = "https://example.com/issuer1"; RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build(); Authentication clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = - new OAuth2AuthorizationCodeAuthenticationToken(issuer, "code", clientPrincipal, null, null); + new OAuth2AuthorizationCodeAuthenticationToken("code", clientPrincipal, null, null); AuthenticationConverter authenticationConverter = mock(AuthenticationConverter.class); when(authenticationConverter.convert(any())).thenReturn(authorizationCodeAuthentication); @@ -614,8 +613,6 @@ public class OAuth2TokenEndpointFilterTests { request.addParameter(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId()); request.addParameter("custom-param-1", "custom-value-1"); - request.setAttribute(WebAttributes.ISSUER, "https://example.com/issuer1"); - return request; } @@ -630,8 +627,6 @@ public class OAuth2TokenEndpointFilterTests { StringUtils.collectionToDelimitedString(registeredClient.getScopes(), " ")); request.addParameter("custom-param-1", "custom-value-1"); - request.setAttribute(WebAttributes.ISSUER, "https://example.com/issuer1"); - return request; } @@ -647,8 +642,6 @@ public class OAuth2TokenEndpointFilterTests { StringUtils.collectionToDelimitedString(registeredClient.getScopes(), " ")); request.addParameter("custom-param-1", "custom-value-1"); - request.setAttribute(WebAttributes.ISSUER, "https://example.com/issuer1"); - return request; } } diff --git a/samples/custom-consent-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java b/samples/custom-consent-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java index 5c910452..d7064bb4 100644 --- a/samples/custom-consent-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java +++ b/samples/custom-consent-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java @@ -39,6 +39,7 @@ import org.springframework.security.oauth2.server.authorization.client.InMemoryR import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.config.ClientSettings; +import org.springframework.security.oauth2.server.authorization.config.ProviderSettings; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.util.matcher.RequestMatcher; @@ -100,6 +101,11 @@ public class AuthorizationServerConfig { return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet); } + @Bean + public ProviderSettings providerSettings() { + return ProviderSettings.builder().issuer("http://auth-server:9000").build(); + } + @Bean public OAuth2AuthorizationConsentService authorizationConsentService() { // Will be used by the ConsentController diff --git a/samples/default-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java b/samples/default-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java index 1badedeb..e9cacc63 100644 --- a/samples/default-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java +++ b/samples/default-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java @@ -45,6 +45,7 @@ import org.springframework.security.oauth2.server.authorization.client.JdbcRegis import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.config.ClientSettings; +import org.springframework.security.oauth2.server.authorization.config.ProviderSettings; import org.springframework.security.web.SecurityFilterChain; /** @@ -104,6 +105,11 @@ public class AuthorizationServerConfig { return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet); } + @Bean + public ProviderSettings providerSettings() { + return ProviderSettings.builder().issuer("http://auth-server:9000").build(); + } + @Bean public EmbeddedDatabase embeddedDatabase() { // @formatter:off