From a11284f0f559f329a38cc26bd2ceccb1265d48b4 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Fri, 9 Jul 2021 03:18:41 -0400 Subject: [PATCH] Polish gh-331 --- .../JdbcOAuth2AuthorizationService.java | 6 +- .../authorization/jackson2/HashSetMixin.java | 6 +- .../authorization/jackson2/JsonNodeUtils.java | 6 +- ...Auth2AuthorizationRequestDeserializer.java | 6 +- .../OAuth2AuthorizationRequestMixin.java | 7 ++- ...th2AuthorizationServerJackson2Module.java} | 18 +++--- .../OAuth2ClientAuthenticationTokenMixin.java | 51 --------------- .../authorization/jackson2/StdConverters.java | 62 ++++++++++++++++++- .../jackson2/UnmodifiableMapDeserializer.java | 6 +- .../jackson2/UnmodifiableMapMixin.java | 7 ++- .../TestingAuthenticationTokenMixin.java | 3 +- 11 files changed, 100 insertions(+), 78 deletions(-) rename oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/{OAuth2ServerJackson2Module.java => OAuth2AuthorizationServerJackson2Module.java} (76%) delete mode 100644 oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2ClientAuthenticationTokenMixin.java diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/JdbcOAuth2AuthorizationService.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/JdbcOAuth2AuthorizationService.java index 0e579c12..d5d4fe15 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/JdbcOAuth2AuthorizationService.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/JdbcOAuth2AuthorizationService.java @@ -54,7 +54,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.core.oidc.OidcIdToken; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; -import org.springframework.security.oauth2.server.authorization.jackson2.OAuth2ServerJackson2Module; +import org.springframework.security.oauth2.server.authorization.jackson2.OAuth2AuthorizationServerJackson2Module; import org.springframework.util.Assert; import org.springframework.util.CollectionUtils; import org.springframework.util.StringUtils; @@ -317,7 +317,7 @@ public class JdbcOAuth2AuthorizationService implements OAuth2AuthorizationServic ClassLoader classLoader = JdbcOAuth2AuthorizationService.class.getClassLoader(); List securityModules = SecurityJackson2Modules.getModules(classLoader); this.objectMapper.registerModules(securityModules); - this.objectMapper.registerModule(new OAuth2ServerJackson2Module()); + this.objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module()); } @Override @@ -455,7 +455,7 @@ public class JdbcOAuth2AuthorizationService implements OAuth2AuthorizationServic ClassLoader classLoader = JdbcOAuth2AuthorizationService.class.getClassLoader(); List securityModules = SecurityJackson2Modules.getModules(classLoader); this.objectMapper.registerModules(securityModules); - this.objectMapper.registerModule(new OAuth2ServerJackson2Module()); + this.objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module()); } @Override diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/HashSetMixin.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/HashSetMixin.java index 0ed48930..6f49c953 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/HashSetMixin.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/HashSetMixin.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 the original author or authors. + * Copyright 2020-2021 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -13,7 +13,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package org.springframework.security.oauth2.server.authorization.jackson2; import java.util.HashSet; @@ -26,9 +25,8 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo; * This mixin class is used to serialize/deserialize {@link HashSet}. * * @author Steve Riesenberg - * @see HashSet - * @see OAuth2ServerJackson2Module * @since 0.1.2 + * @see HashSet */ @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS) abstract class HashSetMixin { diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/JsonNodeUtils.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/JsonNodeUtils.java index b2d97884..2a482082 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/JsonNodeUtils.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/JsonNodeUtils.java @@ -24,10 +24,14 @@ import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; /** + * TODO + * This class is a straight copy from Spring Security. + * It should be consolidated when merging this codebase into Spring Security. + * * Utility class for {@code JsonNode}. * * @author Joe Grandja - * @since 0.1.2 + * @since 5.3 */ abstract class JsonNodeUtils { diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationRequestDeserializer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationRequestDeserializer.java index 923d73c8..def03a72 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationRequestDeserializer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationRequestDeserializer.java @@ -31,10 +31,14 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder; /** + * TODO + * This class is a straight copy from Spring Security. + * It should be consolidated when merging this codebase into Spring Security. + * * A {@code JsonDeserializer} for {@link OAuth2AuthorizationRequest}. * * @author Joe Grandja - * @since 0.1.2 + * @since 5.3 * @see OAuth2AuthorizationRequest * @see OAuth2AuthorizationRequestMixin */ diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationRequestMixin.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationRequestMixin.java index 5f0dd3f6..64340c38 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationRequestMixin.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationRequestMixin.java @@ -24,14 +24,17 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; /** + * TODO + * This class is a straight copy from Spring Security. + * It should be consolidated when merging this codebase into Spring Security. + * * This mixin class is used to serialize/deserialize {@link OAuth2AuthorizationRequest}. * It also registers a custom deserializer {@link OAuth2AuthorizationRequestDeserializer}. * * @author Joe Grandja - * @since 0.1.2 + * @since 5.3 * @see OAuth2AuthorizationRequest * @see OAuth2AuthorizationRequestDeserializer - * @see OAuth2ServerJackson2Module */ @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS) @JsonDeserialize(using = OAuth2AuthorizationRequestDeserializer.class) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2ServerJackson2Module.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationServerJackson2Module.java similarity index 76% rename from oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2ServerJackson2Module.java rename to oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationServerJackson2Module.java index 7aaca39b..e6ab7a7d 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2ServerJackson2Module.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationServerJackson2Module.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 the original author or authors. + * Copyright 2020-2021 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -13,7 +13,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package org.springframework.security.oauth2.server.authorization.jackson2; import java.util.Collections; @@ -24,7 +23,6 @@ import com.fasterxml.jackson.databind.module.SimpleModule; import org.springframework.security.jackson2.SecurityJackson2Modules; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; -import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken; /** * Jackson {@code Module} for {@code spring-authorization-server}, that registers the @@ -34,7 +32,6 @@ import org.springframework.security.oauth2.server.authorization.authentication.O *
  • {@link UnmodifiableMapMixin}
    • *
  • {@link HashSetMixin}
    • *
  • {@link OAuth2AuthorizationRequestMixin}
    • - *
  • {@link OAuth2ClientAuthenticationTokenMixin}
    • * * * If not already enabled, default typing will be automatically enabled as type info is @@ -43,21 +40,23 @@ import org.springframework.security.oauth2.server.authorization.authentication.O * * 
      *     ObjectMapper mapper = new ObjectMapper();
- *     mapper.registerModule(new OAuth2ServerJackson2Module());
+ *     mapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
  *
    * + * NOTE: Use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get a list + * of all security modules. + * * @author Steve Riesenberg * @since 0.1.2 * @see SecurityJackson2Modules * @see UnmodifiableMapMixin * @see HashSetMixin * @see OAuth2AuthorizationRequestMixin - * @see OAuth2ClientAuthenticationTokenMixin */ -public class OAuth2ServerJackson2Module extends SimpleModule { +public class OAuth2AuthorizationServerJackson2Module extends SimpleModule { - public OAuth2ServerJackson2Module() { - super(OAuth2ServerJackson2Module.class.getName(), new Version(1, 0, 0, null, null, null)); + public OAuth2AuthorizationServerJackson2Module() { + super(OAuth2AuthorizationServerJackson2Module.class.getName(), new Version(1, 0, 0, null, null, null)); } @Override @@ -67,7 +66,6 @@ public class OAuth2ServerJackson2Module extends SimpleModule { UnmodifiableMapMixin.class); context.setMixInAnnotations(HashSet.class, HashSetMixin.class); context.setMixInAnnotations(OAuth2AuthorizationRequest.class, OAuth2AuthorizationRequestMixin.class); - context.setMixInAnnotations(OAuth2ClientAuthenticationToken.class, OAuth2ClientAuthenticationTokenMixin.class); } } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2ClientAuthenticationTokenMixin.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2ClientAuthenticationTokenMixin.java deleted file mode 100644 index d113bb29..00000000 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2ClientAuthenticationTokenMixin.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright 2002-2020 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.server.authorization.jackson2; - -import java.util.Map; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; -import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken; - -/** - * This mixin class is used to serialize/deserialize {@link OAuth2ClientAuthenticationToken}. - * - * @author Joe Grandja - * @since 0.1.2 - * @see OAuth2ClientAuthenticationToken - * @see OAuth2ServerJackson2Module - */ -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, - isGetterVisibility = JsonAutoDetect.Visibility.NONE) -@JsonIgnoreProperties(value = { "authenticated" }, ignoreUnknown = true) -abstract class OAuth2ClientAuthenticationTokenMixin { - - @JsonCreator - OAuth2ClientAuthenticationTokenMixin(@JsonProperty("clientId") String clientId, - @JsonProperty("clientSecret") String clientSecret, - @JsonProperty("clientAuthenticationMethod") ClientAuthenticationMethod clientAuthenticationMethod, - @JsonProperty("additionalParameters") Map additionalParameters) { - } - -} diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/StdConverters.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/StdConverters.java index fc82f498..dea0d220 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/StdConverters.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/StdConverters.java @@ -19,16 +19,57 @@ package org.springframework.security.oauth2.server.authorization.jackson2; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.util.StdConverter; +import org.springframework.security.oauth2.core.AuthenticationMethod; import org.springframework.security.oauth2.core.AuthorizationGrantType; +import org.springframework.security.oauth2.core.ClientAuthenticationMethod; +import org.springframework.security.oauth2.core.OAuth2AccessToken; /** + * TODO + * This class is a straight copy from Spring Security. + * It should be consolidated when merging this codebase into Spring Security. + * * {@code StdConverter} implementations. * * @author Joe Grandja - * @since 0.1.2 + * @since 5.3 */ abstract class StdConverters { + static final class AccessTokenTypeConverter extends StdConverter { + + @Override + public OAuth2AccessToken.TokenType convert(JsonNode jsonNode) { + String value = JsonNodeUtils.findStringValue(jsonNode, "value"); + if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(value)) { + return OAuth2AccessToken.TokenType.BEARER; + } + return null; + } + + } + + static final class ClientAuthenticationMethodConverter extends StdConverter { + + @Override + public ClientAuthenticationMethod convert(JsonNode jsonNode) { + String value = JsonNodeUtils.findStringValue(jsonNode, "value"); + if (ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue().equalsIgnoreCase(value) + || ClientAuthenticationMethod.BASIC.getValue().equalsIgnoreCase(value)) { + return ClientAuthenticationMethod.CLIENT_SECRET_BASIC; + } + if (ClientAuthenticationMethod.CLIENT_SECRET_POST.getValue().equalsIgnoreCase(value) + || ClientAuthenticationMethod.POST.getValue().equalsIgnoreCase(value)) { + return ClientAuthenticationMethod.CLIENT_SECRET_POST; + } + if (ClientAuthenticationMethod.NONE.getValue().equalsIgnoreCase(value)) { + return ClientAuthenticationMethod.NONE; + } + return null; + } + + } + static final class AuthorizationGrantTypeConverter extends StdConverter { @Override @@ -51,4 +92,23 @@ abstract class StdConverters { } + static final class AuthenticationMethodConverter extends StdConverter { + + @Override + public AuthenticationMethod convert(JsonNode jsonNode) { + String value = JsonNodeUtils.findStringValue(jsonNode, "value"); + if (AuthenticationMethod.HEADER.getValue().equalsIgnoreCase(value)) { + return AuthenticationMethod.HEADER; + } + if (AuthenticationMethod.FORM.getValue().equalsIgnoreCase(value)) { + return AuthenticationMethod.FORM; + } + if (AuthenticationMethod.QUERY.getValue().equalsIgnoreCase(value)) { + return AuthenticationMethod.QUERY; + } + return null; + } + + } + } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/UnmodifiableMapDeserializer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/UnmodifiableMapDeserializer.java index 8703b612..cbaa232f 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/UnmodifiableMapDeserializer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/UnmodifiableMapDeserializer.java @@ -28,10 +28,14 @@ import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; /** + * TODO + * This class is a straight copy from Spring Security. + * It should be consolidated when merging this codebase into Spring Security. + * * A {@code JsonDeserializer} for {@link Collections#unmodifiableMap(Map)}. * * @author Joe Grandja - * @since 0.1.2 + * @since 5.3 * @see Collections#unmodifiableMap(Map) * @see UnmodifiableMapMixin */ diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/UnmodifiableMapMixin.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/UnmodifiableMapMixin.java index d6e48f70..66506578 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/UnmodifiableMapMixin.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/UnmodifiableMapMixin.java @@ -24,15 +24,18 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo; import com.fasterxml.jackson.databind.annotation.JsonDeserialize; /** + * TODO + * This class is a straight copy from Spring Security. + * It should be consolidated when merging this codebase into Spring Security. + * * This mixin class is used to serialize/deserialize * {@link Collections#unmodifiableMap(Map)}. It also registers a custom deserializer * {@link UnmodifiableMapDeserializer}. * * @author Joe Grandja - * @since 0.1.2 + * @since 5.3 * @see Collections#unmodifiableMap(Map) * @see UnmodifiableMapDeserializer - * @see OAuth2ServerJackson2Module */ @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS) @JsonDeserialize(using = UnmodifiableMapDeserializer.class) diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/jackson2/TestingAuthenticationTokenMixin.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/jackson2/TestingAuthenticationTokenMixin.java index dbba290e..a4494a7c 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/jackson2/TestingAuthenticationTokenMixin.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/jackson2/TestingAuthenticationTokenMixin.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 the original author or authors. + * Copyright 2020-2021 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -13,7 +13,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package org.springframework.security.oauth2.server.authorization.jackson2; import java.util.List;