GitHub-Spring
/
spring-authorization-server
mirror of https://github.com/spring-projects/spring-authorization-server.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Polish gh-1106

pull/1134/head
Steve Riesenberg 3 years ago
parent
22fa26de7b
commit
cc6b3dc791
No known key found for this signature in database
GPG Key ID: 5F311AB48A55D521
9 changed files with 46 additions and 19 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceAuthorizationConsentAuthenticationProvider.java
  2. 4
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceAuthorizationRequestAuthenticationProvider.java
  3. 10
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceCodeAuthenticationProvider.java
  4. 4
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceVerificationAuthenticationProvider.java
  5. 10
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2DeviceAuthorizationEndpointFilter.java
  6. 19
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2DeviceVerificationEndpointFilter.java
  7. 5
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationConsentAuthenticationConverter.java
  8. 4
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationRequestAuthenticationConverter.java
  9. 4
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceCodeAuthenticationConverter.java

5
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceAuthorizationConsentAuthenticationProvider.java
Unescape View File

@ -29,7 +29,6 @@ import org.springframework.security.core.Authentication; @@ -29,7 +29,6 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
import org.springframework.security.oauth2.core.OAuth2DeviceCode;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
@ -63,7 +62,7 @@ import org.springframework.util.Assert; @@ -63,7 +62,7 @@ import org.springframework.util.Assert;
public final class OAuth2DeviceAuthorizationConsentAuthenticationProvider implements AuthenticationProvider {
private static final String DEFAULT_ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1";
private static final OAuth2TokenType STATE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.STATE);
static final OAuth2TokenType STATE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.STATE);
private final Log logger = LogFactory.getLog(getClass());
private final RegisteredClientRepository registeredClientRepository;
@ -261,7 +260,7 @@ public final class OAuth2DeviceAuthorizationConsentAuthenticationProvider implem @@ -261,7 +260,7 @@ public final class OAuth2DeviceAuthorizationConsentAuthenticationProvider implem
private static void throwError(String errorCode, String parameterName) {
OAuth2Error error = new OAuth2Error(errorCode, "OAuth 2.0 Parameter: " + parameterName, DEFAULT_ERROR_URI);
throw new OAuth2AuthorizationException(error);
throw new OAuth2AuthenticationException(error);
}
}

4
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceAuthorizationRequestAuthenticationProvider.java
Unescape View File

@ -69,8 +69,8 @@ import static org.springframework.security.oauth2.server.authorization.authentic @@ -69,8 +69,8 @@ import static org.springframework.security.oauth2.server.authorization.authentic
public final class OAuth2DeviceAuthorizationRequestAuthenticationProvider implements AuthenticationProvider {
private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
private static final OAuth2TokenType DEVICE_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.DEVICE_CODE);
private static final OAuth2TokenType USER_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.USER_CODE);
static final OAuth2TokenType DEVICE_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.DEVICE_CODE);
static final OAuth2TokenType USER_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.USER_CODE);
private final Log logger = LogFactory.getLog(getClass());
private final OAuth2AuthorizationService authorizationService;

10
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceCodeAuthenticationProvider.java
Unescape View File

@ -66,7 +66,9 @@ public final class OAuth2DeviceCodeAuthenticationProvider implements Authenticat @@ -66,7 +66,9 @@ public final class OAuth2DeviceCodeAuthenticationProvider implements Authenticat
private static final String DEFAULT_ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
private static final String DEVICE_ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc8628#section-3.5";
private static final OAuth2TokenType DEVICE_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.DEVICE_CODE);
static final OAuth2TokenType DEVICE_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.DEVICE_CODE);
static final String EXPIRED_TOKEN = "expired_token";
static final String AUTHORIZATION_PENDING = "authorization_pending";
private final Log logger = LogFactory.getLog(getClass());
private final OAuth2AuthorizationService authorizationService;
@ -134,7 +136,7 @@ public final class OAuth2DeviceCodeAuthenticationProvider implements Authenticat @@ -134,7 +136,7 @@ public final class OAuth2DeviceCodeAuthenticationProvider implements Authenticat
// access_denied
// The authorization request was denied.
if (Boolean.TRUE.equals(deviceCode.getMetadata(OAuth2Authorization.Token.ACCESS_DENIED_METADATA_NAME))) {
OAuth2Error error = new OAuth2Error("access_denied", null, DEVICE_ERROR_URI);
OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.ACCESS_DENIED, null, DEVICE_ERROR_URI);
throw new OAuth2AuthenticationException(error);
}
@ -144,7 +146,7 @@ public final class OAuth2DeviceCodeAuthenticationProvider implements Authenticat @@ -144,7 +146,7 @@ public final class OAuth2DeviceCodeAuthenticationProvider implements Authenticat
// authorization request but SHOULD wait for user interaction before
// restarting to avoid unnecessary polling.
if (deviceCode.isExpired()) {
OAuth2Error error = new OAuth2Error("expired_token", null, DEVICE_ERROR_URI);
OAuth2Error error = new OAuth2Error(EXPIRED_TOKEN, null, DEVICE_ERROR_URI);
throw new OAuth2AuthenticationException(error);
}
@ -165,7 +167,7 @@ public final class OAuth2DeviceCodeAuthenticationProvider implements Authenticat @@ -165,7 +167,7 @@ public final class OAuth2DeviceCodeAuthenticationProvider implements Authenticat
// increase in the polling interval required by the "slow_down"
// error.
if (!Boolean.TRUE.equals(deviceCode.getMetadata(OAuth2Authorization.Token.ACCESS_GRANTED_METADATA_NAME))) {
OAuth2Error error = new OAuth2Error("authorization_pending", null, DEVICE_ERROR_URI);
OAuth2Error error = new OAuth2Error(AUTHORIZATION_PENDING, null, DEVICE_ERROR_URI);
throw new OAuth2AuthenticationException(error);
}

4
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceVerificationAuthenticationProvider.java
Unescape View File

@ -62,7 +62,7 @@ import org.springframework.util.Assert; @@ -62,7 +62,7 @@ import org.springframework.util.Assert;
*/
public final class OAuth2DeviceVerificationAuthenticationProvider implements AuthenticationProvider {
private static final OAuth2TokenType USER_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.USER_CODE);
static final OAuth2TokenType USER_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.USER_CODE);
private static final StringKeyGenerator DEFAULT_STATE_GENERATOR =
new Base64StringKeyGenerator(Base64.getUrlEncoder());
@ -154,7 +154,7 @@ public final class OAuth2DeviceVerificationAuthenticationProvider implements Aut @@ -154,7 +154,7 @@ public final class OAuth2DeviceVerificationAuthenticationProvider implements Aut
OAuth2Authorization.Token<OAuth2UserCode> userCode = authorization.getToken(OAuth2UserCode.class);
OAuth2Authorization updatedAuthorization = OAuth2Authorization.from(authorization)
.principalName(principal.getName())
.authorizedScopes(currentAuthorizedScopes)
.authorizedScopes(authorizationRequest.getScopes())
.token(deviceCode.getToken(), metadata -> metadata
.put(OAuth2Authorization.Token.ACCESS_GRANTED_METADATA_NAME, true))
.token(userCode.getToken(), metadata -> metadata

10
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2DeviceAuthorizationEndpointFilter.java
Unescape View File

@ -70,7 +70,7 @@ import org.springframework.web.util.UriComponentsBuilder; @@ -70,7 +70,7 @@ import org.springframework.web.util.UriComponentsBuilder;
*/
public final class OAuth2DeviceAuthorizationEndpointFilter extends OncePerRequestFilter {
private static final String DEFAULT_DEVICE_AUTHORIZATION_ENDPOINT_URI = "/oauth2/device_authorize";
private static final String DEFAULT_DEVICE_AUTHORIZATION_ENDPOINT_URI = "/oauth2/device_authorization";
private static final String DEFAULT_DEVICE_VERIFICATION_URI = "/oauth2/device_verification";
@ -88,10 +88,10 @@ public final class OAuth2DeviceAuthorizationEndpointFilter extends OncePerReques @@ -88,10 +88,10 @@ public final class OAuth2DeviceAuthorizationEndpointFilter extends OncePerReques
private String verificationUri = DEFAULT_DEVICE_VERIFICATION_URI;
/**
* Constructs an {@code OAuth2DeviceAuthorizationEndpointFilter} using the provided parameters.
*
* @param authenticationManager the authentication manager
*/
* Constructs an {@code OAuth2DeviceAuthorizationEndpointFilter} using the provided parameters.
*
* @param authenticationManager the authentication manager
*/
public OAuth2DeviceAuthorizationEndpointFilter(AuthenticationManager authenticationManager) {
this(authenticationManager, DEFAULT_DEVICE_AUTHORIZATION_ENDPOINT_URI);
}

19
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2DeviceVerificationEndpointFilter.java
Unescape View File

@ -79,6 +79,8 @@ import org.springframework.web.util.UriComponentsBuilder; @@ -79,6 +79,8 @@ import org.springframework.web.util.UriComponentsBuilder;
*/
public final class OAuth2DeviceVerificationEndpointFilter extends OncePerRequestFilter {
private static final String DEFAULT_DEVICE_VERIFICATION_URI = "/oauth2/device_verification";
private final AuthenticationManager authenticationManager;
private final RequestMatcher deviceVerificationEndpointMatcher;
private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@ -90,7 +92,24 @@ public final class OAuth2DeviceVerificationEndpointFilter extends OncePerRequest @@ -90,7 +92,24 @@ public final class OAuth2DeviceVerificationEndpointFilter extends OncePerRequest
private AuthenticationFailureHandler authenticationFailureHandler = this::sendErrorResponse;
private String consentPage;
/**
* Construct an {@code OAuth2DeviceVerificationEndpointFilter} using the provided parameters.
*
* @param authenticationManager the authentication manager
*/
public OAuth2DeviceVerificationEndpointFilter(AuthenticationManager authenticationManager) {
this(authenticationManager, DEFAULT_DEVICE_VERIFICATION_URI);
}
/**
* Construct an {@code OAuth2DeviceVerificationEndpointFilter} using the provided parameters.
*
* @param authenticationManager the authentication manager
* @param deviceVerificationEndpointUri the endpoint {@code URI} for device verification requests
*/
public OAuth2DeviceVerificationEndpointFilter(AuthenticationManager authenticationManager, String deviceVerificationEndpointUri) {
Assert.notNull(authenticationManager, "authenticationManager cannot be null");
Assert.hasText(deviceVerificationEndpointUri, "deviceVerificationEndpointUri cannot be empty");
this.authenticationManager = authenticationManager;
this.deviceVerificationEndpointMatcher = createDefaultRequestMatcher(deviceVerificationEndpointUri);
this.authenticationConverter = new DelegatingAuthenticationConverter(

5
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationConsentAuthenticationConverter.java
Unescape View File

@ -75,7 +75,10 @@ public final class OAuth2DeviceAuthorizationConsentAuthenticationConverter imple @@ -75,7 +75,10 @@ public final class OAuth2DeviceAuthorizationConsentAuthenticationConverter imple
// client_id (REQUIRED)
String clientId = parameters.getFirst(OAuth2ParameterNames.CLIENT_ID);
if (!StringUtils.hasText(clientId) || parameters.get(OAuth2ParameterNames.CLIENT_ID).size() != 1) {
OAuth2EndpointUtils.throwError(OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ParameterNames.CLIENT_ID, DEFAULT_ERROR_URI);
OAuth2EndpointUtils.throwError(
OAuth2ErrorCodes.INVALID_REQUEST,
OAuth2ParameterNames.CLIENT_ID,
DEFAULT_ERROR_URI);
}
Authentication principal = SecurityContextHolder.getContext().getAuthentication();

4
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationRequestAuthenticationConverter.java
Unescape View File

@ -28,6 +28,7 @@ import org.springframework.security.core.context.SecurityContextHolder; @@ -28,6 +28,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2DeviceAuthorizationRequestAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.web.OAuth2DeviceAuthorizationEndpointFilter;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
@ -40,6 +41,9 @@ import org.springframework.util.StringUtils; @@ -40,6 +41,9 @@ import org.springframework.util.StringUtils;
*
* @author Steve Riesenberg
* @since 1.1
* @see AuthenticationConverter
* @see OAuth2DeviceAuthorizationRequestAuthenticationToken
* @see OAuth2DeviceAuthorizationEndpointFilter
*/
public final class OAuth2DeviceAuthorizationRequestAuthenticationConverter implements AuthenticationConverter {

4
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceCodeAuthenticationConverter.java
Unescape View File

@ -26,7 +26,7 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType; @@ -26,7 +26,7 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2DeviceCodeAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.web.OAuth2DeviceAuthorizationEndpointFilter;
import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
@ -41,7 +41,7 @@ import org.springframework.util.StringUtils; @@ -41,7 +41,7 @@ import org.springframework.util.StringUtils;
* @since 1.1
* @see AuthenticationConverter
* @see OAuth2DeviceCodeAuthenticationToken
* @see OAuth2DeviceAuthorizationEndpointFilter
* @see OAuth2TokenEndpointFilter
*/
public final class OAuth2DeviceCodeAuthenticationConverter implements AuthenticationConverter {

Write Preview
Loading…
Cancel
Save