GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge d244e8ce96 into 14d469cec1

pull/17966/merge
김세은 13 hours ago committed by GitHub
parent
14d469cec1 d244e8ce96
commit
cd274a1b90
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 68 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
  2. 67
      config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java

4
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
Unescape View File

@ -344,7 +344,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> @@ -344,7 +344,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
if (userAuthoritiesMapper != null) {
oauth2LoginAuthenticationProvider.setAuthoritiesMapper(userAuthoritiesMapper);
}
http.authenticationProvider(this.postProcess(oauth2LoginAuthenticationProvider));
http.authenticationProvider((AuthenticationProvider) this.postProcess(oauth2LoginAuthenticationProvider));
boolean oidcAuthenticationProviderEnabled = ClassUtils
.isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
if (oidcAuthenticationProviderEnabled) {
@ -365,7 +365,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> @@ -365,7 +365,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
oidcAuthorizationCodeAuthenticationProvider.setAuthoritiesMapper(userAuthoritiesMapper);
oidcAuthorizedClientRefreshedEventListener.setAuthoritiesMapper(userAuthoritiesMapper);
}
http.authenticationProvider(this.postProcess(oidcAuthorizationCodeAuthenticationProvider));
http.authenticationProvider((AuthenticationProvider) this.postProcess(oidcAuthorizationCodeAuthenticationProvider));
registerDelegateApplicationListener(this.postProcess(oidcAuthorizedClientRefreshedEventListener));
configureOidcUserRefreshedEventListener(http);

67
config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
Unescape View File

@ -87,7 +87,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon @@ -87,7 +87,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.core.oidc.OidcScopes;
import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
@ -697,6 +697,22 @@ public class OAuth2LoginConfigurerTests { @@ -697,6 +697,22 @@ public class OAuth2LoginConfigurerTests {
verify(this.context.getBean(SpyObjectPostProcessor.class).spy).authenticate(any());
}
// gh-17357
@Test
public void oauth2LoginWhenOidcAuthenticationProviderPostProcessorThenUses() throws Exception {
loadConfig(OAuth2LoginConfigCustomWithOidcPostProcessor.class);
// setup authorization request with OIDC scope
OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest(OidcScopes.OPENID);
this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
// setup authentication parameters
this.request.setParameter("code", "code123");
this.request.setParameter("state", authorizationRequest.getState());
// perform test
this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
// assertions
verify(this.context.getBean(OidcSpyObjectPostProcessor.class).spy).authenticate(any());
}
// gh-16623
@Test
public void oauth2LoginWithCustomSecurityContextRepository() {
@ -1454,6 +1470,55 @@ public class OAuth2LoginConfigurerTests { @@ -1454,6 +1470,55 @@ public class OAuth2LoginConfigurerTests {
return (clientRegistration) -> JwtDecoderFactoryConfig.getJwtDecoder();
}
@Configuration
static class OAuth2LoginConfigCustomWithOidcPostProcessor {
private final ClientRegistrationRepository clientRegistrationRepository = new InMemoryClientRegistrationRepository(
TestClientRegistrations.oidc().build());
private final ObjectPostProcessor<AuthenticationProvider> postProcessor = new OidcSpyObjectPostProcessor();
@Bean
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
// @formatter:off
http
.oauth2Login((oauth2Login) -> oauth2Login
.clientRegistrationRepository(this.clientRegistrationRepository)
.withObjectPostProcessor(this.postProcessor)
);
// @formatter:on
return http.build();
}
@Bean
ObjectPostProcessor<AuthenticationProvider> mockPostProcessor() {
return this.postProcessor;
}
@Bean
HttpSessionOAuth2AuthorizationRequestRepository oauth2AuthorizationRequestRepository() {
return new HttpSessionOAuth2AuthorizationRequestRepository();
}
@Bean
JwtDecoderFactory<ClientRegistration> jwtDecoderFactory() {
return (clientRegistration) -> JwtDecoderFactoryConfig.getJwtDecoder();
}
static class OidcSpyObjectPostProcessor implements ObjectPostProcessor<AuthenticationProvider> {
AuthenticationProvider spy;
@Override
public <O extends AuthenticationProvider> O postProcess(O object) {
O spy = Mockito.spy(object);
this.spy = spy;
return spy;
}
}
}
}
}

Write Preview
Loading…
Cancel
Save