From ff6e1232c8113aa3ac463ccd20634b355343f4f3 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Wed, 22 Aug 2018 05:58:04 -0400 Subject: [PATCH] Flatten HttpSecurity.oauth2() Fixes gh-5715 --- .../annotation/web/builders/HttpSecurity.java | 29 +++- .../configurers/oauth2/OAuth2Configurer.java | 105 --------------- .../client/OAuth2ClientConfigurerTests.java | 9 +- .../OAuth2ResourceServerConfigurerTests.java | 126 ++++++++---------- ...uthorizationCodeGrantApplicationTests.java | 7 +- .../java/sample/config/SecurityConfig.java | 3 +- ...h2ResourceServerSecurityConfiguration.java | 7 +- 7 files changed, 86 insertions(+), 200 deletions(-) delete mode 100644 config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/OAuth2Configurer.java diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java index 1d41bdd3fb..6d42181b7d 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java @@ -48,8 +48,9 @@ import org.springframework.security.config.annotation.web.configurers.SecurityCo import org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer; import org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer; import org.springframework.security.config.annotation.web.configurers.X509Configurer; -import org.springframework.security.config.annotation.web.configurers.oauth2.OAuth2Configurer; +import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer; import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer; +import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer; import org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContext; @@ -111,6 +112,7 @@ import java.util.Map; * * * @author Rob Winch + * @author Joe Grandja * @since 3.2 * @see EnableWebSecurity */ @@ -978,7 +980,6 @@ public final class HttpSecurity extends *

* For more advanced configuration, see {@link OAuth2LoginConfigurer} for available options to customize the defaults. * - * @author Joe Grandja * @since 5.0 * @see Section 4.1 Authorization Code Grant * @see Section 3.1 Authorization Code Flow @@ -992,15 +993,29 @@ public final class HttpSecurity extends } /** - * Configures support for the OAuth 2.0 Authorization Framework. + * Configures OAuth 2.0 Client support. * - * @author Joe Grandja * @since 5.1 - * @return the {@link OAuth2Configurer} for further customizations + * @see OAuth 2.0 Authorization Framework + * @return the {@link OAuth2ClientConfigurer} for further customizations * @throws Exception */ - public OAuth2Configurer oauth2() throws Exception { - OAuth2Configurer configurer = getOrApply(new OAuth2Configurer<>()); + public OAuth2ClientConfigurer oauth2Client() throws Exception { + OAuth2ClientConfigurer configurer = getOrApply(new OAuth2ClientConfigurer<>()); + this.postProcess(configurer); + return configurer; + } + + /** + * Configures OAuth 2.0 Resource Server support. + * + * @since 5.1 + * @see OAuth 2.0 Authorization Framework + * @return the {@link OAuth2ResourceServerConfigurer} for further customizations + * @throws Exception + */ + public OAuth2ResourceServerConfigurer oauth2ResourceServer() throws Exception { + OAuth2ResourceServerConfigurer configurer = getOrApply(new OAuth2ResourceServerConfigurer<>(getContext())); this.postProcess(configurer); return configurer; } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/OAuth2Configurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/OAuth2Configurer.java deleted file mode 100644 index 433119b453..0000000000 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/OAuth2Configurer.java +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright 2002-2018 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.springframework.security.config.annotation.web.configurers.oauth2; - -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.security.config.annotation.ObjectPostProcessor; -import org.springframework.security.config.annotation.web.HttpSecurityBuilder; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; -import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer; -import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer; - -/** - * An {@link AbstractHttpConfigurer} that provides support for the - * OAuth 2.0 Authorization Framework. - * - * @author Joe Grandja - * @since 5.1 - * @see HttpSecurity#oauth2() - * @see OAuth2ClientConfigurer - * @see AbstractHttpConfigurer - */ -public final class OAuth2Configurer> - extends AbstractHttpConfigurer, B> { - - @Autowired - private ObjectPostProcessor objectPostProcessor; - - private OAuth2ClientConfigurer clientConfigurer; - - private OAuth2ResourceServerConfigurer resourceServerConfigurer; - - /** - * Returns the {@link OAuth2ClientConfigurer} for configuring OAuth 2.0 Client support. - * - * @return the {@link OAuth2ClientConfigurer} - */ - public OAuth2ClientConfigurer client() { - if (this.clientConfigurer == null) { - this.initClientConfigurer(); - } - return this.clientConfigurer; - } - - /** - * Returns the {@link OAuth2ResourceServerConfigurer} for configuring OAuth 2.0 Resource Server support. - * - * @return the {@link OAuth2ResourceServerConfigurer} - */ - public OAuth2ResourceServerConfigurer resourceServer() { - if (this.resourceServerConfigurer == null) { - this.initResourceServerConfigurer(); - } - return this.resourceServerConfigurer; - } - - @Override - public void init(B builder) throws Exception { - if (this.clientConfigurer != null) { - this.clientConfigurer.init(builder); - } - - if (this.resourceServerConfigurer != null) { - this.resourceServerConfigurer.init(builder); - } - } - - @Override - public void configure(B builder) throws Exception { - if (this.clientConfigurer != null) { - this.clientConfigurer.configure(builder); - } - - if (this.resourceServerConfigurer != null) { - this.resourceServerConfigurer.configure(builder); - } - } - - private void initClientConfigurer() { - this.clientConfigurer = new OAuth2ClientConfigurer<>(); - this.clientConfigurer.setBuilder(this.getBuilder()); - this.clientConfigurer.addObjectPostProcessor(this.objectPostProcessor); - } - - private void initResourceServerConfigurer() { - ApplicationContext context = getBuilder().getSharedObject(ApplicationContext.class); - this.resourceServerConfigurer = new OAuth2ResourceServerConfigurer<>(context); - this.resourceServerConfigurer.setBuilder(this.getBuilder()); - this.resourceServerConfigurer.addObjectPostProcessor(this.objectPostProcessor); - } -} diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java index c53127f103..d1e3844b6e 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java @@ -218,11 +218,10 @@ public class OAuth2ClientConfigurerTests { .requestCache() .requestCache(requestCache) .and() - .oauth2() - .client() - .authorizationCodeGrant() - .authorizationRequestResolver(authorizationRequestResolver) - .accessTokenResponseClient(accessTokenResponseClient); + .oauth2Client() + .authorizationCodeGrant() + .authorizationRequestResolver(authorizationRequestResolver) + .accessTokenResponseClient(accessTokenResponseClient); } @Bean diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java index e94c8ebb12..a50e123acf 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java @@ -1043,10 +1043,9 @@ public class OAuth2ResourceServerConfigurerTests { .antMatchers("/requires-read-scope").access("hasAuthority('SCOPE_message:read')") .anyRequest().authenticated() .and() - .oauth2() - .resourceServer() - .jwt() - .jwkSetUri(this.uri); + .oauth2ResourceServer() + .jwt() + .jwkSetUri(this.uri); // @formatter:on } } @@ -1064,10 +1063,9 @@ public class OAuth2ResourceServerConfigurerTests { .anyRequest().authenticated() .and() .csrf().disable() - .oauth2() - .resourceServer() - .jwt() - .jwkSetUri(this.uri); + .oauth2ResourceServer() + .jwt() + .jwkSetUri(this.uri); // @formatter:on } } @@ -1084,10 +1082,9 @@ public class OAuth2ResourceServerConfigurerTests { .authorizeRequests() .anyRequest().authenticated() .and() - .oauth2() - .resourceServer() - .jwt() - .jwkSetUri(this.uri); + .oauth2ResourceServer() + .jwt() + .jwkSetUri(this.uri); // @formatter:on } } @@ -1101,8 +1098,7 @@ public class OAuth2ResourceServerConfigurerTests { .authorizeRequests() .anyRequest().authenticated() .and() - .oauth2() - .resourceServer(); + .oauth2ResourceServer(); // @formatter:on } } @@ -1116,10 +1112,9 @@ public class OAuth2ResourceServerConfigurerTests { .authorizeRequests() .anyRequest().authenticated() .and() - .oauth2() - .resourceServer() - .authenticationEntryPoint(authenticationEntryPoint()) - .jwt(); + .oauth2ResourceServer() + .authenticationEntryPoint(authenticationEntryPoint()) + .jwt(); // @formatter:on } @@ -1140,10 +1135,9 @@ public class OAuth2ResourceServerConfigurerTests { .authorizeRequests() .anyRequest().denyAll() .and() - .oauth2() - .resourceServer() - .accessDeniedHandler(accessDeniedHandler()) - .jwt(); + .oauth2ResourceServer() + .accessDeniedHandler(accessDeniedHandler()) + .jwt(); // @formatter:on } @@ -1169,9 +1163,8 @@ public class OAuth2ResourceServerConfigurerTests { .and() .httpBasic() .and() - .oauth2() - .resourceServer() - .jwt(); + .oauth2ResourceServer() + .jwt(); // @formatter:on } @@ -1198,10 +1191,9 @@ public class OAuth2ResourceServerConfigurerTests { .authorizeRequests() .anyRequest().authenticated() .and() - .oauth2() - .resourceServer() - .jwt() - .jwtAuthenticationConverter(getJwtAuthenticationConverter()); + .oauth2ResourceServer() + .jwt() + .jwtAuthenticationConverter(getJwtAuthenticationConverter()); // @formatter:on } @@ -1221,10 +1213,9 @@ public class OAuth2ResourceServerConfigurerTests { .authorizeRequests() .antMatchers("/requires-read-scope").access("hasAuthority('message:read')") .and() - .oauth2() - .resourceServer() - .jwt() - .jwtAuthenticationConverter(getJwtAuthenticationConverter()); + .oauth2ResourceServer() + .jwt() + .jwtAuthenticationConverter(getJwtAuthenticationConverter()); // @formatter:on } @@ -1252,10 +1243,9 @@ public class OAuth2ResourceServerConfigurerTests { .and() .httpBasic() .and() - .oauth2() - .resourceServer() - .jwt() - .jwkSetUri(this.uri); + .oauth2ResourceServer() + .jwt() + .jwkSetUri(this.uri); // @formatter:on } @@ -1279,9 +1269,8 @@ public class OAuth2ResourceServerConfigurerTests { .authorizeRequests() .anyRequest().authenticated() .and() - .oauth2() - .resourceServer() - .jwt(); // missing key configuration, e.g. jwkSetUri + .oauth2ResourceServer() + .jwt(); // missing key configuration, e.g. jwkSetUri // @formatter:on } } @@ -1297,10 +1286,9 @@ public class OAuth2ResourceServerConfigurerTests { .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.ALWAYS) .and() - .oauth2() - .resourceServer() - .jwt() - .jwkSetUri(this.uri); + .oauth2ResourceServer() + .jwt() + .jwkSetUri(this.uri); // @formatter:on } } @@ -1314,10 +1302,9 @@ public class OAuth2ResourceServerConfigurerTests { .authorizeRequests() .anyRequest().authenticated() .and() - .oauth2() - .resourceServer() - .bearerTokenResolver(allowRequestBody()) - .jwt(); + .oauth2ResourceServer() + .bearerTokenResolver(allowRequestBody()) + .jwt(); // @formatter:on } @@ -1337,9 +1324,8 @@ public class OAuth2ResourceServerConfigurerTests { .authorizeRequests() .anyRequest().authenticated() .and() - .oauth2() - .resourceServer() - .jwt(); + .oauth2ResourceServer() + .jwt(); // @formatter:on } @@ -1360,9 +1346,8 @@ public class OAuth2ResourceServerConfigurerTests { .authorizeRequests() .anyRequest().authenticated() .and() - .oauth2() - .resourceServer() - .jwt(); + .oauth2ResourceServer() + .jwt(); // @formatter:on } @@ -1392,10 +1377,9 @@ public class OAuth2ResourceServerConfigurerTests { .authorizeRequests() .anyRequest().authenticated() .and() - .oauth2() - .resourceServer() - .jwt() - .decoder(decoder()); + .oauth2ResourceServer() + .jwt() + .decoder(decoder()); // @formatter:on } @@ -1413,9 +1397,8 @@ public class OAuth2ResourceServerConfigurerTests { .authorizeRequests() .anyRequest().authenticated() .and() - .oauth2() - .resourceServer() - .jwt(); + .oauth2ResourceServer() + .jwt(); // @formatter:on } @@ -1439,10 +1422,9 @@ public class OAuth2ResourceServerConfigurerTests { // @formatter:off http - .oauth2() - .resourceServer() - .jwt() - .decoder(jwtDecoder); + .oauth2ResourceServer() + .jwt() + .decoder(jwtDecoder); // @formatter:on } @@ -1467,10 +1449,9 @@ public class OAuth2ResourceServerConfigurerTests { // @formatter:off http - .oauth2() - .resourceServer() - .jwt() - .decoder(jwtDecoder); + .oauth2ResourceServer() + .jwt() + .decoder(jwtDecoder); // @formatter:on } } @@ -1491,10 +1472,9 @@ public class OAuth2ResourceServerConfigurerTests { // @formatter:off http - .oauth2() - .resourceServer() - .jwt() - .decoder(jwtDecoder); + .oauth2ResourceServer() + .jwt() + .decoder(jwtDecoder); // @formatter:on } } diff --git a/samples/boot/authcodegrant/src/integration-test/java/org/springframework/security/samples/OAuth2AuthorizationCodeGrantApplicationTests.java b/samples/boot/authcodegrant/src/integration-test/java/org/springframework/security/samples/OAuth2AuthorizationCodeGrantApplicationTests.java index fcd72ad43c..f73496c703 100644 --- a/samples/boot/authcodegrant/src/integration-test/java/org/springframework/security/samples/OAuth2AuthorizationCodeGrantApplicationTests.java +++ b/samples/boot/authcodegrant/src/integration-test/java/org/springframework/security/samples/OAuth2AuthorizationCodeGrantApplicationTests.java @@ -147,10 +147,9 @@ public class OAuth2AuthorizationCodeGrantApplicationTests { .authorizeRequests() .anyRequest().authenticated() .and() - .oauth2() - .client() - .authorizationCodeGrant() - .accessTokenResponseClient(this.accessTokenResponseClient()); + .oauth2Client() + .authorizationCodeGrant() + .accessTokenResponseClient(this.accessTokenResponseClient()); } // @formatter:on diff --git a/samples/boot/authcodegrant/src/main/java/sample/config/SecurityConfig.java b/samples/boot/authcodegrant/src/main/java/sample/config/SecurityConfig.java index dc6753e7e7..0e889d1c97 100644 --- a/samples/boot/authcodegrant/src/main/java/sample/config/SecurityConfig.java +++ b/samples/boot/authcodegrant/src/main/java/sample/config/SecurityConfig.java @@ -41,8 +41,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { .and() .formLogin() .and() - .oauth2() - .client(); + .oauth2Client(); } @Bean diff --git a/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java b/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java index 91a44c7223..b64decc668 100644 --- a/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java +++ b/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java @@ -36,10 +36,9 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig .antMatchers("/message/**").access("hasAuthority('SCOPE_message:read')") .anyRequest().authenticated() .and() - .oauth2() - .resourceServer() - .jwt() - .jwkSetUri(this.jwkSetUri); + .oauth2ResourceServer() + .jwt() + .jwkSetUri(this.jwkSetUri); // @formatter:on } }