Remove constructor in OidcProviderConfigurationEndpointFilter
Closes gh-869
This commit is contained in:
Joe Grandja
@@ -25,7 +25,6 @@ import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.ObjectPostProcessor;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.oauth2.server.authorization.oidc.web.OidcProviderConfigurationEndpointFilter;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.OrRequestMatcher;
|
||||
@@ -114,9 +113,8 @@ public final class OidcConfigurer extends AbstractOAuth2Configurer {
|
||||
clientRegistrationEndpointConfigurer.configure(httpSecurity);
|
||||
}
|
||||
|
||||
AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity);
|
||||
OidcProviderConfigurationEndpointFilter oidcProviderConfigurationEndpointFilter =
|
||||
new OidcProviderConfigurationEndpointFilter(authorizationServerSettings);
|
||||
new OidcProviderConfigurationEndpointFilter();
|
||||
httpSecurity.addFilterBefore(postProcess(oidcProviderConfigurationEndpointFilter), AbstractPreAuthenticatedProcessingFilter.class);
|
||||
}
|
||||
|
||||
|
||||
@@ -32,13 +32,13 @@ import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcScopes;
|
||||
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
import org.springframework.security.oauth2.server.authorization.oidc.OidcProviderConfiguration;
|
||||
import org.springframework.security.oauth2.server.authorization.oidc.http.converter.OidcProviderConfigurationHttpMessageConverter;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.web.filter.OncePerRequestFilter;
|
||||
import org.springframework.web.util.UriComponentsBuilder;
|
||||
|
||||
@@ -57,20 +57,12 @@ public final class OidcProviderConfigurationEndpointFilter extends OncePerReques
|
||||
*/
|
||||
private static final String DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI = "/.well-known/openid-configuration";
|
||||
|
||||
private final AuthorizationServerSettings authorizationServerSettings;
|
||||
private final RequestMatcher requestMatcher;
|
||||
private final RequestMatcher requestMatcher = new AntPathRequestMatcher(
|
||||
DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI,
|
||||
HttpMethod.GET.name());
|
||||
private final OidcProviderConfigurationHttpMessageConverter providerConfigurationHttpMessageConverter =
|
||||
new OidcProviderConfigurationHttpMessageConverter();
|
||||
|
||||
public OidcProviderConfigurationEndpointFilter(AuthorizationServerSettings authorizationServerSettings) {
|
||||
Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null");
|
||||
this.authorizationServerSettings = authorizationServerSettings;
|
||||
this.requestMatcher = new AntPathRequestMatcher(
|
||||
DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI,
|
||||
HttpMethod.GET.name()
|
||||
);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
|
||||
throws ServletException, IOException {
|
||||
@@ -80,22 +72,24 @@ public final class OidcProviderConfigurationEndpointFilter extends OncePerReques
|
||||
return;
|
||||
}
|
||||
|
||||
String issuer = AuthorizationServerContextHolder.getContext().getIssuer();
|
||||
AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext();
|
||||
String issuer = authorizationServerContext.getIssuer();
|
||||
AuthorizationServerSettings authorizationServerSettings = authorizationServerContext.getAuthorizationServerSettings();
|
||||
|
||||
OidcProviderConfiguration providerConfiguration = OidcProviderConfiguration.builder()
|
||||
.issuer(issuer)
|
||||
.authorizationEndpoint(asUrl(issuer, this.authorizationServerSettings.getAuthorizationEndpoint()))
|
||||
.tokenEndpoint(asUrl(issuer, this.authorizationServerSettings.getTokenEndpoint()))
|
||||
.authorizationEndpoint(asUrl(issuer, authorizationServerSettings.getAuthorizationEndpoint()))
|
||||
.tokenEndpoint(asUrl(issuer, authorizationServerSettings.getTokenEndpoint()))
|
||||
.tokenEndpointAuthenticationMethods(clientAuthenticationMethods())
|
||||
.jwkSetUrl(asUrl(issuer, this.authorizationServerSettings.getJwkSetEndpoint()))
|
||||
.userInfoEndpoint(asUrl(issuer, this.authorizationServerSettings.getOidcUserInfoEndpoint()))
|
||||
.jwkSetUrl(asUrl(issuer, authorizationServerSettings.getJwkSetEndpoint()))
|
||||
.userInfoEndpoint(asUrl(issuer, authorizationServerSettings.getOidcUserInfoEndpoint()))
|
||||
.responseType(OAuth2AuthorizationResponseType.CODE.getValue())
|
||||
.grantType(AuthorizationGrantType.AUTHORIZATION_CODE.getValue())
|
||||
.grantType(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue())
|
||||
.grantType(AuthorizationGrantType.REFRESH_TOKEN.getValue())
|
||||
.tokenRevocationEndpoint(asUrl(issuer, this.authorizationServerSettings.getTokenRevocationEndpoint()))
|
||||
.tokenRevocationEndpoint(asUrl(issuer, authorizationServerSettings.getTokenRevocationEndpoint()))
|
||||
.tokenRevocationEndpointAuthenticationMethods(clientAuthenticationMethods())
|
||||
.tokenIntrospectionEndpoint(asUrl(issuer, this.authorizationServerSettings.getTokenIntrospectionEndpoint()))
|
||||
.tokenIntrospectionEndpoint(asUrl(issuer, authorizationServerSettings.getTokenIntrospectionEndpoint()))
|
||||
.tokenIntrospectionEndpointAuthenticationMethods(clientAuthenticationMethods())
|
||||
.subjectType("public")
|
||||
.idTokenSigningAlgorithm(SignatureAlgorithm.RS256.getName())
|
||||
@@ -119,4 +113,5 @@ public final class OidcProviderConfigurationEndpointFilter extends OncePerReques
|
||||
private static String asUrl(String issuer, String endpoint) {
|
||||
return UriComponentsBuilder.fromUriString(issuer).path(endpoint).build().toUriString();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -49,17 +49,11 @@ public class OidcProviderConfigurationEndpointFilterTests {
|
||||
AuthorizationServerContextHolder.resetContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void constructorWhenAuthorizationServerSettingsNullThenThrowIllegalArgumentException() {
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> new OidcProviderConfigurationEndpointFilter(null))
|
||||
.withMessage("authorizationServerSettings cannot be null");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void doFilterWhenNotConfigurationRequestThenNotProcessed() throws Exception {
|
||||
OidcProviderConfigurationEndpointFilter filter =
|
||||
new OidcProviderConfigurationEndpointFilter(AuthorizationServerSettings.builder().build());
|
||||
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().build();
|
||||
AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(authorizationServerSettings, null));
|
||||
OidcProviderConfigurationEndpointFilter filter = new OidcProviderConfigurationEndpointFilter();
|
||||
|
||||
String requestUri = "/path";
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
|
||||
@@ -74,8 +68,9 @@ public class OidcProviderConfigurationEndpointFilterTests {
|
||||
|
||||
@Test
|
||||
public void doFilterWhenConfigurationRequestPostThenNotProcessed() throws Exception {
|
||||
OidcProviderConfigurationEndpointFilter filter =
|
||||
new OidcProviderConfigurationEndpointFilter(AuthorizationServerSettings.builder().build());
|
||||
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().build();
|
||||
AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(authorizationServerSettings, null));
|
||||
OidcProviderConfigurationEndpointFilter filter = new OidcProviderConfigurationEndpointFilter();
|
||||
|
||||
String requestUri = DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI;
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("POST", requestUri);
|
||||
@@ -108,8 +103,7 @@ public class OidcProviderConfigurationEndpointFilterTests {
|
||||
.tokenIntrospectionEndpoint(tokenIntrospectionEndpoint)
|
||||
.build();
|
||||
AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(authorizationServerSettings, null));
|
||||
OidcProviderConfigurationEndpointFilter filter =
|
||||
new OidcProviderConfigurationEndpointFilter(authorizationServerSettings);
|
||||
OidcProviderConfigurationEndpointFilter filter = new OidcProviderConfigurationEndpointFilter();
|
||||
|
||||
String requestUri = DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI;
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
|
||||
@@ -146,8 +140,7 @@ public class OidcProviderConfigurationEndpointFilterTests {
|
||||
.issuer("https://this is an invalid URL")
|
||||
.build();
|
||||
AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(authorizationServerSettings, null));
|
||||
OidcProviderConfigurationEndpointFilter filter =
|
||||
new OidcProviderConfigurationEndpointFilter(authorizationServerSettings);
|
||||
OidcProviderConfigurationEndpointFilter filter = new OidcProviderConfigurationEndpointFilter();
|
||||
|
||||
String requestUri = DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI;
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
|
||||
@@ -159,4 +152,5 @@ public class OidcProviderConfigurationEndpointFilterTests {
|
||||
.isThrownBy(() -> filter.doFilter(request, response, filterChain))
|
||||
.withMessage("issuer must be a valid URL");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user