From c60ae4532f1d745bff6eb793113731aba0493b70 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Fri, 19 Aug 2022 09:37:17 -0400 Subject: [PATCH 1/6] Rename ProviderSettings Closes gh-864 --- .../docs/asciidoc/configuration-model.adoc | 26 +++--- .../docs/asciidoc/core-model-components.adoc | 2 +- .../sample/gettingStarted/SecurityConfig.java | 6 +- .../EnableUserInfoSecurityConfig.java | 6 +- .../jwt/JwtUserInfoMapperSecurityConfig.java | 6 +- docs/src/docs/asciidoc/getting-started.adoc | 2 +- ...ClientAssertionAuthenticationProvider.java | 10 +-- ...Auth2AuthorizationServerConfiguration.java | 4 +- ...OAuth2AuthorizationEndpointConfigurer.java | 14 +-- .../OAuth2AuthorizationServerConfigurer.java | 36 ++++---- .../OAuth2ClientAuthenticationConfigurer.java | 10 +-- .../configurers/OAuth2ConfigurerUtils.java | 14 +-- .../OAuth2TokenEndpointConfigurer.java | 10 +-- ...2TokenIntrospectionEndpointConfigurer.java | 10 +-- ...uth2TokenRevocationEndpointConfigurer.java | 10 +-- ...cClientRegistrationEndpointConfigurer.java | 12 +-- .../web/configurers/OidcConfigurer.java | 6 +- .../OidcUserInfoEndpointConfigurer.java | 10 +-- .../context/ProviderContext.java | 26 +++--- ...entRegistrationAuthenticationProvider.java | 2 +- ...dcProviderConfigurationEndpointFilter.java | 24 ++--- ....java => AuthorizationServerSettings.java} | 88 +++++++++---------- .../settings/ConfigurationSettingNames.java | 40 ++++----- ...orizationServerMetadataEndpointFilter.java | 22 ++--- .../web/ProviderContextFilter.java | 22 ++--- ...tAssertionAuthenticationProviderTests.java | 10 +-- ...zationCodeAuthenticationProviderTests.java | 6 +- ...odeRequestAuthenticationProviderTests.java | 6 +- ...redentialsAuthenticationProviderTests.java | 6 +- ...freshTokenAuthenticationProviderTests.java | 6 +- .../web/configurers/JwkSetTests.java | 12 +-- .../OAuth2AuthorizationCodeGrantTests.java | 14 +-- ...Auth2AuthorizationServerMetadataTests.java | 6 +- .../OAuth2TokenIntrospectionTests.java | 20 ++--- .../OidcClientRegistrationTests.java | 10 +-- .../annotation/web/configurers/OidcTests.java | 34 +++---- .../web/configurers/OidcUserInfoTests.java | 6 +- ...gistrationAuthenticationProviderTests.java | 12 +-- ...viderConfigurationEndpointFilterTests.java | 24 ++--- ... => AuthorizationServerSettingsTests.java} | 64 +++++++------- .../token/JwtGeneratorTests.java | 6 +- .../OAuth2AccessTokenGeneratorTests.java | 6 +- .../token/OAuth2TokenClaimsContextTests.java | 6 +- ...tionServerMetadataEndpointFilterTests.java | 24 ++--- .../web/ProviderContextFilterTests.java | 18 ++-- .../config/AuthorizationServerConfig.java | 6 +- .../config/AuthorizationServerConfig.java | 6 +- .../config/AuthorizationServerConfig.java | 6 +- 48 files changed, 366 insertions(+), 366 deletions(-) rename oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/settings/{ProviderSettings.java => AuthorizationServerSettings.java} (55%) rename oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/settings/{ProviderSettingsTests.java => AuthorizationServerSettingsTests.java} (54%) diff --git a/docs/src/docs/asciidoc/configuration-model.adoc b/docs/src/docs/asciidoc/configuration-model.adoc index fac3f5d8..151417ef 100644 --- a/docs/src/docs/asciidoc/configuration-model.adoc +++ b/docs/src/docs/asciidoc/configuration-model.adoc @@ -91,7 +91,7 @@ public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity h .registeredClientRepository(registeredClientRepository) <1> .authorizationService(authorizationService) <2> .authorizationConsentService(authorizationConsentService) <3> - .providerSettings(providerSettings) <4> + .authorizationServerSettings(authorizationServerSettings) <4> .tokenGenerator(tokenGenerator) <5> .clientAuthentication(clientAuthentication -> { }) <6> .authorizationEndpoint(authorizationEndpoint -> { }) <7> @@ -109,7 +109,7 @@ public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity h <1> `registeredClientRepository()`: The xref:core-model-components.adoc#registered-client-repository[`RegisteredClientRepository`] (*REQUIRED*) for managing new and existing clients. <2> `authorizationService()`: The xref:core-model-components.adoc#oauth2-authorization-service[`OAuth2AuthorizationService`] for managing new and existing authorizations. <3> `authorizationConsentService()`: The xref:core-model-components.adoc#oauth2-authorization-consent-service[`OAuth2AuthorizationConsentService`] for managing new and existing authorization consents. -<4> `providerSettings()`: The <> (*REQUIRED*) for customizing configuration settings for the OAuth2 authorization server. +<4> `authorizationServerSettings()`: The <> (*REQUIRED*) for customizing configuration settings for the OAuth2 authorization server. <5> `tokenGenerator()`: The xref:core-model-components.adoc#oauth2-token-generator[`OAuth2TokenGenerator`] for generating tokens supported by the OAuth2 authorization server. <6> `clientAuthentication()`: The configurer for <>. <7> `authorizationEndpoint()`: The configurer for the xref:protocol-endpoints.adoc#oauth2-authorization-endpoint[OAuth2 Authorization endpoint]. @@ -119,16 +119,16 @@ public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity h <11> `userInfoEndpoint()`: The configurer for the xref:protocol-endpoints.adoc#oidc-user-info-endpoint[OpenID Connect 1.0 UserInfo endpoint]. <12> `clientRegistrationEndpoint()`: The configurer for the xref:protocol-endpoints.adoc#oidc-client-registration-endpoint[OpenID Connect 1.0 Client Registration endpoint]. -[[configuring-provider-settings]] -== Configuring Provider Settings +[[configuring-authorization-server-settings]] +== Configuring Authorization Server Settings -`ProviderSettings` contains the configuration settings for the OAuth2 authorization server (provider). +`AuthorizationServerSettings` contains the configuration settings for the OAuth2 authorization server. It specifies the `URI` for the protocol endpoints as well as the https://datatracker.ietf.org/doc/html/rfc8414#section-2[issuer identifier]. The default `URI` for the protocol endpoints are as follows: [source,java] ---- -public final class ProviderSettings extends AbstractSettings { +public final class AuthorizationServerSettings extends AbstractSettings { ... @@ -149,18 +149,18 @@ public final class ProviderSettings extends AbstractSettings { ---- [NOTE] -`ProviderSettings` is a *REQUIRED* component. +`AuthorizationServerSettings` is a *REQUIRED* component. [TIP] -<> automatically registers a `ProviderSettings` `@Bean`, if not already provided. +<> automatically registers an `AuthorizationServerSettings` `@Bean`, if not already provided. -The following example shows how to customize the configuration settings and register a `ProviderSettings` `@Bean`: +The following example shows how to customize the configuration settings and register an `AuthorizationServerSettings` `@Bean`: [source,java] ---- @Bean -public ProviderSettings providerSettings() { - return ProviderSettings.builder() +public AuthorizationServerSettings authorizationServerSettings() { + return AuthorizationServerSettings.builder() .issuer("https://example.com") .authorizationEndpoint("/oauth2/v1/authorize") .tokenEndpoint("/oauth2/v1/token") @@ -174,10 +174,10 @@ public ProviderSettings providerSettings() { ---- The `ProviderContext` is a context object that holds information about the provider. -It provides access to the `ProviderSettings` and the "`current`" issuer identifier. +It provides access to the `AuthorizationServerSettings` and the "`current`" issuer identifier. [NOTE] -If the issuer identifier is not configured in `ProviderSettings.builder().issuer(String)`, it is resolved from the current request. +If the issuer identifier is not configured in `AuthorizationServerSettings.builder().issuer(String)`, it is resolved from the current request. [NOTE] The `ProviderContext` is accessible through the `ProviderContextHolder`, which associates it with the current request thread by using a `ThreadLocal`. diff --git a/docs/src/docs/asciidoc/core-model-components.adoc b/docs/src/docs/asciidoc/core-model-components.adoc index 2ce49089..75900e5e 100644 --- a/docs/src/docs/asciidoc/core-model-components.adoc +++ b/docs/src/docs/asciidoc/core-model-components.adoc @@ -335,7 +335,7 @@ public interface OAuth2TokenContext extends Context { ---- <1> `getRegisteredClient()`: The <> associated with the authorization grant. <2> `getPrincipal()`: The `Authentication` instance of the resource owner (or client). -<3> `getProviderContext()`: The xref:configuration-model.adoc#configuring-provider-settings[`ProviderContext`] object that holds information related to the provider. +<3> `getProviderContext()`: The xref:configuration-model.adoc#configuring-authorization-server-settings[`ProviderContext`] object that holds information related to the provider. <4> `getAuthorization()`: The <> associated with the authorization grant. <5> `getAuthorizedScopes()`: The scope(s) authorized for the client. <6> `getTokenType()`: The `OAuth2TokenType` to generate. The supported values are `code`, `access_token`, `refresh_token`, and `id_token`. diff --git a/docs/src/docs/asciidoc/examples/src/main/java/sample/gettingStarted/SecurityConfig.java b/docs/src/docs/asciidoc/examples/src/main/java/sample/gettingStarted/SecurityConfig.java index 20bddd5c..3cc9fbf2 100644 --- a/docs/src/docs/asciidoc/examples/src/main/java/sample/gettingStarted/SecurityConfig.java +++ b/docs/src/docs/asciidoc/examples/src/main/java/sample/gettingStarted/SecurityConfig.java @@ -42,8 +42,8 @@ import org.springframework.security.oauth2.server.authorization.client.InMemoryR import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; @@ -150,8 +150,8 @@ public class SecurityConfig { } @Bean // <7> - public ProviderSettings providerSettings() { - return ProviderSettings.builder().build(); + public AuthorizationServerSettings authorizationServerSettings() { + return AuthorizationServerSettings.builder().build(); } } diff --git a/docs/src/docs/asciidoc/examples/src/main/java/sample/userinfo/EnableUserInfoSecurityConfig.java b/docs/src/docs/asciidoc/examples/src/main/java/sample/userinfo/EnableUserInfoSecurityConfig.java index e3154143..0b30c602 100644 --- a/docs/src/docs/asciidoc/examples/src/main/java/sample/userinfo/EnableUserInfoSecurityConfig.java +++ b/docs/src/docs/asciidoc/examples/src/main/java/sample/userinfo/EnableUserInfoSecurityConfig.java @@ -44,8 +44,8 @@ import org.springframework.security.oauth2.server.authorization.client.InMemoryR import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; @@ -158,8 +158,8 @@ public class EnableUserInfoSecurityConfig { } @Bean - public ProviderSettings providerSettings() { - return ProviderSettings.builder().build(); + public AuthorizationServerSettings authorizationServerSettings() { + return AuthorizationServerSettings.builder().build(); } // @fold:off diff --git a/docs/src/docs/asciidoc/examples/src/main/java/sample/userinfo/jwt/JwtUserInfoMapperSecurityConfig.java b/docs/src/docs/asciidoc/examples/src/main/java/sample/userinfo/jwt/JwtUserInfoMapperSecurityConfig.java index 039258ba..e71da1b8 100644 --- a/docs/src/docs/asciidoc/examples/src/main/java/sample/userinfo/jwt/JwtUserInfoMapperSecurityConfig.java +++ b/docs/src/docs/asciidoc/examples/src/main/java/sample/userinfo/jwt/JwtUserInfoMapperSecurityConfig.java @@ -49,8 +49,8 @@ import org.springframework.security.oauth2.server.authorization.config.annotatio import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer; import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcUserInfoAuthenticationContext; import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcUserInfoAuthenticationToken; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain; @@ -182,8 +182,8 @@ public class JwtUserInfoMapperSecurityConfig { } @Bean - public ProviderSettings providerSettings() { - return ProviderSettings.builder().build(); + public AuthorizationServerSettings authorizationServerSettings() { + return AuthorizationServerSettings.builder().build(); } // @fold:off diff --git a/docs/src/docs/asciidoc/getting-started.adoc b/docs/src/docs/asciidoc/getting-started.adoc index 8ddf13ae..df6b4dff 100644 --- a/docs/src/docs/asciidoc/getting-started.adoc +++ b/docs/src/docs/asciidoc/getting-started.adoc @@ -55,4 +55,4 @@ This is a minimal configuration for getting started quickly. To understand what <4> An instance of xref:core-model-components.adoc#registered-client-repository[`RegisteredClientRepository`] for managing clients. <5> An instance of `com.nimbusds.jose.jwk.source.JWKSource` for signing access tokens. <6> An instance of `java.security.KeyPair` with keys generated on startup used to create the `JWKSource` above. -<7> An instance of xref:configuration-model#configuring-provider-settings[`ProviderSettings`] to configure Spring Authorization Server. +<7> An instance of xref:configuration-model#configuring-authorization-server-settings[`AuthorizationServerSettings`] to configure Spring Authorization Server. diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProvider.java index ca1f1e86..7c378f37 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProvider.java @@ -53,7 +53,7 @@ import org.springframework.security.oauth2.server.authorization.client.Registere import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.context.ProviderContext; import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.util.Assert; import org.springframework.util.CollectionUtils; import org.springframework.util.StringUtils; @@ -248,12 +248,12 @@ public final class JwtClientAssertionAuthenticationProvider implements Authentic return Collections.emptyList(); } - ProviderSettings providerSettings = providerContext.getProviderSettings(); + AuthorizationServerSettings authorizationServerSettings = providerContext.getAuthorizationServerSettings(); List providerAudience = new ArrayList<>(); providerAudience.add(providerContext.getIssuer()); - providerAudience.add(asUrl(providerContext.getIssuer(), providerSettings.getTokenEndpoint())); - providerAudience.add(asUrl(providerContext.getIssuer(), providerSettings.getTokenIntrospectionEndpoint())); - providerAudience.add(asUrl(providerContext.getIssuer(), providerSettings.getTokenRevocationEndpoint())); + providerAudience.add(asUrl(providerContext.getIssuer(), authorizationServerSettings.getTokenEndpoint())); + providerAudience.add(asUrl(providerContext.getIssuer(), authorizationServerSettings.getTokenIntrospectionEndpoint())); + providerAudience.add(asUrl(providerContext.getIssuer(), authorizationServerSettings.getTokenRevocationEndpoint())); return providerAudience; } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java index 324cdbb3..6ba4bf79 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java @@ -34,7 +34,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.oauth2.jwt.JwtDecoder; import org.springframework.security.oauth2.jwt.NimbusJwtDecoder; import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.util.matcher.RequestMatcher; @@ -90,7 +90,7 @@ public class OAuth2AuthorizationServerConfiguration { @Bean RegisterMissingBeanPostProcessor registerMissingBeanPostProcessor() { RegisterMissingBeanPostProcessor postProcessor = new RegisterMissingBeanPostProcessor(); - postProcessor.addBeanDefinition(ProviderSettings.class, () -> ProviderSettings.builder().build()); + postProcessor.addBeanDefinition(AuthorizationServerSettings.class, () -> AuthorizationServerSettings.builder().build()); return postProcessor; } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java index 1516a779..c946087b 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java @@ -30,7 +30,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResp import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationException; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationProvider; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter; import org.springframework.security.web.authentication.AuthenticationConverter; import org.springframework.security.web.authentication.AuthenticationFailureHandler; @@ -132,7 +132,7 @@ public final class OAuth2AuthorizationEndpointConfigurer extends AbstractOAuth2C * *
    *
  • It must be an HTTP POST
    • - *
  • It must be submitted to {@link ProviderSettings#getAuthorizationEndpoint()} ()}
    • + *
  • It must be submitted to {@link AuthorizationServerSettings#getAuthorizationEndpoint()} ()}
    • *
  • It must include the received {@code client_id} as an HTTP parameter
    • *
  • It must include the received {@code state} as an HTTP parameter
    • *
  • It must include the list of {@code scope}s the {@code Resource Owner} @@ -149,13 +149,13 @@ public final class OAuth2AuthorizationEndpointConfigurer extends AbstractOAuth2C @Override void init(HttpSecurity httpSecurity) { - ProviderSettings providerSettings = OAuth2ConfigurerUtils.getProviderSettings(httpSecurity); + AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity); this.requestMatcher = new OrRequestMatcher( new AntPathRequestMatcher( - providerSettings.getAuthorizationEndpoint(), + authorizationServerSettings.getAuthorizationEndpoint(), HttpMethod.GET.name()), new AntPathRequestMatcher( - providerSettings.getAuthorizationEndpoint(), + authorizationServerSettings.getAuthorizationEndpoint(), HttpMethod.POST.name())); List authenticationProviders = @@ -169,12 +169,12 @@ public final class OAuth2AuthorizationEndpointConfigurer extends AbstractOAuth2C @Override void configure(HttpSecurity httpSecurity) { AuthenticationManager authenticationManager = httpSecurity.getSharedObject(AuthenticationManager.class); - ProviderSettings providerSettings = OAuth2ConfigurerUtils.getProviderSettings(httpSecurity); + AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity); OAuth2AuthorizationEndpointFilter authorizationEndpointFilter = new OAuth2AuthorizationEndpointFilter( authenticationManager, - providerSettings.getAuthorizationEndpoint()); + authorizationServerSettings.getAuthorizationEndpoint()); if (this.authorizationRequestConverter != null) { authorizationEndpointFilter.setAuthenticationConverter(this.authorizationRequestConverter); } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java index 3c216e3d..26dbc2d9 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java @@ -31,7 +31,7 @@ import org.springframework.security.oauth2.core.OAuth2Token; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsentService; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; import org.springframework.security.oauth2.server.authorization.web.NimbusJwkSetEndpointFilter; import org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationServerMetadataEndpointFilter; @@ -118,14 +118,14 @@ public final class OAuth2AuthorizationServerConfigurer } /** - * Sets the provider settings. + * Sets the authorization server settings. * - * @param providerSettings the provider settings + * @param authorizationServerSettings the authorization server settings * @return the {@link OAuth2AuthorizationServerConfigurer} for further configuration */ - public OAuth2AuthorizationServerConfigurer providerSettings(ProviderSettings providerSettings) { - Assert.notNull(providerSettings, "providerSettings cannot be null"); - getBuilder().setSharedObject(ProviderSettings.class, providerSettings); + public OAuth2AuthorizationServerConfigurer authorizationServerSettings(AuthorizationServerSettings authorizationServerSettings) { + Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null"); + getBuilder().setSharedObject(AuthorizationServerSettings.class, authorizationServerSettings); return this; } @@ -221,9 +221,9 @@ public final class OAuth2AuthorizationServerConfigurer @Override public void init(HttpSecurity httpSecurity) { - ProviderSettings providerSettings = OAuth2ConfigurerUtils.getProviderSettings(httpSecurity); - validateProviderSettings(providerSettings); - initEndpointMatchers(providerSettings); + AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity); + validateAuthorizationServerSettings(authorizationServerSettings); + initEndpointMatchers(authorizationServerSettings); this.configurers.values().forEach(configurer -> configurer.init(httpSecurity)); @@ -243,20 +243,20 @@ public final class OAuth2AuthorizationServerConfigurer public void configure(HttpSecurity httpSecurity) { this.configurers.values().forEach(configurer -> configurer.configure(httpSecurity)); - ProviderSettings providerSettings = OAuth2ConfigurerUtils.getProviderSettings(httpSecurity); + AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity); - ProviderContextFilter providerContextFilter = new ProviderContextFilter(providerSettings); + ProviderContextFilter providerContextFilter = new ProviderContextFilter(authorizationServerSettings); httpSecurity.addFilterAfter(postProcess(providerContextFilter), SecurityContextHolderFilter.class); JWKSource jwkSource = OAuth2ConfigurerUtils.getJwkSource(httpSecurity); if (jwkSource != null) { NimbusJwkSetEndpointFilter jwkSetEndpointFilter = new NimbusJwkSetEndpointFilter( - jwkSource, providerSettings.getJwkSetEndpoint()); + jwkSource, authorizationServerSettings.getJwkSetEndpoint()); httpSecurity.addFilterBefore(postProcess(jwkSetEndpointFilter), AbstractPreAuthenticatedProcessingFilter.class); } OAuth2AuthorizationServerMetadataEndpointFilter authorizationServerMetadataEndpointFilter = - new OAuth2AuthorizationServerMetadataEndpointFilter(providerSettings); + new OAuth2AuthorizationServerMetadataEndpointFilter(authorizationServerSettings); httpSecurity.addFilterBefore(postProcess(authorizationServerMetadataEndpointFilter), AbstractPreAuthenticatedProcessingFilter.class); } @@ -280,18 +280,18 @@ public final class OAuth2AuthorizationServerConfigurer return getConfigurer(configurerType).getRequestMatcher(); } - private void initEndpointMatchers(ProviderSettings providerSettings) { + private void initEndpointMatchers(AuthorizationServerSettings authorizationServerSettings) { this.jwkSetEndpointMatcher = new AntPathRequestMatcher( - providerSettings.getJwkSetEndpoint(), HttpMethod.GET.name()); + authorizationServerSettings.getJwkSetEndpoint(), HttpMethod.GET.name()); this.authorizationServerMetadataEndpointMatcher = new AntPathRequestMatcher( "/.well-known/oauth-authorization-server", HttpMethod.GET.name()); } - private static void validateProviderSettings(ProviderSettings providerSettings) { - if (providerSettings.getIssuer() != null) { + private static void validateAuthorizationServerSettings(AuthorizationServerSettings authorizationServerSettings) { + if (authorizationServerSettings.getIssuer() != null) { URI issuerUri; try { - issuerUri = new URI(providerSettings.getIssuer()); + issuerUri = new URI(authorizationServerSettings.getIssuer()); issuerUri.toURL(); } catch (Exception ex) { throw new IllegalArgumentException("issuer must be a valid URL", ex); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2ClientAuthenticationConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2ClientAuthenticationConfigurer.java index 44083848..7fb5b077 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2ClientAuthenticationConfigurer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2ClientAuthenticationConfigurer.java @@ -34,7 +34,7 @@ import org.springframework.security.oauth2.server.authorization.authentication.J import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken; import org.springframework.security.oauth2.server.authorization.authentication.PublicClientAuthenticationProvider; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.web.OAuth2ClientAuthenticationFilter; import org.springframework.security.web.authentication.AuthenticationConverter; import org.springframework.security.web.authentication.AuthenticationFailureHandler; @@ -117,16 +117,16 @@ public final class OAuth2ClientAuthenticationConfigurer extends AbstractOAuth2Co @Override void init(HttpSecurity httpSecurity) { - ProviderSettings providerSettings = OAuth2ConfigurerUtils.getProviderSettings(httpSecurity); + AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity); this.requestMatcher = new OrRequestMatcher( new AntPathRequestMatcher( - providerSettings.getTokenEndpoint(), + authorizationServerSettings.getTokenEndpoint(), HttpMethod.POST.name()), new AntPathRequestMatcher( - providerSettings.getTokenIntrospectionEndpoint(), + authorizationServerSettings.getTokenIntrospectionEndpoint(), HttpMethod.POST.name()), new AntPathRequestMatcher( - providerSettings.getTokenRevocationEndpoint(), + authorizationServerSettings.getTokenRevocationEndpoint(), HttpMethod.POST.name())); List authenticationProviders = diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2ConfigurerUtils.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2ConfigurerUtils.java index 25185ddd..7b4974c5 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2ConfigurerUtils.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2ConfigurerUtils.java @@ -34,7 +34,7 @@ import org.springframework.security.oauth2.server.authorization.InMemoryOAuth2Au import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsentService; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.token.DelegatingOAuth2TokenGenerator; import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext; import org.springframework.security.oauth2.server.authorization.token.JwtGenerator; @@ -171,13 +171,13 @@ final class OAuth2ConfigurerUtils { return getOptionalBean(httpSecurity, type); } - static ProviderSettings getProviderSettings(HttpSecurity httpSecurity) { - ProviderSettings providerSettings = httpSecurity.getSharedObject(ProviderSettings.class); - if (providerSettings == null) { - providerSettings = getBean(httpSecurity, ProviderSettings.class); - httpSecurity.setSharedObject(ProviderSettings.class, providerSettings); + static AuthorizationServerSettings getAuthorizationServerSettings(HttpSecurity httpSecurity) { + AuthorizationServerSettings authorizationServerSettings = httpSecurity.getSharedObject(AuthorizationServerSettings.class); + if (authorizationServerSettings == null) { + authorizationServerSettings = getBean(httpSecurity, AuthorizationServerSettings.class); + httpSecurity.setSharedObject(AuthorizationServerSettings.class, authorizationServerSettings); } - return providerSettings; + return authorizationServerSettings; } static T getBean(HttpSecurity httpSecurity, Class type) { diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenEndpointConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenEndpointConfigurer.java index 43423dc5..e54f6652 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenEndpointConfigurer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenEndpointConfigurer.java @@ -36,7 +36,7 @@ import org.springframework.security.oauth2.server.authorization.authentication.O import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientCredentialsAuthenticationProvider; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2RefreshTokenAuthenticationProvider; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter; import org.springframework.security.web.access.intercept.FilterSecurityInterceptor; @@ -119,9 +119,9 @@ public final class OAuth2TokenEndpointConfigurer extends AbstractOAuth2Configure @Override void init(HttpSecurity httpSecurity) { - ProviderSettings providerSettings = OAuth2ConfigurerUtils.getProviderSettings(httpSecurity); + AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity); this.requestMatcher = new AntPathRequestMatcher( - providerSettings.getTokenEndpoint(), HttpMethod.POST.name()); + authorizationServerSettings.getTokenEndpoint(), HttpMethod.POST.name()); List authenticationProviders = !this.authenticationProviders.isEmpty() ? @@ -134,12 +134,12 @@ public final class OAuth2TokenEndpointConfigurer extends AbstractOAuth2Configure @Override void configure(HttpSecurity httpSecurity) { AuthenticationManager authenticationManager = httpSecurity.getSharedObject(AuthenticationManager.class); - ProviderSettings providerSettings = OAuth2ConfigurerUtils.getProviderSettings(httpSecurity); + AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity); OAuth2TokenEndpointFilter tokenEndpointFilter = new OAuth2TokenEndpointFilter( authenticationManager, - providerSettings.getTokenEndpoint()); + authorizationServerSettings.getTokenEndpoint()); if (this.accessTokenRequestConverter != null) { tokenEndpointFilter.setAuthenticationConverter(this.accessTokenRequestConverter); } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenIntrospectionEndpointConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenIntrospectionEndpointConfigurer.java index 3205d177..d6940425 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenIntrospectionEndpointConfigurer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenIntrospectionEndpointConfigurer.java @@ -31,7 +31,7 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenIntrospectionAuthenticationProvider; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenIntrospectionAuthenticationToken; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenIntrospectionEndpointFilter; import org.springframework.security.web.access.intercept.FilterSecurityInterceptor; import org.springframework.security.web.authentication.AuthenticationConverter; @@ -112,9 +112,9 @@ public final class OAuth2TokenIntrospectionEndpointConfigurer extends AbstractOA @Override void init(HttpSecurity httpSecurity) { - ProviderSettings providerSettings = OAuth2ConfigurerUtils.getProviderSettings(httpSecurity); + AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity); this.requestMatcher = new AntPathRequestMatcher( - providerSettings.getTokenIntrospectionEndpoint(), HttpMethod.POST.name()); + authorizationServerSettings.getTokenIntrospectionEndpoint(), HttpMethod.POST.name()); List authenticationProviders = !this.authenticationProviders.isEmpty() ? @@ -127,11 +127,11 @@ public final class OAuth2TokenIntrospectionEndpointConfigurer extends AbstractOA @Override void configure(HttpSecurity httpSecurity) { AuthenticationManager authenticationManager = httpSecurity.getSharedObject(AuthenticationManager.class); - ProviderSettings providerSettings = OAuth2ConfigurerUtils.getProviderSettings(httpSecurity); + AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity); OAuth2TokenIntrospectionEndpointFilter introspectionEndpointFilter = new OAuth2TokenIntrospectionEndpointFilter( - authenticationManager, providerSettings.getTokenIntrospectionEndpoint()); + authenticationManager, authorizationServerSettings.getTokenIntrospectionEndpoint()); if (this.introspectionRequestConverter != null) { introspectionEndpointFilter.setAuthenticationConverter(this.introspectionRequestConverter); } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenRevocationEndpointConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenRevocationEndpointConfigurer.java index 63ec8cc9..6e26a821 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenRevocationEndpointConfigurer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenRevocationEndpointConfigurer.java @@ -30,7 +30,7 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationProvider; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenRevocationEndpointFilter; import org.springframework.security.web.access.intercept.FilterSecurityInterceptor; import org.springframework.security.web.authentication.AuthenticationConverter; @@ -111,9 +111,9 @@ public final class OAuth2TokenRevocationEndpointConfigurer extends AbstractOAuth @Override void init(HttpSecurity httpSecurity) { - ProviderSettings providerSettings = OAuth2ConfigurerUtils.getProviderSettings(httpSecurity); + AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity); this.requestMatcher = new AntPathRequestMatcher( - providerSettings.getTokenRevocationEndpoint(), HttpMethod.POST.name()); + authorizationServerSettings.getTokenRevocationEndpoint(), HttpMethod.POST.name()); List authenticationProviders = !this.authenticationProviders.isEmpty() ? @@ -126,11 +126,11 @@ public final class OAuth2TokenRevocationEndpointConfigurer extends AbstractOAuth @Override void configure(HttpSecurity httpSecurity) { AuthenticationManager authenticationManager = httpSecurity.getSharedObject(AuthenticationManager.class); - ProviderSettings providerSettings = OAuth2ConfigurerUtils.getProviderSettings(httpSecurity); + AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity); OAuth2TokenRevocationEndpointFilter revocationEndpointFilter = new OAuth2TokenRevocationEndpointFilter( - authenticationManager, providerSettings.getTokenRevocationEndpoint()); + authenticationManager, authorizationServerSettings.getTokenRevocationEndpoint()); if (this.revocationRequestConverter != null) { revocationEndpointFilter.setAuthenticationConverter(this.revocationRequestConverter); } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcClientRegistrationEndpointConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcClientRegistrationEndpointConfigurer.java index 73cd8451..3f65e921 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcClientRegistrationEndpointConfigurer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcClientRegistrationEndpointConfigurer.java @@ -21,7 +21,7 @@ import org.springframework.security.config.annotation.ObjectPostProcessor; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcClientRegistrationAuthenticationProvider; import org.springframework.security.oauth2.server.authorization.oidc.web.OidcClientRegistrationEndpointFilter; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.web.access.intercept.FilterSecurityInterceptor; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.OrRequestMatcher; @@ -47,10 +47,10 @@ public final class OidcClientRegistrationEndpointConfigurer extends AbstractOAut @Override void init(HttpSecurity httpSecurity) { - ProviderSettings providerSettings = OAuth2ConfigurerUtils.getProviderSettings(httpSecurity); + AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity); this.requestMatcher = new OrRequestMatcher( - new AntPathRequestMatcher(providerSettings.getOidcClientRegistrationEndpoint(), HttpMethod.POST.name()), - new AntPathRequestMatcher(providerSettings.getOidcClientRegistrationEndpoint(), HttpMethod.GET.name()) + new AntPathRequestMatcher(authorizationServerSettings.getOidcClientRegistrationEndpoint(), HttpMethod.POST.name()), + new AntPathRequestMatcher(authorizationServerSettings.getOidcClientRegistrationEndpoint(), HttpMethod.GET.name()) ); OidcClientRegistrationAuthenticationProvider oidcClientRegistrationAuthenticationProvider = @@ -64,12 +64,12 @@ public final class OidcClientRegistrationEndpointConfigurer extends AbstractOAut @Override void configure(HttpSecurity httpSecurity) { AuthenticationManager authenticationManager = httpSecurity.getSharedObject(AuthenticationManager.class); - ProviderSettings providerSettings = OAuth2ConfigurerUtils.getProviderSettings(httpSecurity); + AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity); OidcClientRegistrationEndpointFilter oidcClientRegistrationEndpointFilter = new OidcClientRegistrationEndpointFilter( authenticationManager, - providerSettings.getOidcClientRegistrationEndpoint()); + authorizationServerSettings.getOidcClientRegistrationEndpoint()); httpSecurity.addFilterAfter(postProcess(oidcClientRegistrationEndpointFilter), FilterSecurityInterceptor.class); } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcConfigurer.java index d80225ba..150a442f 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcConfigurer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcConfigurer.java @@ -25,7 +25,7 @@ import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.ObjectPostProcessor; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.oauth2.server.authorization.oidc.web.OidcProviderConfigurationEndpointFilter; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.OrRequestMatcher; @@ -114,9 +114,9 @@ public final class OidcConfigurer extends AbstractOAuth2Configurer { clientRegistrationEndpointConfigurer.configure(httpSecurity); } - ProviderSettings providerSettings = OAuth2ConfigurerUtils.getProviderSettings(httpSecurity); + AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity); OidcProviderConfigurationEndpointFilter oidcProviderConfigurationEndpointFilter = - new OidcProviderConfigurationEndpointFilter(providerSettings); + new OidcProviderConfigurationEndpointFilter(authorizationServerSettings); httpSecurity.addFilterBefore(postProcess(oidcProviderConfigurationEndpointFilter), AbstractPreAuthenticatedProcessingFilter.class); } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcUserInfoEndpointConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcUserInfoEndpointConfigurer.java index fbd7c806..b50e3422 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcUserInfoEndpointConfigurer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcUserInfoEndpointConfigurer.java @@ -28,7 +28,7 @@ import org.springframework.security.oauth2.server.authorization.oidc.authenticat import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcUserInfoAuthenticationProvider; import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcUserInfoAuthenticationToken; import org.springframework.security.oauth2.server.authorization.oidc.web.OidcUserInfoEndpointFilter; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.web.access.intercept.FilterSecurityInterceptor; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.OrRequestMatcher; @@ -76,8 +76,8 @@ public final class OidcUserInfoEndpointConfigurer extends AbstractOAuth2Configur @Override void init(HttpSecurity httpSecurity) { - ProviderSettings providerSettings = OAuth2ConfigurerUtils.getProviderSettings(httpSecurity); - String userInfoEndpointUri = providerSettings.getOidcUserInfoEndpoint(); + AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity); + String userInfoEndpointUri = authorizationServerSettings.getOidcUserInfoEndpoint(); this.requestMatcher = new OrRequestMatcher( new AntPathRequestMatcher(userInfoEndpointUri, HttpMethod.GET.name()), new AntPathRequestMatcher(userInfoEndpointUri, HttpMethod.POST.name())); @@ -94,12 +94,12 @@ public final class OidcUserInfoEndpointConfigurer extends AbstractOAuth2Configur @Override void configure(HttpSecurity httpSecurity) { AuthenticationManager authenticationManager = httpSecurity.getSharedObject(AuthenticationManager.class); - ProviderSettings providerSettings = OAuth2ConfigurerUtils.getProviderSettings(httpSecurity); + AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity); OidcUserInfoEndpointFilter oidcUserInfoEndpointFilter = new OidcUserInfoEndpointFilter( authenticationManager, - providerSettings.getOidcUserInfoEndpoint()); + authorizationServerSettings.getOidcUserInfoEndpoint()); httpSecurity.addFilterAfter(postProcess(oidcUserInfoEndpointFilter), FilterSecurityInterceptor.class); } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/ProviderContext.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/ProviderContext.java index 3fe5fe6b..a2ce5204 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/ProviderContext.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/ProviderContext.java @@ -18,7 +18,7 @@ package org.springframework.security.oauth2.server.authorization.context; import java.util.function.Supplier; import org.springframework.lang.Nullable; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.util.Assert; /** @@ -26,45 +26,45 @@ import org.springframework.util.Assert; * * @author Joe Grandja * @since 0.2.2 - * @see ProviderSettings + * @see AuthorizationServerSettings * @see ProviderContextHolder */ public final class ProviderContext { - private final ProviderSettings providerSettings; + private final AuthorizationServerSettings authorizationServerSettings; private final Supplier issuerSupplier; /** * Constructs a {@code ProviderContext} using the provided parameters. * - * @param providerSettings the provider settings + * @param authorizationServerSettings the authorization server settings * @param issuerSupplier a {@code Supplier} for the {@code URL} of the Provider's issuer identifier */ - public ProviderContext(ProviderSettings providerSettings, @Nullable Supplier issuerSupplier) { - Assert.notNull(providerSettings, "providerSettings cannot be null"); - this.providerSettings = providerSettings; + public ProviderContext(AuthorizationServerSettings authorizationServerSettings, @Nullable Supplier issuerSupplier) { + Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null"); + this.authorizationServerSettings = authorizationServerSettings; this.issuerSupplier = issuerSupplier; } /** - * Returns the {@link ProviderSettings}. + * Returns the {@link AuthorizationServerSettings}. * - * @return the {@link ProviderSettings} + * @return the {@link AuthorizationServerSettings} */ - public ProviderSettings getProviderSettings() { - return this.providerSettings; + public AuthorizationServerSettings getAuthorizationServerSettings() { + return this.authorizationServerSettings; } /** * Returns the {@code URL} of the Provider's issuer identifier. * The issuer identifier is resolved from the constructor parameter {@code Supplier} - * or if not provided then defaults to {@link ProviderSettings#getIssuer()}. + * or if not provided then defaults to {@link AuthorizationServerSettings#getIssuer()}. * * @return the {@code URL} of the Provider's issuer identifier */ public String getIssuer() { return this.issuerSupplier != null ? this.issuerSupplier.get() : - getProviderSettings().getIssuer(); + getAuthorizationServerSettings().getIssuer(); } } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java index f8275ba7..3c210cbe 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java @@ -278,7 +278,7 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe ProviderContext providerContext = ProviderContextHolder.getProviderContext(); String registrationClientUri = UriComponentsBuilder.fromUriString(providerContext.getIssuer()) - .path(providerContext.getProviderSettings().getOidcClientRegistrationEndpoint()) + .path(providerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint()) .queryParam(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId()) .toUriString(); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java index 11cf20ad..4d8afee7 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java @@ -35,7 +35,7 @@ import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm; import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; import org.springframework.security.oauth2.server.authorization.oidc.OidcProviderConfiguration; import org.springframework.security.oauth2.server.authorization.oidc.http.converter.OidcProviderConfigurationHttpMessageConverter; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; @@ -48,7 +48,7 @@ import org.springframework.web.util.UriComponentsBuilder; * @author Daniel Garnier-Moiroux * @since 0.1.0 * @see OidcProviderConfiguration - * @see ProviderSettings + * @see AuthorizationServerSettings * @see 4.1. OpenID Provider Configuration Request */ public final class OidcProviderConfigurationEndpointFilter extends OncePerRequestFilter { @@ -57,14 +57,14 @@ public final class OidcProviderConfigurationEndpointFilter extends OncePerReques */ private static final String DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI = "/.well-known/openid-configuration"; - private final ProviderSettings providerSettings; + private final AuthorizationServerSettings authorizationServerSettings; private final RequestMatcher requestMatcher; private final OidcProviderConfigurationHttpMessageConverter providerConfigurationHttpMessageConverter = new OidcProviderConfigurationHttpMessageConverter(); - public OidcProviderConfigurationEndpointFilter(ProviderSettings providerSettings) { - Assert.notNull(providerSettings, "providerSettings cannot be null"); - this.providerSettings = providerSettings; + public OidcProviderConfigurationEndpointFilter(AuthorizationServerSettings authorizationServerSettings) { + Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null"); + this.authorizationServerSettings = authorizationServerSettings; this.requestMatcher = new AntPathRequestMatcher( DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI, HttpMethod.GET.name() @@ -84,18 +84,18 @@ public final class OidcProviderConfigurationEndpointFilter extends OncePerReques OidcProviderConfiguration providerConfiguration = OidcProviderConfiguration.builder() .issuer(issuer) - .authorizationEndpoint(asUrl(issuer, this.providerSettings.getAuthorizationEndpoint())) - .tokenEndpoint(asUrl(issuer, this.providerSettings.getTokenEndpoint())) + .authorizationEndpoint(asUrl(issuer, this.authorizationServerSettings.getAuthorizationEndpoint())) + .tokenEndpoint(asUrl(issuer, this.authorizationServerSettings.getTokenEndpoint())) .tokenEndpointAuthenticationMethods(clientAuthenticationMethods()) - .jwkSetUrl(asUrl(issuer, this.providerSettings.getJwkSetEndpoint())) - .userInfoEndpoint(asUrl(issuer, this.providerSettings.getOidcUserInfoEndpoint())) + .jwkSetUrl(asUrl(issuer, this.authorizationServerSettings.getJwkSetEndpoint())) + .userInfoEndpoint(asUrl(issuer, this.authorizationServerSettings.getOidcUserInfoEndpoint())) .responseType(OAuth2AuthorizationResponseType.CODE.getValue()) .grantType(AuthorizationGrantType.AUTHORIZATION_CODE.getValue()) .grantType(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()) .grantType(AuthorizationGrantType.REFRESH_TOKEN.getValue()) - .tokenRevocationEndpoint(asUrl(issuer, this.providerSettings.getTokenRevocationEndpoint())) + .tokenRevocationEndpoint(asUrl(issuer, this.authorizationServerSettings.getTokenRevocationEndpoint())) .tokenRevocationEndpointAuthenticationMethods(clientAuthenticationMethods()) - .tokenIntrospectionEndpoint(asUrl(issuer, this.providerSettings.getTokenIntrospectionEndpoint())) + .tokenIntrospectionEndpoint(asUrl(issuer, this.authorizationServerSettings.getTokenIntrospectionEndpoint())) .tokenIntrospectionEndpointAuthenticationMethods(clientAuthenticationMethods()) .subjectType("public") .idTokenSigningAlgorithm(SignatureAlgorithm.RS256.getName()) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/settings/ProviderSettings.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/settings/AuthorizationServerSettings.java similarity index 55% rename from oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/settings/ProviderSettings.java rename to oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/settings/AuthorizationServerSettings.java index ec5667fc..53484bbc 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/settings/ProviderSettings.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/settings/AuthorizationServerSettings.java @@ -20,90 +20,90 @@ import java.util.Map; import org.springframework.util.Assert; /** - * A facility for provider configuration settings. + * A facility for authorization server configuration settings. * * @author Daniel Garnier-Moiroux * @author Joe Grandja * @since 0.1.0 * @see AbstractSettings - * @see ConfigurationSettingNames.Provider + * @see ConfigurationSettingNames.AuthorizationServer */ -public final class ProviderSettings extends AbstractSettings { +public final class AuthorizationServerSettings extends AbstractSettings { - private ProviderSettings(Map settings) { + private AuthorizationServerSettings(Map settings) { super(settings); } /** - * Returns the URL of the Provider's Issuer Identifier + * Returns the URL of the Authorization Server's Issuer Identifier * - * @return the URL of the Provider's Issuer Identifier + * @return the URL of the Authorization Server's Issuer Identifier */ public String getIssuer() { - return getSetting(ConfigurationSettingNames.Provider.ISSUER); + return getSetting(ConfigurationSettingNames.AuthorizationServer.ISSUER); } /** - * Returns the Provider's OAuth 2.0 Authorization endpoint. The default is {@code /oauth2/authorize}. + * Returns the OAuth 2.0 Authorization endpoint. The default is {@code /oauth2/authorize}. * * @return the Authorization endpoint */ public String getAuthorizationEndpoint() { - return getSetting(ConfigurationSettingNames.Provider.AUTHORIZATION_ENDPOINT); + return getSetting(ConfigurationSettingNames.AuthorizationServer.AUTHORIZATION_ENDPOINT); } /** - * Returns the Provider's OAuth 2.0 Token endpoint. The default is {@code /oauth2/token}. + * Returns the OAuth 2.0 Token endpoint. The default is {@code /oauth2/token}. * * @return the Token endpoint */ public String getTokenEndpoint() { - return getSetting(ConfigurationSettingNames.Provider.TOKEN_ENDPOINT); + return getSetting(ConfigurationSettingNames.AuthorizationServer.TOKEN_ENDPOINT); } /** - * Returns the Provider's JWK Set endpoint. The default is {@code /oauth2/jwks}. + * Returns the JWK Set endpoint. The default is {@code /oauth2/jwks}. * * @return the JWK Set endpoint */ public String getJwkSetEndpoint() { - return getSetting(ConfigurationSettingNames.Provider.JWK_SET_ENDPOINT); + return getSetting(ConfigurationSettingNames.AuthorizationServer.JWK_SET_ENDPOINT); } /** - * Returns the Provider's OAuth 2.0 Token Revocation endpoint. The default is {@code /oauth2/revoke}. + * Returns the OAuth 2.0 Token Revocation endpoint. The default is {@code /oauth2/revoke}. * * @return the Token Revocation endpoint */ public String getTokenRevocationEndpoint() { - return getSetting(ConfigurationSettingNames.Provider.TOKEN_REVOCATION_ENDPOINT); + return getSetting(ConfigurationSettingNames.AuthorizationServer.TOKEN_REVOCATION_ENDPOINT); } /** - * Returns the Provider's OAuth 2.0 Token Introspection endpoint. The default is {@code /oauth2/introspect}. + * Returns the OAuth 2.0 Token Introspection endpoint. The default is {@code /oauth2/introspect}. * * @return the Token Introspection endpoint */ public String getTokenIntrospectionEndpoint() { - return getSetting(ConfigurationSettingNames.Provider.TOKEN_INTROSPECTION_ENDPOINT); + return getSetting(ConfigurationSettingNames.AuthorizationServer.TOKEN_INTROSPECTION_ENDPOINT); } /** - * Returns the Provider's OpenID Connect 1.0 Client Registration endpoint. The default is {@code /connect/register}. + * Returns the OpenID Connect 1.0 Client Registration endpoint. The default is {@code /connect/register}. * * @return the OpenID Connect 1.0 Client Registration endpoint */ public String getOidcClientRegistrationEndpoint() { - return getSetting(ConfigurationSettingNames.Provider.OIDC_CLIENT_REGISTRATION_ENDPOINT); + return getSetting(ConfigurationSettingNames.AuthorizationServer.OIDC_CLIENT_REGISTRATION_ENDPOINT); } /** - * Returns the Provider's OpenID Connect 1.0 UserInfo endpoint. The default is {@code /userinfo}. + * Returns the OpenID Connect 1.0 UserInfo endpoint. The default is {@code /userinfo}. * * @return the OpenID Connect 1.0 UserInfo endpoint */ public String getOidcUserInfoEndpoint() { - return getSetting(ConfigurationSettingNames.Provider.OIDC_USER_INFO_ENDPOINT); + return getSetting(ConfigurationSettingNames.AuthorizationServer.OIDC_USER_INFO_ENDPOINT); } /** @@ -135,101 +135,101 @@ public final class ProviderSettings extends AbstractSettings { } /** - * A builder for {@link ProviderSettings}. + * A builder for {@link AuthorizationServerSettings}. */ - public final static class Builder extends AbstractBuilder { + public final static class Builder extends AbstractBuilder { private Builder() { } /** - * Sets the URL the Provider uses as its Issuer Identifier. + * Sets the URL the Authorization Server uses as its Issuer Identifier. * - * @param issuer the URL the Provider uses as its Issuer Identifier. + * @param issuer the URL the Authorization Server uses as its Issuer Identifier. * @return the {@link Builder} for further configuration */ public Builder issuer(String issuer) { - return setting(ConfigurationSettingNames.Provider.ISSUER, issuer); + return setting(ConfigurationSettingNames.AuthorizationServer.ISSUER, issuer); } /** - * Sets the Provider's OAuth 2.0 Authorization endpoint. + * Sets the OAuth 2.0 Authorization endpoint. * * @param authorizationEndpoint the Authorization endpoint * @return the {@link Builder} for further configuration */ public Builder authorizationEndpoint(String authorizationEndpoint) { - return setting(ConfigurationSettingNames.Provider.AUTHORIZATION_ENDPOINT, authorizationEndpoint); + return setting(ConfigurationSettingNames.AuthorizationServer.AUTHORIZATION_ENDPOINT, authorizationEndpoint); } /** - * Sets the Provider's OAuth 2.0 Token endpoint. + * Sets the OAuth 2.0 Token endpoint. * * @param tokenEndpoint the Token endpoint * @return the {@link Builder} for further configuration */ public Builder tokenEndpoint(String tokenEndpoint) { - return setting(ConfigurationSettingNames.Provider.TOKEN_ENDPOINT, tokenEndpoint); + return setting(ConfigurationSettingNames.AuthorizationServer.TOKEN_ENDPOINT, tokenEndpoint); } /** - * Sets the Provider's JWK Set endpoint. + * Sets the JWK Set endpoint. * * @param jwkSetEndpoint the JWK Set endpoint * @return the {@link Builder} for further configuration */ public Builder jwkSetEndpoint(String jwkSetEndpoint) { - return setting(ConfigurationSettingNames.Provider.JWK_SET_ENDPOINT, jwkSetEndpoint); + return setting(ConfigurationSettingNames.AuthorizationServer.JWK_SET_ENDPOINT, jwkSetEndpoint); } /** - * Sets the Provider's OAuth 2.0 Token Revocation endpoint. + * Sets the OAuth 2.0 Token Revocation endpoint. * * @param tokenRevocationEndpoint the Token Revocation endpoint * @return the {@link Builder} for further configuration */ public Builder tokenRevocationEndpoint(String tokenRevocationEndpoint) { - return setting(ConfigurationSettingNames.Provider.TOKEN_REVOCATION_ENDPOINT, tokenRevocationEndpoint); + return setting(ConfigurationSettingNames.AuthorizationServer.TOKEN_REVOCATION_ENDPOINT, tokenRevocationEndpoint); } /** - * Sets the Provider's OAuth 2.0 Token Introspection endpoint. + * Sets the OAuth 2.0 Token Introspection endpoint. * * @param tokenIntrospectionEndpoint the Token Introspection endpoint * @return the {@link Builder} for further configuration */ public Builder tokenIntrospectionEndpoint(String tokenIntrospectionEndpoint) { - return setting(ConfigurationSettingNames.Provider.TOKEN_INTROSPECTION_ENDPOINT, tokenIntrospectionEndpoint); + return setting(ConfigurationSettingNames.AuthorizationServer.TOKEN_INTROSPECTION_ENDPOINT, tokenIntrospectionEndpoint); } /** - * Sets the Provider's OpenID Connect 1.0 Client Registration endpoint. + * Sets the OpenID Connect 1.0 Client Registration endpoint. * * @param oidcClientRegistrationEndpoint the OpenID Connect 1.0 Client Registration endpoint * @return the {@link Builder} for further configuration */ public Builder oidcClientRegistrationEndpoint(String oidcClientRegistrationEndpoint) { - return setting(ConfigurationSettingNames.Provider.OIDC_CLIENT_REGISTRATION_ENDPOINT, oidcClientRegistrationEndpoint); + return setting(ConfigurationSettingNames.AuthorizationServer.OIDC_CLIENT_REGISTRATION_ENDPOINT, oidcClientRegistrationEndpoint); } /** - * Sets the Provider's OpenID Connect 1.0 UserInfo endpoint. + * Sets the OpenID Connect 1.0 UserInfo endpoint. * * @param oidcUserInfoEndpoint the OpenID Connect 1.0 UserInfo endpoint * @return the {@link Builder} for further configuration */ public Builder oidcUserInfoEndpoint(String oidcUserInfoEndpoint) { - return setting(ConfigurationSettingNames.Provider.OIDC_USER_INFO_ENDPOINT, oidcUserInfoEndpoint); + return setting(ConfigurationSettingNames.AuthorizationServer.OIDC_USER_INFO_ENDPOINT, oidcUserInfoEndpoint); } /** - * Builds the {@link ProviderSettings}. + * Builds the {@link AuthorizationServerSettings}. * - * @return the {@link ProviderSettings} + * @return the {@link AuthorizationServerSettings} */ @Override - public ProviderSettings build() { - return new ProviderSettings(getSettings()); + public AuthorizationServerSettings build() { + return new AuthorizationServerSettings(getSettings()); } } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/settings/ConfigurationSettingNames.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/settings/ConfigurationSettingNames.java index e852f2a2..b548019b 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/settings/ConfigurationSettingNames.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/settings/ConfigurationSettingNames.java @@ -71,52 +71,52 @@ public final class ConfigurationSettingNames { } /** - * The names for provider configuration settings. + * The names for authorization server configuration settings. */ - public static final class Provider { - private static final String PROVIDER_SETTINGS_NAMESPACE = SETTINGS_NAMESPACE.concat("provider."); + public static final class AuthorizationServer { + private static final String AUTHORIZATION_SERVER_SETTINGS_NAMESPACE = SETTINGS_NAMESPACE.concat("authorization-server."); /** - * Set the URL the Provider uses as its Issuer Identifier. + * Set the URL the Authorization Server uses as its Issuer Identifier. */ - public static final String ISSUER = PROVIDER_SETTINGS_NAMESPACE.concat("issuer"); + public static final String ISSUER = AUTHORIZATION_SERVER_SETTINGS_NAMESPACE.concat("issuer"); /** - * Set the Provider's OAuth 2.0 Authorization endpoint. + * Set the OAuth 2.0 Authorization endpoint. */ - public static final String AUTHORIZATION_ENDPOINT = PROVIDER_SETTINGS_NAMESPACE.concat("authorization-endpoint"); + public static final String AUTHORIZATION_ENDPOINT = AUTHORIZATION_SERVER_SETTINGS_NAMESPACE.concat("authorization-endpoint"); /** - * Set the Provider's OAuth 2.0 Token endpoint. + * Set the OAuth 2.0 Token endpoint. */ - public static final String TOKEN_ENDPOINT = PROVIDER_SETTINGS_NAMESPACE.concat("token-endpoint"); + public static final String TOKEN_ENDPOINT = AUTHORIZATION_SERVER_SETTINGS_NAMESPACE.concat("token-endpoint"); /** - * Set the Provider's JWK Set endpoint. + * Set the JWK Set endpoint. */ - public static final String JWK_SET_ENDPOINT = PROVIDER_SETTINGS_NAMESPACE.concat("jwk-set-endpoint"); + public static final String JWK_SET_ENDPOINT = AUTHORIZATION_SERVER_SETTINGS_NAMESPACE.concat("jwk-set-endpoint"); /** - * Set the Provider's OAuth 2.0 Token Revocation endpoint. + * Set the OAuth 2.0 Token Revocation endpoint. */ - public static final String TOKEN_REVOCATION_ENDPOINT = PROVIDER_SETTINGS_NAMESPACE.concat("token-revocation-endpoint"); + public static final String TOKEN_REVOCATION_ENDPOINT = AUTHORIZATION_SERVER_SETTINGS_NAMESPACE.concat("token-revocation-endpoint"); /** - * Set the Provider's OAuth 2.0 Token Introspection endpoint. + * Set the OAuth 2.0 Token Introspection endpoint. */ - public static final String TOKEN_INTROSPECTION_ENDPOINT = PROVIDER_SETTINGS_NAMESPACE.concat("token-introspection-endpoint"); + public static final String TOKEN_INTROSPECTION_ENDPOINT = AUTHORIZATION_SERVER_SETTINGS_NAMESPACE.concat("token-introspection-endpoint"); /** - * Set the Provider's OpenID Connect 1.0 Client Registration endpoint. + * Set the OpenID Connect 1.0 Client Registration endpoint. */ - public static final String OIDC_CLIENT_REGISTRATION_ENDPOINT = PROVIDER_SETTINGS_NAMESPACE.concat("oidc-client-registration-endpoint"); + public static final String OIDC_CLIENT_REGISTRATION_ENDPOINT = AUTHORIZATION_SERVER_SETTINGS_NAMESPACE.concat("oidc-client-registration-endpoint"); /** - * Set the Provider's OpenID Connect 1.0 UserInfo endpoint. + * Set the OpenID Connect 1.0 UserInfo endpoint. */ - public static final String OIDC_USER_INFO_ENDPOINT = PROVIDER_SETTINGS_NAMESPACE.concat("oidc-user-info-endpoint"); + public static final String OIDC_USER_INFO_ENDPOINT = AUTHORIZATION_SERVER_SETTINGS_NAMESPACE.concat("oidc-user-info-endpoint"); - private Provider() { + private AuthorizationServer() { } } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java index 32404500..8d78de0b 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java @@ -33,7 +33,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResp import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationServerMetadata; import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; import org.springframework.security.oauth2.server.authorization.http.converter.OAuth2AuthorizationServerMetadataHttpMessageConverter; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; @@ -46,7 +46,7 @@ import org.springframework.web.util.UriComponentsBuilder; * @author Daniel Garnier-Moiroux * @since 0.1.1 * @see OAuth2AuthorizationServerMetadata - * @see ProviderSettings + * @see AuthorizationServerSettings * @see 3. Obtaining Authorization Server Metadata */ public final class OAuth2AuthorizationServerMetadataEndpointFilter extends OncePerRequestFilter { @@ -55,14 +55,14 @@ public final class OAuth2AuthorizationServerMetadataEndpointFilter extends OnceP */ private static final String DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI = "/.well-known/oauth-authorization-server"; - private final ProviderSettings providerSettings; + private final AuthorizationServerSettings authorizationServerSettings; private final RequestMatcher requestMatcher; private final OAuth2AuthorizationServerMetadataHttpMessageConverter authorizationServerMetadataHttpMessageConverter = new OAuth2AuthorizationServerMetadataHttpMessageConverter(); - public OAuth2AuthorizationServerMetadataEndpointFilter(ProviderSettings providerSettings) { - Assert.notNull(providerSettings, "providerSettings cannot be null"); - this.providerSettings = providerSettings; + public OAuth2AuthorizationServerMetadataEndpointFilter(AuthorizationServerSettings authorizationServerSettings) { + Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null"); + this.authorizationServerSettings = authorizationServerSettings; this.requestMatcher = new AntPathRequestMatcher( DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI, HttpMethod.GET.name() @@ -82,17 +82,17 @@ public final class OAuth2AuthorizationServerMetadataEndpointFilter extends OnceP OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.builder() .issuer(issuer) - .authorizationEndpoint(asUrl(issuer, this.providerSettings.getAuthorizationEndpoint())) - .tokenEndpoint(asUrl(issuer, this.providerSettings.getTokenEndpoint())) + .authorizationEndpoint(asUrl(issuer, this.authorizationServerSettings.getAuthorizationEndpoint())) + .tokenEndpoint(asUrl(issuer, this.authorizationServerSettings.getTokenEndpoint())) .tokenEndpointAuthenticationMethods(clientAuthenticationMethods()) - .jwkSetUrl(asUrl(issuer, this.providerSettings.getJwkSetEndpoint())) + .jwkSetUrl(asUrl(issuer, this.authorizationServerSettings.getJwkSetEndpoint())) .responseType(OAuth2AuthorizationResponseType.CODE.getValue()) .grantType(AuthorizationGrantType.AUTHORIZATION_CODE.getValue()) .grantType(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()) .grantType(AuthorizationGrantType.REFRESH_TOKEN.getValue()) - .tokenRevocationEndpoint(asUrl(issuer, this.providerSettings.getTokenRevocationEndpoint())) + .tokenRevocationEndpoint(asUrl(issuer, this.authorizationServerSettings.getTokenRevocationEndpoint())) .tokenRevocationEndpointAuthenticationMethods(clientAuthenticationMethods()) - .tokenIntrospectionEndpoint(asUrl(issuer, this.providerSettings.getTokenIntrospectionEndpoint())) + .tokenIntrospectionEndpoint(asUrl(issuer, this.authorizationServerSettings.getTokenIntrospectionEndpoint())) .tokenIntrospectionEndpointAuthenticationMethods(clientAuthenticationMethods()) .codeChallengeMethod("S256") .build(); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/ProviderContextFilter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/ProviderContextFilter.java index b59dfa44..7ef999a8 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/ProviderContextFilter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/ProviderContextFilter.java @@ -24,7 +24,7 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.security.oauth2.server.authorization.context.ProviderContext; import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.web.util.UrlUtils; import org.springframework.util.Assert; import org.springframework.web.filter.OncePerRequestFilter; @@ -37,19 +37,19 @@ import org.springframework.web.util.UriComponentsBuilder; * @since 0.2.2 * @see ProviderContext * @see ProviderContextHolder - * @see ProviderSettings + * @see AuthorizationServerSettings */ public final class ProviderContextFilter extends OncePerRequestFilter { - private final ProviderSettings providerSettings; + private final AuthorizationServerSettings authorizationServerSettings; /** * Constructs a {@code ProviderContextFilter} using the provided parameters. * - * @param providerSettings the provider settings + * @param authorizationServerSettings the authorization server settings */ - public ProviderContextFilter(ProviderSettings providerSettings) { - Assert.notNull(providerSettings, "providerSettings cannot be null"); - this.providerSettings = providerSettings; + public ProviderContextFilter(AuthorizationServerSettings authorizationServerSettings) { + Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null"); + this.authorizationServerSettings = authorizationServerSettings; } @Override @@ -58,7 +58,7 @@ public final class ProviderContextFilter extends OncePerRequestFilter { try { ProviderContext providerContext = new ProviderContext( - this.providerSettings, () -> resolveIssuer(this.providerSettings, request)); + this.authorizationServerSettings, () -> resolveIssuer(this.authorizationServerSettings, request)); ProviderContextHolder.setProviderContext(providerContext); filterChain.doFilter(request, response); } finally { @@ -66,9 +66,9 @@ public final class ProviderContextFilter extends OncePerRequestFilter { } } - private static String resolveIssuer(ProviderSettings providerSettings, HttpServletRequest request) { - return providerSettings.getIssuer() != null ? - providerSettings.getIssuer() : + private static String resolveIssuer(AuthorizationServerSettings authorizationServerSettings, HttpServletRequest request) { + return authorizationServerSettings.getIssuer() != null ? + authorizationServerSettings.getIssuer() : getContextPath(request); } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProviderTests.java index cd14c729..a9950ef5 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProviderTests.java @@ -59,8 +59,8 @@ import org.springframework.security.oauth2.server.authorization.client.Registere import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.context.ProviderContext; import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; import org.springframework.web.util.UriComponentsBuilder; import static org.assertj.core.api.Assertions.assertThat; @@ -91,7 +91,7 @@ public class JwtClientAssertionAuthenticationProviderTests { private RegisteredClientRepository registeredClientRepository; private OAuth2AuthorizationService authorizationService; private JwtClientAssertionAuthenticationProvider authenticationProvider; - private ProviderSettings providerSettings; + private AuthorizationServerSettings authorizationServerSettings; @Before public void setUp() { @@ -99,8 +99,8 @@ public class JwtClientAssertionAuthenticationProviderTests { this.authorizationService = mock(OAuth2AuthorizationService.class); this.authenticationProvider = new JwtClientAssertionAuthenticationProvider( this.registeredClientRepository, this.authorizationService); - this.providerSettings = ProviderSettings.builder().issuer("https://auth-server.com").build(); - ProviderContextHolder.setProviderContext(new ProviderContext(this.providerSettings, null)); + this.authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://auth-server.com").build(); + ProviderContextHolder.setProviderContext(new ProviderContext(this.authorizationServerSettings, null)); } @Test @@ -421,7 +421,7 @@ public class JwtClientAssertionAuthenticationProviderTests { return JwtClaimsSet.builder() .issuer(registeredClient.getClientId()) .subject(registeredClient.getClientId()) - .audience(Collections.singletonList(asUrl(this.providerSettings.getIssuer(), this.providerSettings.getTokenEndpoint()))) + .audience(Collections.singletonList(asUrl(this.authorizationServerSettings.getIssuer(), this.authorizationServerSettings.getTokenEndpoint()))) .issuedAt(issuedAt) .expiresAt(expiresAt); } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java index 8b77c25c..e02659c1 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java @@ -56,8 +56,8 @@ import org.springframework.security.oauth2.server.authorization.client.Registere import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.context.ProviderContext; import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; import org.springframework.security.oauth2.server.authorization.token.DelegatingOAuth2TokenGenerator; import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext; @@ -118,8 +118,8 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { }); this.authenticationProvider = new OAuth2AuthorizationCodeAuthenticationProvider( this.authorizationService, this.tokenGenerator); - ProviderSettings providerSettings = ProviderSettings.builder().issuer("https://provider.com").build(); - ProviderContextHolder.setProviderContext(new ProviderContext(providerSettings, null)); + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); + ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); } @After diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProviderTests.java index 4712baec..db832690 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProviderTests.java @@ -50,8 +50,8 @@ import org.springframework.security.oauth2.server.authorization.client.Registere import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.context.ProviderContext; import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; import static org.assertj.core.api.Assertions.assertThat; @@ -87,8 +87,8 @@ public class OAuth2AuthorizationCodeRequestAuthenticationProviderTests { this.registeredClientRepository, this.authorizationService, this.authorizationConsentService); this.principal = new TestingAuthenticationToken("principalName", "password"); this.principal.setAuthenticated(true); - ProviderSettings providerSettings = ProviderSettings.builder().issuer("https://provider.com").build(); - ProviderContextHolder.setProviderContext(new ProviderContext(providerSettings, null)); + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); + ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); } @Test diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java index 07c54613..9ce5b778 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java @@ -44,8 +44,8 @@ import org.springframework.security.oauth2.server.authorization.client.Registere import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.context.ProviderContext; import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; import org.springframework.security.oauth2.server.authorization.token.DelegatingOAuth2TokenGenerator; import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext; @@ -99,8 +99,8 @@ public class OAuth2ClientCredentialsAuthenticationProviderTests { }); this.authenticationProvider = new OAuth2ClientCredentialsAuthenticationProvider( this.authorizationService, this.tokenGenerator); - ProviderSettings providerSettings = ProviderSettings.builder().issuer("https://provider.com").build(); - ProviderContextHolder.setProviderContext(new ProviderContext(providerSettings, null)); + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); + ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); } @After diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java index c941d47d..b116eee3 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java @@ -53,8 +53,8 @@ import org.springframework.security.oauth2.server.authorization.client.Registere import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.context.ProviderContext; import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; import org.springframework.security.oauth2.server.authorization.token.DelegatingOAuth2TokenGenerator; import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext; @@ -116,8 +116,8 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { }); this.authenticationProvider = new OAuth2RefreshTokenAuthenticationProvider( this.authorizationService, this.tokenGenerator); - ProviderSettings providerSettings = ProviderSettings.builder().issuer("https://provider.com").build(); - ProviderContextHolder.setProviderContext(new ProviderContext(providerSettings, null)); + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); + ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); } @After diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/JwkSetTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/JwkSetTests.java index bdad9f55..995b5109 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/JwkSetTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/JwkSetTests.java @@ -42,7 +42,7 @@ import org.springframework.security.oauth2.server.authorization.client.JdbcRegis import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; import org.springframework.security.oauth2.server.authorization.jackson2.TestingAuthenticationTokenMixin; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.test.SpringTestRule; import org.springframework.test.web.servlet.MockMvc; @@ -61,7 +61,7 @@ public class JwkSetTests { private static final String DEFAULT_JWK_SET_ENDPOINT_URI = "/oauth2/jwks"; private static EmbeddedDatabase db; private static JWKSource jwkSource; - private static ProviderSettings providerSettings; + private static AuthorizationServerSettings authorizationServerSettings; @Rule public final SpringTestRule spring = new SpringTestRule(); @@ -76,7 +76,7 @@ public class JwkSetTests { public static void init() { JWKSet jwkSet = new JWKSet(TestJwks.DEFAULT_RSA_JWK); jwkSource = (jwkSelector, securityContext) -> jwkSelector.select(jwkSet); - providerSettings = ProviderSettings.builder().jwkSetEndpoint("/test/jwks").build(); + authorizationServerSettings = AuthorizationServerSettings.builder().jwkSetEndpoint("/test/jwks").build(); db = new EmbeddedDatabaseBuilder() .generateUniqueName(true) .setType(EmbeddedDatabaseType.HSQL) @@ -108,7 +108,7 @@ public class JwkSetTests { public void requestWhenJwkSetCustomEndpointThenReturnKeys() throws Exception { this.spring.register(AuthorizationServerConfigurationCustomEndpoints.class).autowire(); - assertJwkSetRequestThenReturnKeys(providerSettings.getJwkSetEndpoint()); + assertJwkSetRequestThenReturnKeys(authorizationServerSettings.getJwkSetEndpoint()); } private void assertJwkSetRequestThenReturnKeys(String jwkSetEndpointUri) throws Exception { @@ -171,8 +171,8 @@ public class JwkSetTests { static class AuthorizationServerConfigurationCustomEndpoints extends AuthorizationServerConfiguration { @Bean - ProviderSettings providerSettings() { - return providerSettings; + AuthorizationServerSettings authorizationServerSettings() { + return authorizationServerSettings; } } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java index 5d6d65d6..3fb1939e 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java @@ -97,8 +97,8 @@ import org.springframework.security.oauth2.server.authorization.client.Registere import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; import org.springframework.security.oauth2.server.authorization.jackson2.TestingAuthenticationTokenMixin; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; import org.springframework.security.oauth2.server.authorization.test.SpringTestRule; import org.springframework.security.oauth2.server.authorization.token.DelegatingOAuth2TokenGenerator; import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext; @@ -161,7 +161,7 @@ public class OAuth2AuthorizationCodeGrantTests { private static EmbeddedDatabase db; private static JWKSource jwkSource; private static NimbusJwtEncoder jwtEncoder; - private static ProviderSettings providerSettings; + private static AuthorizationServerSettings authorizationServerSettings; private static HttpMessageConverter accessTokenHttpResponseConverter = new OAuth2AccessTokenResponseHttpMessageConverter(); private static AuthenticationConverter authorizationRequestConverter; @@ -197,7 +197,7 @@ public class OAuth2AuthorizationCodeGrantTests { JWKSet jwkSet = new JWKSet(TestJwks.DEFAULT_RSA_JWK); jwkSource = (jwkSelector, securityContext) -> jwkSelector.select(jwkSet); jwtEncoder = new NimbusJwtEncoder(jwkSource); - providerSettings = ProviderSettings.builder() + authorizationServerSettings = AuthorizationServerSettings.builder() .authorizationEndpoint("/test/authorize") .tokenEndpoint("/test/token") .build(); @@ -269,7 +269,7 @@ public class OAuth2AuthorizationCodeGrantTests { public void requestWhenAuthorizationRequestCustomEndpointThenRedirectToClient() throws Exception { this.spring.register(AuthorizationServerConfigurationCustomEndpoints.class).autowire(); - assertAuthorizationRequestRedirectsToClient(providerSettings.getAuthorizationEndpoint()); + assertAuthorizationRequestRedirectsToClient(authorizationServerSettings.getAuthorizationEndpoint()); } private void assertAuthorizationRequestRedirectsToClient(String authorizationEndpointUri) throws Exception { @@ -326,7 +326,7 @@ public class OAuth2AuthorizationCodeGrantTests { this.authorizationService.save(authorization); assertTokenRequestReturnsAccessTokenResponse( - registeredClient, authorization, providerSettings.getTokenEndpoint()); + registeredClient, authorization, authorizationServerSettings.getTokenEndpoint()); } private OAuth2AccessTokenResponse assertTokenRequestReturnsAccessTokenResponse(RegisteredClient registeredClient, @@ -864,8 +864,8 @@ public class OAuth2AuthorizationCodeGrantTests { static class AuthorizationServerConfigurationCustomEndpoints extends AuthorizationServerConfiguration { @Bean - ProviderSettings providerSettings() { - return providerSettings; + AuthorizationServerSettings authorizationServerSettings() { + return authorizationServerSettings; } } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java index 882bfd7a..d7b181be 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java @@ -39,7 +39,7 @@ import org.springframework.security.oauth2.server.authorization.client.Registere import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.test.SpringTestRule; import org.springframework.test.web.servlet.MockMvc; @@ -124,8 +124,8 @@ public class OAuth2AuthorizationServerMetadataTests { } @Bean - ProviderSettings providerSettings() { - return ProviderSettings.builder().issuer(issuerUrl).build(); + AuthorizationServerSettings authorizationServerSettings() { + return AuthorizationServerSettings.builder().issuer(issuerUrl).build(); } } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenIntrospectionTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenIntrospectionTests.java index e7efd8f3..0a7761b3 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenIntrospectionTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenIntrospectionTests.java @@ -81,8 +81,8 @@ import org.springframework.security.oauth2.server.authorization.client.TestRegis import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; import org.springframework.security.oauth2.server.authorization.http.converter.OAuth2TokenIntrospectionHttpMessageConverter; import org.springframework.security.oauth2.server.authorization.jackson2.TestingAuthenticationTokenMixin; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; import org.springframework.security.oauth2.server.authorization.test.SpringTestRule; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenClaimsContext; @@ -115,7 +115,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. */ public class OAuth2TokenIntrospectionTests { private static EmbeddedDatabase db; - private static ProviderSettings providerSettings; + private static AuthorizationServerSettings authorizationServerSettings; private static OAuth2TokenCustomizer accessTokenCustomizer; private static AuthenticationConverter authenticationConverter; private static AuthenticationProvider authenticationProvider; @@ -143,7 +143,7 @@ public class OAuth2TokenIntrospectionTests { @BeforeClass public static void init() { - providerSettings = ProviderSettings.builder().tokenIntrospectionEndpoint("/test/introspect").build(); + authorizationServerSettings = AuthorizationServerSettings.builder().tokenIntrospectionEndpoint("/test/introspect").build(); authenticationConverter = mock(AuthenticationConverter.class); authenticationProvider = mock(AuthenticationProvider.class); authenticationSuccessHandler = mock(AuthenticationSuccessHandler.class); @@ -202,7 +202,7 @@ public class OAuth2TokenIntrospectionTests { this.authorizationService.save(authorization); // @formatter:off - MvcResult mvcResult = this.mvc.perform(post(providerSettings.getTokenIntrospectionEndpoint()) + MvcResult mvcResult = this.mvc.perform(post(authorizationServerSettings.getTokenIntrospectionEndpoint()) .params(getTokenIntrospectionRequestParameters(accessToken, OAuth2TokenType.ACCESS_TOKEN)) .header(HttpHeaders.AUTHORIZATION, getAuthorizationHeader(introspectRegisteredClient))) .andExpect(status().isOk()) @@ -242,7 +242,7 @@ public class OAuth2TokenIntrospectionTests { this.authorizationService.save(authorization); // @formatter:off - MvcResult mvcResult = this.mvc.perform(post(providerSettings.getTokenIntrospectionEndpoint()) + MvcResult mvcResult = this.mvc.perform(post(authorizationServerSettings.getTokenIntrospectionEndpoint()) .params(getTokenIntrospectionRequestParameters(refreshToken, OAuth2TokenType.REFRESH_TOKEN)) .header(HttpHeaders.AUTHORIZATION, getAuthorizationHeader(introspectRegisteredClient))) .andExpect(status().isOk()) @@ -284,7 +284,7 @@ public class OAuth2TokenIntrospectionTests { this.authorizationService.save(authorization); // @formatter:off - MvcResult mvcResult = this.mvc.perform(post(providerSettings.getTokenEndpoint()) + MvcResult mvcResult = this.mvc.perform(post(authorizationServerSettings.getTokenEndpoint()) .params(getAuthorizationCodeTokenRequestParameters(authorizedRegisteredClient, authorization)) .header(HttpHeaders.AUTHORIZATION, getAuthorizationHeader(authorizedRegisteredClient))) .andExpect(status().isOk()) @@ -298,7 +298,7 @@ public class OAuth2TokenIntrospectionTests { this.registeredClientRepository.save(introspectRegisteredClient); // @formatter:off - mvcResult = this.mvc.perform(post(providerSettings.getTokenIntrospectionEndpoint()) + mvcResult = this.mvc.perform(post(authorizationServerSettings.getTokenIntrospectionEndpoint()) .params(getTokenIntrospectionRequestParameters(accessToken, OAuth2TokenType.ACCESS_TOKEN)) .header(HttpHeaders.AUTHORIZATION, getAuthorizationHeader(introspectRegisteredClient))) .andExpect(status().isOk()) @@ -357,7 +357,7 @@ public class OAuth2TokenIntrospectionTests { when(authenticationProvider.authenticate(any())).thenReturn(tokenIntrospectionAuthentication); // @formatter:off - this.mvc.perform(post(providerSettings.getTokenIntrospectionEndpoint()) + this.mvc.perform(post(authorizationServerSettings.getTokenIntrospectionEndpoint()) .params(getTokenIntrospectionRequestParameters(accessToken, OAuth2TokenType.ACCESS_TOKEN)) .header(HttpHeaders.AUTHORIZATION, getAuthorizationHeader(introspectRegisteredClient))) .andExpect(status().isOk()); @@ -440,8 +440,8 @@ public class OAuth2TokenIntrospectionTests { } @Bean - ProviderSettings providerSettings() { - return providerSettings; + AuthorizationServerSettings authorizationServerSettings() { + return authorizationServerSettings; } @Bean diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcClientRegistrationTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcClientRegistrationTests.java index d73372a1..2fb92bf6 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcClientRegistrationTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcClientRegistrationTests.java @@ -77,8 +77,8 @@ import org.springframework.security.oauth2.server.authorization.client.TestRegis import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; import org.springframework.security.oauth2.server.authorization.oidc.OidcClientRegistration; import org.springframework.security.oauth2.server.authorization.oidc.http.converter.OidcClientRegistrationHttpMessageConverter; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; import org.springframework.security.oauth2.server.authorization.test.SpringTestRule; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.util.matcher.RequestMatcher; @@ -125,7 +125,7 @@ public class OidcClientRegistrationTests { private RegisteredClientRepository registeredClientRepository; @Autowired - private ProviderSettings providerSettings; + private AuthorizationServerSettings authorizationServerSettings; private MockWebServer server; private String clientJwkSetUrl; @@ -325,7 +325,7 @@ public class OidcClientRegistrationTests { return JwtClaimsSet.builder() .issuer(registeredClient.getClientId()) .subject(registeredClient.getClientId()) - .audience(Collections.singletonList(asUrl(this.providerSettings.getIssuer(), this.providerSettings.getTokenEndpoint()))) + .audience(Collections.singletonList(asUrl(this.authorizationServerSettings.getIssuer(), this.authorizationServerSettings.getTokenEndpoint()))) .issuedAt(issuedAt) .expiresAt(expiresAt); } @@ -408,8 +408,8 @@ public class OidcClientRegistrationTests { } @Bean - ProviderSettings providerSettings() { - return ProviderSettings.builder() + AuthorizationServerSettings authorizationServerSettings() { + return AuthorizationServerSettings.builder() .issuer("https://auth-server:9000") .build(); } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcTests.java index e76d2243..a0dc9e45 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcTests.java @@ -79,7 +79,7 @@ import org.springframework.security.oauth2.server.authorization.client.Registere import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; import org.springframework.security.oauth2.server.authorization.jackson2.TestingAuthenticationTokenMixin; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.test.SpringTestRule; import org.springframework.security.oauth2.server.authorization.token.DelegatingOAuth2TokenGenerator; import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext; @@ -469,8 +469,8 @@ public class OidcTests { static class AuthorizationServerConfigurationWithIssuer extends AuthorizationServerConfiguration { @Bean - ProviderSettings providerSettings() { - return ProviderSettings.builder().issuer(ISSUER_URL).build(); + AuthorizationServerSettings authorizationServerSettings() { + return AuthorizationServerSettings.builder().issuer(ISSUER_URL).build(); } } @@ -479,8 +479,8 @@ public class OidcTests { static class AuthorizationServerConfigurationWithInvalidIssuerUrl extends AuthorizationServerConfiguration { @Bean - ProviderSettings providerSettings() { - return ProviderSettings.builder().issuer("urn:example").build(); + AuthorizationServerSettings authorizationServerSettings() { + return AuthorizationServerSettings.builder().issuer("urn:example").build(); } } @@ -489,8 +489,8 @@ public class OidcTests { static class AuthorizationServerConfigurationWithInvalidIssuerUri extends AuthorizationServerConfiguration { @Bean - ProviderSettings providerSettings() { - return ProviderSettings.builder().issuer("https://not a valid uri").build(); + AuthorizationServerSettings authorizationServerSettings() { + return AuthorizationServerSettings.builder().issuer("https://not a valid uri").build(); } } @@ -499,8 +499,8 @@ public class OidcTests { static class AuthorizationServerConfigurationWithIssuerQuery extends AuthorizationServerConfiguration { @Bean - ProviderSettings providerSettings() { - return ProviderSettings.builder().issuer(ISSUER_URL + "?param=value").build(); + AuthorizationServerSettings authorizationServerSettings() { + return AuthorizationServerSettings.builder().issuer(ISSUER_URL + "?param=value").build(); } } @@ -509,8 +509,8 @@ public class OidcTests { static class AuthorizationServerConfigurationWithIssuerFragment extends AuthorizationServerConfiguration { @Bean - ProviderSettings providerSettings() { - return ProviderSettings.builder().issuer(ISSUER_URL + "#fragment").build(); + AuthorizationServerSettings authorizationServerSettings() { + return AuthorizationServerSettings.builder().issuer(ISSUER_URL + "#fragment").build(); } } @@ -519,8 +519,8 @@ public class OidcTests { static class AuthorizationServerConfigurationWithIssuerQueryAndFragment extends AuthorizationServerConfiguration { @Bean - ProviderSettings providerSettings() { - return ProviderSettings.builder().issuer(ISSUER_URL + "?param=value#fragment").build(); + AuthorizationServerSettings authorizationServerSettings() { + return AuthorizationServerSettings.builder().issuer(ISSUER_URL + "?param=value#fragment").build(); } } @@ -529,8 +529,8 @@ public class OidcTests { static class AuthorizationServerConfigurationWithIssuerEmptyQuery extends AuthorizationServerConfiguration { @Bean - ProviderSettings providerSettings() { - return ProviderSettings.builder().issuer(ISSUER_URL + "?").build(); + AuthorizationServerSettings authorizationServerSettings() { + return AuthorizationServerSettings.builder().issuer(ISSUER_URL + "?").build(); } } @@ -539,8 +539,8 @@ public class OidcTests { static class AuthorizationServerConfigurationWithIssuerEmptyFragment extends AuthorizationServerConfiguration { @Bean - ProviderSettings providerSettings() { - return ProviderSettings.builder().issuer(ISSUER_URL + "#").build(); + AuthorizationServerSettings authorizationServerSettings() { + return AuthorizationServerSettings.builder().issuer(ISSUER_URL + "#").build(); } } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcUserInfoTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcUserInfoTests.java index 10dde2dd..a6cffd79 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcUserInfoTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcUserInfoTests.java @@ -61,7 +61,7 @@ import org.springframework.security.oauth2.server.authorization.client.TestRegis import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcUserInfoAuthenticationContext; import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcUserInfoAuthenticationToken; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.test.SpringTestRule; import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; import org.springframework.security.web.SecurityFilterChain; @@ -377,8 +377,8 @@ public class OidcUserInfoTests { } @Bean - ProviderSettings providerSettings() { - return ProviderSettings.builder() + AuthorizationServerSettings authorizationServerSettings() { + return AuthorizationServerSettings.builder() .issuer("https://auth-server:9000") .build(); } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java index 7f278782..9b4050a8 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java @@ -56,8 +56,8 @@ import org.springframework.security.oauth2.server.authorization.context.Provider import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; import org.springframework.security.oauth2.server.authorization.oidc.OidcClientMetadataClaimNames; import org.springframework.security.oauth2.server.authorization.oidc.OidcClientRegistration; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; import org.springframework.security.oauth2.server.authorization.token.JwtGenerator; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; @@ -88,7 +88,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { private OAuth2AuthorizationService authorizationService; private JwtEncoder jwtEncoder; private OAuth2TokenGenerator tokenGenerator; - private ProviderSettings providerSettings; + private AuthorizationServerSettings authorizationServerSettings; private OidcClientRegistrationAuthenticationProvider authenticationProvider; @Before @@ -103,8 +103,8 @@ public class OidcClientRegistrationAuthenticationProviderTests { return jwtGenerator.generate(context); } }); - this.providerSettings = ProviderSettings.builder().issuer("https://provider.com").build(); - ProviderContextHolder.setProviderContext(new ProviderContext(this.providerSettings, null)); + this.authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); + ProviderContextHolder.setProviderContext(new ProviderContext(this.authorizationServerSettings, null)); this.authenticationProvider = new OidcClientRegistrationAuthenticationProvider( this.registeredClientRepository, this.authorizationService, this.tokenGenerator); } @@ -614,7 +614,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { ProviderContext providerContext = ProviderContextHolder.getProviderContext(); String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(providerContext.getIssuer()) - .path(providerContext.getProviderSettings().getOidcClientRegistrationEndpoint()) + .path(providerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint()) .queryParam(OAuth2ParameterNames.CLIENT_ID, registeredClientResult.getClientId()).toUriString(); assertThat(clientRegistrationResult.getRegistrationClientUrl().toString()).isEqualTo(expectedRegistrationClientUrl); @@ -810,7 +810,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { ProviderContext providerContext = ProviderContextHolder.getProviderContext(); String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(providerContext.getIssuer()) - .path(providerContext.getProviderSettings().getOidcClientRegistrationEndpoint()) + .path(providerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint()) .queryParam(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId()).toUriString(); assertThat(clientRegistrationResult.getRegistrationClientUrl().toString()).isEqualTo(expectedRegistrationClientUrl); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java index 5d0d9049..2439e046 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java @@ -27,7 +27,7 @@ import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.oauth2.server.authorization.context.ProviderContext; import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; @@ -50,16 +50,16 @@ public class OidcProviderConfigurationEndpointFilterTests { } @Test - public void constructorWhenProviderSettingsNullThenThrowIllegalArgumentException() { + public void constructorWhenAuthorizationServerSettingsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() .isThrownBy(() -> new OidcProviderConfigurationEndpointFilter(null)) - .withMessage("providerSettings cannot be null"); + .withMessage("authorizationServerSettings cannot be null"); } @Test public void doFilterWhenNotConfigurationRequestThenNotProcessed() throws Exception { OidcProviderConfigurationEndpointFilter filter = - new OidcProviderConfigurationEndpointFilter(ProviderSettings.builder().build()); + new OidcProviderConfigurationEndpointFilter(AuthorizationServerSettings.builder().build()); String requestUri = "/path"; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); @@ -75,7 +75,7 @@ public class OidcProviderConfigurationEndpointFilterTests { @Test public void doFilterWhenConfigurationRequestPostThenNotProcessed() throws Exception { OidcProviderConfigurationEndpointFilter filter = - new OidcProviderConfigurationEndpointFilter(ProviderSettings.builder().build()); + new OidcProviderConfigurationEndpointFilter(AuthorizationServerSettings.builder().build()); String requestUri = DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI; MockHttpServletRequest request = new MockHttpServletRequest("POST", requestUri); @@ -98,7 +98,7 @@ public class OidcProviderConfigurationEndpointFilterTests { String tokenRevocationEndpoint = "/oauth2/v1/revoke"; String tokenIntrospectionEndpoint = "/oauth2/v1/introspect"; - ProviderSettings providerSettings = ProviderSettings.builder() + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder() .issuer(issuer) .authorizationEndpoint(authorizationEndpoint) .tokenEndpoint(tokenEndpoint) @@ -107,9 +107,9 @@ public class OidcProviderConfigurationEndpointFilterTests { .tokenRevocationEndpoint(tokenRevocationEndpoint) .tokenIntrospectionEndpoint(tokenIntrospectionEndpoint) .build(); - ProviderContextHolder.setProviderContext(new ProviderContext(providerSettings, null)); + ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); OidcProviderConfigurationEndpointFilter filter = - new OidcProviderConfigurationEndpointFilter(providerSettings); + new OidcProviderConfigurationEndpointFilter(authorizationServerSettings); String requestUri = DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); @@ -141,13 +141,13 @@ public class OidcProviderConfigurationEndpointFilterTests { } @Test - public void doFilterWhenProviderSettingsWithInvalidIssuerThenThrowIllegalArgumentException() { - ProviderSettings providerSettings = ProviderSettings.builder() + public void doFilterWhenAuthorizationServerSettingsWithInvalidIssuerThenThrowIllegalArgumentException() { + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder() .issuer("https://this is an invalid URL") .build(); - ProviderContextHolder.setProviderContext(new ProviderContext(providerSettings, null)); + ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); OidcProviderConfigurationEndpointFilter filter = - new OidcProviderConfigurationEndpointFilter(providerSettings); + new OidcProviderConfigurationEndpointFilter(authorizationServerSettings); String requestUri = DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/settings/ProviderSettingsTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/settings/AuthorizationServerSettingsTests.java similarity index 54% rename from oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/settings/ProviderSettingsTests.java rename to oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/settings/AuthorizationServerSettingsTests.java index 9b0c83da..b0c3e7f8 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/settings/ProviderSettingsTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/settings/AuthorizationServerSettingsTests.java @@ -21,24 +21,24 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; /** - * Tests for {@link ProviderSettings}. + * Tests for {@link AuthorizationServerSettings}. * * @author Daniel Garnier-Moiroux */ -public class ProviderSettingsTests { +public class AuthorizationServerSettingsTests { @Test public void buildWhenDefaultThenDefaultsAreSet() { - ProviderSettings providerSettings = ProviderSettings.builder().build(); + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().build(); - assertThat(providerSettings.getIssuer()).isNull(); - assertThat(providerSettings.getAuthorizationEndpoint()).isEqualTo("/oauth2/authorize"); - assertThat(providerSettings.getTokenEndpoint()).isEqualTo("/oauth2/token"); - assertThat(providerSettings.getJwkSetEndpoint()).isEqualTo("/oauth2/jwks"); - assertThat(providerSettings.getTokenRevocationEndpoint()).isEqualTo("/oauth2/revoke"); - assertThat(providerSettings.getTokenIntrospectionEndpoint()).isEqualTo("/oauth2/introspect"); - assertThat(providerSettings.getOidcClientRegistrationEndpoint()).isEqualTo("/connect/register"); - assertThat(providerSettings.getOidcUserInfoEndpoint()).isEqualTo("/userinfo"); + assertThat(authorizationServerSettings.getIssuer()).isNull(); + assertThat(authorizationServerSettings.getAuthorizationEndpoint()).isEqualTo("/oauth2/authorize"); + assertThat(authorizationServerSettings.getTokenEndpoint()).isEqualTo("/oauth2/token"); + assertThat(authorizationServerSettings.getJwkSetEndpoint()).isEqualTo("/oauth2/jwks"); + assertThat(authorizationServerSettings.getTokenRevocationEndpoint()).isEqualTo("/oauth2/revoke"); + assertThat(authorizationServerSettings.getTokenIntrospectionEndpoint()).isEqualTo("/oauth2/introspect"); + assertThat(authorizationServerSettings.getOidcClientRegistrationEndpoint()).isEqualTo("/connect/register"); + assertThat(authorizationServerSettings.getOidcUserInfoEndpoint()).isEqualTo("/userinfo"); } @Test @@ -52,7 +52,7 @@ public class ProviderSettingsTests { String oidcUserInfoEndpoint = "/connect/v1/userinfo"; String issuer = "https://example.com:9000"; - ProviderSettings providerSettings = ProviderSettings.builder() + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder() .issuer(issuer) .authorizationEndpoint(authorizationEndpoint) .tokenEndpoint(tokenEndpoint) @@ -64,81 +64,81 @@ public class ProviderSettingsTests { .oidcUserInfoEndpoint(oidcUserInfoEndpoint) .build(); - assertThat(providerSettings.getIssuer()).isEqualTo(issuer); - assertThat(providerSettings.getAuthorizationEndpoint()).isEqualTo(authorizationEndpoint); - assertThat(providerSettings.getTokenEndpoint()).isEqualTo(tokenEndpoint); - assertThat(providerSettings.getJwkSetEndpoint()).isEqualTo(jwkSetEndpoint); - assertThat(providerSettings.getTokenRevocationEndpoint()).isEqualTo(tokenRevocationEndpoint); - assertThat(providerSettings.getTokenIntrospectionEndpoint()).isEqualTo(tokenIntrospectionEndpoint); - assertThat(providerSettings.getOidcClientRegistrationEndpoint()).isEqualTo(oidcClientRegistrationEndpoint); - assertThat(providerSettings.getOidcUserInfoEndpoint()).isEqualTo(oidcUserInfoEndpoint); + assertThat(authorizationServerSettings.getIssuer()).isEqualTo(issuer); + assertThat(authorizationServerSettings.getAuthorizationEndpoint()).isEqualTo(authorizationEndpoint); + assertThat(authorizationServerSettings.getTokenEndpoint()).isEqualTo(tokenEndpoint); + assertThat(authorizationServerSettings.getJwkSetEndpoint()).isEqualTo(jwkSetEndpoint); + assertThat(authorizationServerSettings.getTokenRevocationEndpoint()).isEqualTo(tokenRevocationEndpoint); + assertThat(authorizationServerSettings.getTokenIntrospectionEndpoint()).isEqualTo(tokenIntrospectionEndpoint); + assertThat(authorizationServerSettings.getOidcClientRegistrationEndpoint()).isEqualTo(oidcClientRegistrationEndpoint); + assertThat(authorizationServerSettings.getOidcUserInfoEndpoint()).isEqualTo(oidcUserInfoEndpoint); } @Test public void settingWhenCustomThenSet() { - ProviderSettings providerSettings = ProviderSettings.builder() + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder() .setting("name1", "value1") .settings(settings -> settings.put("name2", "value2")) .build(); - assertThat(providerSettings.getSettings()).hasSize(9); - assertThat(providerSettings.getSetting("name1")).isEqualTo("value1"); - assertThat(providerSettings.getSetting("name2")).isEqualTo("value2"); + assertThat(authorizationServerSettings.getSettings()).hasSize(9); + assertThat(authorizationServerSettings.getSetting("name1")).isEqualTo("value1"); + assertThat(authorizationServerSettings.getSetting("name2")).isEqualTo("value2"); } @Test public void issuerWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> ProviderSettings.builder().issuer(null)) + .isThrownBy(() -> AuthorizationServerSettings.builder().issuer(null)) .withMessage("value cannot be null"); } @Test public void authorizationEndpointWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> ProviderSettings.builder().authorizationEndpoint(null)) + .isThrownBy(() -> AuthorizationServerSettings.builder().authorizationEndpoint(null)) .withMessage("value cannot be null"); } @Test public void tokenEndpointWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> ProviderSettings.builder().tokenEndpoint(null)) + .isThrownBy(() -> AuthorizationServerSettings.builder().tokenEndpoint(null)) .withMessage("value cannot be null"); } @Test public void tokenRevocationEndpointWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> ProviderSettings.builder().tokenRevocationEndpoint(null)) + .isThrownBy(() -> AuthorizationServerSettings.builder().tokenRevocationEndpoint(null)) .withMessage("value cannot be null"); } @Test public void tokenIntrospectionEndpointWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> ProviderSettings.builder().tokenIntrospectionEndpoint(null)) + .isThrownBy(() -> AuthorizationServerSettings.builder().tokenIntrospectionEndpoint(null)) .withMessage("value cannot be null"); } @Test public void oidcClientRegistrationEndpointWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> ProviderSettings.builder().oidcClientRegistrationEndpoint(null)) + .isThrownBy(() -> AuthorizationServerSettings.builder().oidcClientRegistrationEndpoint(null)) .withMessage("value cannot be null"); } @Test public void oidcUserInfoEndpointWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> ProviderSettings.builder().oidcUserInfoEndpoint(null)) + .isThrownBy(() -> AuthorizationServerSettings.builder().oidcUserInfoEndpoint(null)) .withMessage("value cannot be null"); } @Test public void jwksEndpointWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> ProviderSettings.builder().jwkSetEndpoint(null)) + .isThrownBy(() -> AuthorizationServerSettings.builder().jwkSetEndpoint(null)) .withMessage("value cannot be null"); } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java index 5dc663f5..5fd725a1 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java @@ -47,8 +47,8 @@ import org.springframework.security.oauth2.server.authorization.authentication.O import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.context.ProviderContext; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; import static org.assertj.core.api.Assertions.assertThat; @@ -74,8 +74,8 @@ public class JwtGeneratorTests { this.jwtCustomizer = mock(OAuth2TokenCustomizer.class); this.jwtGenerator = new JwtGenerator(this.jwtEncoder); this.jwtGenerator.setJwtCustomizer(this.jwtCustomizer); - ProviderSettings providerSettings = ProviderSettings.builder().issuer("https://provider.com").build(); - this.providerContext = new ProviderContext(providerSettings, null); + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); + this.providerContext = new ProviderContext(authorizationServerSettings, null); } @Test diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGeneratorTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGeneratorTests.java index 30543b5a..6d778a06 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGeneratorTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGeneratorTests.java @@ -39,8 +39,8 @@ import org.springframework.security.oauth2.server.authorization.authentication.O import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.context.ProviderContext; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; import static org.assertj.core.api.Assertions.assertThat; @@ -63,8 +63,8 @@ public class OAuth2AccessTokenGeneratorTests { this.accessTokenCustomizer = mock(OAuth2TokenCustomizer.class); this.accessTokenGenerator = new OAuth2AccessTokenGenerator(); this.accessTokenGenerator.setAccessTokenCustomizer(this.accessTokenCustomizer); - ProviderSettings providerSettings = ProviderSettings.builder().issuer("https://provider.com").build(); - this.providerContext = new ProviderContext(providerSettings, null); + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); + this.providerContext = new ProviderContext(authorizationServerSettings, null); } @Test diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2TokenClaimsContextTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2TokenClaimsContextTests.java index 5222791f..78bdde1d 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2TokenClaimsContextTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2TokenClaimsContextTests.java @@ -35,7 +35,7 @@ import org.springframework.security.oauth2.server.authorization.authentication.O import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatThrownBy; @@ -74,8 +74,8 @@ public class OAuth2TokenClaimsContextTests { RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); Authentication principal = authorization.getAttribute(Principal.class.getName()); - ProviderSettings providerSettings = ProviderSettings.builder().issuer(issuer).build(); - ProviderContext providerContext = new ProviderContext(providerSettings, null); + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer(issuer).build(); + ProviderContext providerContext = new ProviderContext(authorizationServerSettings, null); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute( diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java index b897a832..d7c7e2aa 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java @@ -27,7 +27,7 @@ import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.oauth2.server.authorization.context.ProviderContext; import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; @@ -50,16 +50,16 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { } @Test - public void constructorWhenProviderSettingsNullThenThrowIllegalArgumentException() { + public void constructorWhenAuthorizationServerSettingsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() .isThrownBy(() -> new OAuth2AuthorizationServerMetadataEndpointFilter(null)) - .withMessage("providerSettings cannot be null"); + .withMessage("authorizationServerSettings cannot be null"); } @Test public void doFilterWhenNotAuthorizationServerMetadataRequestThenNotProcessed() throws Exception { OAuth2AuthorizationServerMetadataEndpointFilter filter = - new OAuth2AuthorizationServerMetadataEndpointFilter(ProviderSettings.builder().issuer("https://example.com").build()); + new OAuth2AuthorizationServerMetadataEndpointFilter(AuthorizationServerSettings.builder().issuer("https://example.com").build()); String requestUri = "/path"; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); @@ -75,7 +75,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { @Test public void doFilterWhenAuthorizationServerMetadataRequestPostThenNotProcessed() throws Exception { OAuth2AuthorizationServerMetadataEndpointFilter filter = - new OAuth2AuthorizationServerMetadataEndpointFilter(ProviderSettings.builder().issuer("https://example.com").build()); + new OAuth2AuthorizationServerMetadataEndpointFilter(AuthorizationServerSettings.builder().issuer("https://example.com").build()); String requestUri = DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI; MockHttpServletRequest request = new MockHttpServletRequest("POST", requestUri); @@ -97,7 +97,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { String tokenRevocationEndpoint = "/oauth2/v1/revoke"; String tokenIntrospectionEndpoint = "/oauth2/v1/introspect"; - ProviderSettings providerSettings = ProviderSettings.builder() + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder() .issuer(issuer) .authorizationEndpoint(authorizationEndpoint) .tokenEndpoint(tokenEndpoint) @@ -105,9 +105,9 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { .tokenRevocationEndpoint(tokenRevocationEndpoint) .tokenIntrospectionEndpoint(tokenIntrospectionEndpoint) .build(); - ProviderContextHolder.setProviderContext(new ProviderContext(providerSettings, null)); + ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); OAuth2AuthorizationServerMetadataEndpointFilter filter = - new OAuth2AuthorizationServerMetadataEndpointFilter(providerSettings); + new OAuth2AuthorizationServerMetadataEndpointFilter(authorizationServerSettings); String requestUri = DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); @@ -136,13 +136,13 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { } @Test - public void doFilterWhenProviderSettingsWithInvalidIssuerThenThrowIllegalArgumentException() { - ProviderSettings providerSettings = ProviderSettings.builder() + public void doFilterWhenAuthorizationServerSettingsWithInvalidIssuerThenThrowIllegalArgumentException() { + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder() .issuer("https://this is an invalid URL") .build(); - ProviderContextHolder.setProviderContext(new ProviderContext(providerSettings, null)); + ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); OAuth2AuthorizationServerMetadataEndpointFilter filter = - new OAuth2AuthorizationServerMetadataEndpointFilter(providerSettings); + new OAuth2AuthorizationServerMetadataEndpointFilter(authorizationServerSettings); String requestUri = DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/ProviderContextFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/ProviderContextFilterTests.java index 0aa35379..68d96126 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/ProviderContextFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/ProviderContextFilterTests.java @@ -24,7 +24,7 @@ import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.oauth2.server.authorization.context.ProviderContext; import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatThrownBy; @@ -45,17 +45,17 @@ public class ProviderContextFilterTests { } @Test - public void constructorWhenProviderSettingsNullThenThrowIllegalArgumentException() { + public void constructorWhenAuthorizationServerSettingsNullThenThrowIllegalArgumentException() { assertThatThrownBy(() -> new ProviderContextFilter(null)) .isInstanceOf(IllegalArgumentException.class) - .hasMessage("providerSettings cannot be null"); + .hasMessage("authorizationServerSettings cannot be null"); } @Test public void doFilterWhenIssuerConfiguredThenUsed() throws Exception { String issuer = "https://provider.com"; - ProviderSettings providerSettings = ProviderSettings.builder().issuer(issuer).build(); - ProviderContextFilter filter = new ProviderContextFilter(providerSettings); + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer(issuer).build(); + ProviderContextFilter filter = new ProviderContextFilter(authorizationServerSettings); MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); request.setServletPath("/"); @@ -65,7 +65,7 @@ public class ProviderContextFilterTests { doAnswer(invocation -> { ProviderContext providerContext = ProviderContextHolder.getProviderContext(); assertThat(providerContext).isNotNull(); - assertThat(providerContext.getProviderSettings()).isSameAs(providerSettings); + assertThat(providerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings); assertThat(providerContext.getIssuer()).isEqualTo(issuer); return null; }).when(filterChain).doFilter(any(), any()); @@ -77,8 +77,8 @@ public class ProviderContextFilterTests { @Test public void doFilterWhenIssuerNotConfiguredThenResolveFromRequest() throws Exception { - ProviderSettings providerSettings = ProviderSettings.builder().build(); - ProviderContextFilter filter = new ProviderContextFilter(providerSettings); + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().build(); + ProviderContextFilter filter = new ProviderContextFilter(authorizationServerSettings); MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); request.setServletPath("/"); @@ -88,7 +88,7 @@ public class ProviderContextFilterTests { doAnswer(invocation -> { ProviderContext providerContext = ProviderContextHolder.getProviderContext(); assertThat(providerContext).isNotNull(); - assertThat(providerContext.getProviderSettings()).isSameAs(providerSettings); + assertThat(providerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings); assertThat(providerContext.getIssuer()).isEqualTo("http://localhost"); return null; }).when(filterChain).doFilter(any(), any()); diff --git a/samples/custom-consent-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java b/samples/custom-consent-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java index 8d29e3f5..5b92994e 100644 --- a/samples/custom-consent-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java +++ b/samples/custom-consent-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java @@ -40,8 +40,8 @@ import org.springframework.security.oauth2.server.authorization.client.Registere import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; import org.springframework.security.web.util.matcher.RequestMatcher; @@ -115,8 +115,8 @@ public class AuthorizationServerConfig { } @Bean - public ProviderSettings providerSettings() { - return ProviderSettings.builder().issuer("http://localhost:9000").build(); + public AuthorizationServerSettings authorizationServerSettings() { + return AuthorizationServerSettings.builder().issuer("http://localhost:9000").build(); } @Bean diff --git a/samples/default-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java b/samples/default-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java index 784871ed..d209fca4 100644 --- a/samples/default-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java +++ b/samples/default-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java @@ -45,8 +45,8 @@ import org.springframework.security.oauth2.server.authorization.client.JdbcRegis import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; @@ -121,8 +121,8 @@ public class AuthorizationServerConfig { } @Bean - public ProviderSettings providerSettings() { - return ProviderSettings.builder().issuer("http://localhost:9000").build(); + public AuthorizationServerSettings authorizationServerSettings() { + return AuthorizationServerSettings.builder().issuer("http://localhost:9000").build(); } @Bean diff --git a/samples/federated-identity-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java b/samples/federated-identity-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java index cb0b37ea..23e6ab75 100644 --- a/samples/federated-identity-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java +++ b/samples/federated-identity-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java @@ -47,8 +47,8 @@ import org.springframework.security.oauth2.server.authorization.client.JdbcRegis import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer; import org.springframework.security.web.SecurityFilterChain; @@ -124,8 +124,8 @@ public class AuthorizationServerConfig { } @Bean - public ProviderSettings providerSettings() { - return ProviderSettings.builder().issuer("http://localhost:9000").build(); + public AuthorizationServerSettings authorizationServerSettings() { + return AuthorizationServerSettings.builder().issuer("http://localhost:9000").build(); } @Bean From 3efee494adda9c9dbfa4fd5dc089826ed43993f4 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Mon, 22 Aug 2022 13:55:31 -0400 Subject: [PATCH 2/6] Rename ProviderContext Closes gh-865 --- .../docs/asciidoc/configuration-model.adoc | 6 +- .../docs/asciidoc/core-model-components.adoc | 4 +- ...ClientAssertionAuthenticationProvider.java | 32 +++++----- ...thorizationCodeAuthenticationProvider.java | 4 +- ...tionCodeRequestAuthenticationProvider.java | 4 +- ...ientCredentialsAuthenticationProvider.java | 4 +- ...th2RefreshTokenAuthenticationProvider.java | 4 +- .../OAuth2AuthorizationServerConfigurer.java | 6 +- ...t.java => AuthorizationServerContext.java} | 16 ++--- .../AuthorizationServerContextHolder.java | 63 +++++++++++++++++++ .../context/ProviderContextHolder.java | 63 ------------------- ...entRegistrationAuthenticationProvider.java | 12 ++-- ...dcProviderConfigurationEndpointFilter.java | 4 +- .../authorization/token/JwtGenerator.java | 6 +- .../token/OAuth2AccessTokenGenerator.java | 6 +- .../token/OAuth2TokenContext.java | 18 +++--- ... => AuthorizationServerContextFilter.java} | 22 +++---- ...orizationServerMetadataEndpointFilter.java | 4 +- ...tAssertionAuthenticationProviderTests.java | 6 +- ...zationCodeAuthenticationProviderTests.java | 8 +-- ...odeRequestAuthenticationProviderTests.java | 6 +- ...redentialsAuthenticationProviderTests.java | 8 +-- ...freshTokenAuthenticationProviderTests.java | 8 +-- ...gistrationAuthenticationProviderTests.java | 20 +++--- ...viderConfigurationEndpointFilterTests.java | 10 +-- .../token/JwtGeneratorTests.java | 12 ++-- .../OAuth2AccessTokenGeneratorTests.java | 12 ++-- .../token/OAuth2TokenClaimsContextTests.java | 8 +-- ...uthorizationServerContextFilterTests.java} | 36 +++++------ ...tionServerMetadataEndpointFilterTests.java | 10 +-- 30 files changed, 211 insertions(+), 211 deletions(-) rename oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/{ProviderContext.java => AuthorizationServerContext.java} (77%) create mode 100644 oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContextHolder.java delete mode 100644 oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/ProviderContextHolder.java rename oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/{ProviderContextFilter.java => AuthorizationServerContextFilter.java} (77%) rename oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/{ProviderContextFilterTests.java => AuthorizationServerContextFilterTests.java} (67%) diff --git a/docs/src/docs/asciidoc/configuration-model.adoc b/docs/src/docs/asciidoc/configuration-model.adoc index 151417ef..011d33ee 100644 --- a/docs/src/docs/asciidoc/configuration-model.adoc +++ b/docs/src/docs/asciidoc/configuration-model.adoc @@ -173,17 +173,17 @@ public AuthorizationServerSettings authorizationServerSettings() { } ---- -The `ProviderContext` is a context object that holds information about the provider. +The `AuthorizationServerContext` is a context object that holds information of the Authorization Server runtime environment. It provides access to the `AuthorizationServerSettings` and the "`current`" issuer identifier. [NOTE] If the issuer identifier is not configured in `AuthorizationServerSettings.builder().issuer(String)`, it is resolved from the current request. [NOTE] -The `ProviderContext` is accessible through the `ProviderContextHolder`, which associates it with the current request thread by using a `ThreadLocal`. +The `AuthorizationServerContext` is accessible through the `AuthorizationServerContextHolder`, which associates it with the current request thread by using a `ThreadLocal`. [NOTE] -The `ProviderContextFilter` associates the `ProviderContext` with the `ProviderContextHolder`. +The `AuthorizationServerContextFilter` associates the `AuthorizationServerContext` with the `AuthorizationServerContextHolder`. [[configuring-client-authentication]] == Configuring Client Authentication diff --git a/docs/src/docs/asciidoc/core-model-components.adoc b/docs/src/docs/asciidoc/core-model-components.adoc index 75900e5e..6bf23d8a 100644 --- a/docs/src/docs/asciidoc/core-model-components.adoc +++ b/docs/src/docs/asciidoc/core-model-components.adoc @@ -316,7 +316,7 @@ public interface OAuth2TokenContext extends Context { default T getPrincipal() ... <2> - default ProviderContext getProviderContext() ... <3> + default AuthorizationServerContext getAuthorizationServerContext() ... <3> @Nullable default OAuth2Authorization getAuthorization() ... <4> @@ -335,7 +335,7 @@ public interface OAuth2TokenContext extends Context { ---- <1> `getRegisteredClient()`: The <> associated with the authorization grant. <2> `getPrincipal()`: The `Authentication` instance of the resource owner (or client). -<3> `getProviderContext()`: The xref:configuration-model.adoc#configuring-authorization-server-settings[`ProviderContext`] object that holds information related to the provider. +<3> `getAuthorizationServerContext()`: The xref:configuration-model.adoc#configuring-authorization-server-settings[`AuthorizationServerContext`] object that holds information of the Authorization Server runtime environment. <4> `getAuthorization()`: The <> associated with the authorization grant. <5> `getAuthorizedScopes()`: The scope(s) authorized for the client. <6> `getTokenType()`: The `OAuth2TokenType` to generate. The supported values are `code`, `access_token`, `refresh_token`, and `id_token`. diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProvider.java index 7c378f37..d6cba46d 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProvider.java @@ -51,8 +51,8 @@ import org.springframework.security.oauth2.jwt.NimbusJwtDecoder; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.util.Assert; import org.springframework.util.CollectionUtils; @@ -221,20 +221,20 @@ public final class JwtClientAssertionAuthenticationProvider implements Authentic return new DelegatingOAuth2TokenValidator<>( new JwtClaimValidator<>(JwtClaimNames.ISS, clientId::equals), new JwtClaimValidator<>(JwtClaimNames.SUB, clientId::equals), - new JwtClaimValidator<>(JwtClaimNames.AUD, containsProviderAudience()), + new JwtClaimValidator<>(JwtClaimNames.AUD, containsAudience()), new JwtClaimValidator<>(JwtClaimNames.EXP, Objects::nonNull), new JwtTimestampValidator() ); } - private static Predicate> containsProviderAudience() { + private static Predicate> containsAudience() { return (audienceClaim) -> { if (CollectionUtils.isEmpty(audienceClaim)) { return false; } - List providerAudience = getProviderAudience(); + List audienceList = getAudience(); for (String audience : audienceClaim) { - if (providerAudience.contains(audience)) { + if (audienceList.contains(audience)) { return true; } } @@ -242,19 +242,19 @@ public final class JwtClientAssertionAuthenticationProvider implements Authentic }; } - private static List getProviderAudience() { - ProviderContext providerContext = ProviderContextHolder.getProviderContext(); - if (!StringUtils.hasText(providerContext.getIssuer())) { + private static List getAudience() { + AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext(); + if (!StringUtils.hasText(authorizationServerContext.getIssuer())) { return Collections.emptyList(); } - AuthorizationServerSettings authorizationServerSettings = providerContext.getAuthorizationServerSettings(); - List providerAudience = new ArrayList<>(); - providerAudience.add(providerContext.getIssuer()); - providerAudience.add(asUrl(providerContext.getIssuer(), authorizationServerSettings.getTokenEndpoint())); - providerAudience.add(asUrl(providerContext.getIssuer(), authorizationServerSettings.getTokenIntrospectionEndpoint())); - providerAudience.add(asUrl(providerContext.getIssuer(), authorizationServerSettings.getTokenRevocationEndpoint())); - return providerAudience; + AuthorizationServerSettings authorizationServerSettings = authorizationServerContext.getAuthorizationServerSettings(); + List audience = new ArrayList<>(); + audience.add(authorizationServerContext.getIssuer()); + audience.add(asUrl(authorizationServerContext.getIssuer(), authorizationServerSettings.getTokenEndpoint())); + audience.add(asUrl(authorizationServerContext.getIssuer(), authorizationServerSettings.getTokenIntrospectionEndpoint())); + audience.add(asUrl(authorizationServerContext.getIssuer(), authorizationServerSettings.getTokenRevocationEndpoint())); + return audience; } private static String asUrl(String issuer, String endpoint) { diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java index 324538a8..4550dc7e 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java @@ -43,7 +43,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2TokenType; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; @@ -132,7 +132,7 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder() .registeredClient(registeredClient) .principal(authorization.getAttribute(Principal.class.getName())) - .providerContext(ProviderContextHolder.getProviderContext()) + .authorizationServerContext(AuthorizationServerContextHolder.getContext()) .authorization(authorization) .authorizedScopes(authorization.getAuthorizedScopes()) .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java index a2258b5f..f549c2b2 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java @@ -49,7 +49,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat import org.springframework.security.oauth2.server.authorization.OAuth2TokenType; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; @@ -438,7 +438,7 @@ public final class OAuth2AuthorizationCodeRequestAuthenticationProvider implemen DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder() .registeredClient(registeredClient) .principal((Authentication) authorizationCodeRequestAuthentication.getPrincipal()) - .providerContext(ProviderContextHolder.getProviderContext()) + .authorizationServerContext(AuthorizationServerContextHolder.getContext()) .tokenType(new OAuth2TokenType(OAuth2ParameterNames.CODE)) .authorizedScopes(authorizedScopes) .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java index a7405c42..0e4b7298 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java @@ -33,7 +33,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2TokenType; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; @@ -102,7 +102,7 @@ public final class OAuth2ClientCredentialsAuthenticationProvider implements Auth OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder() .registeredClient(registeredClient) .principal(clientPrincipal) - .providerContext(ProviderContextHolder.getProviderContext()) + .authorizationServerContext(AuthorizationServerContextHolder.getContext()) .authorizedScopes(authorizedScopes) .tokenType(OAuth2TokenType.ACCESS_TOKEN) .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java index 8ff1f162..ccdf5485 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java @@ -40,7 +40,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2TokenType; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; @@ -130,7 +130,7 @@ public final class OAuth2RefreshTokenAuthenticationProvider implements Authentic DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder() .registeredClient(registeredClient) .principal(authorization.getAttribute(Principal.class.getName())) - .providerContext(ProviderContextHolder.getProviderContext()) + .authorizationServerContext(AuthorizationServerContextHolder.getContext()) .authorization(authorization) .authorizedScopes(scopes) .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java index 26dbc2d9..56371ef2 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java @@ -33,9 +33,9 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; +import org.springframework.security.oauth2.server.authorization.web.AuthorizationServerContextFilter; import org.springframework.security.oauth2.server.authorization.web.NimbusJwkSetEndpointFilter; import org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationServerMetadataEndpointFilter; -import org.springframework.security.oauth2.server.authorization.web.ProviderContextFilter; import org.springframework.security.web.authentication.HttpStatusEntryPoint; import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter; import org.springframework.security.web.context.SecurityContextHolderFilter; @@ -245,8 +245,8 @@ public final class OAuth2AuthorizationServerConfigurer AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity); - ProviderContextFilter providerContextFilter = new ProviderContextFilter(authorizationServerSettings); - httpSecurity.addFilterAfter(postProcess(providerContextFilter), SecurityContextHolderFilter.class); + AuthorizationServerContextFilter authorizationServerContextFilter = new AuthorizationServerContextFilter(authorizationServerSettings); + httpSecurity.addFilterAfter(postProcess(authorizationServerContextFilter), SecurityContextHolderFilter.class); JWKSource jwkSource = OAuth2ConfigurerUtils.getJwkSource(httpSecurity); if (jwkSource != null) { diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/ProviderContext.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContext.java similarity index 77% rename from oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/ProviderContext.java rename to oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContext.java index a2ce5204..d0c76142 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/ProviderContext.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContext.java @@ -22,24 +22,24 @@ import org.springframework.security.oauth2.server.authorization.settings.Authori import org.springframework.util.Assert; /** - * A context that holds information of the Provider. + * A context that holds information of the Authorization Server runtime environment. * * @author Joe Grandja * @since 0.2.2 * @see AuthorizationServerSettings - * @see ProviderContextHolder + * @see AuthorizationServerContextHolder */ -public final class ProviderContext { +public final class AuthorizationServerContext { private final AuthorizationServerSettings authorizationServerSettings; private final Supplier issuerSupplier; /** - * Constructs a {@code ProviderContext} using the provided parameters. + * Constructs an {@code AuthorizationServerContext} using the provided parameters. * * @param authorizationServerSettings the authorization server settings - * @param issuerSupplier a {@code Supplier} for the {@code URL} of the Provider's issuer identifier + * @param issuerSupplier a {@code Supplier} for the {@code URL} of the Authorization Server's issuer identifier */ - public ProviderContext(AuthorizationServerSettings authorizationServerSettings, @Nullable Supplier issuerSupplier) { + public AuthorizationServerContext(AuthorizationServerSettings authorizationServerSettings, @Nullable Supplier issuerSupplier) { Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null"); this.authorizationServerSettings = authorizationServerSettings; this.issuerSupplier = issuerSupplier; @@ -55,11 +55,11 @@ public final class ProviderContext { } /** - * Returns the {@code URL} of the Provider's issuer identifier. + * Returns the {@code URL} of the Authorization Server's issuer identifier. * The issuer identifier is resolved from the constructor parameter {@code Supplier} * or if not provided then defaults to {@link AuthorizationServerSettings#getIssuer()}. * - * @return the {@code URL} of the Provider's issuer identifier + * @return the {@code URL} of the Authorization Server's issuer identifier */ public String getIssuer() { return this.issuerSupplier != null ? diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContextHolder.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContextHolder.java new file mode 100644 index 00000000..c15b4259 --- /dev/null +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContextHolder.java @@ -0,0 +1,63 @@ +/* + * Copyright 2020-2022 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.server.authorization.context; + +import org.springframework.security.oauth2.server.authorization.web.AuthorizationServerContextFilter; + +/** + * A holder of the {@link AuthorizationServerContext} that associates it with the current thread using a {@code ThreadLocal}. + * + * @author Joe Grandja + * @since 0.2.2 + * @see AuthorizationServerContext + * @see AuthorizationServerContextFilter + */ +public final class AuthorizationServerContextHolder { + private static final ThreadLocal holder = new ThreadLocal<>(); + + private AuthorizationServerContextHolder() { + } + + /** + * Returns the {@link AuthorizationServerContext} bound to the current thread. + * + * @return the {@link AuthorizationServerContext} + */ + public static AuthorizationServerContext getContext() { + return holder.get(); + } + + /** + * Bind the given {@link AuthorizationServerContext} to the current thread. + * + * @param authorizationServerContext the {@link AuthorizationServerContext} + */ + public static void setContext(AuthorizationServerContext authorizationServerContext) { + if (authorizationServerContext == null) { + resetContext(); + } else { + holder.set(authorizationServerContext); + } + } + + /** + * Reset the {@link AuthorizationServerContext} bound to the current thread. + */ + public static void resetContext() { + holder.remove(); + } + +} diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/ProviderContextHolder.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/ProviderContextHolder.java deleted file mode 100644 index dfeac7dd..00000000 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/ProviderContextHolder.java +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright 2020-2022 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.springframework.security.oauth2.server.authorization.context; - -import org.springframework.security.oauth2.server.authorization.web.ProviderContextFilter; - -/** - * A holder of {@link ProviderContext} that associates it with the current thread using a {@code ThreadLocal}. - * - * @author Joe Grandja - * @since 0.2.2 - * @see ProviderContext - * @see ProviderContextFilter - */ -public final class ProviderContextHolder { - private static final ThreadLocal holder = new ThreadLocal<>(); - - private ProviderContextHolder() { - } - - /** - * Returns the {@link ProviderContext} bound to the current thread. - * - * @return the {@link ProviderContext} - */ - public static ProviderContext getProviderContext() { - return holder.get(); - } - - /** - * Bind the given {@link ProviderContext} to the current thread. - * - * @param providerContext the {@link ProviderContext} - */ - public static void setProviderContext(ProviderContext providerContext) { - if (providerContext == null) { - resetProviderContext(); - } else { - holder.set(providerContext); - } - } - - /** - * Reset the {@link ProviderContext} bound to the current thread. - */ - public static void resetProviderContext() { - holder.remove(); - } - -} diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java index 3c210cbe..8880e605 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java @@ -49,8 +49,8 @@ import org.springframework.security.oauth2.server.authorization.OAuth2TokenType; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.oidc.OidcClientMetadataClaimNames; import org.springframework.security.oauth2.server.authorization.oidc.OidcClientRegistration; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; @@ -212,7 +212,7 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder() .registeredClient(registeredClient) .principal(clientPrincipal) - .providerContext(ProviderContextHolder.getProviderContext()) + .authorizationServerContext(AuthorizationServerContextHolder.getContext()) .authorizedScopes(authorizedScopes) .tokenType(OAuth2TokenType.ACCESS_TOKEN) .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS) @@ -276,9 +276,9 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe scopes.addAll(registeredClient.getScopes())); } - ProviderContext providerContext = ProviderContextHolder.getProviderContext(); - String registrationClientUri = UriComponentsBuilder.fromUriString(providerContext.getIssuer()) - .path(providerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint()) + AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext(); + String registrationClientUri = UriComponentsBuilder.fromUriString(authorizationServerContext.getIssuer()) + .path(authorizationServerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint()) .queryParam(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId()) .toUriString(); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java index 4d8afee7..ee01c55b 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java @@ -32,7 +32,7 @@ import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType; import org.springframework.security.oauth2.core.oidc.OidcScopes; import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.oidc.OidcProviderConfiguration; import org.springframework.security.oauth2.server.authorization.oidc.http.converter.OidcProviderConfigurationHttpMessageConverter; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; @@ -80,7 +80,7 @@ public final class OidcProviderConfigurationEndpointFilter extends OncePerReques return; } - String issuer = ProviderContextHolder.getProviderContext().getIssuer(); + String issuer = AuthorizationServerContextHolder.getContext().getIssuer(); OidcProviderConfiguration providerConfiguration = OidcProviderConfiguration.builder() .issuer(issuer) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/JwtGenerator.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/JwtGenerator.java index d5cf84ee..318cf6a6 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/JwtGenerator.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/JwtGenerator.java @@ -82,8 +82,8 @@ public final class JwtGenerator implements OAuth2TokenGenerator { } String issuer = null; - if (context.getProviderContext() != null) { - issuer = context.getProviderContext().getIssuer(); + if (context.getAuthorizationServerContext() != null) { + issuer = context.getAuthorizationServerContext().getIssuer(); } RegisteredClient registeredClient = context.getRegisteredClient(); @@ -132,7 +132,7 @@ public final class JwtGenerator implements OAuth2TokenGenerator { JwtEncodingContext.Builder jwtContextBuilder = JwtEncodingContext.with(jwsHeaderBuilder, claimsBuilder) .registeredClient(context.getRegisteredClient()) .principal(context.getPrincipal()) - .providerContext(context.getProviderContext()) + .authorizationServerContext(context.getAuthorizationServerContext()) .authorizedScopes(context.getAuthorizedScopes()) .tokenType(context.getTokenType()) .authorizationGrantType(context.getAuthorizationGrantType()); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGenerator.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGenerator.java index 88823c87..4e203335 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGenerator.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGenerator.java @@ -61,8 +61,8 @@ public final class OAuth2AccessTokenGenerator implements OAuth2TokenGenerator resolveIssuer(this.authorizationServerSettings, request)); - ProviderContextHolder.setProviderContext(providerContext); + AuthorizationServerContextHolder.setContext(authorizationServerContext); filterChain.doFilter(request, response); } finally { - ProviderContextHolder.resetProviderContext(); + AuthorizationServerContextHolder.resetContext(); } } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java index 8d78de0b..f2b78b69 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java @@ -31,7 +31,7 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationServerMetadata; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.http.converter.OAuth2AuthorizationServerMetadataHttpMessageConverter; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @@ -78,7 +78,7 @@ public final class OAuth2AuthorizationServerMetadataEndpointFilter extends OnceP return; } - String issuer = ProviderContextHolder.getProviderContext().getIssuer(); + String issuer = AuthorizationServerContextHolder.getContext().getIssuer(); OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.builder() .issuer(issuer) diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProviderTests.java index a9950ef5..de66519e 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProviderTests.java @@ -57,8 +57,8 @@ import org.springframework.security.oauth2.server.authorization.TestOAuth2Author import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; import org.springframework.web.util.UriComponentsBuilder; @@ -100,7 +100,7 @@ public class JwtClientAssertionAuthenticationProviderTests { this.authenticationProvider = new JwtClientAssertionAuthenticationProvider( this.registeredClientRepository, this.authorizationService); this.authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://auth-server.com").build(); - ProviderContextHolder.setProviderContext(new ProviderContext(this.authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(this.authorizationServerSettings, null)); } @Test diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java index e02659c1..90087e00 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java @@ -54,8 +54,8 @@ import org.springframework.security.oauth2.server.authorization.OAuth2TokenType; import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; @@ -119,12 +119,12 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { this.authenticationProvider = new OAuth2AuthorizationCodeAuthenticationProvider( this.authorizationService, this.tokenGenerator); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); } @After public void cleanup() { - ProviderContextHolder.resetProviderContext(); + AuthorizationServerContextHolder.resetContext(); } @Test diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProviderTests.java index db832690..a57e2c14 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProviderTests.java @@ -48,8 +48,8 @@ import org.springframework.security.oauth2.server.authorization.TestOAuth2Author import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; @@ -88,7 +88,7 @@ public class OAuth2AuthorizationCodeRequestAuthenticationProviderTests { this.principal = new TestingAuthenticationToken("principalName", "password"); this.principal.setAuthenticated(true); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); } @Test diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java index 9ce5b778..2ec7fda6 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java @@ -42,8 +42,8 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat import org.springframework.security.oauth2.server.authorization.OAuth2TokenType; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; @@ -100,12 +100,12 @@ public class OAuth2ClientCredentialsAuthenticationProviderTests { this.authenticationProvider = new OAuth2ClientCredentialsAuthenticationProvider( this.authorizationService, this.tokenGenerator); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); } @After public void cleanup() { - ProviderContextHolder.resetProviderContext(); + AuthorizationServerContextHolder.resetContext(); } @Test diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java index b116eee3..a17b5da8 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java @@ -51,8 +51,8 @@ import org.springframework.security.oauth2.server.authorization.OAuth2TokenType; import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; @@ -117,12 +117,12 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { this.authenticationProvider = new OAuth2RefreshTokenAuthenticationProvider( this.authorizationService, this.tokenGenerator); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); } @After public void cleanup() { - ProviderContextHolder.resetProviderContext(); + AuthorizationServerContextHolder.resetContext(); } @Test diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java index 9b4050a8..df053fa1 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java @@ -52,8 +52,8 @@ import org.springframework.security.oauth2.server.authorization.TestOAuth2Author import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.oidc.OidcClientMetadataClaimNames; import org.springframework.security.oauth2.server.authorization.oidc.OidcClientRegistration; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; @@ -104,14 +104,14 @@ public class OidcClientRegistrationAuthenticationProviderTests { } }); this.authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - ProviderContextHolder.setProviderContext(new ProviderContext(this.authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(this.authorizationServerSettings, null)); this.authenticationProvider = new OidcClientRegistrationAuthenticationProvider( this.registeredClientRepository, this.authorizationService, this.tokenGenerator); } @After public void cleanup() { - ProviderContextHolder.resetProviderContext(); + AuthorizationServerContextHolder.resetContext(); } @Test @@ -612,9 +612,9 @@ public class OidcClientRegistrationAuthenticationProviderTests { assertThat(clientRegistrationResult.getIdTokenSignedResponseAlgorithm()) .isEqualTo(registeredClientResult.getTokenSettings().getIdTokenSignatureAlgorithm().getName()); - ProviderContext providerContext = ProviderContextHolder.getProviderContext(); - String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(providerContext.getIssuer()) - .path(providerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint()) + AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext(); + String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(authorizationServerContext.getIssuer()) + .path(authorizationServerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint()) .queryParam(OAuth2ParameterNames.CLIENT_ID, registeredClientResult.getClientId()).toUriString(); assertThat(clientRegistrationResult.getRegistrationClientUrl().toString()).isEqualTo(expectedRegistrationClientUrl); @@ -808,9 +808,9 @@ public class OidcClientRegistrationAuthenticationProviderTests { assertThat(clientRegistrationResult.getIdTokenSignedResponseAlgorithm()) .isEqualTo(registeredClient.getTokenSettings().getIdTokenSignatureAlgorithm().getName()); - ProviderContext providerContext = ProviderContextHolder.getProviderContext(); - String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(providerContext.getIssuer()) - .path(providerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint()) + AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext(); + String expectedRegistrationClientUrl = UriComponentsBuilder.fromUriString(authorizationServerContext.getIssuer()) + .path(authorizationServerContext.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint()) .queryParam(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId()).toUriString(); assertThat(clientRegistrationResult.getRegistrationClientUrl().toString()).isEqualTo(expectedRegistrationClientUrl); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java index 2439e046..b41183f9 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java @@ -25,8 +25,8 @@ import org.junit.Test; import org.springframework.http.MediaType; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import static org.assertj.core.api.Assertions.assertThat; @@ -46,7 +46,7 @@ public class OidcProviderConfigurationEndpointFilterTests { @After public void cleanup() { - ProviderContextHolder.resetProviderContext(); + AuthorizationServerContextHolder.resetContext(); } @Test @@ -107,7 +107,7 @@ public class OidcProviderConfigurationEndpointFilterTests { .tokenRevocationEndpoint(tokenRevocationEndpoint) .tokenIntrospectionEndpoint(tokenIntrospectionEndpoint) .build(); - ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); OidcProviderConfigurationEndpointFilter filter = new OidcProviderConfigurationEndpointFilter(authorizationServerSettings); @@ -145,7 +145,7 @@ public class OidcProviderConfigurationEndpointFilterTests { AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder() .issuer("https://this is an invalid URL") .build(); - ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); OidcProviderConfigurationEndpointFilter filter = new OidcProviderConfigurationEndpointFilter(authorizationServerSettings); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java index 5fd725a1..a708cfa2 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java @@ -46,7 +46,7 @@ import org.springframework.security.oauth2.server.authorization.authentication.O import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; @@ -66,7 +66,7 @@ public class JwtGeneratorTests { private JwtEncoder jwtEncoder; private OAuth2TokenCustomizer jwtCustomizer; private JwtGenerator jwtGenerator; - private ProviderContext providerContext; + private AuthorizationServerContext authorizationServerContext; @Before public void setUp() { @@ -75,7 +75,7 @@ public class JwtGeneratorTests { this.jwtGenerator = new JwtGenerator(this.jwtEncoder); this.jwtGenerator.setJwtCustomizer(this.jwtCustomizer); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - this.providerContext = new ProviderContext(authorizationServerSettings, null); + this.authorizationServerContext = new AuthorizationServerContext(authorizationServerSettings, null); } @Test @@ -137,7 +137,7 @@ public class JwtGeneratorTests { OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder() .registeredClient(registeredClient) .principal(authorization.getAttribute(Principal.class.getName())) - .providerContext(this.providerContext) + .authorizationServerContext(this.authorizationServerContext) .authorization(authorization) .authorizedScopes(authorization.getAuthorizedScopes()) .tokenType(OAuth2TokenType.ACCESS_TOKEN) @@ -168,7 +168,7 @@ public class JwtGeneratorTests { OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder() .registeredClient(registeredClient) .principal(authorization.getAttribute(Principal.class.getName())) - .providerContext(this.providerContext) + .authorizationServerContext(this.authorizationServerContext) .authorization(authorization) .authorizedScopes(authorization.getAuthorizedScopes()) .tokenType(ID_TOKEN_TOKEN_TYPE) @@ -204,7 +204,7 @@ public class JwtGeneratorTests { assertThat(jwsHeader.getAlgorithm()).isEqualTo(SignatureAlgorithm.RS256); JwtClaimsSet jwtClaimsSet = jwtEncoderParametersCaptor.getValue().getClaims(); - assertThat(jwtClaimsSet.getIssuer().toExternalForm()).isEqualTo(tokenContext.getProviderContext().getIssuer()); + assertThat(jwtClaimsSet.getIssuer().toExternalForm()).isEqualTo(tokenContext.getAuthorizationServerContext().getIssuer()); assertThat(jwtClaimsSet.getSubject()).isEqualTo(tokenContext.getAuthorization().getPrincipalName()); assertThat(jwtClaimsSet.getAudience()).containsExactly(tokenContext.getRegisteredClient().getClientId()); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGeneratorTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGeneratorTests.java index 6d778a06..ea3b0b50 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGeneratorTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGeneratorTests.java @@ -38,7 +38,7 @@ import org.springframework.security.oauth2.server.authorization.authentication.O import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; @@ -56,7 +56,7 @@ import static org.mockito.Mockito.verify; public class OAuth2AccessTokenGeneratorTests { private OAuth2TokenCustomizer accessTokenCustomizer; private OAuth2AccessTokenGenerator accessTokenGenerator; - private ProviderContext providerContext; + private AuthorizationServerContext authorizationServerContext; @Before public void setUp() { @@ -64,7 +64,7 @@ public class OAuth2AccessTokenGeneratorTests { this.accessTokenGenerator = new OAuth2AccessTokenGenerator(); this.accessTokenGenerator.setAccessTokenCustomizer(this.accessTokenCustomizer); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - this.providerContext = new ProviderContext(authorizationServerSettings, null); + this.authorizationServerContext = new AuthorizationServerContext(authorizationServerSettings, null); } @Test @@ -134,7 +134,7 @@ public class OAuth2AccessTokenGeneratorTests { OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder() .registeredClient(registeredClient) .principal(principal) - .providerContext(this.providerContext) + .authorizationServerContext(this.authorizationServerContext) .authorization(authorization) .authorizedScopes(authorization.getAuthorizedScopes()) .tokenType(OAuth2TokenType.ACCESS_TOKEN) @@ -156,7 +156,7 @@ public class OAuth2AccessTokenGeneratorTests { OAuth2TokenClaimAccessor accessTokenClaims = ((ClaimAccessor) accessToken)::getClaims; assertThat(accessTokenClaims.getClaims()).isNotEmpty(); - assertThat(accessTokenClaims.getIssuer().toExternalForm()).isEqualTo(tokenContext.getProviderContext().getIssuer()); + assertThat(accessTokenClaims.getIssuer().toExternalForm()).isEqualTo(tokenContext.getAuthorizationServerContext().getIssuer()); assertThat(accessTokenClaims.getSubject()).isEqualTo(tokenContext.getPrincipal().getName()); assertThat(accessTokenClaims.getAudience()).isEqualTo( Collections.singletonList(tokenContext.getRegisteredClient().getClientId())); @@ -175,7 +175,7 @@ public class OAuth2AccessTokenGeneratorTests { assertThat(tokenClaimsContext.getClaims()).isNotNull(); assertThat(tokenClaimsContext.getRegisteredClient()).isEqualTo(tokenContext.getRegisteredClient()); assertThat(tokenClaimsContext.getPrincipal()).isEqualTo(tokenContext.getPrincipal()); - assertThat(tokenClaimsContext.getProviderContext()).isEqualTo(tokenContext.getProviderContext()); + assertThat(tokenClaimsContext.getAuthorizationServerContext()).isEqualTo(tokenContext.getAuthorizationServerContext()); assertThat(tokenClaimsContext.getAuthorization()).isEqualTo(tokenContext.getAuthorization()); assertThat(tokenClaimsContext.getAuthorizedScopes()).isEqualTo(tokenContext.getAuthorizedScopes()); assertThat(tokenClaimsContext.getTokenType()).isEqualTo(tokenContext.getTokenType()); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2TokenClaimsContextTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2TokenClaimsContextTests.java index 78bdde1d..2889e759 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2TokenClaimsContextTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2TokenClaimsContextTests.java @@ -34,7 +34,7 @@ import org.springframework.security.oauth2.server.authorization.authentication.O import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import static org.assertj.core.api.Assertions.assertThat; @@ -75,7 +75,7 @@ public class OAuth2TokenClaimsContextTests { OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); Authentication principal = authorization.getAttribute(Principal.class.getName()); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer(issuer).build(); - ProviderContext providerContext = new ProviderContext(authorizationServerSettings, null); + AuthorizationServerContext authorizationServerContext = new AuthorizationServerContext(authorizationServerSettings, null); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute( @@ -88,7 +88,7 @@ public class OAuth2TokenClaimsContextTests { OAuth2TokenClaimsContext context = OAuth2TokenClaimsContext.with(claims) .registeredClient(registeredClient) .principal(principal) - .providerContext(providerContext) + .authorizationServerContext(authorizationServerContext) .authorization(authorization) .tokenType(OAuth2TokenType.ACCESS_TOKEN) .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) @@ -101,7 +101,7 @@ public class OAuth2TokenClaimsContextTests { assertThat(context.getClaims()).isEqualTo(claims); assertThat(context.getRegisteredClient()).isEqualTo(registeredClient); assertThat(context.getPrincipal()).isEqualTo(principal); - assertThat(context.getProviderContext()).isEqualTo(providerContext); + assertThat(context.getAuthorizationServerContext()).isEqualTo(authorizationServerContext); assertThat(context.getAuthorization()).isEqualTo(authorization); assertThat(context.getTokenType()).isEqualTo(OAuth2TokenType.ACCESS_TOKEN); assertThat(context.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/ProviderContextFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/AuthorizationServerContextFilterTests.java similarity index 67% rename from oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/ProviderContextFilterTests.java rename to oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/AuthorizationServerContextFilterTests.java index 68d96126..9d4a9927 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/ProviderContextFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/AuthorizationServerContextFilterTests.java @@ -22,8 +22,8 @@ import org.junit.Test; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import static org.assertj.core.api.Assertions.assertThat; @@ -33,20 +33,20 @@ import static org.mockito.Mockito.doAnswer; import static org.mockito.Mockito.mock; /** - * Tests for {@link ProviderContextFilter}. + * Tests for {@link AuthorizationServerContextFilter}. * * @author Joe Grandja */ -public class ProviderContextFilterTests { +public class AuthorizationServerContextFilterTests { @After public void cleanup() { - ProviderContextHolder.resetProviderContext(); + AuthorizationServerContextHolder.resetContext(); } @Test public void constructorWhenAuthorizationServerSettingsNullThenThrowIllegalArgumentException() { - assertThatThrownBy(() -> new ProviderContextFilter(null)) + assertThatThrownBy(() -> new AuthorizationServerContextFilter(null)) .isInstanceOf(IllegalArgumentException.class) .hasMessage("authorizationServerSettings cannot be null"); } @@ -55,7 +55,7 @@ public class ProviderContextFilterTests { public void doFilterWhenIssuerConfiguredThenUsed() throws Exception { String issuer = "https://provider.com"; AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer(issuer).build(); - ProviderContextFilter filter = new ProviderContextFilter(authorizationServerSettings); + AuthorizationServerContextFilter filter = new AuthorizationServerContextFilter(authorizationServerSettings); MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); request.setServletPath("/"); @@ -63,22 +63,22 @@ public class ProviderContextFilterTests { FilterChain filterChain = mock(FilterChain.class); doAnswer(invocation -> { - ProviderContext providerContext = ProviderContextHolder.getProviderContext(); - assertThat(providerContext).isNotNull(); - assertThat(providerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings); - assertThat(providerContext.getIssuer()).isEqualTo(issuer); + AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext(); + assertThat(authorizationServerContext).isNotNull(); + assertThat(authorizationServerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings); + assertThat(authorizationServerContext.getIssuer()).isEqualTo(issuer); return null; }).when(filterChain).doFilter(any(), any()); filter.doFilter(request, response, filterChain); - assertThat(ProviderContextHolder.getProviderContext()).isNull(); + assertThat(AuthorizationServerContextHolder.getContext()).isNull(); } @Test public void doFilterWhenIssuerNotConfiguredThenResolveFromRequest() throws Exception { AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().build(); - ProviderContextFilter filter = new ProviderContextFilter(authorizationServerSettings); + AuthorizationServerContextFilter filter = new AuthorizationServerContextFilter(authorizationServerSettings); MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); request.setServletPath("/"); @@ -86,16 +86,16 @@ public class ProviderContextFilterTests { FilterChain filterChain = mock(FilterChain.class); doAnswer(invocation -> { - ProviderContext providerContext = ProviderContextHolder.getProviderContext(); - assertThat(providerContext).isNotNull(); - assertThat(providerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings); - assertThat(providerContext.getIssuer()).isEqualTo("http://localhost"); + AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext(); + assertThat(authorizationServerContext).isNotNull(); + assertThat(authorizationServerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings); + assertThat(authorizationServerContext.getIssuer()).isEqualTo("http://localhost"); return null; }).when(filterChain).doFilter(any(), any()); filter.doFilter(request, response, filterChain); - assertThat(ProviderContextHolder.getProviderContext()).isNull(); + assertThat(AuthorizationServerContextHolder.getContext()).isNull(); } } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java index d7c7e2aa..002e9807 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java @@ -25,8 +25,8 @@ import org.junit.Test; import org.springframework.http.MediaType; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.oauth2.server.authorization.context.ProviderContext; -import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import static org.assertj.core.api.Assertions.assertThat; @@ -46,7 +46,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { @After public void cleanup() { - ProviderContextHolder.resetProviderContext(); + AuthorizationServerContextHolder.resetContext(); } @Test @@ -105,7 +105,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { .tokenRevocationEndpoint(tokenRevocationEndpoint) .tokenIntrospectionEndpoint(tokenIntrospectionEndpoint) .build(); - ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); OAuth2AuthorizationServerMetadataEndpointFilter filter = new OAuth2AuthorizationServerMetadataEndpointFilter(authorizationServerSettings); @@ -140,7 +140,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder() .issuer("https://this is an invalid URL") .build(); - ProviderContextHolder.setProviderContext(new ProviderContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); OAuth2AuthorizationServerMetadataEndpointFilter filter = new OAuth2AuthorizationServerMetadataEndpointFilter(authorizationServerSettings); From f583668a9cf7f5317b99cedccfcadd17675ffd1c Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Mon, 22 Aug 2022 16:09:11 -0400 Subject: [PATCH 3/6] Make AuthorizationServerContextFilter private Closes gh-866 --- .../docs/asciidoc/configuration-model.adoc | 3 - .../AuthorizationServerContextFilter.java | 11 +- .../OAuth2AuthorizationServerConfigurer.java | 1 - .../AuthorizationServerContextHolder.java | 3 - ...Auth2AuthorizationServerMetadataTests.java | 22 +++- ...AuthorizationServerContextFilterTests.java | 101 ------------------ 6 files changed, 24 insertions(+), 117 deletions(-) rename oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/{web => config/annotation/web/configurers}/AuthorizationServerContextFilter.java (89%) delete mode 100644 oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/AuthorizationServerContextFilterTests.java diff --git a/docs/src/docs/asciidoc/configuration-model.adoc b/docs/src/docs/asciidoc/configuration-model.adoc index 011d33ee..5614a158 100644 --- a/docs/src/docs/asciidoc/configuration-model.adoc +++ b/docs/src/docs/asciidoc/configuration-model.adoc @@ -182,9 +182,6 @@ If the issuer identifier is not configured in `AuthorizationServerSettings.build [NOTE] The `AuthorizationServerContext` is accessible through the `AuthorizationServerContextHolder`, which associates it with the current request thread by using a `ThreadLocal`. -[NOTE] -The `AuthorizationServerContextFilter` associates the `AuthorizationServerContext` with the `AuthorizationServerContextHolder`. - [[configuring-client-authentication]] == Configuring Client Authentication diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/AuthorizationServerContextFilter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/AuthorizationServerContextFilter.java similarity index 89% rename from oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/AuthorizationServerContextFilter.java rename to oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/AuthorizationServerContextFilter.java index 36a9c095..0f3a7e4a 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/AuthorizationServerContextFilter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/AuthorizationServerContextFilter.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.springframework.security.oauth2.server.authorization.web; +package org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers; import java.io.IOException; @@ -39,15 +39,10 @@ import org.springframework.web.util.UriComponentsBuilder; * @see AuthorizationServerContextHolder * @see AuthorizationServerSettings */ -public final class AuthorizationServerContextFilter extends OncePerRequestFilter { +final class AuthorizationServerContextFilter extends OncePerRequestFilter { private final AuthorizationServerSettings authorizationServerSettings; - /** - * Constructs an {@code AuthorizationServerContextFilter} using the provided parameters. - * - * @param authorizationServerSettings the authorization server settings - */ - public AuthorizationServerContextFilter(AuthorizationServerSettings authorizationServerSettings) { + AuthorizationServerContextFilter(AuthorizationServerSettings authorizationServerSettings) { Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null"); this.authorizationServerSettings = authorizationServerSettings; } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java index 56371ef2..8bb36b2d 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java @@ -33,7 +33,6 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; -import org.springframework.security.oauth2.server.authorization.web.AuthorizationServerContextFilter; import org.springframework.security.oauth2.server.authorization.web.NimbusJwkSetEndpointFilter; import org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationServerMetadataEndpointFilter; import org.springframework.security.web.authentication.HttpStatusEntryPoint; diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContextHolder.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContextHolder.java index c15b4259..fa70ae44 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContextHolder.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContextHolder.java @@ -15,15 +15,12 @@ */ package org.springframework.security.oauth2.server.authorization.context; -import org.springframework.security.oauth2.server.authorization.web.AuthorizationServerContextFilter; - /** * A holder of the {@link AuthorizationServerContext} that associates it with the current thread using a {@code ThreadLocal}. * * @author Joe Grandja * @since 0.2.2 * @see AuthorizationServerContext - * @see AuthorizationServerContextFilter */ public final class AuthorizationServerContextHolder { private static final ThreadLocal holder = new ThreadLocal<>(); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java index d7b181be..7750a77d 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java @@ -92,7 +92,7 @@ public class OAuth2AuthorizationServerMetadataTests { } @Test - public void requestWhenAuthorizationServerMetadataRequestAndIssuerSetThenReturnMetadataResponse() throws Exception { + public void requestWhenAuthorizationServerMetadataRequestAndIssuerSetThenUsed() throws Exception { this.spring.register(AuthorizationServerConfiguration.class).autowire(); this.mvc.perform(get(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI)) @@ -101,6 +101,16 @@ public class OAuth2AuthorizationServerMetadataTests { .andReturn(); } + @Test + public void requestWhenAuthorizationServerMetadataRequestAndIssuerNotSetThenResolveFromRequest() throws Exception { + this.spring.register(AuthorizationServerConfigurationWithIssuerNotSet.class).autowire(); + + this.mvc.perform(get(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI)) + .andExpect(status().is2xxSuccessful()) + .andExpect(jsonPath("issuer").value("http://localhost")) + .andReturn(); + } + @EnableWebSecurity @Import(OAuth2AuthorizationServerConfiguration.class) static class AuthorizationServerConfiguration { @@ -129,4 +139,14 @@ public class OAuth2AuthorizationServerMetadataTests { } } + @EnableWebSecurity + @Import(OAuth2AuthorizationServerConfiguration.class) + static class AuthorizationServerConfigurationWithIssuerNotSet extends AuthorizationServerConfiguration { + + @Bean + AuthorizationServerSettings authorizationServerSettings() { + return AuthorizationServerSettings.builder().build(); + } + } + } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/AuthorizationServerContextFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/AuthorizationServerContextFilterTests.java deleted file mode 100644 index 9d4a9927..00000000 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/AuthorizationServerContextFilterTests.java +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright 2020-2022 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.springframework.security.oauth2.server.authorization.web; - -import javax.servlet.FilterChain; - -import org.junit.After; -import org.junit.Test; - -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; -import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; -import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.assertThatThrownBy; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.Mockito.doAnswer; -import static org.mockito.Mockito.mock; - -/** - * Tests for {@link AuthorizationServerContextFilter}. - * - * @author Joe Grandja - */ -public class AuthorizationServerContextFilterTests { - - @After - public void cleanup() { - AuthorizationServerContextHolder.resetContext(); - } - - @Test - public void constructorWhenAuthorizationServerSettingsNullThenThrowIllegalArgumentException() { - assertThatThrownBy(() -> new AuthorizationServerContextFilter(null)) - .isInstanceOf(IllegalArgumentException.class) - .hasMessage("authorizationServerSettings cannot be null"); - } - - @Test - public void doFilterWhenIssuerConfiguredThenUsed() throws Exception { - String issuer = "https://provider.com"; - AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer(issuer).build(); - AuthorizationServerContextFilter filter = new AuthorizationServerContextFilter(authorizationServerSettings); - - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); - request.setServletPath("/"); - MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain filterChain = mock(FilterChain.class); - - doAnswer(invocation -> { - AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext(); - assertThat(authorizationServerContext).isNotNull(); - assertThat(authorizationServerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings); - assertThat(authorizationServerContext.getIssuer()).isEqualTo(issuer); - return null; - }).when(filterChain).doFilter(any(), any()); - - filter.doFilter(request, response, filterChain); - - assertThat(AuthorizationServerContextHolder.getContext()).isNull(); - } - - @Test - public void doFilterWhenIssuerNotConfiguredThenResolveFromRequest() throws Exception { - AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().build(); - AuthorizationServerContextFilter filter = new AuthorizationServerContextFilter(authorizationServerSettings); - - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); - request.setServletPath("/"); - MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain filterChain = mock(FilterChain.class); - - doAnswer(invocation -> { - AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext(); - assertThat(authorizationServerContext).isNotNull(); - assertThat(authorizationServerContext.getAuthorizationServerSettings()).isSameAs(authorizationServerSettings); - assertThat(authorizationServerContext.getIssuer()).isEqualTo("http://localhost"); - return null; - }).when(filterChain).doFilter(any(), any()); - - filter.doFilter(request, response, filterChain); - - assertThat(AuthorizationServerContextHolder.getContext()).isNull(); - } - -} From aebc613862fffaef3344b0842f902c479e45cc90 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Mon, 22 Aug 2022 16:57:00 -0400 Subject: [PATCH 4/6] Make AuthorizationServerContext an interface Closes gh-867 --- .../AuthorizationServerContextFilter.java | 28 ++++++++++- .../context/AuthorizationServerContext.java | 36 ++------------ ...tAssertionAuthenticationProviderTests.java | 4 +- ...zationCodeAuthenticationProviderTests.java | 4 +- ...odeRequestAuthenticationProviderTests.java | 4 +- ...redentialsAuthenticationProviderTests.java | 4 +- ...freshTokenAuthenticationProviderTests.java | 4 +- .../TestAuthorizationServerContext.java | 47 +++++++++++++++++++ ...gistrationAuthenticationProviderTests.java | 3 +- ...viderConfigurationEndpointFilterTests.java | 6 +-- .../token/JwtGeneratorTests.java | 3 +- .../OAuth2AccessTokenGeneratorTests.java | 3 +- .../token/OAuth2TokenClaimsContextTests.java | 3 +- ...tionServerMetadataEndpointFilterTests.java | 6 +-- 14 files changed, 102 insertions(+), 53 deletions(-) create mode 100644 oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/context/TestAuthorizationServerContext.java diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/AuthorizationServerContextFilter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/AuthorizationServerContextFilter.java index 0f3a7e4a..7f43a559 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/AuthorizationServerContextFilter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/AuthorizationServerContextFilter.java @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers; import java.io.IOException; +import java.util.function.Supplier; import javax.servlet.FilterChain; import javax.servlet.ServletException; @@ -52,8 +53,10 @@ final class AuthorizationServerContextFilter extends OncePerRequestFilter { throws ServletException, IOException { try { - AuthorizationServerContext authorizationServerContext = new AuthorizationServerContext( - this.authorizationServerSettings, () -> resolveIssuer(this.authorizationServerSettings, request)); + AuthorizationServerContext authorizationServerContext = + new DefaultAuthorizationServerContext( + () -> resolveIssuer(this.authorizationServerSettings, request), + this.authorizationServerSettings); AuthorizationServerContextHolder.setContext(authorizationServerContext); filterChain.doFilter(request, response); } finally { @@ -78,4 +81,25 @@ final class AuthorizationServerContextFilter extends OncePerRequestFilter { // @formatter:on } + private static final class DefaultAuthorizationServerContext implements AuthorizationServerContext { + private final Supplier issuerSupplier; + private final AuthorizationServerSettings authorizationServerSettings; + + private DefaultAuthorizationServerContext(Supplier issuerSupplier, AuthorizationServerSettings authorizationServerSettings) { + this.issuerSupplier = issuerSupplier; + this.authorizationServerSettings = authorizationServerSettings; + } + + @Override + public String getIssuer() { + return this.issuerSupplier.get(); + } + + @Override + public AuthorizationServerSettings getAuthorizationServerSettings() { + return this.authorizationServerSettings; + } + + } + } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContext.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContext.java index d0c76142..a12ef305 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContext.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContext.java @@ -15,11 +15,7 @@ */ package org.springframework.security.oauth2.server.authorization.context; -import java.util.function.Supplier; - -import org.springframework.lang.Nullable; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; -import org.springframework.util.Assert; /** * A context that holds information of the Authorization Server runtime environment. @@ -29,42 +25,20 @@ import org.springframework.util.Assert; * @see AuthorizationServerSettings * @see AuthorizationServerContextHolder */ -public final class AuthorizationServerContext { - private final AuthorizationServerSettings authorizationServerSettings; - private final Supplier issuerSupplier; +public interface AuthorizationServerContext { /** - * Constructs an {@code AuthorizationServerContext} using the provided parameters. + * Returns the {@code URL} of the Authorization Server's issuer identifier. * - * @param authorizationServerSettings the authorization server settings - * @param issuerSupplier a {@code Supplier} for the {@code URL} of the Authorization Server's issuer identifier + * @return the {@code URL} of the Authorization Server's issuer identifier */ - public AuthorizationServerContext(AuthorizationServerSettings authorizationServerSettings, @Nullable Supplier issuerSupplier) { - Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null"); - this.authorizationServerSettings = authorizationServerSettings; - this.issuerSupplier = issuerSupplier; - } + String getIssuer(); /** * Returns the {@link AuthorizationServerSettings}. * * @return the {@link AuthorizationServerSettings} */ - public AuthorizationServerSettings getAuthorizationServerSettings() { - return this.authorizationServerSettings; - } - - /** - * Returns the {@code URL} of the Authorization Server's issuer identifier. - * The issuer identifier is resolved from the constructor parameter {@code Supplier} - * or if not provided then defaults to {@link AuthorizationServerSettings#getIssuer()}. - * - * @return the {@code URL} of the Authorization Server's issuer identifier - */ - public String getIssuer() { - return this.issuerSupplier != null ? - this.issuerSupplier.get() : - getAuthorizationServerSettings().getIssuer(); - } + AuthorizationServerSettings getAuthorizationServerSettings(); } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProviderTests.java index de66519e..1ddb1aed 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProviderTests.java @@ -57,8 +57,8 @@ import org.springframework.security.oauth2.server.authorization.TestOAuth2Author import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; +import org.springframework.security.oauth2.server.authorization.context.TestAuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; import org.springframework.web.util.UriComponentsBuilder; @@ -100,7 +100,7 @@ public class JwtClientAssertionAuthenticationProviderTests { this.authenticationProvider = new JwtClientAssertionAuthenticationProvider( this.registeredClientRepository, this.authorizationService); this.authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://auth-server.com").build(); - AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(this.authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(this.authorizationServerSettings, null)); } @Test diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java index 90087e00..984c410b 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java @@ -54,8 +54,8 @@ import org.springframework.security.oauth2.server.authorization.OAuth2TokenType; import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; +import org.springframework.security.oauth2.server.authorization.context.TestAuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; @@ -119,7 +119,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { this.authenticationProvider = new OAuth2AuthorizationCodeAuthenticationProvider( this.authorizationService, this.tokenGenerator); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(authorizationServerSettings, null)); } @After diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProviderTests.java index a57e2c14..f86d2283 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProviderTests.java @@ -48,8 +48,8 @@ import org.springframework.security.oauth2.server.authorization.TestOAuth2Author import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; +import org.springframework.security.oauth2.server.authorization.context.TestAuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; @@ -88,7 +88,7 @@ public class OAuth2AuthorizationCodeRequestAuthenticationProviderTests { this.principal = new TestingAuthenticationToken("principalName", "password"); this.principal.setAuthenticated(true); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(authorizationServerSettings, null)); } @Test diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java index 2ec7fda6..b59d2485 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java @@ -42,8 +42,8 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat import org.springframework.security.oauth2.server.authorization.OAuth2TokenType; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; +import org.springframework.security.oauth2.server.authorization.context.TestAuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; @@ -100,7 +100,7 @@ public class OAuth2ClientCredentialsAuthenticationProviderTests { this.authenticationProvider = new OAuth2ClientCredentialsAuthenticationProvider( this.authorizationService, this.tokenGenerator); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(authorizationServerSettings, null)); } @After diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java index a17b5da8..147ce07d 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java @@ -51,8 +51,8 @@ import org.springframework.security.oauth2.server.authorization.OAuth2TokenType; import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; -import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; +import org.springframework.security.oauth2.server.authorization.context.TestAuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; @@ -117,7 +117,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { this.authenticationProvider = new OAuth2RefreshTokenAuthenticationProvider( this.authorizationService, this.tokenGenerator); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(authorizationServerSettings, null)); } @After diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/context/TestAuthorizationServerContext.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/context/TestAuthorizationServerContext.java new file mode 100644 index 00000000..19e8299c --- /dev/null +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/context/TestAuthorizationServerContext.java @@ -0,0 +1,47 @@ +/* + * Copyright 2020-2022 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.server.authorization.context; + +import java.util.function.Supplier; + +import org.springframework.lang.Nullable; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; + +/** + * @author Joe Grandja + */ +public class TestAuthorizationServerContext implements AuthorizationServerContext { + private final AuthorizationServerSettings authorizationServerSettings; + private final Supplier issuerSupplier; + + public TestAuthorizationServerContext(AuthorizationServerSettings authorizationServerSettings, @Nullable Supplier issuerSupplier) { + this.authorizationServerSettings = authorizationServerSettings; + this.issuerSupplier = issuerSupplier; + } + + @Override + public String getIssuer() { + return this.issuerSupplier != null ? + this.issuerSupplier.get() : + getAuthorizationServerSettings().getIssuer(); + } + + @Override + public AuthorizationServerSettings getAuthorizationServerSettings() { + return this.authorizationServerSettings; + } + +} diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java index df053fa1..a7191385 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java @@ -54,6 +54,7 @@ import org.springframework.security.oauth2.server.authorization.client.Registere import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; +import org.springframework.security.oauth2.server.authorization.context.TestAuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.oidc.OidcClientMetadataClaimNames; import org.springframework.security.oauth2.server.authorization.oidc.OidcClientRegistration; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; @@ -104,7 +105,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { } }); this.authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(this.authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(this.authorizationServerSettings, null)); this.authenticationProvider = new OidcClientRegistrationAuthenticationProvider( this.registeredClientRepository, this.authorizationService, this.tokenGenerator); } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java index b41183f9..a21ab987 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java @@ -25,8 +25,8 @@ import org.junit.Test; import org.springframework.http.MediaType; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; +import org.springframework.security.oauth2.server.authorization.context.TestAuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import static org.assertj.core.api.Assertions.assertThat; @@ -107,7 +107,7 @@ public class OidcProviderConfigurationEndpointFilterTests { .tokenRevocationEndpoint(tokenRevocationEndpoint) .tokenIntrospectionEndpoint(tokenIntrospectionEndpoint) .build(); - AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(authorizationServerSettings, null)); OidcProviderConfigurationEndpointFilter filter = new OidcProviderConfigurationEndpointFilter(authorizationServerSettings); @@ -145,7 +145,7 @@ public class OidcProviderConfigurationEndpointFilterTests { AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder() .issuer("https://this is an invalid URL") .build(); - AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(authorizationServerSettings, null)); OidcProviderConfigurationEndpointFilter filter = new OidcProviderConfigurationEndpointFilter(authorizationServerSettings); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java index a708cfa2..b4f672cf 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java @@ -47,6 +47,7 @@ import org.springframework.security.oauth2.server.authorization.authentication.O import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.TestAuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; @@ -75,7 +76,7 @@ public class JwtGeneratorTests { this.jwtGenerator = new JwtGenerator(this.jwtEncoder); this.jwtGenerator.setJwtCustomizer(this.jwtCustomizer); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - this.authorizationServerContext = new AuthorizationServerContext(authorizationServerSettings, null); + this.authorizationServerContext = new TestAuthorizationServerContext(authorizationServerSettings, null); } @Test diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGeneratorTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGeneratorTests.java index ea3b0b50..132bc05d 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGeneratorTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGeneratorTests.java @@ -39,6 +39,7 @@ import org.springframework.security.oauth2.server.authorization.authentication.O import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.TestAuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; @@ -64,7 +65,7 @@ public class OAuth2AccessTokenGeneratorTests { this.accessTokenGenerator = new OAuth2AccessTokenGenerator(); this.accessTokenGenerator.setAccessTokenCustomizer(this.accessTokenCustomizer); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer("https://provider.com").build(); - this.authorizationServerContext = new AuthorizationServerContext(authorizationServerSettings, null); + this.authorizationServerContext = new TestAuthorizationServerContext(authorizationServerSettings, null); } @Test diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2TokenClaimsContextTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2TokenClaimsContextTests.java index 2889e759..4f042295 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2TokenClaimsContextTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/OAuth2TokenClaimsContextTests.java @@ -35,6 +35,7 @@ import org.springframework.security.oauth2.server.authorization.authentication.O import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; +import org.springframework.security.oauth2.server.authorization.context.TestAuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import static org.assertj.core.api.Assertions.assertThat; @@ -75,7 +76,7 @@ public class OAuth2TokenClaimsContextTests { OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); Authentication principal = authorization.getAttribute(Principal.class.getName()); AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().issuer(issuer).build(); - AuthorizationServerContext authorizationServerContext = new AuthorizationServerContext(authorizationServerSettings, null); + AuthorizationServerContext authorizationServerContext = new TestAuthorizationServerContext(authorizationServerSettings, null); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret()); OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute( diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java index 002e9807..2e222279 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java @@ -25,8 +25,8 @@ import org.junit.Test; import org.springframework.http.MediaType; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; +import org.springframework.security.oauth2.server.authorization.context.TestAuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import static org.assertj.core.api.Assertions.assertThat; @@ -105,7 +105,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { .tokenRevocationEndpoint(tokenRevocationEndpoint) .tokenIntrospectionEndpoint(tokenIntrospectionEndpoint) .build(); - AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(authorizationServerSettings, null)); OAuth2AuthorizationServerMetadataEndpointFilter filter = new OAuth2AuthorizationServerMetadataEndpointFilter(authorizationServerSettings); @@ -140,7 +140,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder() .issuer("https://this is an invalid URL") .build(); - AuthorizationServerContextHolder.setContext(new AuthorizationServerContext(authorizationServerSettings, null)); + AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(authorizationServerSettings, null)); OAuth2AuthorizationServerMetadataEndpointFilter filter = new OAuth2AuthorizationServerMetadataEndpointFilter(authorizationServerSettings); From 6b66719a83fd0968aede23d6ce9f075885a616b5 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Tue, 23 Aug 2022 13:32:51 -0400 Subject: [PATCH 5/6] Remove constructor in OAuth2AuthorizationServerMetadataEndpointFilter Closes gh-868 --- .../OAuth2AuthorizationServerConfigurer.java | 2 +- ...orizationServerMetadataEndpointFilter.java | 30 ++++++++----------- ...tionServerMetadataEndpointFilterTests.java | 27 ++++++++--------- 3 files changed, 25 insertions(+), 34 deletions(-) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java index 8bb36b2d..28919e88 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java @@ -255,7 +255,7 @@ public final class OAuth2AuthorizationServerConfigurer } OAuth2AuthorizationServerMetadataEndpointFilter authorizationServerMetadataEndpointFilter = - new OAuth2AuthorizationServerMetadataEndpointFilter(authorizationServerSettings); + new OAuth2AuthorizationServerMetadataEndpointFilter(); httpSecurity.addFilterBefore(postProcess(authorizationServerMetadataEndpointFilter), AbstractPreAuthenticatedProcessingFilter.class); } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java index f2b78b69..6823b026 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java @@ -31,12 +31,12 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationServerMetadata; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.http.converter.OAuth2AuthorizationServerMetadataHttpMessageConverter; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; -import org.springframework.util.Assert; import org.springframework.web.filter.OncePerRequestFilter; import org.springframework.web.util.UriComponentsBuilder; @@ -55,20 +55,12 @@ public final class OAuth2AuthorizationServerMetadataEndpointFilter extends OnceP */ private static final String DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI = "/.well-known/oauth-authorization-server"; - private final AuthorizationServerSettings authorizationServerSettings; - private final RequestMatcher requestMatcher; + private final RequestMatcher requestMatcher = new AntPathRequestMatcher( + DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI, + HttpMethod.GET.name()); private final OAuth2AuthorizationServerMetadataHttpMessageConverter authorizationServerMetadataHttpMessageConverter = new OAuth2AuthorizationServerMetadataHttpMessageConverter(); - public OAuth2AuthorizationServerMetadataEndpointFilter(AuthorizationServerSettings authorizationServerSettings) { - Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null"); - this.authorizationServerSettings = authorizationServerSettings; - this.requestMatcher = new AntPathRequestMatcher( - DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI, - HttpMethod.GET.name() - ); - } - @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { @@ -78,21 +70,23 @@ public final class OAuth2AuthorizationServerMetadataEndpointFilter extends OnceP return; } - String issuer = AuthorizationServerContextHolder.getContext().getIssuer(); + AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext(); + String issuer = authorizationServerContext.getIssuer(); + AuthorizationServerSettings authorizationServerSettings = authorizationServerContext.getAuthorizationServerSettings(); OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.builder() .issuer(issuer) - .authorizationEndpoint(asUrl(issuer, this.authorizationServerSettings.getAuthorizationEndpoint())) - .tokenEndpoint(asUrl(issuer, this.authorizationServerSettings.getTokenEndpoint())) + .authorizationEndpoint(asUrl(issuer, authorizationServerSettings.getAuthorizationEndpoint())) + .tokenEndpoint(asUrl(issuer, authorizationServerSettings.getTokenEndpoint())) .tokenEndpointAuthenticationMethods(clientAuthenticationMethods()) - .jwkSetUrl(asUrl(issuer, this.authorizationServerSettings.getJwkSetEndpoint())) + .jwkSetUrl(asUrl(issuer, authorizationServerSettings.getJwkSetEndpoint())) .responseType(OAuth2AuthorizationResponseType.CODE.getValue()) .grantType(AuthorizationGrantType.AUTHORIZATION_CODE.getValue()) .grantType(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()) .grantType(AuthorizationGrantType.REFRESH_TOKEN.getValue()) - .tokenRevocationEndpoint(asUrl(issuer, this.authorizationServerSettings.getTokenRevocationEndpoint())) + .tokenRevocationEndpoint(asUrl(issuer, authorizationServerSettings.getTokenRevocationEndpoint())) .tokenRevocationEndpointAuthenticationMethods(clientAuthenticationMethods()) - .tokenIntrospectionEndpoint(asUrl(issuer, this.authorizationServerSettings.getTokenIntrospectionEndpoint())) + .tokenIntrospectionEndpoint(asUrl(issuer, authorizationServerSettings.getTokenIntrospectionEndpoint())) .tokenIntrospectionEndpointAuthenticationMethods(clientAuthenticationMethods()) .codeChallengeMethod("S256") .build(); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java index 2e222279..43bb4edd 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java @@ -49,17 +49,13 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { AuthorizationServerContextHolder.resetContext(); } - @Test - public void constructorWhenAuthorizationServerSettingsNullThenThrowIllegalArgumentException() { - assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AuthorizationServerMetadataEndpointFilter(null)) - .withMessage("authorizationServerSettings cannot be null"); - } - @Test public void doFilterWhenNotAuthorizationServerMetadataRequestThenNotProcessed() throws Exception { - OAuth2AuthorizationServerMetadataEndpointFilter filter = - new OAuth2AuthorizationServerMetadataEndpointFilter(AuthorizationServerSettings.builder().issuer("https://example.com").build()); + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder() + .issuer("https://example.com") + .build(); + AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(authorizationServerSettings, null)); + OAuth2AuthorizationServerMetadataEndpointFilter filter = new OAuth2AuthorizationServerMetadataEndpointFilter(); String requestUri = "/path"; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); @@ -74,8 +70,11 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { @Test public void doFilterWhenAuthorizationServerMetadataRequestPostThenNotProcessed() throws Exception { - OAuth2AuthorizationServerMetadataEndpointFilter filter = - new OAuth2AuthorizationServerMetadataEndpointFilter(AuthorizationServerSettings.builder().issuer("https://example.com").build()); + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder() + .issuer("https://example.com") + .build(); + AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(authorizationServerSettings, null)); + OAuth2AuthorizationServerMetadataEndpointFilter filter = new OAuth2AuthorizationServerMetadataEndpointFilter(); String requestUri = DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI; MockHttpServletRequest request = new MockHttpServletRequest("POST", requestUri); @@ -106,8 +105,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { .tokenIntrospectionEndpoint(tokenIntrospectionEndpoint) .build(); AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(authorizationServerSettings, null)); - OAuth2AuthorizationServerMetadataEndpointFilter filter = - new OAuth2AuthorizationServerMetadataEndpointFilter(authorizationServerSettings); + OAuth2AuthorizationServerMetadataEndpointFilter filter = new OAuth2AuthorizationServerMetadataEndpointFilter(); String requestUri = DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); @@ -141,8 +139,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { .issuer("https://this is an invalid URL") .build(); AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(authorizationServerSettings, null)); - OAuth2AuthorizationServerMetadataEndpointFilter filter = - new OAuth2AuthorizationServerMetadataEndpointFilter(authorizationServerSettings); + OAuth2AuthorizationServerMetadataEndpointFilter filter = new OAuth2AuthorizationServerMetadataEndpointFilter(); String requestUri = DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); From 2dabfa02e041c46302e25de847e236c6b53f3776 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Tue, 23 Aug 2022 13:48:14 -0400 Subject: [PATCH 6/6] Remove constructor in OidcProviderConfigurationEndpointFilter Closes gh-869 --- .../web/configurers/OidcConfigurer.java | 4 +-- ...dcProviderConfigurationEndpointFilter.java | 33 ++++++++----------- ...viderConfigurationEndpointFilterTests.java | 24 +++++--------- 3 files changed, 24 insertions(+), 37 deletions(-) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcConfigurer.java index 150a442f..ad91dee3 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcConfigurer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcConfigurer.java @@ -25,7 +25,6 @@ import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.ObjectPostProcessor; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.oauth2.server.authorization.oidc.web.OidcProviderConfigurationEndpointFilter; -import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.OrRequestMatcher; @@ -114,9 +113,8 @@ public final class OidcConfigurer extends AbstractOAuth2Configurer { clientRegistrationEndpointConfigurer.configure(httpSecurity); } - AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity); OidcProviderConfigurationEndpointFilter oidcProviderConfigurationEndpointFilter = - new OidcProviderConfigurationEndpointFilter(authorizationServerSettings); + new OidcProviderConfigurationEndpointFilter(); httpSecurity.addFilterBefore(postProcess(oidcProviderConfigurationEndpointFilter), AbstractPreAuthenticatedProcessingFilter.class); } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java index ee01c55b..4057079f 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java @@ -32,13 +32,13 @@ import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType; import org.springframework.security.oauth2.core.oidc.OidcScopes; import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext; import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.oidc.OidcProviderConfiguration; import org.springframework.security.oauth2.server.authorization.oidc.http.converter.OidcProviderConfigurationHttpMessageConverter; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; -import org.springframework.util.Assert; import org.springframework.web.filter.OncePerRequestFilter; import org.springframework.web.util.UriComponentsBuilder; @@ -57,20 +57,12 @@ public final class OidcProviderConfigurationEndpointFilter extends OncePerReques */ private static final String DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI = "/.well-known/openid-configuration"; - private final AuthorizationServerSettings authorizationServerSettings; - private final RequestMatcher requestMatcher; + private final RequestMatcher requestMatcher = new AntPathRequestMatcher( + DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI, + HttpMethod.GET.name()); private final OidcProviderConfigurationHttpMessageConverter providerConfigurationHttpMessageConverter = new OidcProviderConfigurationHttpMessageConverter(); - public OidcProviderConfigurationEndpointFilter(AuthorizationServerSettings authorizationServerSettings) { - Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null"); - this.authorizationServerSettings = authorizationServerSettings; - this.requestMatcher = new AntPathRequestMatcher( - DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI, - HttpMethod.GET.name() - ); - } - @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { @@ -80,22 +72,24 @@ public final class OidcProviderConfigurationEndpointFilter extends OncePerReques return; } - String issuer = AuthorizationServerContextHolder.getContext().getIssuer(); + AuthorizationServerContext authorizationServerContext = AuthorizationServerContextHolder.getContext(); + String issuer = authorizationServerContext.getIssuer(); + AuthorizationServerSettings authorizationServerSettings = authorizationServerContext.getAuthorizationServerSettings(); OidcProviderConfiguration providerConfiguration = OidcProviderConfiguration.builder() .issuer(issuer) - .authorizationEndpoint(asUrl(issuer, this.authorizationServerSettings.getAuthorizationEndpoint())) - .tokenEndpoint(asUrl(issuer, this.authorizationServerSettings.getTokenEndpoint())) + .authorizationEndpoint(asUrl(issuer, authorizationServerSettings.getAuthorizationEndpoint())) + .tokenEndpoint(asUrl(issuer, authorizationServerSettings.getTokenEndpoint())) .tokenEndpointAuthenticationMethods(clientAuthenticationMethods()) - .jwkSetUrl(asUrl(issuer, this.authorizationServerSettings.getJwkSetEndpoint())) - .userInfoEndpoint(asUrl(issuer, this.authorizationServerSettings.getOidcUserInfoEndpoint())) + .jwkSetUrl(asUrl(issuer, authorizationServerSettings.getJwkSetEndpoint())) + .userInfoEndpoint(asUrl(issuer, authorizationServerSettings.getOidcUserInfoEndpoint())) .responseType(OAuth2AuthorizationResponseType.CODE.getValue()) .grantType(AuthorizationGrantType.AUTHORIZATION_CODE.getValue()) .grantType(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()) .grantType(AuthorizationGrantType.REFRESH_TOKEN.getValue()) - .tokenRevocationEndpoint(asUrl(issuer, this.authorizationServerSettings.getTokenRevocationEndpoint())) + .tokenRevocationEndpoint(asUrl(issuer, authorizationServerSettings.getTokenRevocationEndpoint())) .tokenRevocationEndpointAuthenticationMethods(clientAuthenticationMethods()) - .tokenIntrospectionEndpoint(asUrl(issuer, this.authorizationServerSettings.getTokenIntrospectionEndpoint())) + .tokenIntrospectionEndpoint(asUrl(issuer, authorizationServerSettings.getTokenIntrospectionEndpoint())) .tokenIntrospectionEndpointAuthenticationMethods(clientAuthenticationMethods()) .subjectType("public") .idTokenSigningAlgorithm(SignatureAlgorithm.RS256.getName()) @@ -119,4 +113,5 @@ public final class OidcProviderConfigurationEndpointFilter extends OncePerReques private static String asUrl(String issuer, String endpoint) { return UriComponentsBuilder.fromUriString(issuer).path(endpoint).build().toUriString(); } + } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java index a21ab987..029a1d3a 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java @@ -49,17 +49,11 @@ public class OidcProviderConfigurationEndpointFilterTests { AuthorizationServerContextHolder.resetContext(); } - @Test - public void constructorWhenAuthorizationServerSettingsNullThenThrowIllegalArgumentException() { - assertThatIllegalArgumentException() - .isThrownBy(() -> new OidcProviderConfigurationEndpointFilter(null)) - .withMessage("authorizationServerSettings cannot be null"); - } - @Test public void doFilterWhenNotConfigurationRequestThenNotProcessed() throws Exception { - OidcProviderConfigurationEndpointFilter filter = - new OidcProviderConfigurationEndpointFilter(AuthorizationServerSettings.builder().build()); + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().build(); + AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(authorizationServerSettings, null)); + OidcProviderConfigurationEndpointFilter filter = new OidcProviderConfigurationEndpointFilter(); String requestUri = "/path"; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); @@ -74,8 +68,9 @@ public class OidcProviderConfigurationEndpointFilterTests { @Test public void doFilterWhenConfigurationRequestPostThenNotProcessed() throws Exception { - OidcProviderConfigurationEndpointFilter filter = - new OidcProviderConfigurationEndpointFilter(AuthorizationServerSettings.builder().build()); + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().build(); + AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(authorizationServerSettings, null)); + OidcProviderConfigurationEndpointFilter filter = new OidcProviderConfigurationEndpointFilter(); String requestUri = DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI; MockHttpServletRequest request = new MockHttpServletRequest("POST", requestUri); @@ -108,8 +103,7 @@ public class OidcProviderConfigurationEndpointFilterTests { .tokenIntrospectionEndpoint(tokenIntrospectionEndpoint) .build(); AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(authorizationServerSettings, null)); - OidcProviderConfigurationEndpointFilter filter = - new OidcProviderConfigurationEndpointFilter(authorizationServerSettings); + OidcProviderConfigurationEndpointFilter filter = new OidcProviderConfigurationEndpointFilter(); String requestUri = DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); @@ -146,8 +140,7 @@ public class OidcProviderConfigurationEndpointFilterTests { .issuer("https://this is an invalid URL") .build(); AuthorizationServerContextHolder.setContext(new TestAuthorizationServerContext(authorizationServerSettings, null)); - OidcProviderConfigurationEndpointFilter filter = - new OidcProviderConfigurationEndpointFilter(authorizationServerSettings); + OidcProviderConfigurationEndpointFilter filter = new OidcProviderConfigurationEndpointFilter(); String requestUri = DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); @@ -159,4 +152,5 @@ public class OidcProviderConfigurationEndpointFilterTests { .isThrownBy(() -> filter.doFilter(request, response, filterChain)) .withMessage("issuer must be a valid URL"); } + }