Remove deprecations in ServletOAuth2AuthorizedClientExchangeFilterFunction
Closes gh-11588
This commit is contained in:
Joe Grandja
parent
65db5fa028
commit
054791c26c
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2020 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +16,6 @@
|
|||
|
||||
package org.springframework.security.oauth2.client.web.reactive.function.client;
|
||||
|
||||
import java.time.Duration;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
|
@ -38,18 +37,14 @@ import org.springframework.security.core.Authentication;
|
|||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.oauth2.client.ClientAuthorizationException;
|
||||
import org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizationFailureHandler;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder;
|
||||
import org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider;
|
||||
import org.springframework.security.oauth2.client.RemoveAuthorizedClientOAuth2AuthorizationFailureHandler;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager;
|
||||
|
|
@ -150,16 +145,8 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
|
|||
private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken("anonymous",
|
||||
"anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
|
||||
|
||||
@Deprecated
|
||||
private Duration accessTokenExpiresSkew = Duration.ofMinutes(1);
|
||||
|
||||
@Deprecated
|
||||
private OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient;
|
||||
|
||||
private OAuth2AuthorizedClientManager authorizedClientManager;
|
||||
|
||||
private boolean defaultAuthorizedClientManager;
|
||||
|
||||
private boolean defaultOAuth2AuthorizedClient;
|
||||
|
||||
private String defaultClientRegistrationId;
|
||||
|
|
@ -224,7 +211,6 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
|
|||
clientRegistrationRepository, authorizedClientRepository);
|
||||
defaultAuthorizedClientManager.setAuthorizationFailureHandler(authorizationFailureHandler);
|
||||
this.authorizedClientManager = defaultAuthorizedClientManager;
|
||||
this.defaultAuthorizedClientManager = true;
|
||||
this.clientResponseHandler = new AuthorizationFailureForwarder(authorizationFailureHandler);
|
||||
}
|
||||
|
||||
|
|
@ -235,52 +221,6 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
|
|||
authorizedClientRepository.removeAuthorizedClient(clientRegistrationId, principal, request, response);
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the {@link OAuth2AccessTokenResponseClient} used for getting an
|
||||
* {@link OAuth2AuthorizedClient} for the client_credentials grant.
|
||||
* @param clientCredentialsTokenResponseClient the client to use
|
||||
* @deprecated Use
|
||||
* {@link #ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)}
|
||||
* instead. Create an instance of
|
||||
* {@link ClientCredentialsOAuth2AuthorizedClientProvider} configured with a
|
||||
* {@link ClientCredentialsOAuth2AuthorizedClientProvider#setAccessTokenResponseClient(OAuth2AccessTokenResponseClient)
|
||||
* DefaultClientCredentialsTokenResponseClient} (or a custom one) and than supply it
|
||||
* to
|
||||
* {@link DefaultOAuth2AuthorizedClientManager#setAuthorizedClientProvider(OAuth2AuthorizedClientProvider)
|
||||
* DefaultOAuth2AuthorizedClientManager}.
|
||||
*/
|
||||
@Deprecated
|
||||
public void setClientCredentialsTokenResponseClient(
|
||||
OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient) {
|
||||
Assert.notNull(clientCredentialsTokenResponseClient, "clientCredentialsTokenResponseClient cannot be null");
|
||||
Assert.state(this.defaultAuthorizedClientManager,
|
||||
"The client cannot be set when the constructor used is \"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". "
|
||||
+ "Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
|
||||
this.clientCredentialsTokenResponseClient = clientCredentialsTokenResponseClient;
|
||||
updateDefaultAuthorizedClientManager();
|
||||
}
|
||||
|
||||
private void updateDefaultAuthorizedClientManager() {
|
||||
// @formatter:off
|
||||
OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
|
||||
.authorizationCode()
|
||||
.refreshToken((configurer) -> configurer.clockSkew(this.accessTokenExpiresSkew))
|
||||
.clientCredentials(this::updateClientCredentialsProvider)
|
||||
.password((configurer) -> configurer.clockSkew(this.accessTokenExpiresSkew))
|
||||
.build();
|
||||
// @formatter:on
|
||||
((DefaultOAuth2AuthorizedClientManager) this.authorizedClientManager)
|
||||
.setAuthorizedClientProvider(authorizedClientProvider);
|
||||
}
|
||||
|
||||
private void updateClientCredentialsProvider(
|
||||
OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder builder) {
|
||||
if (this.clientCredentialsTokenResponseClient != null) {
|
||||
builder.accessTokenResponseClient(this.clientCredentialsTokenResponseClient);
|
||||
}
|
||||
builder.clockSkew(this.accessTokenExpiresSkew);
|
||||
}
|
||||
|
||||
/**
|
||||
* If true, a default {@link OAuth2AuthorizedClient} can be discovered from the
|
||||
* current Authentication. It is recommended to be cautious with this feature since
|
||||
|
|
@ -393,27 +333,6 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
|
|||
return (attributes) -> attributes.put(HTTP_SERVLET_RESPONSE_ATTR_NAME, response);
|
||||
}
|
||||
|
||||
/**
|
||||
* An access token will be considered expired by comparing its expiration to now +
|
||||
* this skewed Duration. The default is 1 minute.
|
||||
* @param accessTokenExpiresSkew the Duration to use.
|
||||
* @deprecated The {@code accessTokenExpiresSkew} should be configured with the
|
||||
* specific {@link OAuth2AuthorizedClientProvider} implementation, e.g.
|
||||
* {@link ClientCredentialsOAuth2AuthorizedClientProvider#setClockSkew(Duration)
|
||||
* ClientCredentialsOAuth2AuthorizedClientProvider} or
|
||||
* {@link RefreshTokenOAuth2AuthorizedClientProvider#setClockSkew(Duration)
|
||||
* RefreshTokenOAuth2AuthorizedClientProvider}.
|
||||
*/
|
||||
@Deprecated
|
||||
public void setAccessTokenExpiresSkew(Duration accessTokenExpiresSkew) {
|
||||
Assert.notNull(accessTokenExpiresSkew, "accessTokenExpiresSkew cannot be null");
|
||||
Assert.state(this.defaultAuthorizedClientManager,
|
||||
"The accessTokenExpiresSkew cannot be set when the constructor used is \"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". "
|
||||
+ "Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
|
||||
this.accessTokenExpiresSkew = accessTokenExpiresSkew;
|
||||
updateDefaultAuthorizedClientManager();
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the {@link OAuth2AuthorizationFailureHandler} that handles authentication and
|
||||
* authorization failures when communicating to the OAuth 2.0 Resource Server.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2021 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -73,7 +73,6 @@ import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider
|
|||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder;
|
||||
import org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient;
|
||||
import org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient;
|
||||
import org.springframework.security.oauth2.client.endpoint.JwtBearerGrantRequest;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
|
||||
|
|
@ -112,7 +111,6 @@ import org.springframework.web.reactive.function.client.WebClientResponseExcepti
|
|||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
||||
import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
|
||||
import static org.assertj.core.api.Assertions.entry;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.ArgumentMatchers.eq;
|
||||
|
|
@ -220,35 +218,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
|
|||
.isThrownBy(() -> new ServletOAuth2AuthorizedClientExchangeFilterFunction(null));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void setClientCredentialsTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() {
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> this.function.setClientCredentialsTokenResponseClient(null))
|
||||
.withMessage("clientCredentialsTokenResponseClient cannot be null");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void setClientCredentialsTokenResponseClientWhenNotDefaultAuthorizedClientManagerThenThrowIllegalStateException() {
|
||||
assertThatIllegalStateException()
|
||||
.isThrownBy(() -> this.function
|
||||
.setClientCredentialsTokenResponseClient(new DefaultClientCredentialsTokenResponseClient()))
|
||||
.withMessage("The client cannot be set when the constructor used is "
|
||||
+ "\"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". "
|
||||
+ "Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, "
|
||||
+ "OAuth2AuthorizedClientRepository)\".");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void setAccessTokenExpiresSkewWhenNotDefaultAuthorizedClientManagerThenThrowIllegalStateException() {
|
||||
assertThatIllegalStateException()
|
||||
.isThrownBy(() -> this.function.setAccessTokenExpiresSkew(Duration.ofSeconds(30)))
|
||||
.isInstanceOf(IllegalStateException.class)
|
||||
.withMessage("The accessTokenExpiresSkew cannot be set when the constructor used is "
|
||||
+ "\"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". "
|
||||
+ "Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, "
|
||||
+ "OAuth2AuthorizedClientRepository)\".");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void defaultRequestRequestResponseWhenNullRequestContextThenRequestAndResponseNull() {
|
||||
Map<String, Object> attrs = getDefaultRequestAttributes();
|
||||
|
|
|
|||
Loading…
Reference in New Issue