diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/DefaultStateGenerator.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/DefaultStateGenerator.java index 3327f35b00..37e79be250 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/DefaultStateGenerator.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/DefaultStateGenerator.java @@ -50,6 +50,6 @@ public class DefaultStateGenerator implements StringKeyGenerator { @Override public String generateKey() { - return new String(Base64.getEncoder().encode(keyGenerator.generateKey())); + return new String(Base64.getUrlEncoder().encode(keyGenerator.generateKey())); } } diff --git a/samples/boot/gradle/dependency-management.gradle b/samples/boot/gradle/dependency-management.gradle deleted file mode 100644 index 3b92f239de..0000000000 --- a/samples/boot/gradle/dependency-management.gradle +++ /dev/null @@ -1,96 +0,0 @@ -dependencyManagement { - dependencies { - dependency 'aopalliance:aopalliance:1.0' - dependency 'ch.qos.logback:logback-classic:1.1.11' - dependency 'ch.qos.logback:logback-core:1.1.11' - dependency 'com.fasterxml.jackson.core:jackson-annotations:2.8.0' - dependency 'com.fasterxml.jackson.core:jackson-core:2.8.8' - dependency 'com.fasterxml.jackson.core:jackson-databind:2.8.7' - dependency 'com.fasterxml:classmate:1.3.3' - dependency 'com.github.stephenc.jcip:jcip-annotations:1.0-1' - dependency 'com.jayway.jsonpath:json-path:2.2.0' - dependency 'com.nimbusds:lang-tag:1.4.3' - dependency 'com.nimbusds:nimbus-jose-jwt:4.34.1' - dependency 'com.nimbusds:oauth2-oidc-sdk:5.21' - dependency 'com.vaadin.external.google:android-json:0.0.20131108.vaadin1' - dependency 'commons-codec:commons-codec:1.10' - dependency 'commons-io:commons-io:2.5' - dependency 'javax.activation:activation:1.1.1' - dependency 'javax.mail:mail:1.4.7' - dependency 'javax.validation:validation-api:1.1.0.Final' - dependency 'junit:junit:4.12' - dependency 'net.minidev:accessors-smart:1.1' - dependency 'net.minidev:json-smart:2.2.1' - dependency 'net.sourceforge.cssparser:cssparser:0.9.18' - dependency 'net.sourceforge.htmlunit:htmlunit-core-js:2.17' - dependency 'net.sourceforge.htmlunit:htmlunit:2.21' - dependency 'net.sourceforge.htmlunit:neko-htmlunit:2.21' - dependency 'nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect:1.4.0' - dependency 'ognl:ognl:3.0.8' - dependency 'org.apache.commons:commons-collections4:4.1' - dependency 'org.apache.commons:commons-lang3:3.5' - dependency 'org.apache.httpcomponents:httpclient:4.5.3' - dependency 'org.apache.httpcomponents:httpcore:4.4.6' - dependency 'org.apache.httpcomponents:httpmime:4.5.3' - dependency 'org.apache.tomcat.embed:tomcat-embed-core:8.5.14' - dependency 'org.apache.tomcat.embed:tomcat-embed-el:8.5.14' - dependency 'org.apache.tomcat.embed:tomcat-embed-websocket:8.5.14' - dependency 'org.assertj:assertj-core:2.6.0' - dependency 'org.bouncycastle:bcpkix-jdk15on:1.56' - dependency 'org.bouncycastle:bcprov-jdk15on:1.56' - dependency 'org.codehaus.groovy:groovy:2.4.10' - dependency 'org.eclipse.jetty.websocket:websocket-api:9.4.4.v20170414' - dependency 'org.eclipse.jetty.websocket:websocket-client:9.4.4.v20170414' - dependency 'org.eclipse.jetty.websocket:websocket-common:9.4.4.v20170414' - dependency 'org.eclipse.jetty:jetty-client:9.4.4.v20170414' - dependency 'org.eclipse.jetty:jetty-http:9.4.4.v20170414' - dependency 'org.eclipse.jetty:jetty-io:9.4.4.v20170414' - dependency 'org.eclipse.jetty:jetty-util:9.4.4.v20170414' - dependency 'org.hamcrest:hamcrest-core:1.3' - dependency 'org.hamcrest:hamcrest-library:1.3' - dependency 'org.hibernate:hibernate-validator:5.3.5.Final' - dependency 'org.javassist:javassist:3.21.0-GA' - dependency 'org.jboss.logging:jboss-logging:3.3.1.Final' - dependency 'org.mockito:mockito-core:1.10.19' - dependency 'org.objenesis:objenesis:2.5.1' - dependency 'org.ow2.asm:asm:5.0.3' - dependency 'org.skyscreamer:jsonassert:1.4.0' - dependency 'org.slf4j:jcl-over-slf4j:1.7.25' - dependency 'org.slf4j:jul-to-slf4j:1.7.25' - dependency 'org.slf4j:log4j-over-slf4j:1.7.25' - dependency 'org.slf4j:slf4j-api:1.7.25' - dependency 'org.springframework.boot:spring-boot-autoconfigure:1.5.3.RELEASE' - dependency 'org.springframework.boot:spring-boot-starter-logging:1.5.3.RELEASE' - dependency 'org.springframework.boot:spring-boot-starter-security:1.5.3.RELEASE' - dependency 'org.springframework.boot:spring-boot-starter-test:1.5.3.RELEASE' - dependency 'org.springframework.boot:spring-boot-starter-thymeleaf:1.5.3.RELEASE' - dependency 'org.springframework.boot:spring-boot-starter-tomcat:1.5.3.RELEASE' - dependency 'org.springframework.boot:spring-boot-starter-web:1.5.3.RELEASE' - dependency 'org.springframework.boot:spring-boot-starter:1.5.3.RELEASE' - dependency 'org.springframework.boot:spring-boot-test-autoconfigure:1.5.3.RELEASE' - dependency 'org.springframework.boot:spring-boot-test:1.5.3.RELEASE' - dependency 'org.springframework.boot:spring-boot:1.5.3.RELEASE' - dependency 'org.springframework.security:spring-security-config:5.0.0.BUILD-SNAPSHOT' - dependency 'org.springframework.security:spring-security-web:5.0.0.BUILD-SNAPSHOT' - dependency 'org.springframework:spring-aop:4.3.8.RELEASE' - dependency 'org.springframework:spring-beans:4.3.8.RELEASE' - dependency 'org.springframework:spring-context:4.3.8.RELEASE' - dependency 'org.springframework:spring-core:4.3.8.RELEASE' - dependency 'org.springframework:spring-expression:4.3.8.RELEASE' - dependency 'org.springframework:spring-test:4.3.8.RELEASE' - dependency 'org.springframework:spring-web:4.3.8.RELEASE' - dependency 'org.springframework:spring-webmvc:4.3.8.RELEASE' - dependency 'org.thymeleaf.extras:thymeleaf-extras-springsecurity4:2.1.3.RELEASE' - dependency 'org.thymeleaf:thymeleaf-spring4:2.1.5.RELEASE' - dependency 'org.thymeleaf:thymeleaf:2.1.5.RELEASE' - dependency 'org.unbescape:unbescape:1.1.0.RELEASE' - dependency 'org.w3c.css:sac:1.3' - dependency 'org.yaml:snakeyaml:1.17' - dependency 'xalan:serializer:2.7.2' - dependency 'xalan:xalan:2.7.2' - dependency 'xerces:xercesImpl:2.11.0' - dependency 'xml-apis:xml-apis:1.4.01' - } -} - - diff --git a/samples/boot/oauth2login/spring-security-samples-boot-oauth2login.gradle b/samples/boot/oauth2login/spring-security-samples-boot-oauth2login.gradle index 08e35c3a74..7d8dbdfd83 100644 --- a/samples/boot/oauth2login/spring-security-samples-boot-oauth2login.gradle +++ b/samples/boot/oauth2login/spring-security-samples-boot-oauth2login.gradle @@ -3,8 +3,6 @@ apply plugin: 'io.spring.convention.spring-sample-boot' dependencies { compile project(':spring-security-config') compile project(':spring-security-oauth2-client') - compile project(':spring-security-web') - compile 'org.springframework.boot:spring-boot-starter-security' compile 'org.springframework.boot:spring-boot-starter-thymeleaf' compile 'org.springframework.boot:spring-boot-starter-web' compile 'org.thymeleaf.extras:thymeleaf-extras-springsecurity4' diff --git a/samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/ClientRegistrationAutoConfiguration.java b/samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/ClientRegistrationAutoConfiguration.java index 5f1c952c07..de562474b2 100644 --- a/samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/ClientRegistrationAutoConfiguration.java +++ b/samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/ClientRegistrationAutoConfiguration.java @@ -19,8 +19,9 @@ import org.springframework.beans.factory.config.YamlPropertiesFactoryBean; import org.springframework.boot.autoconfigure.AutoConfigureBefore; import org.springframework.boot.autoconfigure.condition.*; import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration; -import org.springframework.boot.bind.PropertySourcesBinder; -import org.springframework.boot.bind.RelaxedPropertyResolver; +import org.springframework.boot.context.properties.bind.BindResult; +import org.springframework.boot.context.properties.bind.Bindable; +import org.springframework.boot.context.properties.bind.Binder; import org.springframework.context.annotation.*; import org.springframework.core.env.ConfigurableEnvironment; import org.springframework.core.env.Environment; @@ -48,7 +49,7 @@ import java.util.stream.Collectors; public class ClientRegistrationAutoConfiguration { private static final String CLIENT_ID_PROPERTY = "client-id"; private static final String CLIENTS_DEFAULTS_RESOURCE = "META-INF/oauth2-clients-defaults.yml"; - static final String CLIENT_PROPERTY_PREFIX = "security.oauth2.client."; + static final String CLIENT_PROPERTY_PREFIX = "security.oauth2.client"; @Configuration @Conditional(ClientPropertiesAvailableCondition.class) @@ -66,18 +67,16 @@ public class ClientRegistrationAutoConfiguration { if (clientsDefaultProperties != null) { propertySources.addLast(new PropertiesPropertySource("oauth2ClientsDefaults", clientsDefaultProperties)); } - PropertySourcesBinder binder = new PropertySourcesBinder(propertySources); - RelaxedPropertyResolver resolver = new RelaxedPropertyResolver(this.environment, CLIENT_PROPERTY_PREFIX); - + Binder binder = Binder.get(this.environment); List clientRegistrations = new ArrayList<>(); - Set clientPropertyKeys = resolveClientPropertyKeys(this.environment); for (String clientPropertyKey : clientPropertyKeys) { - if (!resolver.containsProperty(clientPropertyKey + "." + CLIENT_ID_PROPERTY)) { + String fullClientPropertyKey = CLIENT_PROPERTY_PREFIX + "." + clientPropertyKey; + if (!this.environment.containsProperty(fullClientPropertyKey + "." + CLIENT_ID_PROPERTY)) { continue; } - ClientRegistrationProperties clientRegistrationProperties = new ClientRegistrationProperties(); - binder.bindTo(CLIENT_PROPERTY_PREFIX + clientPropertyKey, clientRegistrationProperties); + ClientRegistrationProperties clientRegistrationProperties = binder.bind( + fullClientPropertyKey, Bindable.of(ClientRegistrationProperties.class)).get(); ClientRegistration clientRegistration = new ClientRegistration.Builder(clientRegistrationProperties).build(); clientRegistrations.add(clientRegistration); } @@ -97,15 +96,10 @@ public class ClientRegistrationAutoConfiguration { } static Set resolveClientPropertyKeys(Environment environment) { - Set clientPropertyKeys = new LinkedHashSet<>(); - RelaxedPropertyResolver resolver = new RelaxedPropertyResolver(environment, CLIENT_PROPERTY_PREFIX); - resolver.getSubProperties("").keySet().forEach(key -> { - int endIndex = key.indexOf('.'); - if (endIndex != -1) { - clientPropertyKeys.add(key.substring(0, endIndex)); - } - }); - return clientPropertyKeys; + Binder binder = Binder.get(environment); + BindResult> result = binder.bind( + CLIENT_PROPERTY_PREFIX, Bindable.mapOf(String.class, Object.class)); + return result.get().keySet(); } private static class ClientPropertiesAvailableCondition extends SpringBootCondition implements ConfigurationCondition { diff --git a/samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2LoginAutoConfiguration.java b/samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2LoginAutoConfiguration.java index 0e80a457f4..ebf6cac6b4 100644 --- a/samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2LoginAutoConfiguration.java +++ b/samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2LoginAutoConfiguration.java @@ -83,9 +83,9 @@ public class OAuth2LoginAutoConfiguration { private void registerUserInfoTypeConverters(OAuth2LoginConfigurer oauth2LoginConfigurer) throws Exception { Set clientPropertyKeys = resolveClientPropertyKeys(this.environment); for (String clientPropertyKey : clientPropertyKeys) { - String fullClientPropertyKey = CLIENT_PROPERTY_PREFIX + clientPropertyKey + "."; - String userInfoUriValue = this.environment.getProperty(fullClientPropertyKey + USER_INFO_URI_PROPERTY); - String userInfoConverterTypeValue = this.environment.getProperty(fullClientPropertyKey + USER_INFO_CONVERTER_PROPERTY); + String fullClientPropertyKey = CLIENT_PROPERTY_PREFIX + "." + clientPropertyKey; + String userInfoUriValue = this.environment.getProperty(fullClientPropertyKey + "." + USER_INFO_URI_PROPERTY); + String userInfoConverterTypeValue = this.environment.getProperty(fullClientPropertyKey + "." + USER_INFO_CONVERTER_PROPERTY); if (userInfoUriValue != null && userInfoConverterTypeValue != null) { Class userInfoConverterType = ClassUtils.resolveClassName( userInfoConverterTypeValue, this.getClass().getClassLoader()).asSubclass(Converter.class); @@ -93,7 +93,7 @@ public class OAuth2LoginAutoConfiguration { if (AbstractOAuth2UserConverter.class.isAssignableFrom(userInfoConverterType)) { Constructor oauth2UserConverterConstructor = ClassUtils.getConstructorIfAvailable(userInfoConverterType, String.class); if (oauth2UserConverterConstructor != null) { - String userInfoNameAttributeKey = this.environment.getProperty(fullClientPropertyKey + USER_INFO_NAME_ATTR_KEY_PROPERTY); + String userInfoNameAttributeKey = this.environment.getProperty(fullClientPropertyKey + "." + USER_INFO_NAME_ATTR_KEY_PROPERTY); userInfoConverter = (Converter)oauth2UserConverterConstructor.newInstance(userInfoNameAttributeKey); } }