root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Refactor SecurityTokenRepository 

Fixes gh-4650
This commit is contained in:
Joe Grandja 2017-10-25 16:00:34 -04:00
parent 5237c6e01b
commit 9fbea5a11e
6 changed files with 58 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
View File

@ -20,10 +20,10 @@ import org.springframework.core.ResolvableType;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer; import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider;
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken; import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
import org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger; import org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger;
import org.springframework.security.oauth2.client.authentication.NimbusAuthorizationCodeTokenExchanger; import org.springframework.security.oauth2.client.authentication.NimbusAuthorizationCodeTokenExchanger;
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider;
import org.springframework.security.oauth2.client.authentication.jwt.JwtDecoderRegistry; import org.springframework.security.oauth2.client.authentication.jwt.JwtDecoderRegistry;
import org.springframework.security.oauth2.client.authentication.jwt.NimbusJwtDecoderRegistry; import org.springframework.security.oauth2.client.authentication.jwt.NimbusJwtDecoderRegistry;
import org.springframework.security.oauth2.client.authentication.userinfo.CustomUserTypesOAuth2UserService; import org.springframework.security.oauth2.client.authentication.userinfo.CustomUserTypesOAuth2UserService;
@ -33,7 +33,7 @@ import org.springframework.security.oauth2.client.authentication.userinfo.OAuth2
import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.client.token.SecurityTokenRepository; import org.springframework.security.oauth2.client.token.OAuth2TokenRepository;
import org.springframework.security.oauth2.client.web.AuthorizationRequestRedirectFilter; import org.springframework.security.oauth2.client.web.AuthorizationRequestRedirectFilter;
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository; import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter; import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
@ -132,7 +132,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
public class TokenEndpointConfig { public class TokenEndpointConfig {
private AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger; private AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger;
private SecurityTokenRepository<AccessToken> accessTokenRepository; private OAuth2TokenRepository<AccessToken> accessTokenRepository;
private JwtDecoderRegistry jwtDecoderRegistry; private JwtDecoderRegistry jwtDecoderRegistry;
private TokenEndpointConfig() { private TokenEndpointConfig() {
@ -146,7 +146,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
return this; return this;
} }
public TokenEndpointConfig accessTokenRepository(SecurityTokenRepository<AccessToken> accessTokenRepository) { public TokenEndpointConfig accessTokenRepository(OAuth2TokenRepository<AccessToken> accessTokenRepository) {
Assert.notNull(accessTokenRepository, "accessTokenRepository cannot be null"); Assert.notNull(accessTokenRepository, "accessTokenRepository cannot be null");
this.accessTokenRepository = accessTokenRepository; this.accessTokenRepository = accessTokenRepository;
return this; return this;
@ -249,10 +249,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
OAuth2LoginAuthenticationProvider oauth2LoginAuthenticationProvider = OAuth2LoginAuthenticationProvider oauth2LoginAuthenticationProvider =
new OAuth2LoginAuthenticationProvider(authorizationCodeTokenExchanger, oauth2UserService); new OAuth2LoginAuthenticationProvider(authorizationCodeTokenExchanger, oauth2UserService);
if (this.tokenEndpointConfig.accessTokenRepository != null) {
oauth2LoginAuthenticationProvider.setAccessTokenRepository(
this.tokenEndpointConfig.accessTokenRepository);
}
if (this.userInfoEndpointConfig.userAuthoritiesMapper != null) { if (this.userInfoEndpointConfig.userAuthoritiesMapper != null) {
oauth2LoginAuthenticationProvider.setAuthoritiesMapper( oauth2LoginAuthenticationProvider.setAuthoritiesMapper(
this.userInfoEndpointConfig.userAuthoritiesMapper); this.userInfoEndpointConfig.userAuthoritiesMapper);
@ -267,10 +263,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
OidcAuthorizationCodeAuthenticationProvider oidcAuthorizationCodeAuthenticationProvider = OidcAuthorizationCodeAuthenticationProvider oidcAuthorizationCodeAuthenticationProvider =
new OidcAuthorizationCodeAuthenticationProvider( new OidcAuthorizationCodeAuthenticationProvider(
authorizationCodeTokenExchanger, oidcUserService, jwtDecoderRegistry); authorizationCodeTokenExchanger, oidcUserService, jwtDecoderRegistry);
if (this.tokenEndpointConfig.accessTokenRepository != null) {
oidcAuthorizationCodeAuthenticationProvider.setAccessTokenRepository(
this.tokenEndpointConfig.accessTokenRepository);
}
if (this.userInfoEndpointConfig.userAuthoritiesMapper != null) { if (this.userInfoEndpointConfig.userAuthoritiesMapper != null) {
oidcAuthorizationCodeAuthenticationProvider.setAuthoritiesMapper( oidcAuthorizationCodeAuthenticationProvider.setAuthoritiesMapper(
this.userInfoEndpointConfig.userAuthoritiesMapper); this.userInfoEndpointConfig.userAuthoritiesMapper);
@ -308,6 +300,10 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
authorizationResponseFilter.setAuthorizationRequestRepository( authorizationResponseFilter.setAuthorizationRequestRepository(
this.authorizationEndpointConfig.authorizationRequestRepository); this.authorizationEndpointConfig.authorizationRequestRepository);
} }
if (this.tokenEndpointConfig.accessTokenRepository != null) {
authorizationResponseFilter.setAccessTokenRepository(
this.tokenEndpointConfig.accessTokenRepository);
}
super.configure(http); super.configure(http);
} }

13
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
View File

@ -22,8 +22,6 @@ import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.oauth2.client.authentication.userinfo.OAuth2AuthenticationToken; import org.springframework.security.oauth2.client.authentication.userinfo.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.authentication.userinfo.OAuth2UserService; import org.springframework.security.oauth2.client.authentication.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.client.token.InMemoryAccessTokenRepository;
import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
import org.springframework.security.oauth2.core.AccessToken; import org.springframework.security.oauth2.core.AccessToken;
import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest; import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
@ -49,7 +47,6 @@ import java.util.Collection;
* @author Joe Grandja * @author Joe Grandja
* @since 5.0 * @since 5.0
* @see AuthorizationCodeAuthenticationToken * @see AuthorizationCodeAuthenticationToken
* @see SecurityTokenRepository
* @see OAuth2AuthenticationToken * @see OAuth2AuthenticationToken
* @see AuthorizedClient * @see AuthorizedClient
* @see OAuth2UserService * @see OAuth2UserService
@ -63,7 +60,6 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter"; private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter";
private final AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger; private final AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger;
private final OAuth2UserService userService; private final OAuth2UserService userService;
private SecurityTokenRepository<AccessToken> accessTokenRepository = new InMemoryAccessTokenRepository();
private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities); private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
public OAuth2LoginAuthenticationProvider( public OAuth2LoginAuthenticationProvider(
@ -121,10 +117,6 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
AuthorizedClient authorizedClient = new AuthorizedClient( AuthorizedClient authorizedClient = new AuthorizedClient(
authorizationCodeAuthentication.getClientRegistration(), "unknown", accessToken); authorizationCodeAuthentication.getClientRegistration(), "unknown", accessToken);
this.accessTokenRepository.saveSecurityToken(
authorizedClient.getAccessToken(),
authorizedClient.getClientRegistration());
OAuth2User oauth2User = this.userService.loadUser(authorizedClient); OAuth2User oauth2User = this.userService.loadUser(authorizedClient);
// Update AuthorizedClient now that we know the 'principalName' // Update AuthorizedClient now that we know the 'principalName'
@ -141,11 +133,6 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
return authenticationResult; return authenticationResult;
} }
public final void setAccessTokenRepository(SecurityTokenRepository<AccessToken> accessTokenRepository) {
Assert.notNull(accessTokenRepository, "accessTokenRepository cannot be null");
this.accessTokenRepository = accessTokenRepository;
}
public final void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) { public final void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
Assert.notNull(authoritiesMapper, "authoritiesMapper cannot be null"); Assert.notNull(authoritiesMapper, "authoritiesMapper cannot be null");
this.authoritiesMapper = authoritiesMapper; this.authoritiesMapper = authoritiesMapper;

46
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/InMemoryAccessTokenRepository.java
View File

@ -15,6 +15,7 @@
*/ */
package org.springframework.security.oauth2.client.token; package org.springframework.security.oauth2.client.token;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.AccessToken; import org.springframework.security.oauth2.core.AccessToken;
import org.springframework.util.Assert; import org.springframework.util.Assert;
@ -24,55 +25,42 @@ import java.util.Map;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
/** /**
* A {@link SecurityTokenRepository} that associates an {@link AccessToken} * An <i>in-memory</i> {@link OAuth2TokenRepository} for {@link AccessToken}'s.
* to a {@link ClientRegistration Client} and stores it <i>in-memory</i>.
* *
* @author Joe Grandja * @author Joe Grandja
* @since 5.0 * @since 5.0
* @see SecurityTokenRepository * @see OAuth2TokenRepository
* @see AccessToken * @see AccessToken
* @see ClientRegistration * @see ClientRegistration
* @see Authentication
*/ */
public final class InMemoryAccessTokenRepository implements SecurityTokenRepository<AccessToken> { public final class InMemoryAccessTokenRepository implements OAuth2TokenRepository<AccessToken> {
private final Map<String, AccessToken> accessTokens = new ConcurrentHashMap<>(); private final Map<String, AccessToken> accessTokens = new ConcurrentHashMap<>();
@Override @Override
public AccessToken loadSecurityToken(ClientRegistration registration) { public AccessToken loadToken(ClientRegistration registration, Authentication principal) {
Assert.notNull(registration, "registration cannot be null"); Assert.notNull(registration, "registration cannot be null");
return this.accessTokens.get(this.getClientIdentifier(registration)); Assert.notNull(principal, "principal cannot be null");
return this.accessTokens.get(this.getIdentifier(registration, principal));
} }
@Override @Override
public void saveSecurityToken(AccessToken accessToken, ClientRegistration registration) { public void saveToken(AccessToken accessToken, ClientRegistration registration, Authentication principal) {
Assert.notNull(accessToken, "accessToken cannot be null"); Assert.notNull(accessToken, "accessToken cannot be null");
Assert.notNull(registration, "registration cannot be null"); Assert.notNull(registration, "registration cannot be null");
this.accessTokens.put(this.getClientIdentifier(registration), accessToken); Assert.notNull(principal, "principal cannot be null");
this.accessTokens.put(this.getIdentifier(registration, principal), accessToken);
} }
@Override @Override
public void removeSecurityToken(ClientRegistration registration) { public AccessToken removeToken(ClientRegistration registration, Authentication principal) {
Assert.notNull(registration, "registration cannot be null"); Assert.notNull(registration, "registration cannot be null");
this.accessTokens.remove(this.getClientIdentifier(registration)); Assert.notNull(principal, "principal cannot be null");
return this.accessTokens.remove(this.getIdentifier(registration, principal));
} }
/** private String getIdentifier(ClientRegistration registration, Authentication principal) {
* A client is considered <i>&quot;authorized&quot;</i>, if it receives a successful response from the <i>Token Endpoint</i>. String identifier = "[" + registration.getRegistrationId() + "][" + principal.getName() + "]";
* return Base64.getEncoder().encodeToString(identifier.getBytes());
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request</a>
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-5.1">Section 5.1 Access Token Response</a>
*/
private String getClientIdentifier(ClientRegistration clientRegistration) {
StringBuilder builder = new StringBuilder();
// Access Token Request attributes
builder.append("[").append(clientRegistration.getAuthorizationGrantType().getValue()).append("]");
builder.append("[").append(clientRegistration.getRedirectUri()).append("]");
builder.append("[").append(clientRegistration.getClientId()).append("]");
// Access Token Response attributes
builder.append("[").append(clientRegistration.getScopes().toString()).append("]");
return Base64.getEncoder().encodeToString(builder.toString().getBytes());
} }
} }

14
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/SecurityTokenRepository.java → oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/OAuth2TokenRepository.java
View File

@ -15,24 +15,28 @@
*/ */
package org.springframework.security.oauth2.client.token; package org.springframework.security.oauth2.client.token;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.AbstractOAuth2Token; import org.springframework.security.oauth2.core.AbstractOAuth2Token;
/** /**
* Implementations of this interface are responsible for the persistence * Implementations of this interface are responsible for the persistence
* and association of an {@link AbstractOAuth2Token} to a {@link ClientRegistration Client}. * and association of an {@link AbstractOAuth2Token OAuth 2.0 Token}
* to a {@link ClientRegistration Client} and <i>Resource Owner</i>,
* which is the {@link Authentication Principal} who originally granted the authorization.
* *
* @author Joe Grandja * @author Joe Grandja
* @since 5.0 * @since 5.0
* @see AbstractOAuth2Token * @see AbstractOAuth2Token
* @see ClientRegistration * @see ClientRegistration
* @see Authentication
*/ */
public interface SecurityTokenRepository<T extends AbstractOAuth2Token> { public interface OAuth2TokenRepository<T extends AbstractOAuth2Token> {
T loadSecurityToken(ClientRegistration registration); T loadToken(ClientRegistration registration, Authentication principal);
void saveSecurityToken(T securityToken, ClientRegistration registration); void saveToken(T token, ClientRegistration registration, Authentication principal);
void removeSecurityToken(ClientRegistration registration); T removeToken(ClientRegistration registration, Authentication principal);
} }

26
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
View File

@ -18,11 +18,15 @@ package org.springframework.security.oauth2.client.web;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider;
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken; import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException; import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider;
import org.springframework.security.oauth2.client.authentication.userinfo.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.token.InMemoryAccessTokenRepository;
import org.springframework.security.oauth2.client.token.OAuth2TokenRepository;
import org.springframework.security.oauth2.core.AccessToken;
import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.OAuth2ErrorCode; import org.springframework.security.oauth2.core.OAuth2ErrorCode;
import org.springframework.security.oauth2.core.endpoint.AuthorizationExchange; import org.springframework.security.oauth2.core.endpoint.AuthorizationExchange;
@ -63,12 +67,14 @@ import java.io.IOException;
* @since 5.0 * @since 5.0
* @see AbstractAuthenticationProcessingFilter * @see AbstractAuthenticationProcessingFilter
* @see AuthorizationCodeAuthenticationToken * @see AuthorizationCodeAuthenticationToken
* @see OAuth2AuthenticationToken
* @see OAuth2LoginAuthenticationProvider * @see OAuth2LoginAuthenticationProvider
* @see AuthorizationResponse
* @see AuthorizationRequest * @see AuthorizationRequest
* @see AuthorizationResponse
* @see AuthorizationRequestRepository * @see AuthorizationRequestRepository
* @see AuthorizationRequestRedirectFilter * @see AuthorizationRequestRedirectFilter
* @see ClientRegistrationRepository * @see ClientRegistrationRepository
* @see OAuth2TokenRepository
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant</a> * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant</a>
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization Response</a> * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization Response</a>
*/ */
@ -77,6 +83,7 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
private static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found"; private static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found";
private ClientRegistrationRepository clientRegistrationRepository; private ClientRegistrationRepository clientRegistrationRepository;
private AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository(); private AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository();
private OAuth2TokenRepository<AccessToken> accessTokenRepository = new InMemoryAccessTokenRepository();
public OAuth2LoginAuthenticationFilter() { public OAuth2LoginAuthenticationFilter() {
this(DEFAULT_FILTER_PROCESSES_URI); this(DEFAULT_FILTER_PROCESSES_URI);
@ -127,7 +134,15 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
clientRegistration, new AuthorizationExchange(authorizationRequest, authorizationResponse)); clientRegistration, new AuthorizationExchange(authorizationRequest, authorizationResponse));
authorizationCodeAuthentication.setDetails(this.authenticationDetailsSource.buildDetails(request)); authorizationCodeAuthentication.setDetails(this.authenticationDetailsSource.buildDetails(request));
return this.getAuthenticationManager().authenticate(authorizationCodeAuthentication); OAuth2AuthenticationToken oauth2Authentication =
(OAuth2AuthenticationToken) this.getAuthenticationManager().authenticate(authorizationCodeAuthentication);
this.accessTokenRepository.saveToken(
oauth2Authentication.getAuthorizedClient().getAccessToken(),
oauth2Authentication.getAuthorizedClient().getClientRegistration(),
oauth2Authentication);
return oauth2Authentication;
} }
public final void setClientRegistrationRepository(ClientRegistrationRepository clientRegistrationRepository) { public final void setClientRegistrationRepository(ClientRegistrationRepository clientRegistrationRepository) {
@ -140,6 +155,11 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
this.authorizationRequestRepository = authorizationRequestRepository; this.authorizationRequestRepository = authorizationRequestRepository;
} }
public final void setAccessTokenRepository(OAuth2TokenRepository<AccessToken> accessTokenRepository) {
Assert.notNull(accessTokenRepository, "accessTokenRepository cannot be null");
this.accessTokenRepository = accessTokenRepository;
}
private AuthorizationResponse convert(HttpServletRequest request) { private AuthorizationResponse convert(HttpServletRequest request) {
String code = request.getParameter(OAuth2Parameter.CODE); String code = request.getParameter(OAuth2Parameter.CODE);
String errorCode = request.getParameter(OAuth2Parameter.ERROR); String errorCode = request.getParameter(OAuth2Parameter.ERROR);

14
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/oidc/client/authentication/OidcAuthorizationCodeAuthenticationProvider.java
View File

@ -27,8 +27,6 @@ import org.springframework.security.oauth2.client.authentication.jwt.JwtDecoderR
import org.springframework.security.oauth2.client.authentication.userinfo.OAuth2AuthenticationToken; import org.springframework.security.oauth2.client.authentication.userinfo.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.authentication.userinfo.OAuth2UserService; import org.springframework.security.oauth2.client.authentication.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.token.InMemoryAccessTokenRepository;
import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
import org.springframework.security.oauth2.core.AccessToken; import org.springframework.security.oauth2.core.AccessToken;
import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest; import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
@ -61,7 +59,7 @@ import java.util.Collection;
* @author Joe Grandja * @author Joe Grandja
* @since 5.0 * @since 5.0
* @see AuthorizationCodeAuthenticationToken * @see AuthorizationCodeAuthenticationToken
* @see SecurityTokenRepository * @see OAuth2AuthenticationToken
* @see OidcAuthorizedClient * @see OidcAuthorizedClient
* @see OidcUserService * @see OidcUserService
* @see OidcUser * @see OidcUser
@ -75,7 +73,6 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
private final AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger; private final AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger;
private final OAuth2UserService userService; private final OAuth2UserService userService;
private final JwtDecoderRegistry jwtDecoderRegistry; private final JwtDecoderRegistry jwtDecoderRegistry;
private SecurityTokenRepository<AccessToken> accessTokenRepository = new InMemoryAccessTokenRepository();
private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities); private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
public OidcAuthorizationCodeAuthenticationProvider( public OidcAuthorizationCodeAuthenticationProvider(
@ -151,10 +148,6 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
OidcAuthorizedClient authorizedClient = new OidcAuthorizedClient( OidcAuthorizedClient authorizedClient = new OidcAuthorizedClient(
clientRegistration, idToken.getSubject(), accessToken, idToken); clientRegistration, idToken.getSubject(), accessToken, idToken);
this.accessTokenRepository.saveSecurityToken(
authorizedClient.getAccessToken(),
authorizedClient.getClientRegistration());
OAuth2User oauth2User = this.userService.loadUser(authorizedClient); OAuth2User oauth2User = this.userService.loadUser(authorizedClient);
// Update AuthorizedClient as the 'principalName' may have changed // Update AuthorizedClient as the 'principalName' may have changed
@ -172,11 +165,6 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
return authenticationResult; return authenticationResult;
} }
public final void setAccessTokenRepository(SecurityTokenRepository<AccessToken> accessTokenRepository) {
Assert.notNull(accessTokenRepository, "accessTokenRepository cannot be null");
this.accessTokenRepository = accessTokenRepository;
}
public final void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) { public final void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
Assert.notNull(authoritiesMapper, "authoritiesMapper cannot be null"); Assert.notNull(authoritiesMapper, "authoritiesMapper cannot be null");
this.authoritiesMapper = authoritiesMapper; this.authoritiesMapper = authoritiesMapper;