diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java index 1584750c87..0456186fcf 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java @@ -20,12 +20,11 @@ import org.springframework.core.ResolvableType; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer; import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; -import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService; import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider; -import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder; import org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenResponseClient; +import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest; import org.springframework.security.oauth2.client.jwt.JwtDecoderRegistry; import org.springframework.security.oauth2.client.jwt.NimbusJwtDecoderRegistry; @@ -79,7 +78,7 @@ public final class OAuth2LoginConfigurer> exten return this; } - public OAuth2LoginConfigurer authorizedClientService(OAuth2AuthorizedClientService authorizedClientService) { + public OAuth2LoginConfigurer authorizedClientService(OAuth2AuthorizedClientService authorizedClientService) { Assert.notNull(authorizedClientService, "authorizedClientService cannot be null"); this.getBuilder().setSharedObject(OAuth2AuthorizedClientService.class, authorizedClientService); return this; @@ -318,8 +317,8 @@ public final class OAuth2LoginConfigurer> exten return this.getBuilder().getSharedObject(ApplicationContext.class).getBean(ClientRegistrationRepository.class); } - private OAuth2AuthorizedClientService getAuthorizedClientService() { - OAuth2AuthorizedClientService authorizedClientService = + private OAuth2AuthorizedClientService getAuthorizedClientService() { + OAuth2AuthorizedClientService authorizedClientService = this.getBuilder().getSharedObject(OAuth2AuthorizedClientService.class); if (authorizedClientService == null) { authorizedClientService = this.getAuthorizedClientServiceBean(); @@ -328,7 +327,7 @@ public final class OAuth2LoginConfigurer> exten return authorizedClientService; } - private OAuth2AuthorizedClientService getAuthorizedClientServiceBean() { + private OAuth2AuthorizedClientService getAuthorizedClientServiceBean() { return this.getBuilder().getSharedObject(ApplicationContext.class).getBean(OAuth2AuthorizedClientService.class); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java index 6640f63b39..c05af7bcc2 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java @@ -16,7 +16,6 @@ package org.springframework.security.oauth2.client; import org.springframework.security.core.Authentication; -import org.springframework.security.oauth2.client.oidc.OidcAuthorizedClient; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.util.Assert; @@ -33,14 +32,11 @@ import java.util.concurrent.ConcurrentHashMap; * @since 5.0 * @see OAuth2AuthorizedClientService * @see OAuth2AuthorizedClient - * @see OidcAuthorizedClient * @see ClientRegistration * @see Authentication - * - * @param The type of OAuth 2.0 Authorized Client */ -public final class InMemoryOAuth2AuthorizedClientService implements OAuth2AuthorizedClientService { - private final Map authorizedClients = new ConcurrentHashMap<>(); +public final class InMemoryOAuth2AuthorizedClientService implements OAuth2AuthorizedClientService { + private final Map authorizedClients = new ConcurrentHashMap<>(); private final ClientRegistrationRepository clientRegistrationRepository; public InMemoryOAuth2AuthorizedClientService(ClientRegistrationRepository clientRegistrationRepository) { @@ -49,37 +45,36 @@ public final class InMemoryOAuth2AuthorizedClientService T loadAuthorizedClient(String clientRegistrationId, String principalName) { Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty"); - Assert.notNull(principal, "principal cannot be null"); + Assert.hasText(principalName, "principalName cannot be empty"); ClientRegistration registration = this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId); if (registration == null) { return null; } - return this.authorizedClients.get(this.getIdentifier(registration, principal)); + return (T) this.authorizedClients.get(this.getIdentifier(registration, principalName)); } @Override - public void saveAuthorizedClient(T authorizedClient, Authentication principal) { + public void saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal) { Assert.notNull(authorizedClient, "authorizedClient cannot be null"); Assert.notNull(principal, "principal cannot be null"); this.authorizedClients.put(this.getIdentifier( - authorizedClient.getClientRegistration(), principal), authorizedClient); + authorizedClient.getClientRegistration(), principal.getName()), authorizedClient); } @Override - public T removeAuthorizedClient(String clientRegistrationId, Authentication principal) { + public void removeAuthorizedClient(String clientRegistrationId, String principalName) { Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty"); - Assert.notNull(principal, "principal cannot be null"); + Assert.hasText(principalName, "principalName cannot be empty"); ClientRegistration registration = this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId); - if (registration == null) { - return null; + if (registration != null) { + this.authorizedClients.remove(this.getIdentifier(registration, principalName)); } - return this.authorizedClients.remove(this.getIdentifier(registration, principal)); } - private String getIdentifier(ClientRegistration registration, Authentication principal) { - String identifier = "[" + registration.getRegistrationId() + "][" + principal.getName() + "]"; + private String getIdentifier(ClientRegistration registration, String principalName) { + String identifier = "[" + registration.getRegistrationId() + "][" + principalName + "]"; return Base64.getEncoder().encodeToString(identifier.getBytes()); } } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientService.java index 9f9f21e242..137e10a344 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientService.java @@ -16,8 +16,8 @@ package org.springframework.security.oauth2.client; import org.springframework.security.core.Authentication; -import org.springframework.security.oauth2.client.oidc.OidcAuthorizedClient; import org.springframework.security.oauth2.client.registration.ClientRegistration; +import org.springframework.security.oauth2.core.OAuth2AccessToken; /** * Implementations of this interface are responsible for the management @@ -30,18 +30,16 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio * @author Joe Grandja * @since 5.0 * @see OAuth2AuthorizedClient - * @see OidcAuthorizedClient * @see ClientRegistration * @see Authentication - * - * @param The type of OAuth 2.0 Authorized Client + * @see OAuth2AccessToken */ -public interface OAuth2AuthorizedClientService { +public interface OAuth2AuthorizedClientService { - T loadAuthorizedClient(String clientRegistrationId, Authentication principal); + T loadAuthorizedClient(String clientRegistrationId, String principalName); - void saveAuthorizedClient(T authorizedClient, Authentication principal); + void saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal); - T removeAuthorizedClient(String clientRegistrationId, Authentication principal); + void removeAuthorizedClient(String clientRegistrationId, String principalName); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/OidcAuthorizedClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/OidcAuthorizedClient.java deleted file mode 100644 index e24b6f502f..0000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/OidcAuthorizedClient.java +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright 2002-2017 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.springframework.security.oauth2.client.oidc; - -import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; -import org.springframework.security.oauth2.client.registration.ClientRegistration; -import org.springframework.security.oauth2.core.OAuth2AccessToken; -import org.springframework.security.oauth2.core.oidc.OidcIdToken; -import org.springframework.util.Assert; - -/** - * A representation of an OpenID Connect 1.0 "Authorized Client". - *

- * A client is considered "authorized" when the End-User (Resource Owner) - * grants authorization to the Client to access its protected resources. - *

- * This class associates the {@link #getClientRegistration() Client} - * to the {@link #getAccessToken() Access Token} - * granted/authorized by the {@link #getPrincipalName() Resource Owner}, along with - * the {@link #getIdToken() ID Token} which contains Claims about the authentication of the End-User. - * - * @author Joe Grandja - * @since 5.0 - * @see OAuth2AuthorizedClient - * @see OidcIdToken - */ -public class OidcAuthorizedClient extends OAuth2AuthorizedClient { - private final OidcIdToken idToken; - - public OidcAuthorizedClient(ClientRegistration clientRegistration, String principalName, - OAuth2AccessToken accessToken, OidcIdToken idToken) { - - super(clientRegistration, principalName, accessToken); - Assert.notNull(idToken, "idToken cannot be null"); - this.idToken = idToken; - } - - public OidcIdToken getIdToken() { - return this.idToken; - } -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java index b42c25d95d..17b87e1ea4 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java @@ -62,7 +62,7 @@ import java.util.List; * * @author Joe Grandja * @since 5.0 - * @see OidcAuthorizationCodeAuthenticationToken + * @see OAuth2LoginAuthenticationToken * @see OAuth2AccessTokenResponseClient * @see OidcUserService * @see OidcUser @@ -158,13 +158,12 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati Collection mappedAuthorities = this.authoritiesMapper.mapAuthorities(oidcUser.getAuthorities()); - OidcAuthorizationCodeAuthenticationToken authenticationResult = new OidcAuthorizationCodeAuthenticationToken( + OAuth2LoginAuthenticationToken authenticationResult = new OAuth2LoginAuthenticationToken( authorizationCodeAuthentication.getClientRegistration(), authorizationCodeAuthentication.getAuthorizationExchange(), oidcUser, mappedAuthorities, - accessToken, - idToken); + accessToken); authenticationResult.setDetails(authorizationCodeAuthentication.getDetails()); return authenticationResult; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationToken.java deleted file mode 100644 index af51a11e34..0000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationToken.java +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright 2012-2017 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.springframework.security.oauth2.client.oidc.authentication; - -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken; -import org.springframework.security.oauth2.client.registration.ClientRegistration; -import org.springframework.security.oauth2.core.OAuth2AccessToken; -import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange; -import org.springframework.security.oauth2.core.oidc.OidcIdToken; -import org.springframework.security.oauth2.core.oidc.user.OidcUser; -import org.springframework.util.Assert; - -import java.util.Collection; - -/** - * An {@link OAuth2LoginAuthenticationToken} for OpenID Connect 1.0 Authentication, - * which leverages the Authorization Code Flow. - * - * @author Joe Grandja - * @since 5.0 - * @see OAuth2LoginAuthenticationToken - * @see OidcIdToken - * @see 3.1 Authorization Code Flow - */ -public class OidcAuthorizationCodeAuthenticationToken extends OAuth2LoginAuthenticationToken { - private OidcIdToken idToken; - - /** - * This constructor should be used when the Authentication Request/Response is complete. - * - * @param clientRegistration - * @param authorizationExchange - */ - public OidcAuthorizationCodeAuthenticationToken(ClientRegistration clientRegistration, - OAuth2AuthorizationExchange authorizationExchange) { - - super(clientRegistration, authorizationExchange); - } - - /** - * This constructor should be used when the Token Request/Response is complete, - * which indicates that the Authorization Code Flow has fully completed - * and OpenID Connect 1.0 Authentication has been achieved. - * - * @param clientRegistration - * @param authorizationExchange - * @param principal - * @param authorities - * @param accessToken - * @param idToken - */ - public OidcAuthorizationCodeAuthenticationToken(ClientRegistration clientRegistration, - OAuth2AuthorizationExchange authorizationExchange, - OidcUser principal, - Collection authorities, - OAuth2AccessToken accessToken, - OidcIdToken idToken) { - - super(clientRegistration, authorizationExchange, principal, authorities, accessToken); - Assert.notNull(idToken, "idToken cannot be null"); - this.idToken = idToken; - } - - public OidcIdToken getIdToken() { - return this.idToken; - } -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java index 7922b302cf..55bc6d6902 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java @@ -81,18 +81,18 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce public static final String DEFAULT_FILTER_PROCESSES_URI = "/login/oauth2/code/*"; private static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found"; private ClientRegistrationRepository clientRegistrationRepository; - private OAuth2AuthorizedClientService authorizedClientService; + private OAuth2AuthorizedClientService authorizedClientService; private AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository(); public OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository, - OAuth2AuthorizedClientService authorizedClientService) { + OAuth2AuthorizedClientService authorizedClientService) { this(DEFAULT_FILTER_PROCESSES_URI, clientRegistrationRepository, authorizedClientService); } public OAuth2LoginAuthenticationFilter(String filterProcessesUrl, ClientRegistrationRepository clientRegistrationRepository, - OAuth2AuthorizedClientService authorizedClientService) { + OAuth2AuthorizedClientService authorizedClientService) { super(filterProcessesUrl); Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null"); Assert.notNull(authorizedClientService, "authorizedClientService cannot be null"); @@ -137,8 +137,7 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce oauth2Authentication.getName(), authenticationResult.getAccessToken()); - this.authorizedClientService.saveAuthorizedClient( - authorizedClient, oauth2Authentication); + this.authorizedClientService.saveAuthorizedClient(authorizedClient, oauth2Authentication); return oauth2Authentication; } diff --git a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java index 6ce5b320aa..f52d33945d 100644 --- a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java +++ b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java @@ -38,7 +38,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService; -import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService; import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest; @@ -397,8 +396,8 @@ public class OAuth2LoginApplicationTests { private ClientRegistrationRepository clientRegistrationRepository; @Bean - public OAuth2AuthorizedClientService authorizedClientService() { - return new InMemoryOAuth2AuthorizedClientService<>(this.clientRegistrationRepository); + public OAuth2AuthorizedClientService authorizedClientService() { + return new InMemoryOAuth2AuthorizedClientService(this.clientRegistrationRepository); } } } diff --git a/samples/boot/oauth2login/src/main/java/sample/config/OAuth2LoginConfig.java b/samples/boot/oauth2login/src/main/java/sample/config/OAuth2LoginConfig.java index fa9ab9f264..d541e2544e 100644 --- a/samples/boot/oauth2login/src/main/java/sample/config/OAuth2LoginConfig.java +++ b/samples/boot/oauth2login/src/main/java/sample/config/OAuth2LoginConfig.java @@ -19,7 +19,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService; -import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; @@ -33,7 +32,7 @@ public class OAuth2LoginConfig { private ClientRegistrationRepository clientRegistrationRepository; @Bean - public OAuth2AuthorizedClientService authorizedClientService() { - return new InMemoryOAuth2AuthorizedClientService<>(this.clientRegistrationRepository); + public OAuth2AuthorizedClientService authorizedClientService() { + return new InMemoryOAuth2AuthorizedClientService(this.clientRegistrationRepository); } } diff --git a/samples/boot/oauth2login/src/main/java/sample/web/MainController.java b/samples/boot/oauth2login/src/main/java/sample/web/MainController.java index d9364274fe..7a573a7594 100644 --- a/samples/boot/oauth2login/src/main/java/sample/web/MainController.java +++ b/samples/boot/oauth2login/src/main/java/sample/web/MainController.java @@ -71,7 +71,7 @@ public class MainController { private OAuth2AuthorizedClient getAuthorizedClient(OAuth2AuthenticationToken authentication) { return this.authorizedClientService.loadAuthorizedClient( - authentication.getAuthorizedClientRegistrationId(), authentication); + authentication.getAuthorizedClientRegistrationId(), authentication.getName()); } private ExchangeFilterFunction oauth2Credentials(OAuth2AuthorizedClient authorizedClient) {