private ServerOAuth2AuthorizedClientRepository getAuthorizedClientRepository() { if (this.authorizedClientRepository != null) { return this.authorizedClientRepository; } if (this.authorizedClientService != null) { return new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(this.authorizedClientService); } return null; } }
private ServerAuthenticationConverter getAuthenticationConverter(ReactiveClientRegistrationRepository clientRegistrationRepository) { if (this.authenticationConverter == null) { this.authenticationConverter = new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(clientRegistrationRepository); } return this.authenticationConverter; }
/** * Constructs an {@code OAuth2AuthorizationRequestRedirectFilter} using the provided parameters. * * @param clientRegistrationRepository the repository of client registrations */ public OAuth2AuthorizationRequestRedirectWebFilter(ReactiveClientRegistrationRepository clientRegistrationRepository) { this.authorizationRequestResolver = new DefaultServerOAuth2AuthorizationRequestResolver(clientRegistrationRepository); }
@Override public Mono<Authentication> convert(ServerWebExchange serverWebExchange) { return this.authorizationRequestRepository.removeAuthorizationRequest(serverWebExchange) .switchIfEmpty(oauth2AuthorizationException(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE)) .flatMap(authorizationRequest -> authenticationRequest(serverWebExchange, authorizationRequest)); }
protected void configure(ServerHttpSecurity http) { ReactiveClientRegistrationRepository clientRegistrationRepository = getClientRegistrationRepository(); ServerOAuth2AuthorizedClientRepository authorizedClientRepository = getAuthorizedClientRepository(); ServerAuthenticationConverter authenticationConverter = getAuthenticationConverter(); ReactiveAuthenticationManager authenticationManager = getAuthenticationManager(); OAuth2AuthorizationCodeGrantWebFilter codeGrantWebFilter = new OAuth2AuthorizationCodeGrantWebFilter(authenticationManager, authenticationConverter, authorizedClientRepository); OAuth2AuthorizationRequestRedirectWebFilter oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter( clientRegistrationRepository); http.addFilterAt(codeGrantWebFilter, SecurityWebFiltersOrder.OAUTH2_AUTHORIZATION_CODE); http.addFilterAt(oauthRedirectFilter, SecurityWebFiltersOrder.HTTP_BASIC); }
@Override public <T extends OAuth2AuthorizedClient> Mono<T> loadAuthorizedClient(String clientRegistrationId, Authentication principal, ServerWebExchange exchange) { if (this.isPrincipalAuthenticated(principal)) { return this.authorizedClientService.loadAuthorizedClient(clientRegistrationId, principal.getName()); } else { return this.anonymousAuthorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal, exchange); } }
@Before public void setup() { this.converter = new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(this.clientRegistrationRepository); this.converter.setAuthorizationRequestRepository(this.authorizationRequestRepository); }
@Test public void loadAuthorizedClientWhenAnonymousPrincipalThenLoadFromAnonymousRepository() { when(this.anonymousAuthorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty()); Authentication authentication = this.createAnonymousPrincipal(); this.authorizedClientRepository.loadAuthorizedClient(this.registrationId, authentication, this.exchange).block(); verify(this.anonymousAuthorizedClientRepository).loadAuthorizedClient(this.registrationId, authentication, this.exchange); }
@Override public Mono<Void> saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal, ServerWebExchange exchange) { if (this.isPrincipalAuthenticated(principal)) { return this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal); } else { return this.anonymousAuthorizedClientRepository.saveAuthorizedClient(authorizedClient, principal, exchange); } }
@Override public Mono<Void> removeAuthorizedClient(String clientRegistrationId, Authentication principal, ServerWebExchange exchange) { if (this.isPrincipalAuthenticated(principal)) { return this.authorizedClientService.removeAuthorizedClient(clientRegistrationId, principal.getName()); } else { return this.anonymousAuthorizedClientRepository.removeAuthorizedClient(clientRegistrationId, principal, exchange); } }
static boolean isAuthorizationResponse(MultiValueMap<String, String> request) { return isAuthorizationResponseSuccess(request) || isAuthorizationResponseError(request); }
@Override public Mono<OAuth2AuthorizationRequest> resolve(ServerWebExchange exchange, String clientRegistrationId) { return this.findByRegistrationId(exchange, clientRegistrationId) .map(clientRegistration -> authorizationRequest(exchange, clientRegistration)); }
private OAuth2AuthorizationRequestRedirectWebFilter getRedirectWebFilter() { OAuth2AuthorizationRequestRedirectWebFilter oauthRedirectFilter; if (this.authorizationRequestResolver == null) { oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter(getClientRegistrationRepository()); } else { oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter(this.authorizationRequestResolver); } return oauthRedirectFilter; }
@Before public void setup() { this.filter = new OAuth2AuthorizationCodeGrantWebFilter( this.authenticationManager, this.clientRegistrationRepository, this.authorizedClientRepository); }
@Test public void saveAuthorizationRequestWhenAuthorizationRequestNullThenThrowsIllegalArgumentException() { this.authorizationRequest = null; assertThatThrownBy(() -> this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange)) .isInstanceOf(IllegalArgumentException.class); assertSessionStartedIs(false); }
@Test public void loadAuthorizationRequestWhenNoSessionThenEmpty() { StepVerifier.create(this.repository.loadAuthorizationRequest(this.exchange)) .verifyComplete(); assertSessionStartedIs(false); }
@Test public void removeAuthorizationRequestWhenNotPresentThenThrowsIllegalArgumentException() { StepVerifier.create(this.repository.removeAuthorizationRequest(this.exchange)) .verifyComplete(); assertSessionStartedIs(false); }
private ServerAuthenticationConverter getAuthenticationConverter() { if (this.authenticationConverter == null) { this.authenticationConverter = new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(getClientRegistrationRepository()); } return this.authenticationConverter; }
public OAuth2LoginSpec authorizedClientService(ReactiveOAuth2AuthorizedClientService authorizedClientService) { this.authorizedClientRepository = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(authorizedClientService); return this; }
@Before public void setup() { this.resolver = new DefaultServerOAuth2AuthorizationRequestResolver(this.clientRegistrationRepository); }