Add OAuth2Authorization.id

Closes gh-220
This commit is contained in:
Joe Grandja 2021-02-09 14:12:21 -05:00
parent 3c6571044d
commit 313b4cc5d3
6 changed files with 93 additions and 40 deletions

View File

@ -15,9 +15,7 @@
*/ */
package org.springframework.security.oauth2.server.authorization; package org.springframework.security.oauth2.server.authorization;
import java.io.Serializable;
import java.util.Map; import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
import org.springframework.lang.Nullable; import org.springframework.lang.Nullable;
@ -40,22 +38,27 @@ import org.springframework.util.Assert;
* @see OAuth2AuthorizationService * @see OAuth2AuthorizationService
*/ */
public final class InMemoryOAuth2AuthorizationService implements OAuth2AuthorizationService { public final class InMemoryOAuth2AuthorizationService implements OAuth2AuthorizationService {
private final Map<OAuth2AuthorizationId, OAuth2Authorization> authorizations = new ConcurrentHashMap<>(); private final Map<String, OAuth2Authorization> authorizations = new ConcurrentHashMap<>();
@Override @Override
public void save(OAuth2Authorization authorization) { public void save(OAuth2Authorization authorization) {
Assert.notNull(authorization, "authorization cannot be null"); Assert.notNull(authorization, "authorization cannot be null");
OAuth2AuthorizationId authorizationId = new OAuth2AuthorizationId( Assert.isTrue(!this.authorizations.containsKey(authorization.getId()),
authorization.getRegisteredClientId(), authorization.getPrincipalName()); "The authorization must be unique. Found duplicate identifier: " + authorization.getId());
this.authorizations.put(authorizationId, authorization); this.authorizations.put(authorization.getId(), authorization);
} }
@Override @Override
public void remove(OAuth2Authorization authorization) { public void remove(OAuth2Authorization authorization) {
Assert.notNull(authorization, "authorization cannot be null"); Assert.notNull(authorization, "authorization cannot be null");
OAuth2AuthorizationId authorizationId = new OAuth2AuthorizationId( this.authorizations.remove(authorization.getId(), authorization);
authorization.getRegisteredClientId(), authorization.getPrincipalName()); }
this.authorizations.remove(authorizationId, authorization);
@Nullable
@Override
public OAuth2Authorization findById(String id) {
Assert.hasText(id, "id cannot be empty");
return this.authorizations.get(id);
} }
@Nullable @Nullable
@ -107,33 +110,4 @@ public final class InMemoryOAuth2AuthorizationService implements OAuth2Authoriza
authorization.getToken(OAuth2RefreshToken.class); authorization.getToken(OAuth2RefreshToken.class);
return refreshToken != null && refreshToken.getToken().getTokenValue().equals(token); return refreshToken != null && refreshToken.getToken().getTokenValue().equals(token);
} }
private static class OAuth2AuthorizationId implements Serializable {
private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
private final String registeredClientId;
private final String principalName;
private OAuth2AuthorizationId(String registeredClientId, String principalName) {
this.registeredClientId = registeredClientId;
this.principalName = principalName;
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null || getClass() != obj.getClass()) {
return false;
}
OAuth2AuthorizationId that = (OAuth2AuthorizationId) obj;
return Objects.equals(this.registeredClientId, that.registeredClientId) &&
Objects.equals(this.principalName, that.principalName);
}
@Override
public int hashCode() {
return Objects.hash(this.registeredClientId, this.principalName);
}
}
} }

View File

@ -20,6 +20,7 @@ import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.Objects; import java.util.Objects;
import java.util.UUID;
import java.util.function.Consumer; import java.util.function.Consumer;
import org.springframework.lang.Nullable; import org.springframework.lang.Nullable;
@ -30,6 +31,7 @@ import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.core.OAuth2RefreshToken2; import org.springframework.security.oauth2.core.OAuth2RefreshToken2;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
/** /**
* A representation of an OAuth 2.0 Authorization, which holds state related to the authorization granted * A representation of an OAuth 2.0 Authorization, which holds state related to the authorization granted
@ -55,6 +57,7 @@ public class OAuth2Authorization implements Serializable {
public static final String AUTHORIZED_SCOPE_ATTRIBUTE_NAME = public static final String AUTHORIZED_SCOPE_ATTRIBUTE_NAME =
OAuth2Authorization.class.getName().concat(".AUTHORIZED_SCOPE"); OAuth2Authorization.class.getName().concat(".AUTHORIZED_SCOPE");
private String id;
private String registeredClientId; private String registeredClientId;
private String principalName; private String principalName;
private AuthorizationGrantType authorizationGrantType; private AuthorizationGrantType authorizationGrantType;
@ -64,6 +67,15 @@ public class OAuth2Authorization implements Serializable {
protected OAuth2Authorization() { protected OAuth2Authorization() {
} }
/**
* Returns the identifier for the authorization.
*
* @return the identifier for the authorization
*/
public String getId() {
return this.id;
}
/** /**
* Returns the identifier for the {@link RegisteredClient#getId() registered client}. * Returns the identifier for the {@link RegisteredClient#getId() registered client}.
* *
@ -175,7 +187,8 @@ public class OAuth2Authorization implements Serializable {
return false; return false;
} }
OAuth2Authorization that = (OAuth2Authorization) obj; OAuth2Authorization that = (OAuth2Authorization) obj;
return Objects.equals(this.registeredClientId, that.registeredClientId) && return Objects.equals(this.id, that.id) &&
Objects.equals(this.registeredClientId, that.registeredClientId) &&
Objects.equals(this.principalName, that.principalName) && Objects.equals(this.principalName, that.principalName) &&
Objects.equals(this.authorizationGrantType, that.authorizationGrantType) && Objects.equals(this.authorizationGrantType, that.authorizationGrantType) &&
Objects.equals(this.tokens, that.tokens) && Objects.equals(this.tokens, that.tokens) &&
@ -184,7 +197,7 @@ public class OAuth2Authorization implements Serializable {
@Override @Override
public int hashCode() { public int hashCode() {
return Objects.hash(this.registeredClientId, this.principalName, return Objects.hash(this.id, this.registeredClientId, this.principalName,
this.authorizationGrantType, this.tokens, this.attributes); this.authorizationGrantType, this.tokens, this.attributes);
} }
@ -208,6 +221,7 @@ public class OAuth2Authorization implements Serializable {
public static Builder from(OAuth2Authorization authorization) { public static Builder from(OAuth2Authorization authorization) {
Assert.notNull(authorization, "authorization cannot be null"); Assert.notNull(authorization, "authorization cannot be null");
return new Builder(authorization.getRegisteredClientId()) return new Builder(authorization.getRegisteredClientId())
.id(authorization.getId())
.principalName(authorization.getPrincipalName()) .principalName(authorization.getPrincipalName())
.authorizationGrantType(authorization.getAuthorizationGrantType()) .authorizationGrantType(authorization.getAuthorizationGrantType())
.tokens(authorization.tokens) .tokens(authorization.tokens)
@ -328,6 +342,7 @@ public class OAuth2Authorization implements Serializable {
*/ */
public static class Builder implements Serializable { public static class Builder implements Serializable {
private static final long serialVersionUID = Version.SERIAL_VERSION_UID; private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
private String id;
private final String registeredClientId; private final String registeredClientId;
private String principalName; private String principalName;
private AuthorizationGrantType authorizationGrantType; private AuthorizationGrantType authorizationGrantType;
@ -338,6 +353,17 @@ public class OAuth2Authorization implements Serializable {
this.registeredClientId = registeredClientId; this.registeredClientId = registeredClientId;
} }
/**
* Sets the identifier for the authorization.
*
* @param id the identifier for the authorization
* @return the {@link Builder}
*/
public Builder id(String id) {
this.id = id;
return this;
}
/** /**
* Sets the {@code Principal} name of the resource owner (or client). * Sets the {@code Principal} name of the resource owner (or client).
* *
@ -458,6 +484,10 @@ public class OAuth2Authorization implements Serializable {
Assert.notNull(this.authorizationGrantType, "authorizationGrantType cannot be null"); Assert.notNull(this.authorizationGrantType, "authorizationGrantType cannot be null");
OAuth2Authorization authorization = new OAuth2Authorization(); OAuth2Authorization authorization = new OAuth2Authorization();
if (!StringUtils.hasText(this.id)) {
this.id = UUID.randomUUID().toString();
}
authorization.id = this.id;
authorization.registeredClientId = this.registeredClientId; authorization.registeredClientId = this.registeredClientId;
authorization.principalName = this.principalName; authorization.principalName = this.principalName;
authorization.authorizationGrantType = this.authorizationGrantType; authorization.authorizationGrantType = this.authorizationGrantType;

View File

@ -43,6 +43,16 @@ public interface OAuth2AuthorizationService {
*/ */
void remove(OAuth2Authorization authorization); void remove(OAuth2Authorization authorization);
/**
* Returns the {@link OAuth2Authorization} identified by the provided {@code id},
* or {@code null} if not found.
*
* @param id the authorization identifier
* @return the {@link OAuth2Authorization} if found, otherwise {@code null}
*/
@Nullable
OAuth2Authorization findById(String id);
/** /**
* Returns the {@link OAuth2Authorization} containing the provided {@code token}, * Returns the {@link OAuth2Authorization} containing the provided {@code token},
* or {@code null} if not found. * or {@code null} if not found.

View File

@ -40,6 +40,7 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
* @author Joe Grandja * @author Joe Grandja
*/ */
public class InMemoryOAuth2AuthorizationServiceTests { public class InMemoryOAuth2AuthorizationServiceTests {
private static final String ID = "id";
private static final RegisteredClient REGISTERED_CLIENT = TestRegisteredClients.registeredClient().build(); private static final RegisteredClient REGISTERED_CLIENT = TestRegisteredClients.registeredClient().build();
private static final String PRINCIPAL_NAME = "principal"; private static final String PRINCIPAL_NAME = "principal";
private static final AuthorizationGrantType AUTHORIZATION_GRANT_TYPE = AuthorizationGrantType.AUTHORIZATION_CODE; private static final AuthorizationGrantType AUTHORIZATION_GRANT_TYPE = AuthorizationGrantType.AUTHORIZATION_CODE;
@ -64,6 +65,7 @@ public class InMemoryOAuth2AuthorizationServiceTests {
@Test @Test
public void saveWhenAuthorizationProvidedThenSaved() { public void saveWhenAuthorizationProvidedThenSaved() {
OAuth2Authorization expectedAuthorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT) OAuth2Authorization expectedAuthorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT)
.id(ID)
.principalName(PRINCIPAL_NAME) .principalName(PRINCIPAL_NAME)
.authorizationGrantType(AUTHORIZATION_GRANT_TYPE) .authorizationGrantType(AUTHORIZATION_GRANT_TYPE)
.token(AUTHORIZATION_CODE) .token(AUTHORIZATION_CODE)
@ -75,6 +77,25 @@ public class InMemoryOAuth2AuthorizationServiceTests {
assertThat(authorization).isEqualTo(expectedAuthorization); assertThat(authorization).isEqualTo(expectedAuthorization);
} }
@Test
public void saveWhenAuthorizationNotUniqueThenThrowIllegalArgumentException() {
OAuth2Authorization expectedAuthorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT)
.id(ID)
.principalName(PRINCIPAL_NAME)
.authorizationGrantType(AUTHORIZATION_GRANT_TYPE)
.token(AUTHORIZATION_CODE)
.build();
this.authorizationService.save(expectedAuthorization);
OAuth2Authorization authorization = this.authorizationService.findById(
expectedAuthorization.getId());
assertThat(authorization).isEqualTo(expectedAuthorization);
assertThatThrownBy(() -> this.authorizationService.save(authorization))
.isInstanceOf(IllegalArgumentException.class)
.hasMessage("The authorization must be unique. Found duplicate identifier: " + ID);
}
@Test @Test
public void removeWhenAuthorizationNullThenThrowIllegalArgumentException() { public void removeWhenAuthorizationNullThenThrowIllegalArgumentException() {
assertThatThrownBy(() -> this.authorizationService.remove(null)) assertThatThrownBy(() -> this.authorizationService.remove(null))
@ -85,6 +106,7 @@ public class InMemoryOAuth2AuthorizationServiceTests {
@Test @Test
public void removeWhenAuthorizationProvidedThenRemoved() { public void removeWhenAuthorizationProvidedThenRemoved() {
OAuth2Authorization expectedAuthorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT) OAuth2Authorization expectedAuthorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT)
.id(ID)
.principalName(PRINCIPAL_NAME) .principalName(PRINCIPAL_NAME)
.authorizationGrantType(AUTHORIZATION_GRANT_TYPE) .authorizationGrantType(AUTHORIZATION_GRANT_TYPE)
.token(AUTHORIZATION_CODE) .token(AUTHORIZATION_CODE)
@ -101,6 +123,13 @@ public class InMemoryOAuth2AuthorizationServiceTests {
assertThat(authorization).isNull(); assertThat(authorization).isNull();
} }
@Test
public void findByIdWhenIdNullThenThrowIllegalArgumentException() {
assertThatThrownBy(() -> this.authorizationService.findById(null))
.isInstanceOf(IllegalArgumentException.class)
.hasMessage("id cannot be empty");
}
@Test @Test
public void findByTokenWhenTokenNullThenThrowIllegalArgumentException() { public void findByTokenWhenTokenNullThenThrowIllegalArgumentException() {
assertThatThrownBy(() -> this.authorizationService.findByToken(null, AUTHORIZATION_CODE_TOKEN_TYPE)) assertThatThrownBy(() -> this.authorizationService.findByToken(null, AUTHORIZATION_CODE_TOKEN_TYPE))
@ -112,6 +141,7 @@ public class InMemoryOAuth2AuthorizationServiceTests {
public void findByTokenWhenStateExistsThenFound() { public void findByTokenWhenStateExistsThenFound() {
String state = "state"; String state = "state";
OAuth2Authorization authorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT) OAuth2Authorization authorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT)
.id(ID)
.principalName(PRINCIPAL_NAME) .principalName(PRINCIPAL_NAME)
.authorizationGrantType(AUTHORIZATION_GRANT_TYPE) .authorizationGrantType(AUTHORIZATION_GRANT_TYPE)
.attribute(OAuth2ParameterNames.STATE, state) .attribute(OAuth2ParameterNames.STATE, state)
@ -128,6 +158,7 @@ public class InMemoryOAuth2AuthorizationServiceTests {
@Test @Test
public void findByTokenWhenAuthorizationCodeExistsThenFound() { public void findByTokenWhenAuthorizationCodeExistsThenFound() {
OAuth2Authorization authorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT) OAuth2Authorization authorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT)
.id(ID)
.principalName(PRINCIPAL_NAME) .principalName(PRINCIPAL_NAME)
.authorizationGrantType(AUTHORIZATION_GRANT_TYPE) .authorizationGrantType(AUTHORIZATION_GRANT_TYPE)
.token(AUTHORIZATION_CODE) .token(AUTHORIZATION_CODE)
@ -146,6 +177,7 @@ public class InMemoryOAuth2AuthorizationServiceTests {
OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
"access-token", Instant.now().minusSeconds(60), Instant.now()); "access-token", Instant.now().minusSeconds(60), Instant.now());
OAuth2Authorization authorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT) OAuth2Authorization authorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT)
.id(ID)
.principalName(PRINCIPAL_NAME) .principalName(PRINCIPAL_NAME)
.authorizationGrantType(AUTHORIZATION_GRANT_TYPE) .authorizationGrantType(AUTHORIZATION_GRANT_TYPE)
.token(AUTHORIZATION_CODE) .token(AUTHORIZATION_CODE)
@ -164,6 +196,7 @@ public class InMemoryOAuth2AuthorizationServiceTests {
public void findByTokenWhenRefreshTokenExistsThenFound() { public void findByTokenWhenRefreshTokenExistsThenFound() {
OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", Instant.now()); OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", Instant.now());
OAuth2Authorization authorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT) OAuth2Authorization authorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT)
.id(ID)
.principalName(PRINCIPAL_NAME) .principalName(PRINCIPAL_NAME)
.authorizationGrantType(AUTHORIZATION_GRANT_TYPE) .authorizationGrantType(AUTHORIZATION_GRANT_TYPE)
.refreshToken(refreshToken) .refreshToken(refreshToken)

View File

@ -37,6 +37,7 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
* @author Joe Grandja * @author Joe Grandja
*/ */
public class OAuth2AuthorizationTests { public class OAuth2AuthorizationTests {
private static final String ID = "id";
private static final RegisteredClient REGISTERED_CLIENT = TestRegisteredClients.registeredClient().build(); private static final RegisteredClient REGISTERED_CLIENT = TestRegisteredClients.registeredClient().build();
private static final String PRINCIPAL_NAME = "principal"; private static final String PRINCIPAL_NAME = "principal";
private static final AuthorizationGrantType AUTHORIZATION_GRANT_TYPE = AuthorizationGrantType.AUTHORIZATION_CODE; private static final AuthorizationGrantType AUTHORIZATION_GRANT_TYPE = AuthorizationGrantType.AUTHORIZATION_CODE;
@ -63,6 +64,7 @@ public class OAuth2AuthorizationTests {
@Test @Test
public void fromWhenAuthorizationProvidedThenCopied() { public void fromWhenAuthorizationProvidedThenCopied() {
OAuth2Authorization authorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT) OAuth2Authorization authorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT)
.id(ID)
.principalName(PRINCIPAL_NAME) .principalName(PRINCIPAL_NAME)
.authorizationGrantType(AUTHORIZATION_GRANT_TYPE) .authorizationGrantType(AUTHORIZATION_GRANT_TYPE)
.token(AUTHORIZATION_CODE) .token(AUTHORIZATION_CODE)
@ -70,6 +72,7 @@ public class OAuth2AuthorizationTests {
.build(); .build();
OAuth2Authorization authorizationResult = OAuth2Authorization.from(authorization).build(); OAuth2Authorization authorizationResult = OAuth2Authorization.from(authorization).build();
assertThat(authorizationResult.getId()).isEqualTo(authorization.getId());
assertThat(authorizationResult.getRegisteredClientId()).isEqualTo(authorization.getRegisteredClientId()); assertThat(authorizationResult.getRegisteredClientId()).isEqualTo(authorization.getRegisteredClientId());
assertThat(authorizationResult.getPrincipalName()).isEqualTo(authorization.getPrincipalName()); assertThat(authorizationResult.getPrincipalName()).isEqualTo(authorization.getPrincipalName());
assertThat(authorizationResult.getAuthorizationGrantType()).isEqualTo(authorization.getAuthorizationGrantType()); assertThat(authorizationResult.getAuthorizationGrantType()).isEqualTo(authorization.getAuthorizationGrantType());
@ -114,6 +117,7 @@ public class OAuth2AuthorizationTests {
@Test @Test
public void buildWhenAllAttributesAreProvidedThenAllAttributesAreSet() { public void buildWhenAllAttributesAreProvidedThenAllAttributesAreSet() {
OAuth2Authorization authorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT) OAuth2Authorization authorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT)
.id(ID)
.principalName(PRINCIPAL_NAME) .principalName(PRINCIPAL_NAME)
.authorizationGrantType(AUTHORIZATION_GRANT_TYPE) .authorizationGrantType(AUTHORIZATION_GRANT_TYPE)
.token(AUTHORIZATION_CODE) .token(AUTHORIZATION_CODE)
@ -121,6 +125,7 @@ public class OAuth2AuthorizationTests {
.refreshToken(REFRESH_TOKEN) .refreshToken(REFRESH_TOKEN)
.build(); .build();
assertThat(authorization.getId()).isEqualTo(ID);
assertThat(authorization.getRegisteredClientId()).isEqualTo(REGISTERED_CLIENT.getId()); assertThat(authorization.getRegisteredClientId()).isEqualTo(REGISTERED_CLIENT.getId());
assertThat(authorization.getPrincipalName()).isEqualTo(PRINCIPAL_NAME); assertThat(authorization.getPrincipalName()).isEqualTo(PRINCIPAL_NAME);
assertThat(authorization.getAuthorizationGrantType()).isEqualTo(AUTHORIZATION_GRANT_TYPE); assertThat(authorization.getAuthorizationGrantType()).isEqualTo(AUTHORIZATION_GRANT_TYPE);

View File

@ -63,6 +63,7 @@ public class TestOAuth2Authorizations {
.state("state") .state("state")
.build(); .build();
return OAuth2Authorization.withRegisteredClient(registeredClient) return OAuth2Authorization.withRegisteredClient(registeredClient)
.id("id")
.principalName("principal") .principalName("principal")
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.token(authorizationCode) .token(authorizationCode)