Align modules with Spring Security

Closes gh-95
This commit is contained in:
Joe Grandja 2020-07-22 05:06:09 -04:00
parent ea828fb2bf
commit 6d9d400f4f
49 changed files with 52 additions and 41 deletions

View File

@ -4,12 +4,15 @@ dependencies {
compile 'org.springframework.security:spring-security-core'
compile 'org.springframework.security:spring-security-config'
compile springCoreDependency
compile project(':spring-authorization-server-core')
optional project(':spring-security-oauth2-authorization-server')
optional project(path: ':spring-security-oauth2-authorization-server', configuration: 'tests')
testCompile 'org.springframework.security:spring-security-test'
testCompile 'junit:junit'
testCompile 'org.assertj:assertj-core'
testCompile 'org.mockito:mockito-core'
testCompile 'com.jayway.jsonpath:json-path'
provided 'javax.servlet:javax.servlet-api'
}

View File

@ -13,7 +13,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.annotation.web.configuration.oauth2.server.authorization;
package org.springframework.security.config.annotation.web.configuration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

View File

@ -13,10 +13,9 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.annotation.web.configuration.oauth2.server.authorization;
package org.springframework.security.config.annotation.web.configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer;
import static org.springframework.security.config.Customizer.withDefaults;

View File

@ -13,7 +13,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.oauth2.server.authorization.web;
package org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization;
import org.junit.Before;
import org.junit.BeforeClass;
@ -24,7 +24,7 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpHeaders;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.oauth2.server.authorization.OAuth2AuthorizationServerConfiguration;
import org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
import org.springframework.security.config.test.SpringTestRule;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType;
@ -37,8 +37,11 @@ import org.springframework.security.oauth2.server.authorization.TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
import org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter;
import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.MvcResult;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
@ -59,7 +62,6 @@ import static org.mockito.Mockito.when;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@ -98,7 +100,7 @@ public class OAuth2AuthorizationCodeGrantTests {
when(registeredClientRepository.findByClientId(eq(registeredClient.getClientId())))
.thenReturn(registeredClient);
MvcResult mvcResult = this.mvc.perform(get(OAuth2AuthorizationEndpointFilter.DEFAULT_AUTHORIZATION_ENDPOINT_URI)
MvcResult mvcResult = this.mvc.perform(MockMvcRequestBuilders.get(OAuth2AuthorizationEndpointFilter.DEFAULT_AUTHORIZATION_ENDPOINT_URI)
.params(getAuthorizationRequestParameters(registeredClient)))
.andExpect(status().is3xxRedirection())
.andReturn();
@ -141,7 +143,7 @@ public class OAuth2AuthorizationCodeGrantTests {
eq(TokenType.AUTHORIZATION_CODE)))
.thenReturn(authorization);
this.mvc.perform(post(OAuth2TokenEndpointFilter.DEFAULT_TOKEN_ENDPOINT_URI)
this.mvc.perform(MockMvcRequestBuilders.post(OAuth2TokenEndpointFilter.DEFAULT_TOKEN_ENDPOINT_URI)
.params(getTokenRequestParameters(registeredClient, authorization))
.header(HttpHeaders.AUTHORIZATION, "Basic " + encodeBasicAuth(
registeredClient.getClientId(), registeredClient.getClientSecret()))

View File

@ -13,7 +13,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.oauth2.server.authorization.web;
package org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization;
import org.junit.Before;
import org.junit.BeforeClass;
@ -24,7 +24,7 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpHeaders;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.oauth2.server.authorization.OAuth2AuthorizationServerConfiguration;
import org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
import org.springframework.security.config.test.SpringTestRule;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
@ -32,7 +32,9 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
@ -81,7 +83,7 @@ public class OAuth2ClientCredentialsGrantTests {
public void requestWhenTokenRequestNotAuthenticatedThenUnauthorized() throws Exception {
this.spring.register(AuthorizationServerConfiguration.class).autowire();
this.mvc.perform(post(OAuth2TokenEndpointFilter.DEFAULT_TOKEN_ENDPOINT_URI)
this.mvc.perform(MockMvcRequestBuilders.post(OAuth2TokenEndpointFilter.DEFAULT_TOKEN_ENDPOINT_URI)
.param(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.CLIENT_CREDENTIALS.getValue())
.with(csrf()))
.andExpect(status().isUnauthorized());

View File

@ -0,0 +1,14 @@
apply plugin: 'io.spring.convention.spring-module'
dependencies {
compile 'org.springframework.security:spring-security-core'
compile springCoreDependency
testCompile 'junit:junit'
testCompile 'org.assertj:assertj-core'
testCompile 'org.mockito:mockito-core'
}
jacoco {
toolVersion = '0.8.5'
}

View File

@ -13,7 +13,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.oauth2.server.authorization;
package org.springframework.security.core;
/**
* Internal class used for serialization across Spring Security Authorization Server classes.
@ -21,7 +21,7 @@ package org.springframework.security.oauth2.server.authorization;
* @author Anoop Garlapati
* @since 0.0.1
*/
public final class Version {
public final class SpringSecurityCoreVersion2 {
private static final int MAJOR = 0;
private static final int MINOR = 0;
private static final int PATCH = 1;

View File

@ -1,27 +1,17 @@
apply plugin: 'io.spring.convention.spring-module'
dependencies {
compile project(':spring-security-core2')
compile 'org.springframework.security:spring-security-core'
compile 'org.springframework.security:spring-security-web'
compile 'org.springframework.security:spring-security-oauth2-core'
compile springCoreDependency
compile 'com.nimbusds:oauth2-oidc-sdk'
compile 'com.fasterxml.jackson.core:jackson-databind'
optional 'com.nimbusds:nimbus-jose-jwt'
optional 'org.springframework.security:spring-security-oauth2-jose'
testCompile project(path: ':spring-authorization-server-config', configuration: 'tests')
testCompile 'org.springframework:spring-webmvc'
testCompile 'junit:junit'
testCompile 'org.assertj:assertj-core'
testCompile 'org.mockito:mockito-core'
testCompile 'com.squareup.okhttp3:mockwebserver'
testCompile 'com.jayway.jsonpath:json-path'
provided 'javax.servlet:javax.servlet-api'
}
jacoco {
toolVersion = '0.8.5'
}

View File

@ -15,6 +15,7 @@
*/
package org.springframework.security.oauth2.server.authorization;
import org.springframework.security.core.SpringSecurityCoreVersion2;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.util.Assert;
@ -38,7 +39,7 @@ import java.util.function.Consumer;
* @see OAuth2AccessToken
*/
public class OAuth2Authorization implements Serializable {
private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
private static final long serialVersionUID = SpringSecurityCoreVersion2.SERIAL_VERSION_UID;
private String registeredClientId;
private String principalName;
private OAuth2AccessToken accessToken;
@ -145,7 +146,7 @@ public class OAuth2Authorization implements Serializable {
* A builder for {@link OAuth2Authorization}.
*/
public static class Builder implements Serializable {
private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
private static final long serialVersionUID = SpringSecurityCoreVersion2.SERIAL_VERSION_UID;
private String registeredClientId;
private String principalName;
private OAuth2AccessToken accessToken;

View File

@ -15,7 +15,7 @@
*/
package org.springframework.security.oauth2.server.authorization;
import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.security.core.SpringSecurityCoreVersion2;
import org.springframework.util.Assert;
import java.io.Serializable;
@ -24,7 +24,7 @@ import java.io.Serializable;
* @author Joe Grandja
*/
public final class TokenType implements Serializable {
private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
private static final long serialVersionUID = SpringSecurityCoreVersion2.SERIAL_VERSION_UID;
public static final TokenType ACCESS_TOKEN = new TokenType("access_token");
public static final TokenType AUTHORIZATION_CODE = new TokenType("authorization_code");
private final String value;

View File

@ -17,8 +17,8 @@ package org.springframework.security.oauth2.server.authorization.authentication;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.SpringSecurityCoreVersion2;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.server.authorization.Version;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.util.Assert;
@ -37,7 +37,7 @@ import java.util.Collections;
* @see OAuth2ClientAuthenticationToken
*/
public class OAuth2AccessTokenAuthenticationToken extends AbstractAuthenticationToken {
private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
private static final long serialVersionUID = SpringSecurityCoreVersion2.SERIAL_VERSION_UID;
private final RegisteredClient registeredClient;
private final Authentication clientPrincipal;
private final OAuth2AccessToken accessToken;

View File

@ -18,7 +18,7 @@ package org.springframework.security.oauth2.server.authorization.authentication;
import org.springframework.lang.Nullable;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.server.authorization.Version;
import org.springframework.security.core.SpringSecurityCoreVersion2;
import org.springframework.util.Assert;
import java.util.Collections;
@ -34,7 +34,7 @@ import java.util.Collections;
* @see OAuth2ClientAuthenticationToken
*/
public class OAuth2AuthorizationCodeAuthenticationToken extends AbstractAuthenticationToken {
private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
private static final long serialVersionUID = SpringSecurityCoreVersion2.SERIAL_VERSION_UID;
private String code;
private Authentication clientPrincipal;
private String clientId;

View File

@ -18,7 +18,7 @@ package org.springframework.security.oauth2.server.authorization.authentication;
import org.springframework.lang.Nullable;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.server.authorization.Version;
import org.springframework.security.core.SpringSecurityCoreVersion2;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.util.Assert;
@ -35,7 +35,7 @@ import java.util.Collections;
* @see OAuth2ClientAuthenticationProvider
*/
public class OAuth2ClientAuthenticationToken extends AbstractAuthenticationToken {
private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
private static final long serialVersionUID = SpringSecurityCoreVersion2.SERIAL_VERSION_UID;
private String clientId;
private String clientSecret;
private RegisteredClient registeredClient;

View File

@ -17,7 +17,7 @@ package org.springframework.security.oauth2.server.authorization.authentication;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.server.authorization.Version;
import org.springframework.security.core.SpringSecurityCoreVersion2;
import org.springframework.util.Assert;
import java.util.Collections;
@ -34,7 +34,7 @@ import java.util.Set;
* @see OAuth2ClientAuthenticationToken
*/
public class OAuth2ClientCredentialsAuthenticationToken extends AbstractAuthenticationToken {
private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
private static final long serialVersionUID = SpringSecurityCoreVersion2.SERIAL_VERSION_UID;
private final Authentication clientPrincipal;
private final Set<String> scopes;

View File

@ -15,9 +15,9 @@
*/
package org.springframework.security.oauth2.server.authorization.client;
import org.springframework.security.core.SpringSecurityCoreVersion2;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.server.authorization.Version;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
@ -38,7 +38,7 @@ import java.util.function.Consumer;
* @since 0.0.1
*/
public class RegisteredClient implements Serializable {
private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
private static final long serialVersionUID = SpringSecurityCoreVersion2.SERIAL_VERSION_UID;
private String id;
private String clientId;
private String clientSecret;
@ -152,7 +152,7 @@ public class RegisteredClient implements Serializable {
* A builder for {@link RegisteredClient}.
*/
public static class Builder implements Serializable {
private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
private static final long serialVersionUID = SpringSecurityCoreVersion2.SERIAL_VERSION_UID;
private String id;
private String clientId;
private String clientSecret;

View File

@ -3,8 +3,8 @@ apply plugin: 'io.spring.convention.spring-sample-boot'
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation project(':spring-security-oauth2-authorization-server')
implementation 'com.nimbusds:oauth2-oidc-sdk'
implementation project(':spring-authorization-server-core')
testImplementation('org.springframework.boot:spring-boot-starter-test') {
exclude group: 'org.junit.vintage', module: 'junit-vintage-engine'