Add OAuth2AuthorizationServerConfigurer.getEndpointMatchers()
Closes gh-97
This commit is contained in:
Joe Grandja
parent
847814b322
commit
909aeace29
@ -20,6 +20,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|||||||
import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer;
|
import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer;
|
||||||
import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter;
|
import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter;
|
||||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||||
|
import org.springframework.security.web.util.matcher.OrRequestMatcher;
|
||||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||||
|
|
||||||
import static org.springframework.security.config.Customizer.withDefaults;
|
import static org.springframework.security.config.Customizer.withDefaults;
|
||||||
@ -35,14 +36,18 @@ public class OAuth2AuthorizationServerSecurity extends WebSecurityConfigurerAdap
|
|||||||
// @formatter:off
|
// @formatter:off
|
||||||
@Override
|
@Override
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
|
OAuth2AuthorizationServerConfigurer<HttpSecurity> authorizationServerConfigurer =
|
||||||
|
new OAuth2AuthorizationServerConfigurer<>();
|
||||||
|
|
||||||
http
|
http
|
||||||
|
.requestMatcher(new OrRequestMatcher(authorizationServerConfigurer.getEndpointMatchers()))
|
||||||
.authorizeRequests(authorizeRequests ->
|
.authorizeRequests(authorizeRequests ->
|
||||||
authorizeRequests
|
authorizeRequests
|
||||||
.anyRequest().authenticated()
|
.anyRequest().authenticated()
|
||||||
)
|
)
|
||||||
.formLogin(withDefaults())
|
.formLogin(withDefaults())
|
||||||
.csrf(csrf -> csrf.ignoringRequestMatchers(tokenEndpointMatcher()))
|
.csrf(csrf -> csrf.ignoringRequestMatchers(tokenEndpointMatcher()))
|
||||||
.apply(new OAuth2AuthorizationServerConfigurer<>());
|
.apply(authorizationServerConfigurer);
|
||||||
}
|
}
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
|
|
||||||
|
|||||||
@ -40,9 +40,12 @@ import org.springframework.security.web.access.intercept.FilterSecurityIntercept
|
|||||||
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
|
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
|
||||||
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
|
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
|
||||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||||
|
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
import org.springframework.util.StringUtils;
|
import org.springframework.util.StringUtils;
|
||||||
|
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -60,6 +63,13 @@ import java.util.Map;
|
|||||||
public final class OAuth2AuthorizationServerConfigurer<B extends HttpSecurityBuilder<B>>
|
public final class OAuth2AuthorizationServerConfigurer<B extends HttpSecurityBuilder<B>>
|
||||||
extends AbstractHttpConfigurer<OAuth2AuthorizationServerConfigurer<B>, B> {
|
extends AbstractHttpConfigurer<OAuth2AuthorizationServerConfigurer<B>, B> {
|
||||||
|
|
||||||
|
private final RequestMatcher authorizationEndpointMatcher = new AntPathRequestMatcher(
|
||||||
|
OAuth2AuthorizationEndpointFilter.DEFAULT_AUTHORIZATION_ENDPOINT_URI, HttpMethod.GET.name());
|
||||||
|
private final RequestMatcher tokenEndpointMatcher = new AntPathRequestMatcher(
|
||||||
|
OAuth2TokenEndpointFilter.DEFAULT_TOKEN_ENDPOINT_URI, HttpMethod.POST.name());
|
||||||
|
private final RequestMatcher jwkSetEndpointMatcher = new AntPathRequestMatcher(
|
||||||
|
JwkSetEndpointFilter.DEFAULT_JWK_SET_ENDPOINT_URI, HttpMethod.GET.name());
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sets the repository of registered clients.
|
* Sets the repository of registered clients.
|
||||||
*
|
*
|
||||||
@ -96,6 +106,16 @@ public final class OAuth2AuthorizationServerConfigurer<B extends HttpSecurityBui
|
|||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns a {@code List} of {@link RequestMatcher}'s for the authorization server endpoints.
|
||||||
|
*
|
||||||
|
* @return a {@code List} of {@link RequestMatcher}'s for the authorization server endpoints
|
||||||
|
*/
|
||||||
|
public List<RequestMatcher> getEndpointMatchers() {
|
||||||
|
return Arrays.asList(this.authorizationEndpointMatcher,
|
||||||
|
this.tokenEndpointMatcher, this.jwkSetEndpointMatcher);
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void init(B builder) {
|
public void init(B builder) {
|
||||||
OAuth2ClientAuthenticationProvider clientAuthenticationProvider =
|
OAuth2ClientAuthenticationProvider clientAuthenticationProvider =
|
||||||
@ -122,10 +142,7 @@ public final class OAuth2AuthorizationServerConfigurer<B extends HttpSecurityBui
|
|||||||
if (exceptionHandling != null) {
|
if (exceptionHandling != null) {
|
||||||
// Register the default AuthenticationEntryPoint for the token endpoint
|
// Register the default AuthenticationEntryPoint for the token endpoint
|
||||||
exceptionHandling.defaultAuthenticationEntryPointFor(
|
exceptionHandling.defaultAuthenticationEntryPointFor(
|
||||||
new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED),
|
new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED), this.tokenEndpointMatcher);
|
||||||
new AntPathRequestMatcher(
|
|
||||||
OAuth2TokenEndpointFilter.DEFAULT_TOKEN_ENDPOINT_URI,
|
|
||||||
HttpMethod.POST.name()));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -136,10 +153,8 @@ public final class OAuth2AuthorizationServerConfigurer<B extends HttpSecurityBui
|
|||||||
|
|
||||||
AuthenticationManager authenticationManager = builder.getSharedObject(AuthenticationManager.class);
|
AuthenticationManager authenticationManager = builder.getSharedObject(AuthenticationManager.class);
|
||||||
|
|
||||||
OAuth2ClientAuthenticationFilter clientAuthenticationFilter =
|
OAuth2ClientAuthenticationFilter clientAuthenticationFilter = new OAuth2ClientAuthenticationFilter(
|
||||||
new OAuth2ClientAuthenticationFilter(
|
authenticationManager, this.tokenEndpointMatcher);
|
||||||
authenticationManager,
|
|
||||||
new AntPathRequestMatcher(OAuth2TokenEndpointFilter.DEFAULT_TOKEN_ENDPOINT_URI, HttpMethod.POST.name()));
|
|
||||||
builder.addFilterAfter(postProcess(clientAuthenticationFilter), AbstractPreAuthenticatedProcessingFilter.class);
|
builder.addFilterAfter(postProcess(clientAuthenticationFilter), AbstractPreAuthenticatedProcessingFilter.class);
|
||||||
|
|
||||||
OAuth2AuthorizationEndpointFilter authorizationEndpointFilter =
|
OAuth2AuthorizationEndpointFilter authorizationEndpointFilter =
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user