Add OAuth2AuthorizationServerConfigurer.getEndpointMatchers()

Closes gh-97
This commit is contained in:
Joe Grandja 2020-08-19 06:24:10 -04:00
parent 847814b322
commit 909aeace29
2 changed files with 29 additions and 9 deletions

View File

@ -20,6 +20,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer; import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer;
import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter; import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher;
import static org.springframework.security.config.Customizer.withDefaults; import static org.springframework.security.config.Customizer.withDefaults;
@ -35,14 +36,18 @@ public class OAuth2AuthorizationServerSecurity extends WebSecurityConfigurerAdap
// @formatter:off // @formatter:off
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
OAuth2AuthorizationServerConfigurer<HttpSecurity> authorizationServerConfigurer =
new OAuth2AuthorizationServerConfigurer<>();
http http
.requestMatcher(new OrRequestMatcher(authorizationServerConfigurer.getEndpointMatchers()))
.authorizeRequests(authorizeRequests -> .authorizeRequests(authorizeRequests ->
authorizeRequests authorizeRequests
.anyRequest().authenticated() .anyRequest().authenticated()
) )
.formLogin(withDefaults()) .formLogin(withDefaults())
.csrf(csrf -> csrf.ignoringRequestMatchers(tokenEndpointMatcher())) .csrf(csrf -> csrf.ignoringRequestMatchers(tokenEndpointMatcher()))
.apply(new OAuth2AuthorizationServerConfigurer<>()); .apply(authorizationServerConfigurer);
} }
// @formatter:on // @formatter:on

View File

@ -40,9 +40,12 @@ import org.springframework.security.web.access.intercept.FilterSecurityIntercept
import org.springframework.security.web.authentication.HttpStatusEntryPoint; import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter; import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import java.util.Arrays;
import java.util.List;
import java.util.Map; import java.util.Map;
/** /**
@ -60,6 +63,13 @@ import java.util.Map;
public final class OAuth2AuthorizationServerConfigurer<B extends HttpSecurityBuilder<B>> public final class OAuth2AuthorizationServerConfigurer<B extends HttpSecurityBuilder<B>>
extends AbstractHttpConfigurer<OAuth2AuthorizationServerConfigurer<B>, B> { extends AbstractHttpConfigurer<OAuth2AuthorizationServerConfigurer<B>, B> {
private final RequestMatcher authorizationEndpointMatcher = new AntPathRequestMatcher(
OAuth2AuthorizationEndpointFilter.DEFAULT_AUTHORIZATION_ENDPOINT_URI, HttpMethod.GET.name());
private final RequestMatcher tokenEndpointMatcher = new AntPathRequestMatcher(
OAuth2TokenEndpointFilter.DEFAULT_TOKEN_ENDPOINT_URI, HttpMethod.POST.name());
private final RequestMatcher jwkSetEndpointMatcher = new AntPathRequestMatcher(
JwkSetEndpointFilter.DEFAULT_JWK_SET_ENDPOINT_URI, HttpMethod.GET.name());
/** /**
* Sets the repository of registered clients. * Sets the repository of registered clients.
* *
@ -96,6 +106,16 @@ public final class OAuth2AuthorizationServerConfigurer<B extends HttpSecurityBui
return this; return this;
} }
/**
* Returns a {@code List} of {@link RequestMatcher}'s for the authorization server endpoints.
*
* @return a {@code List} of {@link RequestMatcher}'s for the authorization server endpoints
*/
public List<RequestMatcher> getEndpointMatchers() {
return Arrays.asList(this.authorizationEndpointMatcher,
this.tokenEndpointMatcher, this.jwkSetEndpointMatcher);
}
@Override @Override
public void init(B builder) { public void init(B builder) {
OAuth2ClientAuthenticationProvider clientAuthenticationProvider = OAuth2ClientAuthenticationProvider clientAuthenticationProvider =
@ -122,10 +142,7 @@ public final class OAuth2AuthorizationServerConfigurer<B extends HttpSecurityBui
if (exceptionHandling != null) { if (exceptionHandling != null) {
// Register the default AuthenticationEntryPoint for the token endpoint // Register the default AuthenticationEntryPoint for the token endpoint
exceptionHandling.defaultAuthenticationEntryPointFor( exceptionHandling.defaultAuthenticationEntryPointFor(
new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED), new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED), this.tokenEndpointMatcher);
new AntPathRequestMatcher(
OAuth2TokenEndpointFilter.DEFAULT_TOKEN_ENDPOINT_URI,
HttpMethod.POST.name()));
} }
} }
@ -136,10 +153,8 @@ public final class OAuth2AuthorizationServerConfigurer<B extends HttpSecurityBui
AuthenticationManager authenticationManager = builder.getSharedObject(AuthenticationManager.class); AuthenticationManager authenticationManager = builder.getSharedObject(AuthenticationManager.class);
OAuth2ClientAuthenticationFilter clientAuthenticationFilter = OAuth2ClientAuthenticationFilter clientAuthenticationFilter = new OAuth2ClientAuthenticationFilter(
new OAuth2ClientAuthenticationFilter( authenticationManager, this.tokenEndpointMatcher);
authenticationManager,
new AntPathRequestMatcher(OAuth2TokenEndpointFilter.DEFAULT_TOKEN_ENDPOINT_URI, HttpMethod.POST.name()));
builder.addFilterAfter(postProcess(clientAuthenticationFilter), AbstractPreAuthenticatedProcessingFilter.class); builder.addFilterAfter(postProcess(clientAuthenticationFilter), AbstractPreAuthenticatedProcessingFilter.class);
OAuth2AuthorizationEndpointFilter authorizationEndpointFilter = OAuth2AuthorizationEndpointFilter authorizationEndpointFilter =