Use OAuth2ParameterNames.TOKEN
Issue gh-83
This commit is contained in:
Joe Grandja
parent
df8793c902
commit
ebcdf7989d
@ -26,6 +26,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
|
||||
import org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter;
|
||||
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationProvider;
|
||||
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken;
|
||||
@ -53,9 +54,6 @@ import java.io.IOException;
|
||||
* @since 0.0.3
|
||||
*/
|
||||
public class OAuth2TokenRevocationEndpointFilter extends OncePerRequestFilter {
|
||||
static final String TOKEN_PARAM_NAME = "token";
|
||||
static final String TOKEN_TYPE_HINT_PARAM_NAME = "token_type_hint";
|
||||
|
||||
/**
|
||||
* The default endpoint {@code URI} for token revocation requests.
|
||||
*/
|
||||
@ -133,17 +131,17 @@ public class OAuth2TokenRevocationEndpointFilter extends OncePerRequestFilter {
|
||||
MultiValueMap<String, String> parameters = OAuth2EndpointUtils.getParameters(request);
|
||||
|
||||
// token (REQUIRED)
|
||||
String token = parameters.getFirst(TOKEN_PARAM_NAME);
|
||||
String token = parameters.getFirst(OAuth2ParameterNames.TOKEN);
|
||||
if (!StringUtils.hasText(token) ||
|
||||
parameters.get(TOKEN_PARAM_NAME).size() != 1) {
|
||||
throwError(OAuth2ErrorCodes.INVALID_REQUEST, TOKEN_PARAM_NAME);
|
||||
parameters.get(OAuth2ParameterNames.TOKEN).size() != 1) {
|
||||
throwError(OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ParameterNames.TOKEN);
|
||||
}
|
||||
|
||||
// token_type_hint (OPTIONAL)
|
||||
String tokenTypeHint = parameters.getFirst(TOKEN_TYPE_HINT_PARAM_NAME);
|
||||
String tokenTypeHint = parameters.getFirst(OAuth2ParameterNames.TOKEN_TYPE_HINT);
|
||||
if (StringUtils.hasText(tokenTypeHint) &&
|
||||
parameters.get(TOKEN_TYPE_HINT_PARAM_NAME).size() != 1) {
|
||||
throwError(OAuth2ErrorCodes.INVALID_REQUEST, TOKEN_TYPE_HINT_PARAM_NAME);
|
||||
parameters.get(OAuth2ParameterNames.TOKEN_TYPE_HINT).size() != 1) {
|
||||
throwError(OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ParameterNames.TOKEN_TYPE_HINT);
|
||||
}
|
||||
|
||||
return new OAuth2TokenRevocationAuthenticationToken(token, clientPrincipal, tokenTypeHint);
|
||||
|
||||
@ -32,6 +32,7 @@ import org.springframework.security.crypto.keys.StaticKeyGeneratingKeyManager;
|
||||
import org.springframework.security.oauth2.core.AbstractOAuth2Token;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
|
||||
import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations;
|
||||
@ -152,9 +153,8 @@ public class OAuth2TokenRevocationTests {
|
||||
|
||||
private static MultiValueMap<String, String> getTokenRevocationRequestParameters(AbstractOAuth2Token token, TokenType tokenType) {
|
||||
MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>();
|
||||
// TODO Use OAuth2ParameterNames
|
||||
parameters.set("token", token.getTokenValue());
|
||||
parameters.set("token_type_hint", tokenType.getValue());
|
||||
parameters.set(OAuth2ParameterNames.TOKEN, token.getTokenValue());
|
||||
parameters.set(OAuth2ParameterNames.TOKEN_TYPE_HINT, tokenType.getValue());
|
||||
return parameters;
|
||||
}
|
||||
|
||||
|
||||
@ -30,6 +30,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
|
||||
import org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter;
|
||||
import org.springframework.security.oauth2.server.authorization.TokenType;
|
||||
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
|
||||
@ -53,8 +54,6 @@ import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.verifyNoInteractions;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static org.springframework.security.oauth2.server.authorization.web.OAuth2TokenRevocationEndpointFilter.TOKEN_PARAM_NAME;
|
||||
import static org.springframework.security.oauth2.server.authorization.web.OAuth2TokenRevocationEndpointFilter.TOKEN_TYPE_HINT_PARAM_NAME;
|
||||
|
||||
/**
|
||||
* Tests for {@link OAuth2TokenRevocationEndpointFilter}.
|
||||
@ -122,25 +121,25 @@ public class OAuth2TokenRevocationEndpointFilterTests {
|
||||
@Test
|
||||
public void doFilterWhenTokenRevocationRequestMissingTokenThenInvalidRequestError() throws Exception {
|
||||
doFilterWhenTokenRevocationRequestInvalidParameterThenError(
|
||||
TOKEN_PARAM_NAME,
|
||||
OAuth2ParameterNames.TOKEN,
|
||||
OAuth2ErrorCodes.INVALID_REQUEST,
|
||||
request -> request.removeParameter(TOKEN_PARAM_NAME));
|
||||
request -> request.removeParameter(OAuth2ParameterNames.TOKEN));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void doFilterWhenTokenRevocationRequestMultipleTokenThenInvalidRequestError() throws Exception {
|
||||
doFilterWhenTokenRevocationRequestInvalidParameterThenError(
|
||||
TOKEN_PARAM_NAME,
|
||||
OAuth2ParameterNames.TOKEN,
|
||||
OAuth2ErrorCodes.INVALID_REQUEST,
|
||||
request -> request.addParameter(TOKEN_PARAM_NAME, "token-2"));
|
||||
request -> request.addParameter(OAuth2ParameterNames.TOKEN, "token-2"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void doFilterWhenTokenRevocationRequestMultipleTokenTypeHintThenInvalidRequestError() throws Exception {
|
||||
doFilterWhenTokenRevocationRequestInvalidParameterThenError(
|
||||
TOKEN_TYPE_HINT_PARAM_NAME,
|
||||
OAuth2ParameterNames.TOKEN_TYPE_HINT,
|
||||
OAuth2ErrorCodes.INVALID_REQUEST,
|
||||
request -> request.addParameter(TOKEN_TYPE_HINT_PARAM_NAME, TokenType.ACCESS_TOKEN.getValue()));
|
||||
request -> request.addParameter(OAuth2ParameterNames.TOKEN_TYPE_HINT, TokenType.ACCESS_TOKEN.getValue()));
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -202,8 +201,8 @@ public class OAuth2TokenRevocationEndpointFilterTests {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("POST", requestUri);
|
||||
request.setServletPath(requestUri);
|
||||
|
||||
request.addParameter(TOKEN_PARAM_NAME, "token");
|
||||
request.addParameter(TOKEN_TYPE_HINT_PARAM_NAME, TokenType.ACCESS_TOKEN.getValue());
|
||||
request.addParameter(OAuth2ParameterNames.TOKEN, "token");
|
||||
request.addParameter(OAuth2ParameterNames.TOKEN_TYPE_HINT, TokenType.ACCESS_TOKEN.getValue());
|
||||
|
||||
return request;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user