Add JwtEncodingContext.getAuthorizedScopes()
Issue gh-199
This commit is contained in:
Joe Grandja
parent
c00226d0c6
commit
ece5f2b3b1
@ -152,6 +152,7 @@ public class OAuth2AuthorizationCodeAuthenticationProvider implements Authentica
|
|||||||
.registeredClient(registeredClient)
|
.registeredClient(registeredClient)
|
||||||
.principal(authorization.getAttribute(Principal.class.getName()))
|
.principal(authorization.getAttribute(Principal.class.getName()))
|
||||||
.authorization(authorization)
|
.authorization(authorization)
|
||||||
|
.authorizedScopes(authorizedScopes)
|
||||||
.tokenType(OAuth2TokenType.ACCESS_TOKEN)
|
.tokenType(OAuth2TokenType.ACCESS_TOKEN)
|
||||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||||
.authorizationGrant(authorizationCodeAuthentication)
|
.authorizationGrant(authorizationCodeAuthentication)
|
||||||
@ -187,6 +188,7 @@ public class OAuth2AuthorizationCodeAuthenticationProvider implements Authentica
|
|||||||
.registeredClient(registeredClient)
|
.registeredClient(registeredClient)
|
||||||
.principal(authorization.getAttribute(Principal.class.getName()))
|
.principal(authorization.getAttribute(Principal.class.getName()))
|
||||||
.authorization(authorization)
|
.authorization(authorization)
|
||||||
|
.authorizedScopes(authorizedScopes)
|
||||||
.tokenType(ID_TOKEN_TOKEN_TYPE)
|
.tokenType(ID_TOKEN_TOKEN_TYPE)
|
||||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||||
.authorizationGrant(authorizationCodeAuthentication)
|
.authorizationGrant(authorizationCodeAuthentication)
|
||||||
|
|||||||
@ -123,6 +123,7 @@ public class OAuth2ClientCredentialsAuthenticationProvider implements Authentica
|
|||||||
JwtEncodingContext context = JwtEncodingContext.with(headersBuilder, claimsBuilder)
|
JwtEncodingContext context = JwtEncodingContext.with(headersBuilder, claimsBuilder)
|
||||||
.registeredClient(registeredClient)
|
.registeredClient(registeredClient)
|
||||||
.principal(clientPrincipal)
|
.principal(clientPrincipal)
|
||||||
|
.authorizedScopes(authorizedScopes)
|
||||||
.tokenType(OAuth2TokenType.ACCESS_TOKEN)
|
.tokenType(OAuth2TokenType.ACCESS_TOKEN)
|
||||||
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
|
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
|
||||||
.authorizationGrant(clientCredentialsAuthentication)
|
.authorizationGrant(clientCredentialsAuthentication)
|
||||||
|
|||||||
@ -155,6 +155,7 @@ public class OAuth2RefreshTokenAuthenticationProvider implements AuthenticationP
|
|||||||
.registeredClient(registeredClient)
|
.registeredClient(registeredClient)
|
||||||
.principal(authorization.getAttribute(Principal.class.getName()))
|
.principal(authorization.getAttribute(Principal.class.getName()))
|
||||||
.authorization(authorization)
|
.authorization(authorization)
|
||||||
|
.authorizedScopes(authorizedScopes)
|
||||||
.tokenType(OAuth2TokenType.ACCESS_TOKEN)
|
.tokenType(OAuth2TokenType.ACCESS_TOKEN)
|
||||||
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
|
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
|
||||||
.authorizationGrant(refreshTokenAuthentication)
|
.authorizationGrant(refreshTokenAuthentication)
|
||||||
|
|||||||
@ -15,16 +15,18 @@
|
|||||||
*/
|
*/
|
||||||
package org.springframework.security.oauth2.server.authorization.token;
|
package org.springframework.security.oauth2.server.authorization.token;
|
||||||
|
|
||||||
|
import java.util.Collections;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
import java.util.Set;
|
||||||
import java.util.function.Consumer;
|
import java.util.function.Consumer;
|
||||||
|
|
||||||
import org.springframework.lang.Nullable;
|
import org.springframework.lang.Nullable;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||||
|
import org.springframework.security.oauth2.core.OAuth2TokenType;
|
||||||
import org.springframework.security.oauth2.core.context.Context;
|
import org.springframework.security.oauth2.core.context.Context;
|
||||||
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
|
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
|
||||||
import org.springframework.security.oauth2.core.OAuth2TokenType;
|
|
||||||
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
|
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
|
||||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
@ -49,6 +51,12 @@ public interface OAuth2TokenContext extends Context {
|
|||||||
return get(OAuth2Authorization.class);
|
return get(OAuth2Authorization.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
default Set<String> getAuthorizedScopes() {
|
||||||
|
return hasKey(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME) ?
|
||||||
|
get(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME) :
|
||||||
|
Collections.emptySet();
|
||||||
|
}
|
||||||
|
|
||||||
default OAuth2TokenType getTokenType() {
|
default OAuth2TokenType getTokenType() {
|
||||||
return get(OAuth2TokenType.class);
|
return get(OAuth2TokenType.class);
|
||||||
}
|
}
|
||||||
@ -80,6 +88,10 @@ public interface OAuth2TokenContext extends Context {
|
|||||||
return put(OAuth2Authorization.class, authorization);
|
return put(OAuth2Authorization.class, authorization);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public B authorizedScopes(Set<String> authorizedScopes) {
|
||||||
|
return put(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME, authorizedScopes);
|
||||||
|
}
|
||||||
|
|
||||||
public B tokenType(OAuth2TokenType tokenType) {
|
public B tokenType(OAuth2TokenType tokenType) {
|
||||||
return put(OAuth2TokenType.class, tokenType);
|
return put(OAuth2TokenType.class, tokenType);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -243,6 +243,8 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
|
|||||||
assertThat(jwtEncodingContext.getRegisteredClient()).isEqualTo(registeredClient);
|
assertThat(jwtEncodingContext.getRegisteredClient()).isEqualTo(registeredClient);
|
||||||
assertThat(jwtEncodingContext.<Authentication>getPrincipal()).isEqualTo(authorization.getAttribute(Principal.class.getName()));
|
assertThat(jwtEncodingContext.<Authentication>getPrincipal()).isEqualTo(authorization.getAttribute(Principal.class.getName()));
|
||||||
assertThat(jwtEncodingContext.getAuthorization()).isEqualTo(authorization);
|
assertThat(jwtEncodingContext.getAuthorization()).isEqualTo(authorization);
|
||||||
|
assertThat(jwtEncodingContext.getAuthorizedScopes())
|
||||||
|
.isEqualTo(authorization.getAttribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME));
|
||||||
assertThat(jwtEncodingContext.getTokenType()).isEqualTo(OAuth2TokenType.ACCESS_TOKEN);
|
assertThat(jwtEncodingContext.getTokenType()).isEqualTo(OAuth2TokenType.ACCESS_TOKEN);
|
||||||
assertThat(jwtEncodingContext.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
assertThat(jwtEncodingContext.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||||
assertThat(jwtEncodingContext.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authentication);
|
assertThat(jwtEncodingContext.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authentication);
|
||||||
@ -297,6 +299,8 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
|
|||||||
assertThat(accessTokenContext.getRegisteredClient()).isEqualTo(registeredClient);
|
assertThat(accessTokenContext.getRegisteredClient()).isEqualTo(registeredClient);
|
||||||
assertThat(accessTokenContext.<Authentication>getPrincipal()).isEqualTo(authorization.getAttribute(Principal.class.getName()));
|
assertThat(accessTokenContext.<Authentication>getPrincipal()).isEqualTo(authorization.getAttribute(Principal.class.getName()));
|
||||||
assertThat(accessTokenContext.getAuthorization()).isEqualTo(authorization);
|
assertThat(accessTokenContext.getAuthorization()).isEqualTo(authorization);
|
||||||
|
assertThat(accessTokenContext.getAuthorizedScopes())
|
||||||
|
.isEqualTo(authorization.getAttribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME));
|
||||||
assertThat(accessTokenContext.getTokenType()).isEqualTo(OAuth2TokenType.ACCESS_TOKEN);
|
assertThat(accessTokenContext.getTokenType()).isEqualTo(OAuth2TokenType.ACCESS_TOKEN);
|
||||||
assertThat(accessTokenContext.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
assertThat(accessTokenContext.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||||
assertThat(accessTokenContext.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authentication);
|
assertThat(accessTokenContext.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authentication);
|
||||||
@ -307,6 +311,8 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
|
|||||||
assertThat(idTokenContext.getRegisteredClient()).isEqualTo(registeredClient);
|
assertThat(idTokenContext.getRegisteredClient()).isEqualTo(registeredClient);
|
||||||
assertThat(idTokenContext.<Authentication>getPrincipal()).isEqualTo(authorization.getAttribute(Principal.class.getName()));
|
assertThat(idTokenContext.<Authentication>getPrincipal()).isEqualTo(authorization.getAttribute(Principal.class.getName()));
|
||||||
assertThat(idTokenContext.getAuthorization()).isEqualTo(authorization);
|
assertThat(idTokenContext.getAuthorization()).isEqualTo(authorization);
|
||||||
|
assertThat(idTokenContext.getAuthorizedScopes())
|
||||||
|
.isEqualTo(authorization.getAttribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME));
|
||||||
assertThat(idTokenContext.getTokenType().getValue()).isEqualTo(OidcParameterNames.ID_TOKEN);
|
assertThat(idTokenContext.getTokenType().getValue()).isEqualTo(OidcParameterNames.ID_TOKEN);
|
||||||
assertThat(idTokenContext.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
assertThat(idTokenContext.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||||
assertThat(idTokenContext.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authentication);
|
assertThat(idTokenContext.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authentication);
|
||||||
|
|||||||
@ -203,6 +203,9 @@ public class OAuth2ClientCredentialsAuthenticationProviderTests {
|
|||||||
verify(this.authorizationService).save(authorizationCaptor.capture());
|
verify(this.authorizationService).save(authorizationCaptor.capture());
|
||||||
OAuth2Authorization authorization = authorizationCaptor.getValue();
|
OAuth2Authorization authorization = authorizationCaptor.getValue();
|
||||||
|
|
||||||
|
assertThat(jwtEncodingContext.getAuthorizedScopes())
|
||||||
|
.isEqualTo(authorization.getAttribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME));
|
||||||
|
|
||||||
assertThat(authorization.getRegisteredClientId()).isEqualTo(clientPrincipal.getRegisteredClient().getId());
|
assertThat(authorization.getRegisteredClientId()).isEqualTo(clientPrincipal.getRegisteredClient().getId());
|
||||||
assertThat(authorization.getPrincipalName()).isEqualTo(clientPrincipal.getName());
|
assertThat(authorization.getPrincipalName()).isEqualTo(clientPrincipal.getName());
|
||||||
assertThat(authorization.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS);
|
assertThat(authorization.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS);
|
||||||
|
|||||||
@ -135,6 +135,8 @@ public class OAuth2RefreshTokenAuthenticationProviderTests {
|
|||||||
assertThat(jwtEncodingContext.getRegisteredClient()).isEqualTo(registeredClient);
|
assertThat(jwtEncodingContext.getRegisteredClient()).isEqualTo(registeredClient);
|
||||||
assertThat(jwtEncodingContext.<Authentication>getPrincipal()).isEqualTo(authorization.getAttribute(Principal.class.getName()));
|
assertThat(jwtEncodingContext.<Authentication>getPrincipal()).isEqualTo(authorization.getAttribute(Principal.class.getName()));
|
||||||
assertThat(jwtEncodingContext.getAuthorization()).isEqualTo(authorization);
|
assertThat(jwtEncodingContext.getAuthorization()).isEqualTo(authorization);
|
||||||
|
assertThat(jwtEncodingContext.getAuthorizedScopes())
|
||||||
|
.isEqualTo(authorization.getAttribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME));
|
||||||
assertThat(jwtEncodingContext.getTokenType()).isEqualTo(OAuth2TokenType.ACCESS_TOKEN);
|
assertThat(jwtEncodingContext.getTokenType()).isEqualTo(OAuth2TokenType.ACCESS_TOKEN);
|
||||||
assertThat(jwtEncodingContext.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.REFRESH_TOKEN);
|
assertThat(jwtEncodingContext.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.REFRESH_TOKEN);
|
||||||
assertThat(jwtEncodingContext.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authentication);
|
assertThat(jwtEncodingContext.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authentication);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user