InMemoryOAuth2AuthorizationService uniquely identifies OAuth2Authorization

Closes gh-98
This commit is contained in:
Joe Grandja 2020-08-19 09:49:21 -04:00
parent 909aeace29
commit eeca3df66b
2 changed files with 41 additions and 31 deletions

View File

@ -16,48 +16,37 @@
package org.springframework.security.oauth2.server.authorization;
import org.springframework.lang.Nullable;
import org.springframework.security.core.SpringSecurityCoreVersion2;
import org.springframework.util.Assert;
import java.util.List;
import java.util.concurrent.CopyOnWriteArrayList;
import java.io.Serializable;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
/**
* An {@link OAuth2AuthorizationService} that stores {@link OAuth2Authorization}'s in-memory.
*
* @author Krisztian Toth
* @author Joe Grandja
* @since 0.0.1
* @see OAuth2AuthorizationService
*/
public final class InMemoryOAuth2AuthorizationService implements OAuth2AuthorizationService {
private final List<OAuth2Authorization> authorizations;
/**
* Constructs an {@code InMemoryOAuth2AuthorizationService}.
*/
public InMemoryOAuth2AuthorizationService() {
this.authorizations = new CopyOnWriteArrayList<>();
}
/**
* Constructs an {@code InMemoryOAuth2AuthorizationService} using the provided parameters.
*
* @param authorizations the initial {@code List} of {@link OAuth2Authorization}(s)
*/
public InMemoryOAuth2AuthorizationService(List<OAuth2Authorization> authorizations) {
Assert.notEmpty(authorizations, "authorizations cannot be empty");
this.authorizations = new CopyOnWriteArrayList<>(authorizations);
}
private final Map<OAuth2AuthorizationId, OAuth2Authorization> authorizations = new ConcurrentHashMap<>();
@Override
public void save(OAuth2Authorization authorization) {
Assert.notNull(authorization, "authorization cannot be null");
this.authorizations.add(authorization);
OAuth2AuthorizationId authorizationId = new OAuth2AuthorizationId(
authorization.getRegisteredClientId(), authorization.getPrincipalName());
this.authorizations.put(authorizationId, authorization);
}
@Override
public OAuth2Authorization findByToken(String token, @Nullable TokenType tokenType) {
Assert.hasText(token, "token cannot be empty");
return this.authorizations.stream()
return this.authorizations.values().stream()
.filter(authorization -> hasToken(authorization, token, tokenType))
.findFirst()
.orElse(null);
@ -72,4 +61,33 @@ public final class InMemoryOAuth2AuthorizationService implements OAuth2Authoriza
}
return false;
}
private static class OAuth2AuthorizationId implements Serializable {
private static final long serialVersionUID = SpringSecurityCoreVersion2.SERIAL_VERSION_UID;
private final String registeredClientId;
private final String principalName;
private OAuth2AuthorizationId(String registeredClientId, String principalName) {
this.registeredClientId = registeredClientId;
this.principalName = principalName;
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null || getClass() != obj.getClass()) {
return false;
}
OAuth2AuthorizationId that = (OAuth2AuthorizationId) obj;
return Objects.equals(this.registeredClientId, that.registeredClientId) &&
Objects.equals(this.principalName, that.principalName);
}
@Override
public int hashCode() {
return Objects.hash(this.registeredClientId, this.principalName);
}
}
}

View File

@ -22,7 +22,6 @@ import org.springframework.security.oauth2.server.authorization.client.Registere
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
import java.time.Instant;
import java.util.Collections;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
@ -43,13 +42,6 @@ public class InMemoryOAuth2AuthorizationServiceTests {
this.authorizationService = new InMemoryOAuth2AuthorizationService();
}
@Test
public void constructorWhenAuthorizationListNullThenThrowIllegalArgumentException() {
assertThatThrownBy(() -> new InMemoryOAuth2AuthorizationService(null))
.isInstanceOf(IllegalArgumentException.class)
.hasMessage("authorizations cannot be empty");
}
@Test
public void saveWhenAuthorizationNullThenThrowIllegalArgumentException() {
assertThatThrownBy(() -> this.authorizationService.save(null))
@ -83,7 +75,7 @@ public class InMemoryOAuth2AuthorizationServiceTests {
.principalName(PRINCIPAL_NAME)
.attribute(OAuth2AuthorizationAttributeNames.CODE, AUTHORIZATION_CODE)
.build();
this.authorizationService = new InMemoryOAuth2AuthorizationService(Collections.singletonList(authorization));
this.authorizationService.save(authorization);
OAuth2Authorization result = this.authorizationService.findByToken(
AUTHORIZATION_CODE, TokenType.AUTHORIZATION_CODE);