introduced AuthorizationServerContextResolver to resolve AuthorizationServerContext

Author: frederikz

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/AuthorizationServerContextFilter.java

@@ -16,20 +16,18 @@
 package org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers;
 
 import java.io.IOException;
-import java.util.function.Supplier;
-
-import jakarta.servlet.FilterChain;
-import jakarta.servlet.ServletException;
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
 import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
+import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextResolver;
 import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
-import org.springframework.security.web.util.UrlUtils;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.OncePerRequestFilter;
-import org.springframework.web.util.UriComponentsBuilder;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * A {@code Filter} that associates the {@link AuthorizationServerContext} to the {@link AuthorizationServerContextHolder}.
@@ -41,65 +39,24 @@
  * @see AuthorizationServerSettings
  */
 final class AuthorizationServerContextFilter extends OncePerRequestFilter {
-	private final AuthorizationServerSettings authorizationServerSettings;
+	private final AuthorizationServerContextResolver authorizationServerContextResolver;
 
-	AuthorizationServerContextFilter(AuthorizationServerSettings authorizationServerSettings) {
-		Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null");
-		this.authorizationServerSettings = authorizationServerSettings;
+	AuthorizationServerContextFilter(AuthorizationServerContextResolver authorizationServerContextResolver) {
+		Assert.notNull(authorizationServerContextResolver, "authorizationServerContextResolver cannot be null");
+		this.authorizationServerContextResolver = authorizationServerContextResolver;
 	}
 
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {
 
 		try {
-			AuthorizationServerContext authorizationServerContext =
-					new DefaultAuthorizationServerContext(
-							() -> resolveIssuer(this.authorizationServerSettings, request),
-							this.authorizationServerSettings);
+			AuthorizationServerContext authorizationServerContext = authorizationServerContextResolver.resolve(request);
 			AuthorizationServerContextHolder.setContext(authorizationServerContext);
 			filterChain.doFilter(request, response);
 		} finally {
 			AuthorizationServerContextHolder.resetContext();
 		}
 	}
 
-	private static String resolveIssuer(AuthorizationServerSettings authorizationServerSettings, HttpServletRequest request) {
-		return authorizationServerSettings.getIssuer() != null ?
-				authorizationServerSettings.getIssuer() :
-				getContextPath(request);
-	}
-
-	private static String getContextPath(HttpServletRequest request) {
-		// @formatter:off
-		return UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request))
-				.replacePath(request.getContextPath())
-				.replaceQuery(null)
-				.fragment(null)
-				.build()
-				.toUriString();
-		// @formatter:on
-	}
-
-	private static final class DefaultAuthorizationServerContext implements AuthorizationServerContext {
-		private final Supplier<String> issuerSupplier;
-		private final AuthorizationServerSettings authorizationServerSettings;
-
-		private DefaultAuthorizationServerContext(Supplier<String> issuerSupplier, AuthorizationServerSettings authorizationServerSettings) {
-			this.issuerSupplier = issuerSupplier;
-			this.authorizationServerSettings = authorizationServerSettings;
-		}
-
-		@Override
-		public String getIssuer() {
-			return this.issuerSupplier.get();
-		}
-
-		@Override
-		public AuthorizationServerSettings getAuthorizationServerSettings() {
-			return this.authorizationServerSettings;
-		}
-
-	}
-
 }

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java

@@ -45,6 +45,8 @@
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationException;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
+import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextResolver;
+import org.springframework.security.oauth2.server.authorization.context.DefaultAuthorizationServerContextResolver;
 import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
 import org.springframework.security.oauth2.server.authorization.web.NimbusJwkSetEndpointFilter;
@@ -85,6 +87,7 @@ public final class OAuth2AuthorizationServerConfigurer
 
 	private final Map<Class<? extends AbstractOAuth2Configurer>, AbstractOAuth2Configurer> configurers = createConfigurers();
 	private RequestMatcher endpointsMatcher;
+	private AuthorizationServerContextResolver authorizationServerContextResolver;
 
 
 	/**
@@ -148,6 +151,18 @@ public OAuth2AuthorizationServerConfigurer tokenGenerator(OAuth2TokenGenerator<?
 		return this;
 	}
 
+	/**
+	 * Sets the authorization server context resolver
+	 *
+	 * @param authorizationServerContextResolver the authorization server context resolver
+	 * @return the {@link OAuth2AuthorizationServerConfigurer} for further configuration
+	 */
+	public OAuth2AuthorizationServerConfigurer authorizationServerContextResolver(AuthorizationServerContextResolver authorizationServerContextResolver) {
+		Assert.notNull(authorizationServerContextResolver, "authorizationServerContextResolver cannot be null");
+		this.authorizationServerContextResolver = authorizationServerContextResolver;
+		return this;
+	}
+
 	/**
 	 * Configures OAuth 2.0 Client Authentication.
 	 *
@@ -336,7 +351,11 @@ public void configure(HttpSecurity httpSecurity) {
 
 		AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils.getAuthorizationServerSettings(httpSecurity);
 
-		AuthorizationServerContextFilter authorizationServerContextFilter = new AuthorizationServerContextFilter(authorizationServerSettings);
+		AuthorizationServerContextResolver authServerContextResolver = this.authorizationServerContextResolver == null
+				? new DefaultAuthorizationServerContextResolver(authorizationServerSettings)
+				: this.authorizationServerContextResolver;
+
+		AuthorizationServerContextFilter authorizationServerContextFilter = new AuthorizationServerContextFilter(authServerContextResolver);
 		httpSecurity.addFilterAfter(postProcess(authorizationServerContextFilter), SecurityContextHolderFilter.class);
 
 		JWKSource<com.nimbusds.jose.proc.SecurityContext> jwkSource = OAuth2ConfigurerUtils.getJwkSource(httpSecurity);

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContextResolver.java

@@ -0,0 +1,23 @@
+/*
+ * Copyright 2020-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.server.authorization.context;
+
+import jakarta.servlet.http.HttpServletRequest;
+
+public interface AuthorizationServerContextResolver {
+
+	AuthorizationServerContext resolve(HttpServletRequest request);
+}

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/DefaultAuthorizationServerContextResolver.java

@@ -0,0 +1,80 @@
+/*
+ * Copyright 2020-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.server.authorization.context;
+
+import java.util.function.Supplier;
+
+import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
+import org.springframework.security.web.util.UrlUtils;
+import org.springframework.web.util.UriComponentsBuilder;
+
+import jakarta.servlet.http.HttpServletRequest;
+
+public class DefaultAuthorizationServerContextResolver implements AuthorizationServerContextResolver {
+	private final AuthorizationServerSettings authorizationServerSettings;
+
+	public DefaultAuthorizationServerContextResolver(AuthorizationServerSettings authorizationServerSettings) {
+		this.authorizationServerSettings = authorizationServerSettings;
+	}
+
+	@Override
+	public AuthorizationServerContext resolve(HttpServletRequest request) {
+		AuthorizationServerContext authorizationServerContext =
+				new DefaultAuthorizationServerContext(
+						() -> resolveIssuer(this.authorizationServerSettings, request),
+						this.authorizationServerSettings);
+		return authorizationServerContext;
+	}
+
+	private static String resolveIssuer(AuthorizationServerSettings authorizationServerSettings, HttpServletRequest request) {
+		return authorizationServerSettings.getIssuer() != null ?
+				authorizationServerSettings.getIssuer() :
+				getContextPath(request);
+	}
+
+	private static String getContextPath(HttpServletRequest request) {
+		// @formatter:off
+		return UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request))
+				.replacePath(request.getContextPath())
+				.replaceQuery(null)
+				.fragment(null)
+				.build()
+				.toUriString();
+		// @formatter:on
+	}
+
+	private static final class DefaultAuthorizationServerContext implements AuthorizationServerContext {
+		private final Supplier<String> issuerSupplier;
+		private final AuthorizationServerSettings authorizationServerSettings;
+
+		private DefaultAuthorizationServerContext(Supplier<String> issuerSupplier, AuthorizationServerSettings authorizationServerSettings) {
+			this.issuerSupplier = issuerSupplier;
+			this.authorizationServerSettings = authorizationServerSettings;
+		}
+
+		@Override
+		public String getIssuer() {
+			return this.issuerSupplier.get();
+		}
+
+		@Override
+		public AuthorizationServerSettings getAuthorizationServerSettings() {
+			return this.authorizationServerSettings;
+		}
+
+	}
+
+}