Skip to content

accessTokenHttpResponseConverter and errorHttpResponseConverter allow custom #1061

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
+67 −2
Closed

accessTokenHttpResponseConverter and errorHttpResponseConverter allow custom #1061

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions ...server/authorization/config/annotation/web/configurers/OAuth2TokenEndpointConfigurer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import jakarta.servlet.http.HttpServletRequest;

import org.springframework.http.HttpMethod;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.ObjectPostProcessor;
Expand Down Expand Up @@ -65,6 +66,8 @@ public final class OAuth2TokenEndpointConfigurer extends AbstractOAuth2Configure
private Consumer<List<AuthenticationConverter>> accessTokenRequestConvertersConsumer = (accessTokenRequestConverters) -> {};
private final List<AuthenticationProvider> authenticationProviders = new ArrayList<>();
private Consumer<List<AuthenticationProvider>> authenticationProvidersConsumer = (authenticationProviders) -> {};
private HttpMessageConverter<OAuth2AccessTokenResponse> accessTokenHttpResponseConverter;
private HttpMessageConverter<OAuth2Error> errorHttpResponseConverter;
private AuthenticationSuccessHandler accessTokenResponseHandler;
private AuthenticationFailureHandler errorResponseHandler;

Expand Down Expand Up @@ -132,6 +135,26 @@ public OAuth2TokenEndpointConfigurer authenticationProviders(
return this;
}

/**
* Sets the {@link HttpMessageConverter} used for building a custom the response body from {@link OAuth2AccessTokenResponse}.
*
* @param accessTokenHttpResponseConverter the {@link HttpMessageConverter} used for building a custom the response body from {@link OAuth2AccessTokenResponse}
*/
public OAuth2TokenEndpointConfigurer accessTokenHttpResponseConverter(HttpMessageConverter<OAuth2AccessTokenResponse> accessTokenHttpResponseConverter) {
this.accessTokenHttpResponseConverter = accessTokenHttpResponseConverter;
return this;
}

/**
* Sets the {@link HttpMessageConverter} used for building a custom the response body from {@link OAuth2Error}.
*
* @param errorHttpResponseConverter the {@link HttpMessageConverter} used for building a custom the response body from {@link OAuth2Error}
*/
public OAuth2TokenEndpointConfigurer errorHttpResponseConverter(HttpMessageConverter<OAuth2Error> errorHttpResponseConverter) {
this.errorHttpResponseConverter = errorHttpResponseConverter;
return this;
}

/**
* Sets the {@link AuthenticationSuccessHandler} used for handling an {@link OAuth2AccessTokenAuthenticationToken}
* and returning the {@link OAuth2AccessTokenResponse Access Token Response}.
Expand Down Expand Up @@ -187,6 +210,12 @@ void configure(HttpSecurity httpSecurity) {
this.accessTokenRequestConvertersConsumer.accept(authenticationConverters);
tokenEndpointFilter.setAuthenticationConverter(
new DelegatingAuthenticationConverter(authenticationConverters));
if (this.accessTokenHttpResponseConverter != null) {
tokenEndpointFilter.setAccessTokenHttpResponseConverter(this.accessTokenHttpResponseConverter);
}
if (this.errorHttpResponseConverter != null) {
tokenEndpointFilter.setErrorHttpResponseConverter(this.errorHttpResponseConverter);
}
if (this.accessTokenResponseHandler != null) {
tokenEndpointFilter.setAuthenticationSuccessHandler(this.accessTokenResponseHandler);
}
Expand Down
25 changes: 23 additions & 2 deletions ...g/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@
* @author Joe Grandja
* @author Madhu Bhat
* @author Daniel Garnier-Moiroux
* @author luamas
* @since 0.0.1
* @see AuthenticationManager
* @see OAuth2AuthorizationCodeAuthenticationProvider
Expand All @@ -102,9 +103,9 @@ public final class OAuth2TokenEndpointFilter extends OncePerRequestFilter {
private static final String DEFAULT_ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
private final AuthenticationManager authenticationManager;
private final RequestMatcher tokenEndpointMatcher;
private final HttpMessageConverter<OAuth2AccessTokenResponse> accessTokenHttpResponseConverter =
private HttpMessageConverter<OAuth2AccessTokenResponse> accessTokenHttpResponseConverter =
new OAuth2AccessTokenResponseHttpMessageConverter();
private final HttpMessageConverter<OAuth2Error> errorHttpResponseConverter =
private HttpMessageConverter<OAuth2Error> errorHttpResponseConverter =
new OAuth2ErrorHttpMessageConverter();
private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource =
new WebAuthenticationDetailsSource();
Expand Down Expand Up @@ -175,6 +176,26 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
}
}

/**
* Sets the {@link HttpMessageConverter} used for building a custom the response body from {@link OAuth2AccessTokenResponse}.
*
* @param accessTokenHttpResponseConverter the {@link HttpMessageConverter} used for building a custom the response body from {@link OAuth2AccessTokenResponse}
*/
public void setAccessTokenHttpResponseConverter(HttpMessageConverter<OAuth2AccessTokenResponse> accessTokenHttpResponseConverter) {
Assert.notNull(accessTokenHttpResponseConverter, "accessTokenHttpResponseConverter cannot be null");
this.accessTokenHttpResponseConverter = accessTokenHttpResponseConverter;
}

/**
* Sets the {@link HttpMessageConverter} used for building a custom the response body from {@link OAuth2Error}.
*
* @param errorHttpResponseConverter the {@link HttpMessageConverter} used for building a custom the response body from {@link OAuth2Error}
*/
public void setErrorHttpResponseConverter(HttpMessageConverter<OAuth2Error> errorHttpResponseConverter) {
Assert.notNull(errorHttpResponseConverter, "errorHttpResponseConverter cannot be null");
this.errorHttpResponseConverter = errorHttpResponseConverter;
}

/**
* Sets the {@link AuthenticationDetailsSource} used for building an authentication details instance from {@link HttpServletRequest}.
*
Expand Down
15 changes: 15 additions & 0 deletions ...ingframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilterTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,21 @@ public void constructorWhenTokenEndpointUriNullThenThrowIllegalArgumentException
.hasMessage("tokenEndpointUri cannot be empty");
}

@Test
public void setAccessTokenHttpResponseConverterWhenNullThenThrowIllegalArgumentException() {
assertThatThrownBy(() -> this.filter.setAccessTokenHttpResponseConverter(null))
.isInstanceOf(IllegalArgumentException.class)
.hasMessage("accessTokenHttpResponseConverter cannot be null");
}

@Test
public void setErrorHttpResponseConverterWhenNullThenThrowIllegalArgumentException() {
assertThatThrownBy(() -> this.filter.setErrorHttpResponseConverter(null))
.isInstanceOf(IllegalArgumentException.class)
.hasMessage("errorHttpResponseConverter cannot be null");
}


@Test
public void setAuthenticationDetailsSourceWhenNullThenThrowIllegalArgumentException() {
assertThatThrownBy(() -> this.filter.setAuthenticationDetailsSource(null))
Expand Down