Skip to content

Commit 3d529f9

Browse files
fkowalfkowal
committed
add regression showcase ObjectProcessor returning a custom AuthenticationProvider
1 parent d1d0e67 commit 3d529f9

File tree

2 files changed

+77
-1
lines changed

2 files changed

+77
-1
lines changed

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -404,9 +404,10 @@ public void init(B http) throws Exception {
404404
oidcAuthorizationCodeAuthenticationProvider.setAuthoritiesMapper(userAuthoritiesMapper);
405405
oidcAuthorizedClientRefreshedEventListener.setAuthoritiesMapper(userAuthoritiesMapper);
406406
}
407+
407408
http.authenticationProvider(this.postProcess(oidcAuthorizationCodeAuthenticationProvider));
408409

409-
registerDelegateApplicationListener(this.postProcess(oidcAuthorizationCodeAuthenticationProvider));
410+
registerDelegateApplicationListener(this.postProcess(oidcAuthorizedClientRefreshedEventListener));
410411
configureOidcUserRefreshedEventListener(http);
411412
}
412413
else {

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java

Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,9 @@
4343
import org.springframework.mock.web.MockFilterChain;
4444
import org.springframework.mock.web.MockHttpServletRequest;
4545
import org.springframework.mock.web.MockHttpServletResponse;
46+
import org.springframework.security.authentication.AuthenticationProvider;
4647
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
48+
import org.springframework.security.config.ObjectPostProcessor;
4749
import org.springframework.security.config.annotation.SecurityContextChangedListenerConfig;
4850
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
4951
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -52,6 +54,7 @@
5254
import org.springframework.security.config.test.SpringTestContextExtension;
5355
import org.springframework.security.context.DelegatingApplicationListener;
5456
import org.springframework.security.core.Authentication;
57+
import org.springframework.security.core.AuthenticationException;
5558
import org.springframework.security.core.GrantedAuthority;
5659
import org.springframework.security.core.authority.AuthorityUtils;
5760
import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -214,6 +217,28 @@ public void oauth2Login() throws Exception {
214217
.hasToString("OAUTH2_USER");
215218
}
216219

220+
// gh-17175
221+
@Test
222+
public void postProcessorSucceedsWhenProcessorReturnsAuthenticationProvider() throws Exception {
223+
loadConfig(OAuth2LoginConfigCustomWithPostProcessor.class);
224+
// setup authorization request
225+
OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest();
226+
this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
227+
// setup authentication parameters
228+
this.request.setParameter("code", "code123");
229+
this.request.setParameter("state", authorizationRequest.getState());
230+
// perform test
231+
this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
232+
// assertions
233+
Authentication authentication = this.securityContextRepository
234+
.loadContext(new HttpRequestResponseHolder(this.request, this.response))
235+
.getAuthentication();
236+
assertThat(authentication.getAuthorities()).hasSize(1);
237+
assertThat(authentication.getAuthorities()).first()
238+
.isInstanceOf(OAuth2UserAuthority.class)
239+
.hasToString("OAUTH2_USER");
240+
}
241+
217242
@Test
218243
public void requestWhenCustomSecurityContextHolderStrategyThenUses() throws Exception {
219244
loadConfig(OAuth2LoginConfig.class, SecurityContextChangedListenerConfig.class);
@@ -1307,6 +1332,56 @@ OAuth2AuthorizedClientRepository authorizedClientRepository() {
13071332

13081333
}
13091334

1335+
@Configuration
1336+
@EnableWebSecurity
1337+
static class OAuth2LoginConfigCustomWithPostProcessor
1338+
extends CommonLambdaSecurityFilterChainConfig {
1339+
1340+
private ClientRegistrationRepository clientRegistrationRepository = new InMemoryClientRegistrationRepository(
1341+
GOOGLE_CLIENT_REGISTRATION);
1342+
1343+
OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class);
1344+
1345+
@Bean
1346+
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
1347+
// @formatter:off
1348+
http
1349+
.oauth2Login((oauth2Login) ->
1350+
oauth2Login
1351+
.clientRegistrationRepository(this.clientRegistrationRepository)
1352+
// .authorizedClientRepository(this.authorizedClientRepository)
1353+
.withObjectPostProcessor(new CustomProcessor())
1354+
);
1355+
// @formatter:on
1356+
return super.configureFilterChain(http);
1357+
}
1358+
1359+
class CustomProcessor implements ObjectPostProcessor<AuthenticationProvider> {
1360+
@Override
1361+
public <O extends AuthenticationProvider> O postProcess(O object) {
1362+
AuthenticationProvider p = new NoopWrapperProvider(object);
1363+
1364+
return (O) p;
1365+
}
1366+
}
1367+
1368+
record NoopWrapperProvider(
1369+
AuthenticationProvider delegate
1370+
) implements AuthenticationProvider {
1371+
1372+
@Override
1373+
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
1374+
return delegate.authenticate(authentication);
1375+
}
1376+
1377+
@Override
1378+
public boolean supports(Class<?> authentication) {
1379+
return delegate.supports(authentication);
1380+
}
1381+
}
1382+
1383+
}
1384+
13101385
private abstract static class CommonSecurityFilterChainConfig {
13111386

13121387
SecurityFilterChain configureFilterChain(HttpSecurity http) throws Exception {

0 commit comments

Comments
 (0)