Revert OAuth2AuthorizationCodeGrantWebFilter works with /{action}/

jgrandja · jgrandja · commit 6e76df8f1df8 · 2019-06-19T16:06:38.000-04:00
Issue #5856 Commit 385bdfc NOTE: This commit 'partially' reverts #5856. Only the ServerWebExchangeMatcher for OAuth2LoginSpec is reverted. Fixes gh-6890
diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -56,7 +56,6 @@
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
-import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
 import org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService;
 import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
@@ -866,11 +865,7 @@ public Mono<Void> onAuthenticationFailure(WebFilterExchange webFilterExchange,
 		}
 
 		private ServerWebExchangeMatcher createAttemptAuthenticationRequestMatcher() {
-			PathPatternParserServerWebExchangeMatcher loginPathMatcher = new PathPatternParserServerWebExchangeMatcher("/login/oauth2/code/{registrationId}");
-			ServerWebExchangeMatcher notAuthenticatedMatcher = e  -> ReactiveSecurityContextHolder.getContext()
-					.flatMap(p -> ServerWebExchangeMatcher.MatchResult.notMatch())
-					.switchIfEmpty(ServerWebExchangeMatcher.MatchResult.match());
-			return new AndServerWebExchangeMatcher(loginPathMatcher, notAuthenticatedMatcher);
+			return new PathPatternParserServerWebExchangeMatcher("/login/oauth2/code/{registrationId}");
 		}
 
 		private ReactiveOAuth2UserService<OidcUserRequest, OidcUser> getOidcUserService() {
