From 2fa01a5b1120276ce4b589e0c53f7011b88bf338 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Francesco=20Chicchiricc=C3=B2?= Date: Fri, 9 Aug 2019 10:18:37 +0200 Subject: [PATCH] Add support for oauth2Login().securityContextRepository(...) Fixes gh-7222 --- .../config/web/server/ServerHttpSecurity.java | 17 ++++++++++++++++- .../config/web/server/OAuth2LoginTests.java | 9 ++++++++- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java index 25c3f2d5826..ea806674ee6 100644 --- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java @@ -972,6 +972,8 @@ public class OAuth2LoginSpec { private ReactiveAuthenticationManager authenticationManager; + private ServerSecurityContextRepository securityContextRepository = new WebSessionServerSecurityContextRepository(); + private ServerAuthenticationConverter authenticationConverter; private ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver; @@ -993,6 +995,19 @@ public OAuth2LoginSpec authenticationManager(ReactiveAuthenticationManager authe return this; } + /** + * The {@link ServerSecurityContextRepository} used to save the {@code Authentication}. Defaults to + * {@link WebSessionServerSecurityContextRepository}. + * + * @since 5.2 + * @param securityContextRepository the repository to use + * @return the {@link OAuth2LoginSpec} to continue configuring + */ + public OAuth2LoginSpec securityContextRepository(ServerSecurityContextRepository securityContextRepository) { + this.securityContextRepository = securityContextRepository; + return this; + } + /** * The {@link ServerAuthenticationSuccessHandler} used after authentication success. Defaults to * {@link RedirectServerAuthenticationSuccessHandler} redirecting to "/". @@ -1138,7 +1153,7 @@ protected void configure(ServerHttpSecurity http) { authenticationFilter.setAuthenticationSuccessHandler(this.authenticationSuccessHandler); authenticationFilter.setAuthenticationFailureHandler(this.authenticationFailureHandler); - authenticationFilter.setSecurityContextRepository(new WebSessionServerSecurityContextRepository()); + authenticationFilter.setSecurityContextRepository(this.securityContextRepository); MediaTypeServerWebExchangeMatcher htmlMatcher = new MediaTypeServerWebExchangeMatcher( MediaType.TEXT_HTML); diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java index 147a1ea1e25..667d79c0103 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java @@ -426,6 +426,9 @@ public void oauth2LoginWhenCustomBeansThenUsed() { ServerAuthenticationConverter converter = config.authenticationConverter; when(converter.convert(any())).thenReturn(Mono.just(token)); + ServerSecurityContextRepository securityContextRepository = config.securityContextRepository; + when(securityContextRepository.save(any(), any())).thenReturn(Mono.empty()); + Map additionalParameters = new HashMap<>(); additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token"); OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken(accessToken.getTokenValue()) @@ -447,6 +450,7 @@ public void oauth2LoginWhenCustomBeansThenUsed() { verify(config.jwtDecoderFactory).createDecoder(any()); verify(tokenResponseClient).getTokenResponse(any()); + verify(securityContextRepository).save(any(), any()); } @Configuration @@ -461,6 +465,8 @@ static class OAuth2LoginWithCustomBeansConfig { ReactiveJwtDecoderFactory jwtDecoderFactory = spy(new JwtDecoderFactory()); + ServerSecurityContextRepository securityContextRepository = mock(ServerSecurityContextRepository.class); + @Bean public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) { // @formatter:off @@ -470,7 +476,8 @@ public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) { .and() .oauth2Login() .authenticationConverter(authenticationConverter) - .authenticationManager(authenticationManager()); + .authenticationManager(authenticationManager()) + .securityContextRepository(securityContextRepository); return http.build(); // @formatter:on }