diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java index e2e7332b9..d7199be47 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java @@ -241,10 +241,13 @@ void init(HttpSecurity httpSecurity) { ? OAuth2ConfigurerUtils .withMultipleIssuersPattern(authorizationServerSettings.getAuthorizationEndpoint()) : authorizationServerSettings.getAuthorizationEndpoint(); - this.requestMatcher = new OrRequestMatcher( - new AntPathRequestMatcher(authorizationEndpointUri, HttpMethod.GET.name()), - new AntPathRequestMatcher(authorizationEndpointUri, HttpMethod.POST.name())); - + List requestMatchers = new ArrayList<>(); + requestMatchers.add(new AntPathRequestMatcher(authorizationEndpointUri, HttpMethod.GET.name())); + requestMatchers.add(new AntPathRequestMatcher(authorizationEndpointUri, HttpMethod.POST.name())); + if (StringUtils.hasText(this.consentPage)) { + requestMatchers.add(new AntPathRequestMatcher(this.consentPage)); + } + this.requestMatcher = new OrRequestMatcher(requestMatchers); List authenticationProviders = createDefaultAuthenticationProviders(httpSecurity); if (!this.authenticationProviders.isEmpty()) { authenticationProviders.addAll(0, this.authenticationProviders); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java index bf0258942..61d63f1bd 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java @@ -104,6 +104,7 @@ import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; +import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.jackson2.TestingAuthenticationTokenMixin; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; @@ -125,11 +126,14 @@ import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.security.web.context.SecurityContextRepository; import org.springframework.security.web.util.matcher.RequestMatcher; +import org.springframework.stereotype.Controller; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; import org.springframework.util.StringUtils; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.util.UriComponents; import org.springframework.web.util.UriComponentsBuilder; import org.springframework.web.util.UriUtils; @@ -746,6 +750,15 @@ public void requestWhenCustomConsentPageConfiguredThenRedirect() throws Exceptio assertThat(authorization).isNotNull(); } + // gh-1668 + @Test + public void requestWhenCustomConsentPageConfiguredThenAuthorizationServerContextIsAccessible() throws Exception { + this.spring.register(AuthorizationServerConfigurationCustomConsentPageAccessAuthorizationServerContext.class) + .autowire(); + + this.mvc.perform(get(consentPage).with(user("user"))).andExpect(status().isOk()); + } + @Test public void requestWhenCustomConsentCustomizerConfiguredThenUsed() throws Exception { this.spring.register(AuthorizationServerConfigurationCustomConsentRequest.class).autowire(); @@ -1209,6 +1222,26 @@ SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) th } + @EnableWebSecurity + @Configuration(proxyBeanMethods = false) + static class AuthorizationServerConfigurationCustomConsentPageAccessAuthorizationServerContext + extends AuthorizationServerConfigurationCustomConsentPage { + + @Controller + class ConsentController { + + @GetMapping("/oauth2/consent") + @ResponseBody + String consent() { + // Ensure the AuthorizationServerContext is accessible + AuthorizationServerContextHolder.getContext().getIssuer(); + return ""; + } + + } + + } + @EnableWebSecurity @Configuration(proxyBeanMethods = false) static class AuthorizationServerConfigurationCustomConsentRequest extends AuthorizationServerConfiguration {