diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java index d7199be47..661dad7fb 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2024 the original author or authors. + * Copyright 2020-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -241,13 +241,9 @@ void init(HttpSecurity httpSecurity) { ? OAuth2ConfigurerUtils .withMultipleIssuersPattern(authorizationServerSettings.getAuthorizationEndpoint()) : authorizationServerSettings.getAuthorizationEndpoint(); - List requestMatchers = new ArrayList<>(); - requestMatchers.add(new AntPathRequestMatcher(authorizationEndpointUri, HttpMethod.GET.name())); - requestMatchers.add(new AntPathRequestMatcher(authorizationEndpointUri, HttpMethod.POST.name())); - if (StringUtils.hasText(this.consentPage)) { - requestMatchers.add(new AntPathRequestMatcher(this.consentPage)); - } - this.requestMatcher = new OrRequestMatcher(requestMatchers); + this.requestMatcher = new OrRequestMatcher( + new AntPathRequestMatcher(authorizationEndpointUri, HttpMethod.GET.name()), + new AntPathRequestMatcher(authorizationEndpointUri, HttpMethod.POST.name())); List authenticationProviders = createDefaultAuthenticationProviders(httpSecurity); if (!this.authenticationProviders.isEmpty()) { authenticationProviders.addAll(0, this.authenticationProviders); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java index 61d63f1bd..bf0258942 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java @@ -104,7 +104,6 @@ import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; -import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.jackson2.TestingAuthenticationTokenMixin; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; @@ -126,14 +125,11 @@ import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.security.web.context.SecurityContextRepository; import org.springframework.security.web.util.matcher.RequestMatcher; -import org.springframework.stereotype.Controller; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; import org.springframework.util.StringUtils; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.util.UriComponents; import org.springframework.web.util.UriComponentsBuilder; import org.springframework.web.util.UriUtils; @@ -750,15 +746,6 @@ public void requestWhenCustomConsentPageConfiguredThenRedirect() throws Exceptio assertThat(authorization).isNotNull(); } - // gh-1668 - @Test - public void requestWhenCustomConsentPageConfiguredThenAuthorizationServerContextIsAccessible() throws Exception { - this.spring.register(AuthorizationServerConfigurationCustomConsentPageAccessAuthorizationServerContext.class) - .autowire(); - - this.mvc.perform(get(consentPage).with(user("user"))).andExpect(status().isOk()); - } - @Test public void requestWhenCustomConsentCustomizerConfiguredThenUsed() throws Exception { this.spring.register(AuthorizationServerConfigurationCustomConsentRequest.class).autowire(); @@ -1222,26 +1209,6 @@ SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) th } - @EnableWebSecurity - @Configuration(proxyBeanMethods = false) - static class AuthorizationServerConfigurationCustomConsentPageAccessAuthorizationServerContext - extends AuthorizationServerConfigurationCustomConsentPage { - - @Controller - class ConsentController { - - @GetMapping("/oauth2/consent") - @ResponseBody - String consent() { - // Ensure the AuthorizationServerContext is accessible - AuthorizationServerContextHolder.getContext().getIssuer(); - return ""; - } - - } - - } - @EnableWebSecurity @Configuration(proxyBeanMethods = false) static class AuthorizationServerConfigurationCustomConsentRequest extends AuthorizationServerConfiguration {