From ab6f4e4186530a95d68b688e517f3ae9296ba520 Mon Sep 17 00:00:00 2001 From: Joe Grandja <10884212+jgrandja@users.noreply.github.com> Date: Mon, 22 Jul 2024 09:04:25 -0400 Subject: [PATCH] Revert "AuthorizationServerContext is accessible in custom consent controller" This reverts commit 9addcf65b3d7dc9896745ed522c05989aacc75a9. Closes gh-1668 in 1.2.x --- ...OAuth2AuthorizationEndpointConfigurer.java | 17 ++++------ .../OAuth2AuthorizationCodeGrantTests.java | 33 ------------------- 2 files changed, 7 insertions(+), 43 deletions(-) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java index 5811dcaa7..595bc7975 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2024 the original author or authors. + * Copyright 2020-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -237,15 +237,12 @@ void setSessionAuthenticationStrategy(SessionAuthenticationStrategy sessionAuthe void init(HttpSecurity httpSecurity) { AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils .getAuthorizationServerSettings(httpSecurity); - List requestMatchers = new ArrayList<>(); - requestMatchers.add(new AntPathRequestMatcher(authorizationServerSettings.getAuthorizationEndpoint(), - HttpMethod.GET.name())); - requestMatchers.add(new AntPathRequestMatcher(authorizationServerSettings.getAuthorizationEndpoint(), - HttpMethod.POST.name())); - if (StringUtils.hasText(this.consentPage)) { - requestMatchers.add(new AntPathRequestMatcher(this.consentPage)); - } - this.requestMatcher = new OrRequestMatcher(requestMatchers); + this.requestMatcher = new OrRequestMatcher( + new AntPathRequestMatcher(authorizationServerSettings.getAuthorizationEndpoint(), + HttpMethod.GET.name()), + new AntPathRequestMatcher(authorizationServerSettings.getAuthorizationEndpoint(), + HttpMethod.POST.name())); + List authenticationProviders = createDefaultAuthenticationProviders(httpSecurity); if (!this.authenticationProviders.isEmpty()) { authenticationProviders.addAll(0, this.authenticationProviders); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java index 267bbd2c4..d2795a5b2 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java @@ -104,7 +104,6 @@ import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; -import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder; import org.springframework.security.oauth2.server.authorization.jackson2.TestingAuthenticationTokenMixin; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; @@ -126,14 +125,11 @@ import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.security.web.context.SecurityContextRepository; import org.springframework.security.web.util.matcher.RequestMatcher; -import org.springframework.stereotype.Controller; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; import org.springframework.util.StringUtils; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.util.UriComponents; import org.springframework.web.util.UriComponentsBuilder; import org.springframework.web.util.UriUtils; @@ -750,15 +746,6 @@ public void requestWhenCustomConsentPageConfiguredThenRedirect() throws Exceptio assertThat(authorization).isNotNull(); } - // gh-1668 - @Test - public void requestWhenCustomConsentPageConfiguredThenAuthorizationServerContextIsAccessible() throws Exception { - this.spring.register(AuthorizationServerConfigurationCustomConsentPageAccessAuthorizationServerContext.class) - .autowire(); - - this.mvc.perform(get(consentPage).with(user("user"))).andExpect(status().isOk()); - } - @Test public void requestWhenCustomConsentCustomizerConfiguredThenUsed() throws Exception { this.spring.register(AuthorizationServerConfigurationCustomConsentRequest.class).autowire(); @@ -1179,26 +1166,6 @@ SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) th } - @EnableWebSecurity - @Configuration(proxyBeanMethods = false) - static class AuthorizationServerConfigurationCustomConsentPageAccessAuthorizationServerContext - extends AuthorizationServerConfigurationCustomConsentPage { - - @Controller - class ConsentController { - - @GetMapping("/oauth2/consent") - @ResponseBody - String consent() { - // Ensure the AuthorizationServerContext is accessible - AuthorizationServerContextHolder.getContext().getIssuer(); - return ""; - } - - } - - } - @EnableWebSecurity @Configuration(proxyBeanMethods = false) static class AuthorizationServerConfigurationCustomConsentRequest extends AuthorizationServerConfiguration {