Tidy up some oauth2 features and add a test for request-scoped context

10 years ago · 20091b75c9
parent 774474f8b7
commit 20091b75c9
7 changed files with 63 additions and 40 deletions
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/OAuth2AutoConfiguration.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/OAuth2AutoConfiguration.java
@ -23,7 +23,7 @@ import org.springframework.boot.autoconfigure.AutoConfigureBefore;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
-import org.springframework.boot.autoconfigure.security.oauth2.authserver.SpringSecurityOAuth2AuthorizationServerConfiguration;
+import org.springframework.boot.autoconfigure.security.oauth2.authserver.OAuth2AuthorizationServerConfiguration;
 import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2RestOperationsConfiguration;
 import org.springframework.boot.autoconfigure.security.oauth2.method.OAuth2MethodSecurityConfiguration;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerConfiguration;
@ -46,7 +46,7 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter
 */
@Configuration
@ConditionalOnClass({ OAuth2AccessToken.class, WebMvcConfigurerAdapter.class })
-@Import({ SpringSecurityOAuth2AuthorizationServerConfiguration.class,
+@Import({ OAuth2AuthorizationServerConfiguration.class,
 		OAuth2MethodSecurityConfiguration.class, OAuth2ResourceServerConfiguration.class,
 		OAuth2RestOperationsConfiguration.class })
@AutoConfigureBefore(WebMvcAutoConfiguration.class)
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/authserver/SpringSecurityOAuth2AuthorizationServerConfiguration.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/authserver/SpringSecurityOAuth2AuthorizationServerConfiguration.java
@ -60,11 +60,11 @@ import org.springframework.security.oauth2.provider.token.TokenStore;
@ConditionalOnMissingBean(AuthorizationServerConfigurer.class)
@ConditionalOnBean(AuthorizationServerEndpointsConfiguration.class)
@EnableConfigurationProperties
-public class SpringSecurityOAuth2AuthorizationServerConfiguration extends
+public class OAuth2AuthorizationServerConfiguration extends
 		AuthorizationServerConfigurerAdapter {
 	private static final Log logger = LogFactory
-			.getLog(SpringSecurityOAuth2AuthorizationServerConfiguration.class);
+			.getLog(OAuth2AuthorizationServerConfiguration.class);
 	@Autowired
 	private BaseClientDetails details;
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/EnableOAuth2Sso.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/EnableOAuth2Sso.java
@ -23,6 +23,7 @@ import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerTokenServicesConfiguration;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Import;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
@ -42,6 +43,7 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.E
@Retention(RetentionPolicy.RUNTIME)
@Documented
@EnableOAuth2Client
@EnableConfigurationProperties(OAuth2SsoProperties.class)
@Import({ OAuth2SsoDefaultConfiguration.class, OAuth2SsoCustomConfiguration.class,
 		ResourceServerTokenServicesConfiguration.class })
 public @interface EnableOAuth2Sso {
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2RestOperationsConfiguration.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2RestOperationsConfiguration.java
@ -138,7 +138,7 @@ public class OAuth2RestOperationsConfiguration {
 	protected static class RequestScopedConfiguration extends BaseConfiguration {
 		@Bean
-		@Scope(value = "session", proxyMode = ScopedProxyMode.INTERFACES)
+		@Scope(value = "request", proxyMode = ScopedProxyMode.INTERFACES)
 		public OAuth2ClientContext oauth2ClientContext() {
 			DefaultOAuth2ClientContext context = new DefaultOAuth2ClientContext(
 					new DefaultAccessTokenRequest());
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2SsoDefaultConfiguration.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2SsoDefaultConfiguration.java
@ -21,7 +21,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
 import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
 import org.springframework.boot.autoconfigure.security.SecurityProperties;
-import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2SsoDefaultConfiguration.NeedsWebSecurityCondition;
 import org.springframework.context.annotation.ConditionContext;
 import org.springframework.context.annotation.Conditional;
 import org.springframework.context.annotation.Configuration;
@ -41,13 +41,9 @@ import org.springframework.util.ClassUtils;
 * @since 1.3.0
 */
@Configuration
@EnableConfigurationProperties(OAuth2SsoProperties.class)
 public class OAuth2SsoDefaultConfiguration {
 	@Configuration
@Conditional(NeedsWebSecurityCondition.class)
-	protected static class WebSecurityConfiguration extends WebSecurityConfigurerAdapter
+public class OAuth2SsoDefaultConfiguration extends WebSecurityConfigurerAdapter implements
-			implements Ordered {
+		Ordered {
 	@Autowired
 	BeanFactory beanFactory;
@ -71,16 +67,13 @@ public class OAuth2SsoDefaultConfiguration {
 						"org.springframework.boot.actuate.autoconfigure.ManagementServerProperties",
 						null)) {
 			// If > BASIC_AUTH_ORDER then the existing rules for the actuator
-				// endpoints
+			// endpoints will take precedence. This value is < BASIC_AUTH_ORDER.
 				// will take precedence. This value is < BASIC_AUTH_ORDER.
 			return SecurityProperties.ACCESS_OVERRIDE_ORDER - 5;
 		}
 		return SecurityProperties.ACCESS_OVERRIDE_ORDER;
 	}
-	}
+	protected static class NeedsWebSecurityCondition extends SpringBootCondition {
 	private static class NeedsWebSecurityCondition extends SpringBootCondition {
 		@Override
 		public ConditionOutcome getMatchOutcome(ConditionContext context,
--- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/SpringSecurityOAuth2AutoConfigurationTests.java
+++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/SpringSecurityOAuth2AutoConfigurationTests.java
@ -24,7 +24,7 @@ import org.junit.Test;
 import org.springframework.aop.support.AopUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.oauth2.authserver.SpringSecurityOAuth2AuthorizationServerConfiguration;
+import org.springframework.boot.autoconfigure.security.oauth2.authserver.OAuth2AuthorizationServerConfiguration;
 import org.springframework.boot.autoconfigure.security.oauth2.method.OAuth2MethodSecurityConfiguration;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerConfiguration;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
@ -104,7 +104,7 @@ public class SpringSecurityOAuth2AutoConfigurationTests {
 	private static final Class<?> RESOURCE_SERVER_CONFIG = OAuth2ResourceServerConfiguration.class;
-	private static final Class<?> AUTHORIZATION_SERVER_CONFIG = SpringSecurityOAuth2AuthorizationServerConfiguration.class;
+	private static final Class<?> AUTHORIZATION_SERVER_CONFIG = OAuth2AuthorizationServerConfiguration.class;
 	private AnnotationConfigEmbeddedWebApplicationContext context;
--- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfigurationTests.java
+++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfigurationTests.java
@ -19,12 +19,16 @@ package org.springframework.boot.autoconfigure.security.oauth2.resource;
 import org.junit.After;
 import org.junit.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.support.BeanDefinitionRegistry;
 import org.springframework.boot.autoconfigure.PropertyPlaceholderAutoConfiguration;
 import org.springframework.boot.autoconfigure.security.oauth2.OAuth2ClientProperties;
 import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2RestOperationsConfiguration;
 import org.springframework.boot.autoconfigure.social.FacebookAutoConfiguration;
 import org.springframework.boot.autoconfigure.social.SocialWebAutoConfiguration;
 import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory;
 import org.springframework.boot.context.embedded.MockEmbeddedServletContainerFactory;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.boot.test.EnvironmentTestUtils;
 import org.springframework.context.ConfigurableApplicationContext;
@ -37,6 +41,7 @@ import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
 import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
 import org.springframework.social.connect.ConnectionFactoryLocator;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.mockito.Mockito.mock;
@ -96,6 +101,19 @@ public class ResourceServerTokenServicesConfigurationTests {
 		assertNotNull(services);
 	}
 	@Test
 	public void userInfoNoClient() {
 		EnvironmentTestUtils.addEnvironment(this.environment,
 				"spring.oauth2.client.clientId=acme",
 				"spring.oauth2.resource.userInfoUri:http://example.com",
 				"server.port=-1", "debug=true");
 		this.context = new SpringApplicationBuilder(ResourceNoClientConfiguration.class)
 				.environment(this.environment).web(true).run();
 		BeanDefinition bean = ((BeanDefinitionRegistry) this.context)
 				.getBeanDefinition("scopedTarget.oauth2ClientContext");
 		assertEquals("request", bean.getScope());
 	}
 	@Test
 	public void preferUserInfo() {
 		EnvironmentTestUtils.addEnvironment(this.environment,
@ -154,6 +172,16 @@ public class ResourceServerTokenServicesConfigurationTests {
 	}
 	@Import({ OAuth2RestOperationsConfiguration.class })
 	protected static class ResourceNoClientConfiguration extends ResourceConfiguration {
 		@Bean
 		public MockEmbeddedServletContainerFactory embeddedServletContainerFactory() {
 			return new MockEmbeddedServletContainerFactory();
 		}
 	}
 	@Configuration
 	protected static class ResourceServerPropertiesConfiguration {