From f06536f642602e36088b7195ad1ceb26e3d0f2aa Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Wed, 22 Mar 2023 10:37:22 +0000 Subject: [PATCH] Polish Authorization Server auto-configuration --- ...zationServerPropertiesSettingsAdapter.java | 52 --------------- .../security/oauth2/server/package-info.java | 20 ------ ...Auth2AuthorizationServerConfiguration.java | 23 +++---- ...thorizationServerJwtAutoConfiguration.java | 9 +-- .../OAuth2AuthorizationServerProperties.java | 2 +- ...2AuthorizationServerPropertiesMapper.java} | 52 ++++++++++----- ...izationServerWebSecurityConfiguration.java | 15 +---- .../RegisteredClientsConfiguredCondition.java | 5 +- ...nServerPropertiesSettingsAdapterTests.java | 64 ------------------- ...orizationServerPropertiesMapperTests.java} | 43 +++++++++++-- ...th2AuthorizationServerPropertiesTests.java | 2 +- .../docs/asciidoc/web/spring-security.adoc | 4 +- .../build.gradle | 2 +- .../build.gradle | 1 - 14 files changed, 94 insertions(+), 200 deletions(-) delete mode 100644 spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerPropertiesSettingsAdapter.java delete mode 100644 spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/package-info.java rename spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/{ => servlet}/OAuth2AuthorizationServerProperties.java (99%) rename spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/{OAuth2AuthorizationServerPropertiesRegistrationAdapter.java => servlet/OAuth2AuthorizationServerPropertiesMapper.java} (68%) rename spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/{ => servlet}/RegisteredClientsConfiguredCondition.java (96%) delete mode 100644 spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerPropertiesSettingsAdapterTests.java rename spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/{OAuth2AuthorizationServerPropertiesRegistrationAdapterTests.java => servlet/OAuth2AuthorizationServerPropertiesMapperTests.java} (68%) rename spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/{ => servlet}/OAuth2AuthorizationServerPropertiesTests.java (99%) diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerPropertiesSettingsAdapter.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerPropertiesSettingsAdapter.java deleted file mode 100644 index d99a9b088b..0000000000 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerPropertiesSettingsAdapter.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright 2012-2023 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.boot.autoconfigure.security.oauth2.server; - -import org.springframework.boot.context.properties.PropertyMapper; -import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; - -/** - * Adapter class to convert {@link OAuth2AuthorizationServerProperties.Endpoint} to a - * {@link AuthorizationServerSettings}. - * - * @author Steve Riesenberg - * @since 3.1.0 - */ -public final class OAuth2AuthorizationServerPropertiesSettingsAdapter { - - private OAuth2AuthorizationServerPropertiesSettingsAdapter() { - } - - public static AuthorizationServerSettings getAuthorizationServerSettings( - OAuth2AuthorizationServerProperties properties) { - PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull(); - OAuth2AuthorizationServerProperties.Endpoint endpoint = properties.getEndpoint(); - OAuth2AuthorizationServerProperties.OidcEndpoint oidc = endpoint.getOidc(); - AuthorizationServerSettings.Builder builder = AuthorizationServerSettings.builder(); - map.from(properties::getIssuer).to(builder::issuer); - map.from(endpoint::getAuthorizationUri).to(builder::authorizationEndpoint); - map.from(endpoint::getTokenUri).to(builder::tokenEndpoint); - map.from(endpoint::getJwkSetUri).to(builder::jwkSetEndpoint); - map.from(endpoint::getTokenRevocationUri).to(builder::tokenRevocationEndpoint); - map.from(endpoint::getTokenIntrospectionUri).to(builder::tokenIntrospectionEndpoint); - map.from(oidc::getLogoutUri).to(builder::oidcLogoutEndpoint); - map.from(oidc::getClientRegistrationUri).to(builder::oidcClientRegistrationEndpoint); - map.from(oidc::getUserInfoUri).to(builder::oidcUserInfoEndpoint); - return builder.build(); - } - -} diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/package-info.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/package-info.java deleted file mode 100644 index e67ca7e3c9..0000000000 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/package-info.java +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright 2012-2023 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * Support for Spring Security's OAuth2 authorization server. - */ -package org.springframework.boot.autoconfigure.security.oauth2.server; diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerConfiguration.java index 691303122f..040f4e0c44 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerConfiguration.java @@ -16,19 +16,12 @@ package org.springframework.boot.autoconfigure.security.oauth2.server.servlet; -import java.util.List; - import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; -import org.springframework.boot.autoconfigure.security.oauth2.server.OAuth2AuthorizationServerProperties; -import org.springframework.boot.autoconfigure.security.oauth2.server.OAuth2AuthorizationServerPropertiesRegistrationAdapter; -import org.springframework.boot.autoconfigure.security.oauth2.server.OAuth2AuthorizationServerPropertiesSettingsAdapter; -import org.springframework.boot.autoconfigure.security.oauth2.server.RegisteredClientsConfiguredCondition; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Conditional; import org.springframework.context.annotation.Configuration; import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository; -import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; @@ -42,19 +35,23 @@ import org.springframework.security.oauth2.server.authorization.settings.Authori @EnableConfigurationProperties(OAuth2AuthorizationServerProperties.class) class OAuth2AuthorizationServerConfiguration { + private final OAuth2AuthorizationServerPropertiesMapper propertiesMapper; + + OAuth2AuthorizationServerConfiguration(OAuth2AuthorizationServerProperties properties) { + this.propertiesMapper = new OAuth2AuthorizationServerPropertiesMapper(properties); + } + @Bean @ConditionalOnMissingBean @Conditional(RegisteredClientsConfiguredCondition.class) - RegisteredClientRepository registeredClientRepository(OAuth2AuthorizationServerProperties properties) { - List registeredClients = OAuth2AuthorizationServerPropertiesRegistrationAdapter - .getRegisteredClients(properties); - return new InMemoryRegisteredClientRepository(registeredClients); + RegisteredClientRepository registeredClientRepository() { + return new InMemoryRegisteredClientRepository(this.propertiesMapper.asRegisteredClients()); } @Bean @ConditionalOnMissingBean - AuthorizationServerSettings authorizationServerSettings(OAuth2AuthorizationServerProperties properties) { - return OAuth2AuthorizationServerPropertiesSettingsAdapter.getAuthorizationServerSettings(properties); + AuthorizationServerSettings authorizationServerSettings() { + return this.propertiesMapper.asAuthorizationServerSettings(); } } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerJwtAutoConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerJwtAutoConfiguration.java index 71251ed0aa..e399154618 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerJwtAutoConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerJwtAutoConfiguration.java @@ -73,12 +73,9 @@ public class OAuth2AuthorizationServerJwtAutoConfiguration { KeyPair keyPair = generateRsaKey(); RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); - // @formatter:off - RSAKey rsaKey = new RSAKey.Builder(publicKey) - .privateKey(privateKey) - .keyID(UUID.randomUUID().toString()) - .build(); - // @formatter:on + RSAKey rsaKey = new RSAKey.Builder(publicKey).privateKey(privateKey) + .keyID(UUID.randomUUID().toString()) + .build(); return rsaKey; } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerProperties.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerProperties.java similarity index 99% rename from spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerProperties.java rename to spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerProperties.java index bd0779e7e3..f9d8cf9df2 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerProperties.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerProperties.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.springframework.boot.autoconfigure.security.oauth2.server; +package org.springframework.boot.autoconfigure.security.oauth2.server.servlet; import java.time.Duration; import java.util.HashMap; diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerPropertiesRegistrationAdapter.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesMapper.java similarity index 68% rename from spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerPropertiesRegistrationAdapter.java rename to spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesMapper.java index edebfe8939..0d7019b37a 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerPropertiesRegistrationAdapter.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesMapper.java @@ -14,13 +14,13 @@ * limitations under the License. */ -package org.springframework.boot.autoconfigure.security.oauth2.server; +package org.springframework.boot.autoconfigure.security.oauth2.server.servlet; import java.util.ArrayList; import java.util.List; -import org.springframework.boot.autoconfigure.security.oauth2.server.OAuth2AuthorizationServerProperties.Client; -import org.springframework.boot.autoconfigure.security.oauth2.server.OAuth2AuthorizationServerProperties.Registration; +import org.springframework.boot.autoconfigure.security.oauth2.server.servlet.OAuth2AuthorizationServerProperties.Client; +import org.springframework.boot.autoconfigure.security.oauth2.server.servlet.OAuth2AuthorizationServerProperties.Registration; import org.springframework.boot.context.properties.PropertyMapper; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; @@ -28,29 +28,49 @@ import org.springframework.security.oauth2.jose.jws.JwsAlgorithm; import org.springframework.security.oauth2.jose.jws.MacAlgorithm; import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; /** - * Adapter class to convert {@link Client} to a {@link RegisteredClient}. + * Maps {@OAuth2AuthorizationServerProperties} to Authorization Server types. * * @author Steve Riesenberg - * @since 3.1.0 */ -public final class OAuth2AuthorizationServerPropertiesRegistrationAdapter { +final class OAuth2AuthorizationServerPropertiesMapper { - private OAuth2AuthorizationServerPropertiesRegistrationAdapter() { + private final OAuth2AuthorizationServerProperties properties; + + OAuth2AuthorizationServerPropertiesMapper(OAuth2AuthorizationServerProperties properties) { + this.properties = properties; + } + + AuthorizationServerSettings asAuthorizationServerSettings() { + PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull(); + OAuth2AuthorizationServerProperties.Endpoint endpoint = this.properties.getEndpoint(); + OAuth2AuthorizationServerProperties.OidcEndpoint oidc = endpoint.getOidc(); + AuthorizationServerSettings.Builder builder = AuthorizationServerSettings.builder(); + map.from(this.properties::getIssuer).to(builder::issuer); + map.from(endpoint::getAuthorizationUri).to(builder::authorizationEndpoint); + map.from(endpoint::getTokenUri).to(builder::tokenEndpoint); + map.from(endpoint::getJwkSetUri).to(builder::jwkSetEndpoint); + map.from(endpoint::getTokenRevocationUri).to(builder::tokenRevocationEndpoint); + map.from(endpoint::getTokenIntrospectionUri).to(builder::tokenIntrospectionEndpoint); + map.from(oidc::getLogoutUri).to(builder::oidcLogoutEndpoint); + map.from(oidc::getClientRegistrationUri).to(builder::oidcClientRegistrationEndpoint); + map.from(oidc::getUserInfoUri).to(builder::oidcUserInfoEndpoint); + return builder.build(); } - public static List getRegisteredClients(OAuth2AuthorizationServerProperties properties) { + List asRegisteredClients() { List registeredClients = new ArrayList<>(); - properties.getClient() + this.properties.getClient() .forEach((registrationId, client) -> registeredClients.add(getRegisteredClient(registrationId, client))); return registeredClients; } - private static RegisteredClient getRegisteredClient(String registrationId, Client client) { + private RegisteredClient getRegisteredClient(String registrationId, Client client) { Registration registration = client.getRegistration(); PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull(); RegisteredClient.Builder builder = RegisteredClient.withId(registrationId); @@ -74,18 +94,18 @@ public final class OAuth2AuthorizationServerPropertiesRegistrationAdapter { return builder.build(); } - private static ClientSettings getClientSettings(Client client, PropertyMapper map) { + private ClientSettings getClientSettings(Client client, PropertyMapper map) { ClientSettings.Builder builder = ClientSettings.builder(); map.from(client::isRequireProofKey).to(builder::requireProofKey); map.from(client::isRequireAuthorizationConsent).to(builder::requireAuthorizationConsent); map.from(client::getJwkSetUri).to(builder::jwkSetUrl); map.from(client::getTokenEndpointAuthenticationSigningAlgorithm) - .as(OAuth2AuthorizationServerPropertiesRegistrationAdapter::jwsAlgorithm) + .as(this::jwsAlgorithm) .to(builder::tokenEndpointAuthenticationSigningAlgorithm); return builder.build(); } - private static TokenSettings getTokenSettings(Client client, PropertyMapper map) { + private TokenSettings getTokenSettings(Client client, PropertyMapper map) { OAuth2AuthorizationServerProperties.Token token = client.getToken(); TokenSettings.Builder builder = TokenSettings.builder(); map.from(token::getAuthorizationCodeTimeToLive).to(builder::authorizationCodeTimeToLive); @@ -94,12 +114,12 @@ public final class OAuth2AuthorizationServerPropertiesRegistrationAdapter { map.from(token::isReuseRefreshTokens).to(builder::reuseRefreshTokens); map.from(token::getRefreshTokenTimeToLive).to(builder::refreshTokenTimeToLive); map.from(token::getIdTokenSignatureAlgorithm) - .as(OAuth2AuthorizationServerPropertiesRegistrationAdapter::signatureAlgorithm) + .as(this::signatureAlgorithm) .to(builder::idTokenSignatureAlgorithm); return builder.build(); } - private static JwsAlgorithm jwsAlgorithm(String signingAlgorithm) { + private JwsAlgorithm jwsAlgorithm(String signingAlgorithm) { String name = signingAlgorithm.toUpperCase(); JwsAlgorithm jwsAlgorithm = SignatureAlgorithm.from(name); if (jwsAlgorithm == null) { @@ -108,7 +128,7 @@ public final class OAuth2AuthorizationServerPropertiesRegistrationAdapter { return jwsAlgorithm; } - private static SignatureAlgorithm signatureAlgorithm(String signatureAlgorithm) { + private SignatureAlgorithm signatureAlgorithm(String signatureAlgorithm) { return SignatureAlgorithm.from(signatureAlgorithm.toUpperCase()); } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java index 37a496a938..626696193a 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java @@ -48,26 +48,17 @@ class OAuth2AuthorizationServerWebSecurityConfiguration { SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http); http.getConfigurer(OAuth2AuthorizationServerConfigurer.class).oidc(Customizer.withDefaults()); - // @formatter:off - http - .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt) + http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt) .exceptionHandling((exceptions) -> exceptions - .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")) - ); - // @formatter:on + .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))); return http.build(); } @Bean @Order(SecurityProperties.BASIC_AUTH_ORDER) SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception { - // @formatter:off - http - .authorizeHttpRequests((authorize) -> authorize - .anyRequest().authenticated() - ) + http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()) .formLogin(Customizer.withDefaults()); - // @formatter:on return http.build(); } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/RegisteredClientsConfiguredCondition.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/RegisteredClientsConfiguredCondition.java similarity index 96% rename from spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/RegisteredClientsConfiguredCondition.java rename to spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/RegisteredClientsConfiguredCondition.java index f7bc2c8084..0b49c3a860 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/RegisteredClientsConfiguredCondition.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/RegisteredClientsConfiguredCondition.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.springframework.boot.autoconfigure.security.oauth2.server; +package org.springframework.boot.autoconfigure.security.oauth2.server.servlet; import java.util.Collections; import java.util.Map; @@ -34,9 +34,8 @@ import org.springframework.core.type.AnnotatedTypeMetadata; * properties are defined. * * @author Steve Riesenberg - * @since 3.1.0 */ -public class RegisteredClientsConfiguredCondition extends SpringBootCondition { +class RegisteredClientsConfiguredCondition extends SpringBootCondition { private static final Bindable> STRING_CLIENT_MAP = Bindable .mapOf(String.class, OAuth2AuthorizationServerProperties.Client.class); diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerPropertiesSettingsAdapterTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerPropertiesSettingsAdapterTests.java deleted file mode 100644 index 0ccde3864f..0000000000 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerPropertiesSettingsAdapterTests.java +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright 2012-2023 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.boot.autoconfigure.security.oauth2.server; - -import org.junit.jupiter.api.Test; - -import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; - -import static org.assertj.core.api.Assertions.assertThat; - -/** - * Tests for {@link OAuth2AuthorizationServerPropertiesRegistrationAdapter}. - * - * @author Steve Riesenberg - */ -class OAuth2AuthorizationServerPropertiesSettingsAdapterTests { - - @Test - void getAuthorizationServerSettingsWhenValidParametersShouldAdapt() { - OAuth2AuthorizationServerProperties properties = createAuthorizationServerProperties(); - AuthorizationServerSettings settings = OAuth2AuthorizationServerPropertiesSettingsAdapter - .getAuthorizationServerSettings(properties); - assertThat(settings.getIssuer()).isEqualTo("https://example.com"); - assertThat(settings.getAuthorizationEndpoint()).isEqualTo("/authorize"); - assertThat(settings.getTokenEndpoint()).isEqualTo("/token"); - assertThat(settings.getJwkSetEndpoint()).isEqualTo("/jwks"); - assertThat(settings.getTokenRevocationEndpoint()).isEqualTo("/revoke"); - assertThat(settings.getTokenIntrospectionEndpoint()).isEqualTo("/introspect"); - assertThat(settings.getOidcLogoutEndpoint()).isEqualTo("/logout"); - assertThat(settings.getOidcClientRegistrationEndpoint()).isEqualTo("/register"); - assertThat(settings.getOidcUserInfoEndpoint()).isEqualTo("/user"); - } - - private OAuth2AuthorizationServerProperties createAuthorizationServerProperties() { - OAuth2AuthorizationServerProperties properties = new OAuth2AuthorizationServerProperties(); - properties.setIssuer("https://example.com"); - OAuth2AuthorizationServerProperties.Endpoint endpoints = properties.getEndpoint(); - endpoints.setAuthorizationUri("/authorize"); - endpoints.setTokenUri("/token"); - endpoints.setJwkSetUri("/jwks"); - endpoints.setTokenRevocationUri("/revoke"); - endpoints.setTokenIntrospectionUri("/introspect"); - OAuth2AuthorizationServerProperties.OidcEndpoint oidc = endpoints.getOidc(); - oidc.setLogoutUri("/logout"); - oidc.setClientRegistrationUri("/register"); - oidc.setUserInfoUri("/user"); - return properties; - } - -} diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerPropertiesRegistrationAdapterTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesMapperTests.java similarity index 68% rename from spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerPropertiesRegistrationAdapterTests.java rename to spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesMapperTests.java index 6b3bd4bbf0..39f7292bbb 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerPropertiesRegistrationAdapterTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesMapperTests.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.springframework.boot.autoconfigure.security.oauth2.server; +package org.springframework.boot.autoconfigure.security.oauth2.server.servlet; import java.time.Duration; import java.util.List; @@ -25,24 +25,28 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat; import static org.assertj.core.api.Assertions.assertThat; /** - * Tests for {@link OAuth2AuthorizationServerPropertiesRegistrationAdapter}. + * Tests for {@link OAuth2AuthorizationServerPropertiesMapper}. * * @author Steve Riesenberg */ -class OAuth2AuthorizationServerPropertiesRegistrationAdapterTests { +class OAuth2AuthorizationServerPropertiesMapperTests { + + private final OAuth2AuthorizationServerProperties properties = new OAuth2AuthorizationServerProperties(); + + private final OAuth2AuthorizationServerPropertiesMapper mapper = new OAuth2AuthorizationServerPropertiesMapper( + this.properties); @Test void getRegisteredClientsWhenValidParametersShouldAdapt() { - OAuth2AuthorizationServerProperties properties = new OAuth2AuthorizationServerProperties(); OAuth2AuthorizationServerProperties.Client client = createClient(); - properties.getClient().put("foo", client); - List registeredClients = OAuth2AuthorizationServerPropertiesRegistrationAdapter - .getRegisteredClients(properties); + this.properties.getClient().put("foo", client); + List registeredClients = this.mapper.asRegisteredClients(); assertThat(registeredClients).hasSize(1); RegisteredClient registeredClient = registeredClients.get(0); assertThat(registeredClient.getClientId()).isEqualTo("foo"); @@ -90,4 +94,29 @@ class OAuth2AuthorizationServerPropertiesRegistrationAdapterTests { return client; } + @Test + void getAuthorizationServerSettingsWhenValidParametersShouldAdapt() { + this.properties.setIssuer("https://example.com"); + OAuth2AuthorizationServerProperties.Endpoint endpoints = this.properties.getEndpoint(); + endpoints.setAuthorizationUri("/authorize"); + endpoints.setTokenUri("/token"); + endpoints.setJwkSetUri("/jwks"); + endpoints.setTokenRevocationUri("/revoke"); + endpoints.setTokenIntrospectionUri("/introspect"); + OAuth2AuthorizationServerProperties.OidcEndpoint oidc = endpoints.getOidc(); + oidc.setLogoutUri("/logout"); + oidc.setClientRegistrationUri("/register"); + oidc.setUserInfoUri("/user"); + AuthorizationServerSettings settings = this.mapper.asAuthorizationServerSettings(); + assertThat(settings.getIssuer()).isEqualTo("https://example.com"); + assertThat(settings.getAuthorizationEndpoint()).isEqualTo("/authorize"); + assertThat(settings.getTokenEndpoint()).isEqualTo("/token"); + assertThat(settings.getJwkSetEndpoint()).isEqualTo("/jwks"); + assertThat(settings.getTokenRevocationEndpoint()).isEqualTo("/revoke"); + assertThat(settings.getTokenIntrospectionEndpoint()).isEqualTo("/introspect"); + assertThat(settings.getOidcLogoutEndpoint()).isEqualTo("/logout"); + assertThat(settings.getOidcClientRegistrationEndpoint()).isEqualTo("/register"); + assertThat(settings.getOidcUserInfoEndpoint()).isEqualTo("/user"); + } + } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerPropertiesTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesTests.java similarity index 99% rename from spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerPropertiesTests.java rename to spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesTests.java index 5009a11217..28daa4c253 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerPropertiesTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesTests.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.springframework.boot.autoconfigure.security.oauth2.server; +package org.springframework.boot.autoconfigure.security.oauth2.server.servlet; import org.junit.jupiter.api.Test; diff --git a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/web/spring-security.adoc b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/web/spring-security.adoc index 8303dcea5e..a9a9a34d4a 100644 --- a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/web/spring-security.adoc +++ b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/web/spring-security.adoc @@ -227,9 +227,7 @@ Alternatively, you can define your own `OpaqueTokenIntrospector` bean for servle [[web.security.oauth2.authorization-server]] ==== Authorization Server -If you have `spring-security-oauth2-authorization-server` on your classpath, you can take advantage of some auto-configuration to set up an OAuth2 Authorization Server. -This configuration makes use of the properties under `OAuth2AuthorizationServerProperties`. -The properties are only applicable for servlet applications. +If you have `spring-security-oauth2-authorization-server` on your classpath, you can take advantage of some auto-configuration to set up a Servlet-based OAuth2 Authorization Server. You can register multiple OAuth2 clients under the `spring.security.oauth2.authorizationserver.client` prefix, as shown in the following example: diff --git a/spring-boot-project/spring-boot-starters/spring-boot-starter-oauth2-authorization-server/build.gradle b/spring-boot-project/spring-boot-starters/spring-boot-starter-oauth2-authorization-server/build.gradle index 15caf0d0c4..4acf7f7685 100644 --- a/spring-boot-project/spring-boot-starters/spring-boot-starter-oauth2-authorization-server/build.gradle +++ b/spring-boot-project/spring-boot-starters/spring-boot-starter-oauth2-authorization-server/build.gradle @@ -5,6 +5,6 @@ plugins { description = "Starter for using Spring Authorization Server features" dependencies { - api(project(":spring-boot-project:spring-boot-starters:spring-boot-starter")) + api(project(":spring-boot-project:spring-boot-starters:spring-boot-starter-web")) api("org.springframework.security:spring-security-oauth2-authorization-server") } diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-oauth2-authorization-server/build.gradle b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-oauth2-authorization-server/build.gradle index a61db53d14..996867facc 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-oauth2-authorization-server/build.gradle +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-oauth2-authorization-server/build.gradle @@ -7,7 +7,6 @@ description = "Spring Boot OAuth2 Authorization Server smoke test" dependencies { implementation(project(":spring-boot-project:spring-boot-starters:spring-boot-starter-oauth2-authorization-server")) - implementation(project(":spring-boot-project:spring-boot-starters:spring-boot-starter-web")) testImplementation(project(":spring-boot-project:spring-boot-starters:spring-boot-starter-test")) testImplementation("org.apache.httpcomponents.client5:httpclient5")