Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added HttpServletResponse to AuthorizationRequestRepository

Browse Source 
This change enables AuthorizationRequestRepository to possibly save the AuthorizationRequestAttributes to a cookie.

Fixes gh-4446
This commit is contained in:
Luander Ribeiro
2017-07-24 20:43:20 +02:00
committed by Joe Grandja
parent ef1de5eda0
commit 65734414f7
4 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeRequestRedirectFilter.java
+1 -1
View File
@@ -126,7 +126,7 @@ public class AuthorizationCodeRequestRedirectFilter extends OncePerRequestFilter
.state(this.stateGenerator.generateKey())
.build();
this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequestAttributes, request);
this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequestAttributes, request, response);
URI redirectUri = this.authorizationUriBuilder.build(authorizationRequestAttributes);
this.authorizationRedirectStrategy.sendRedirect(request, response, redirectUri.toString());
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationRequestRepository.java
+3 -1
View File
@@ -18,6 +18,7 @@ package org.springframework.security.oauth2.client.authentication;
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Implementations of this interface are responsible for the persistence
@@ -38,7 +39,8 @@ public interface AuthorizationRequestRepository {
AuthorizationRequestAttributes loadAuthorizationRequest(HttpServletRequest request);
void saveAuthorizationRequest(AuthorizationRequestAttributes authorizationRequest, HttpServletRequest request);
void saveAuthorizationRequest(AuthorizationRequestAttributes authorizationRequest, HttpServletRequest request,
HttpServletResponse response);
AuthorizationRequestAttributes removeAuthorizationRequest(HttpServletRequest request);
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/HttpSessionAuthorizationRequestRepository.java
+3 -1
View File
@@ -18,6 +18,7 @@ package org.springframework.security.oauth2.client.authentication;
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
@@ -44,7 +45,8 @@ public final class HttpSessionAuthorizationRequestRepository implements Authoriz
}
@Override
public void saveAuthorizationRequest(AuthorizationRequestAttributes authorizationRequest, HttpServletRequest request) {
public void saveAuthorizationRequest(AuthorizationRequestAttributes authorizationRequest, HttpServletRequest request,
HttpServletResponse response) {
if (authorizationRequest == null) {
this.removeAuthorizationRequest(request);
return;
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProcessingFilterTests.java
+5 -4
View File
@@ -106,8 +106,8 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
String state = "some state";
request.addParameter(OAuth2Parameter.CODE, authCode);
request.addParameter(OAuth2Parameter.STATE, state);
setupAuthorizationRequest(authorizationRequestRepository, request, clientRegistration, state);
MockHttpServletResponse response = new MockHttpServletResponse();
setupAuthorizationRequest(authorizationRequestRepository, request, response, clientRegistration, state);
FilterChain filterChain = mock(FilterChain.class);
filter.doFilter(request, response, filterChain);
@@ -156,8 +156,8 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
String state = "some other state";
request.addParameter(OAuth2Parameter.CODE, authCode);
request.addParameter(OAuth2Parameter.STATE, state);
setupAuthorizationRequest(authorizationRequestRepository, request, clientRegistration, "some state");
MockHttpServletResponse response = new MockHttpServletResponse();
setupAuthorizationRequest(authorizationRequestRepository, request, response, clientRegistration, "some state");
FilterChain filterChain = mock(FilterChain.class);
filter.doFilter(request, response, filterChain);
@@ -181,8 +181,8 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
String state = "some state";
request.addParameter(OAuth2Parameter.CODE, authCode);
request.addParameter(OAuth2Parameter.STATE, state);
setupAuthorizationRequest(authorizationRequestRepository, request, clientRegistration, state);
MockHttpServletResponse response = new MockHttpServletResponse();
setupAuthorizationRequest(authorizationRequestRepository, request, response, clientRegistration, state);
FilterChain filterChain = mock(FilterChain.class);
filter.doFilter(request, response, filterChain);
@@ -227,6 +227,7 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
private void setupAuthorizationRequest(AuthorizationRequestRepository authorizationRequestRepository,
HttpServletRequest request,
HttpServletResponse response,
ClientRegistration clientRegistration,
String state) {
@@ -239,7 +240,7 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
.state(state)
.build();
authorizationRequestRepository.saveAuthorizationRequest(authorizationRequestAttributes, request);
authorizationRequestRepository.saveAuthorizationRequest(authorizationRequestAttributes, request, response);
}
private MockHttpServletRequest setupRequest(ClientRegistration clientRegistration) {