Simplify OAuth 2.0 Introspection Attribute Retrieval
In order to simplify retrieving of OAuth 2.0 Introspection specific attributes, OAuth2IntrospectionClaimAccessor interface was introduced and also new OAuth2AuthenticatedPrincipal implementing this new interface (OAuth2IntrospectionAuthenticatedPrincipal). Also DefaultOAuth2AuthenticatedPrincipal was replaced by OAuth2IntrospectionAuthenticatedPrincipal in cases where OAuth 2.0 Introspection is performed (NimbusOpaqueTokenIntrospector, NimbusReactiveOpaqueTokenIntrospector). DefaultOAuth2AuthenticatedPrincipal can be still used by applications that introspected the token without OAuth 2.0 Introspection. OAuth2IntrospectionAuthenticatedPrincipal will also be used as a default principal in tests where request is post-processed/mutated by OpaqueTokenRequestPostProcessor/OpaqueTokenMutator. Closes gh-6489
This commit is contained in:
Dávid Kováč
committed by
Josh Cummings
Josh Cummings
parent
b69bcf88e0
commit
af1c96b425
+2
-2
@@ -55,7 +55,6 @@ import org.springframework.security.oauth2.client.web.reactive.result.method.ann
|
||||
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
|
||||
import org.springframework.security.oauth2.client.web.server.WebSessionServerOAuth2AuthorizedClientRepository;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
|
||||
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
|
||||
@@ -71,6 +70,7 @@ import org.springframework.security.oauth2.jwt.Jwt;
|
||||
import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
|
||||
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
|
||||
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
|
||||
import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal;
|
||||
import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames;
|
||||
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
|
||||
import org.springframework.security.web.server.csrf.CsrfWebFilter;
|
||||
@@ -666,7 +666,7 @@ public class SecurityMockServerConfigurers {
|
||||
}
|
||||
|
||||
private OAuth2AuthenticatedPrincipal defaultPrincipal() {
|
||||
return new DefaultOAuth2AuthenticatedPrincipal
|
||||
return new OAuth2IntrospectionAuthenticatedPrincipal
|
||||
(this.attributes.get(), this.authorities.get());
|
||||
}
|
||||
|
||||
|
||||
+2
-2
@@ -66,7 +66,6 @@ import org.springframework.security.oauth2.client.web.HttpSessionOAuth2Authorize
|
||||
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
|
||||
import org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
|
||||
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
|
||||
@@ -82,6 +81,7 @@ import org.springframework.security.oauth2.jwt.Jwt;
|
||||
import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
|
||||
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
|
||||
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
|
||||
import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal;
|
||||
import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames;
|
||||
import org.springframework.security.test.context.TestSecurityContextHolder;
|
||||
import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers;
|
||||
@@ -1283,7 +1283,7 @@ public final class SecurityMockMvcRequestPostProcessors {
|
||||
}
|
||||
|
||||
private OAuth2AuthenticatedPrincipal defaultPrincipal() {
|
||||
return new DefaultOAuth2AuthenticatedPrincipal
|
||||
return new OAuth2IntrospectionAuthenticatedPrincipal
|
||||
(this.attributes.get(), this.authorities.get());
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user