Compare commits
20 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 608b1484e4 | |||
| 5fb2875f47 | |||
| 27ae318992 | |||
| 73840663b9 | |||
| 5662e17370 | |||
| 63f28a7e1f | |||
| f988272fff | |||
| 532d0bef14 | |||
| 571bd60d82 | |||
| 6471a32d66 | |||
| c1e9e10bf0 | |||
| fed6df5167 | |||
| 20ae9dc6bc | |||
| 03eadb846c | |||
| 0928a60cd2 | |||
| 322634ca6a | |||
| 5213cc44fc | |||
| 8fa2fc0e1e | |||
| 4feeb0f843 | |||
| ea88671f4c |
@@ -2,6 +2,10 @@ name: Finalize Release
|
||||
|
||||
on:
|
||||
workflow_dispatch: # Manual trigger
|
||||
inputs:
|
||||
version:
|
||||
description: The Spring Security release to finalize (e.g. 7.0.0-RC2)
|
||||
required: true
|
||||
|
||||
env:
|
||||
DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
|
||||
@@ -10,32 +14,14 @@ permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
project-version:
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
version: ${{ steps.project-version.outputs.version }}
|
||||
steps:
|
||||
- id: project-version
|
||||
run: echo "version=$(grep '^version=' gradle.properties | cut -d'=' -f2)" >> $GITHUB_OUTPUT
|
||||
perform-release:
|
||||
name: Perform Release
|
||||
needs: [ project-version ]
|
||||
uses: spring-io/spring-security-release-tools/.github/workflows/perform-release.yml@v1
|
||||
with:
|
||||
should-perform-release: true
|
||||
project-version: ${{ needs.project-version.outputs.version }}
|
||||
project-version: ${{ inputs.version }}
|
||||
milestone-repo-url: https://repo1.maven.org/maven2
|
||||
release-repo-url: https://repo1.maven.org/maven2
|
||||
artifact-path: org/springframework/security/spring-security-core
|
||||
slack-announcing-id: spring-security-announcing
|
||||
secrets: inherit
|
||||
send-notification:
|
||||
name: Send Notification
|
||||
needs: [ perform-release ]
|
||||
if: ${{ !success() }}
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Send Notification
|
||||
uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1
|
||||
with:
|
||||
webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}
|
||||
|
||||
-1
@@ -2052,7 +2052,6 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
||||
* http
|
||||
* // ...
|
||||
* .webAuthn((webAuthn) -> webAuthn
|
||||
* .rpName("Spring Security Relying Party")
|
||||
* .rpId("example.com")
|
||||
* .allowedOrigins("https://example.com")
|
||||
* );
|
||||
|
||||
+5
-3
@@ -177,6 +177,7 @@ public class WebAuthnConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
WebAuthnAuthenticationFilter webAuthnAuthnFilter = new WebAuthnAuthenticationFilter();
|
||||
webAuthnAuthnFilter.setAuthenticationManager(
|
||||
new ProviderManager(new WebAuthnAuthenticationProvider(rpOperations, userDetailsService)));
|
||||
webAuthnAuthnFilter = postProcess(webAuthnAuthnFilter);
|
||||
WebAuthnRegistrationFilter webAuthnRegistrationFilter = new WebAuthnRegistrationFilter(userCredentials,
|
||||
rpOperations);
|
||||
PublicKeyCredentialCreationOptionsFilter creationOptionsFilter = new PublicKeyCredentialCreationOptionsFilter(
|
||||
@@ -256,9 +257,10 @@ public class WebAuthnConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
PublicKeyCredentialUserEntityRepository userEntities, UserCredentialRepository userCredentials) {
|
||||
Optional<WebAuthnRelyingPartyOperations> webauthnOperationsBean = getBeanOrNull(
|
||||
WebAuthnRelyingPartyOperations.class);
|
||||
return webauthnOperationsBean.orElseGet(() -> new Webauthn4JRelyingPartyOperations(userEntities,
|
||||
userCredentials, PublicKeyCredentialRpEntity.builder().id(this.rpId).name(this.rpName).build(),
|
||||
this.allowedOrigins));
|
||||
String rpName = (this.rpName != null) ? this.rpName : this.rpId;
|
||||
return webauthnOperationsBean
|
||||
.orElseGet(() -> new Webauthn4JRelyingPartyOperations(userEntities, userCredentials,
|
||||
PublicKeyCredentialRpEntity.builder().id(this.rpId).name(rpName).build(), this.allowedOrigins));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
+89
-2
@@ -19,10 +19,13 @@ package org.springframework.security.config.annotation.web.configurers;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.List;
|
||||
|
||||
import com.fasterxml.jackson.databind.JsonNode;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.config.BeanPostProcessor;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.HttpOutputMessage;
|
||||
@@ -42,6 +45,7 @@ import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.ui.DefaultResourcesFilter;
|
||||
import org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions;
|
||||
import org.springframework.security.web.webauthn.api.TestPublicKeyCredentialCreationOptions;
|
||||
import org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationFilter;
|
||||
import org.springframework.security.web.webauthn.management.WebAuthnRelyingPartyOperations;
|
||||
import org.springframework.security.web.webauthn.registration.HttpSessionPublicKeyCredentialCreationOptionsRepository;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
@@ -52,6 +56,8 @@ import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.BDDMockito.given;
|
||||
import static org.mockito.BDDMockito.willAnswer;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
|
||||
@@ -88,6 +94,14 @@ public class WebAuthnConfigurerTests {
|
||||
.andExpect(content().string(containsString("body {")));
|
||||
}
|
||||
|
||||
// gh-18128
|
||||
@Test
|
||||
public void webAuthnAuthenticationFilterIsPostProcessed() throws Exception {
|
||||
this.spring.register(DefaultWebauthnConfiguration.class, PostProcessorConfiguration.class).autowire();
|
||||
PostProcessorConfiguration postProcess = this.spring.getContext().getBean(PostProcessorConfiguration.class);
|
||||
assertThat(postProcess.webauthnFilter).isNotNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void webauthnWhenNoFormLoginAndDefaultRegistrationPageConfiguredThenServesJavascript() throws Exception {
|
||||
this.spring.register(NoFormLoginAndDefaultRegistrationPageConfiguration.class).autowire();
|
||||
@@ -127,6 +141,42 @@ public class WebAuthnConfigurerTests {
|
||||
.hasSize(1);
|
||||
}
|
||||
|
||||
@Test
|
||||
void webauthnWhenConfiguredDefaultsRpNameToRpId() throws Exception {
|
||||
ObjectMapper mapper = new ObjectMapper();
|
||||
this.spring.register(DefaultWebauthnConfiguration.class).autowire();
|
||||
String response = this.mvc
|
||||
.perform(post("/webauthn/register/options").with(csrf())
|
||||
.with(authentication(new TestingAuthenticationToken("test", "ignored", "ROLE_user"))))
|
||||
.andExpect(status().is2xxSuccessful())
|
||||
.andReturn()
|
||||
.getResponse()
|
||||
.getContentAsString();
|
||||
|
||||
JsonNode parsedResponse = mapper.readTree(response);
|
||||
|
||||
assertThat(parsedResponse.get("rp").get("id").asText()).isEqualTo("example.com");
|
||||
assertThat(parsedResponse.get("rp").get("name").asText()).isEqualTo("example.com");
|
||||
}
|
||||
|
||||
@Test
|
||||
void webauthnWhenRpNameConfiguredUsesRpName() throws Exception {
|
||||
ObjectMapper mapper = new ObjectMapper();
|
||||
this.spring.register(CustomRpNameWebauthnConfiguration.class).autowire();
|
||||
String response = this.mvc
|
||||
.perform(post("/webauthn/register/options").with(csrf())
|
||||
.with(authentication(new TestingAuthenticationToken("test", "ignored", "ROLE_user"))))
|
||||
.andExpect(status().is2xxSuccessful())
|
||||
.andReturn()
|
||||
.getResponse()
|
||||
.getContentAsString();
|
||||
|
||||
JsonNode parsedResponse = mapper.readTree(response);
|
||||
|
||||
assertThat(parsedResponse.get("rp").get("id").asText()).isEqualTo("example.com");
|
||||
assertThat(parsedResponse.get("rp").get("name").asText()).isEqualTo("Test RP Name");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void webauthnWhenConfiguredAndFormLoginThenDoesServesJavascript() throws Exception {
|
||||
this.spring.register(FormLoginAndNoDefaultRegistrationPageConfiguration.class).autowire();
|
||||
@@ -289,6 +339,26 @@ public class WebAuthnConfigurerTests {
|
||||
|
||||
}
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
static class PostProcessorConfiguration {
|
||||
|
||||
WebAuthnAuthenticationFilter webauthnFilter;
|
||||
|
||||
@Bean
|
||||
BeanPostProcessor beanPostProcessor() {
|
||||
return new BeanPostProcessor() {
|
||||
@Override
|
||||
public Object postProcessAfterInitialization(Object bean, String beanName) {
|
||||
if (bean instanceof WebAuthnAuthenticationFilter filter) {
|
||||
PostProcessorConfiguration.this.webauthnFilter = filter;
|
||||
}
|
||||
return bean;
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
static class DefaultWebauthnConfiguration {
|
||||
@@ -304,8 +374,7 @@ public class WebAuthnConfigurerTests {
|
||||
http
|
||||
.formLogin(Customizer.withDefaults())
|
||||
.webAuthn((authn) -> authn
|
||||
.rpId("spring.io")
|
||||
.rpName("spring")
|
||||
.rpId("example.com")
|
||||
);
|
||||
// @formatter:on
|
||||
return http.build();
|
||||
@@ -313,6 +382,24 @@ public class WebAuthnConfigurerTests {
|
||||
|
||||
}
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
static class CustomRpNameWebauthnConfiguration {
|
||||
|
||||
@Bean
|
||||
UserDetailsService userDetailsService() {
|
||||
return new InMemoryUserDetailsManager();
|
||||
}
|
||||
|
||||
@Bean
|
||||
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
return http.formLogin(Customizer.withDefaults())
|
||||
.webAuthn((webauthn) -> webauthn.rpId("example.com").rpName("Test RP Name"))
|
||||
.build();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
static class NoFormLoginAndDefaultRegistrationPageConfiguration {
|
||||
|
||||
+21
@@ -16,6 +16,7 @@
|
||||
|
||||
package org.springframework.security.crypto.bcrypt;
|
||||
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.SecureRandom;
|
||||
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
@@ -25,6 +26,7 @@ import org.springframework.security.crypto.password.AbstractPasswordEncoderValid
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
||||
import static org.assertj.core.api.Assertions.assertThatNoException;
|
||||
|
||||
/**
|
||||
* @author Dave Syer
|
||||
@@ -236,4 +238,23 @@ public class BCryptPasswordEncoderTests extends AbstractPasswordEncoderValidatio
|
||||
assertThat(getEncoder().matches(password73chars, encodedPassword73chars)).isTrue();
|
||||
}
|
||||
|
||||
/**
|
||||
* Fixes gh-18133
|
||||
* @author StringManolo
|
||||
*/
|
||||
@Test
|
||||
void passwordLargerThan72BytesShouldThrowIllegalArgumentException() {
|
||||
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
|
||||
String singleByteChars = "a".repeat(68);
|
||||
String password72Bytes = singleByteChars + "😀";
|
||||
assertThat(password72Bytes.length()).isEqualTo(70);
|
||||
assertThat(password72Bytes.getBytes(StandardCharsets.UTF_8).length).isEqualTo(72);
|
||||
assertThatNoException().isThrownBy(() -> encoder.encode(password72Bytes));
|
||||
String singleByteCharsTooLong = "a".repeat(69);
|
||||
String password73Bytes = singleByteCharsTooLong + "😀";
|
||||
assertThat(password73Bytes.getBytes(StandardCharsets.UTF_8).length).isEqualTo(73);
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> encoder.encode(password73Bytes))
|
||||
.withMessageContaining("password cannot be more than 72 bytes");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -90,6 +90,7 @@
|
||||
**** xref:servlet/oauth2/resource-server/multitenancy.adoc[Multitenancy]
|
||||
**** xref:servlet/oauth2/resource-server/bearer-tokens.adoc[Bearer Tokens]
|
||||
**** xref:servlet/oauth2/resource-server/dpop-tokens.adoc[DPoP-bound Access Tokens]
|
||||
**** xref:servlet/oauth2/resource-server/protected-resource-metadata.adoc[Protected Resource Metadata]
|
||||
*** xref:servlet/oauth2/authorization-server/index.adoc[OAuth2 Authorization Server]
|
||||
**** xref:servlet/oauth2/authorization-server/getting-started.adoc[Getting Started]
|
||||
**** xref:servlet/oauth2/authorization-server/configuration-model.adoc[Configuration Model]
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
|
||||
[[webflux-cors]]
|
||||
= CORS
|
||||
|
||||
@@ -75,3 +74,11 @@ fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain
|
||||
}
|
||||
----
|
||||
======
|
||||
|
||||
[WARNING]
|
||||
====
|
||||
CORS is a browser-based security feature.
|
||||
By disabling CORS in Spring Security, you are not removing CORS protection from your browser.
|
||||
Instead, you are removing CORS support from Spring Security, and users will not be able to interact with your Spring backend from a cross-origin browser application.
|
||||
To fix CORS errors in your application, you must enable CORS support, and provide an appropriate configuration source.
|
||||
====
|
||||
|
||||
@@ -65,7 +65,6 @@ SecurityFilterChain filterChain(HttpSecurity http) {
|
||||
// ...
|
||||
.formLogin(withDefaults())
|
||||
.webAuthn((webAuthn) -> webAuthn
|
||||
.rpName("Spring Security Relying Party")
|
||||
.rpId("example.com")
|
||||
.allowedOrigins("https://example.com")
|
||||
// optional properties
|
||||
@@ -96,7 +95,6 @@ open fun filterChain(http: HttpSecurity): SecurityFilterChain {
|
||||
// ...
|
||||
http {
|
||||
webAuthn {
|
||||
rpName = "Spring Security Relying Party"
|
||||
rpId = "example.com"
|
||||
allowedOrigins = setOf("https://example.com")
|
||||
// optional properties
|
||||
|
||||
@@ -183,3 +183,11 @@ fun corsConfigurationSource(): UrlBasedCorsConfigurationSource {
|
||||
}
|
||||
----
|
||||
======
|
||||
|
||||
[WARNING]
|
||||
====
|
||||
CORS is a browser-based security feature.
|
||||
By disabling CORS in Spring Security with `.cors(CorsConfigurer::disable)`, you are not removing CORS protection from your browser.
|
||||
Instead, you are removing CORS support from Spring Security, and users will not be able to interact with your Spring backend from a cross-origin browser application.
|
||||
To fix CORS errors in your application, you must enable CORS support, and provide an appropriate configuration source.
|
||||
====
|
||||
|
||||
+28
@@ -0,0 +1,28 @@
|
||||
[[oauth2resourceserver-protected-resource-metadata]]
|
||||
= OAuth 2.0 Protected Resource Metadata
|
||||
|
||||
`OAuth2ResourceServerConfigurer.ProtectedResourceMetadataConfigurer` provides the ability to customize the https://www.rfc-editor.org/rfc/rfc9728.html#section-3[OAuth 2.0 Protected Resource Metadata endpoint].
|
||||
It defines an extension point that lets you customize the https://www.rfc-editor.org/rfc/rfc9728.html#section-3.2[OAuth 2.0 Protected Resource Metadata response].
|
||||
|
||||
`OAuth2ResourceServerConfigurer.ProtectedResourceMetadataConfigurer` provides the following configuration option:
|
||||
|
||||
[source,java]
|
||||
----
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2ResourceServer((resourceServer) ->
|
||||
resourceServer
|
||||
.protectedResourceMetadata(protectedResourceMetadata ->
|
||||
protectedResourceMetadata
|
||||
.protectedResourceMetadataCustomizer(protectedResourceMetadataCustomizer) <1>
|
||||
)
|
||||
);
|
||||
|
||||
return http.build();
|
||||
}
|
||||
----
|
||||
<1> `protectedResourceMetadataCustomizer()`: The `Consumer` providing access to the `OAuth2ProtectedResourceMetadata.Builder` allowing the ability to customize the claims of the Resource Server's configuration.
|
||||
|
||||
`OAuth2ResourceServerConfigurer.ProtectedResourceMetadataConfigurer` configures the `OAuth2ProtectedResourceMetadataFilter` and registers it with the Resource Server `SecurityFilterChain` `@Bean`.
|
||||
`OAuth2ProtectedResourceMetadataFilter` is the `Filter` that returns the https://www.rfc-editor.org/rfc/rfc9728.html#section-3.2[OAuth2ProtectedResourceMetadata response].
|
||||
+1
-1
@@ -14,7 +14,7 @@
|
||||
# limitations under the License.
|
||||
#
|
||||
springBootVersion=4.0.0-SNAPSHOT
|
||||
version=7.0.0-RC2
|
||||
version=7.0.0-RC3
|
||||
samplesBranch=main
|
||||
org.gradle.jvmargs=-Xmx3g -XX:+HeapDumpOnOutOfMemoryError
|
||||
org.gradle.parallel=true
|
||||
|
||||
+68
-64
@@ -466,7 +466,7 @@ public class JdbcOAuth2AuthorizationService implements OAuth2AuthorizationServic
|
||||
/**
|
||||
* The default {@link RowMapper} that maps the current row in
|
||||
* {@code java.sql.ResultSet} to {@link OAuth2Authorization} using Jackson 3's
|
||||
* {@link JsonMapper} to read all {@code Map<String,Object>} within the result.
|
||||
* {@link JsonMapper}.
|
||||
*
|
||||
* @author Rob Winch
|
||||
* @since 7.0
|
||||
@@ -482,6 +482,7 @@ public class JdbcOAuth2AuthorizationService implements OAuth2AuthorizationServic
|
||||
public JsonMapperOAuth2AuthorizationRowMapper(RegisteredClientRepository registeredClientRepository,
|
||||
JsonMapper jsonMapper) {
|
||||
super(registeredClientRepository);
|
||||
Assert.notNull(jsonMapper, "jsonMapper cannot be null");
|
||||
this.jsonMapper = jsonMapper;
|
||||
}
|
||||
|
||||
@@ -544,7 +545,7 @@ public class JdbcOAuth2AuthorizationService implements OAuth2AuthorizationServic
|
||||
|
||||
private LobHandler lobHandler = new DefaultLobHandler();
|
||||
|
||||
AbstractOAuth2AuthorizationRowMapper(RegisteredClientRepository registeredClientRepository) {
|
||||
private AbstractOAuth2AuthorizationRowMapper(RegisteredClientRepository registeredClientRepository) {
|
||||
Assert.notNull(registeredClientRepository, "registeredClientRepository cannot be null");
|
||||
this.registeredClientRepository = registeredClientRepository;
|
||||
}
|
||||
@@ -713,42 +714,36 @@ public class JdbcOAuth2AuthorizationService implements OAuth2AuthorizationServic
|
||||
}
|
||||
|
||||
/**
|
||||
* Nested class to protect from getting {@link NoClassDefFoundError} when Jackson 2 is
|
||||
* not on the classpath.
|
||||
* The default {@code Function} that maps {@link OAuth2Authorization} to a
|
||||
* {@code List} of {@link SqlParameterValue} using an instance of Jackson 3's
|
||||
* {@link JsonMapper}.
|
||||
*/
|
||||
public static class JsonMapperOAuth2AuthorizationParametersMapper
|
||||
extends AbstractOAuth2AuthorizationParametersMapper {
|
||||
|
||||
private final JsonMapper jsonMapper;
|
||||
|
||||
public JsonMapperOAuth2AuthorizationParametersMapper() {
|
||||
this(Jackson3.createJsonMapper());
|
||||
}
|
||||
|
||||
public JsonMapperOAuth2AuthorizationParametersMapper(JsonMapper jsonMapper) {
|
||||
Assert.notNull(jsonMapper, "jsonMapper cannot be null");
|
||||
this.jsonMapper = jsonMapper;
|
||||
}
|
||||
|
||||
@Override
|
||||
String writeValueAsString(Map<String, Object> data) throws Exception {
|
||||
return this.jsonMapper.writeValueAsString(data);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* A {@code Function} that maps {@link OAuth2Authorization} to a {@code List} of
|
||||
* {@link SqlParameterValue} using an instance of Jackson 2's {@link ObjectMapper}.
|
||||
*
|
||||
* @deprecated This is used to allow transition to Jackson 3. Use {@link Jackson3}
|
||||
* instead.
|
||||
*/
|
||||
@Deprecated(forRemoval = true, since = "7.0")
|
||||
private static final class Jackson2 {
|
||||
|
||||
static ObjectMapper createObjectMapper() {
|
||||
ObjectMapper objectMapper = new ObjectMapper();
|
||||
ClassLoader classLoader = Jackson2.class.getClassLoader();
|
||||
List<Module> securityModules = SecurityJackson2Modules.getModules(classLoader);
|
||||
objectMapper.registerModules(securityModules);
|
||||
objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
|
||||
return objectMapper;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Nested class used to get a common default instance of {@link JsonMapper}. It is in
|
||||
* a nested class to protect from getting {@link NoClassDefFoundError} when Jackson 3
|
||||
* is not on the classpath.
|
||||
*/
|
||||
private static final class Jackson3 {
|
||||
|
||||
static JsonMapper createJsonMapper() {
|
||||
List<JacksonModule> modules = SecurityJacksonModules.getModules(Jackson3.class.getClassLoader());
|
||||
return JsonMapper.builder().addModules(modules).build();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @deprecated Use {@link JsonMapperOAuth2AuthorizationParametersMapper} to migrate to
|
||||
* @deprecated Use {@link JsonMapperOAuth2AuthorizationParametersMapper} to switch to
|
||||
* Jackson 3.
|
||||
*/
|
||||
@Deprecated(forRemoval = true, since = "7.0")
|
||||
@@ -772,32 +767,6 @@ public class JdbcOAuth2AuthorizationService implements OAuth2AuthorizationServic
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* The default {@code Function} that maps {@link OAuth2Authorization} to a
|
||||
* {@code List} of {@link SqlParameterValue} using an instance of Jackson 3's
|
||||
* {@link JsonMapper}.
|
||||
*/
|
||||
public static final class JsonMapperOAuth2AuthorizationParametersMapper
|
||||
extends AbstractOAuth2AuthorizationParametersMapper {
|
||||
|
||||
private final JsonMapper mapper;
|
||||
|
||||
public JsonMapperOAuth2AuthorizationParametersMapper() {
|
||||
this(Jackson3.createJsonMapper());
|
||||
}
|
||||
|
||||
public JsonMapperOAuth2AuthorizationParametersMapper(JsonMapper mapper) {
|
||||
Assert.notNull(mapper, "mapper cannot be null");
|
||||
this.mapper = mapper;
|
||||
}
|
||||
|
||||
@Override
|
||||
String writeValueAsString(Map<String, Object> data) throws Exception {
|
||||
return this.mapper.writeValueAsString(data);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* The base {@code Function} that maps {@link OAuth2Authorization} to a {@code List}
|
||||
* of {@link SqlParameterValue}.
|
||||
@@ -805,7 +774,7 @@ public class JdbcOAuth2AuthorizationService implements OAuth2AuthorizationServic
|
||||
private abstract static class AbstractOAuth2AuthorizationParametersMapper
|
||||
implements Function<OAuth2Authorization, List<SqlParameterValue>> {
|
||||
|
||||
protected AbstractOAuth2AuthorizationParametersMapper() {
|
||||
private AbstractOAuth2AuthorizationParametersMapper() {
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -916,6 +885,41 @@ public class JdbcOAuth2AuthorizationService implements OAuth2AuthorizationServic
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Nested class to protect from getting {@link NoClassDefFoundError} when Jackson 2 is
|
||||
* not on the classpath.
|
||||
*
|
||||
* @deprecated This is used to allow transition to Jackson 3. Use {@link Jackson3}
|
||||
* instead.
|
||||
*/
|
||||
@Deprecated(forRemoval = true, since = "7.0")
|
||||
private static final class Jackson2 {
|
||||
|
||||
private static ObjectMapper createObjectMapper() {
|
||||
ObjectMapper objectMapper = new ObjectMapper();
|
||||
ClassLoader classLoader = Jackson2.class.getClassLoader();
|
||||
List<Module> securityModules = SecurityJackson2Modules.getModules(classLoader);
|
||||
objectMapper.registerModules(securityModules);
|
||||
objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
|
||||
return objectMapper;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Nested class used to get a common default instance of {@link JsonMapper}. It is in
|
||||
* a nested class to protect from getting {@link NoClassDefFoundError} when Jackson 3
|
||||
* is not on the classpath.
|
||||
*/
|
||||
private static final class Jackson3 {
|
||||
|
||||
private static JsonMapper createJsonMapper() {
|
||||
List<JacksonModule> modules = SecurityJacksonModules.getModules(Jackson3.class.getClassLoader());
|
||||
return JsonMapper.builder().addModules(modules).build();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
private static final class LobCreatorArgumentPreparedStatementSetter extends ArgumentPreparedStatementSetter {
|
||||
|
||||
private final LobCreator lobCreator;
|
||||
|
||||
+148
-67
@@ -33,6 +33,7 @@ import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.jackson.CoreJacksonModule;
|
||||
import org.springframework.security.jackson2.CoreJackson2Module;
|
||||
import org.springframework.security.oauth2.core.AbstractOAuth2Token;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
@@ -48,9 +49,11 @@ import org.springframework.security.oauth2.server.authorization.JdbcOAuth2Author
|
||||
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenExchangeActor;
|
||||
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenExchangeCompositeAuthenticationToken;
|
||||
import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository;
|
||||
import org.springframework.security.oauth2.server.authorization.jackson.OAuth2AuthorizationServerJacksonModule;
|
||||
import org.springframework.security.oauth2.server.authorization.jackson2.OAuth2AuthorizationServerJackson2Module;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
|
||||
import org.springframework.security.web.authentication.WebAuthenticationDetails;
|
||||
import org.springframework.security.web.jackson.WebServletJacksonModule;
|
||||
import org.springframework.security.web.jackson2.WebServletJackson2Module;
|
||||
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
|
||||
import org.springframework.util.ClassUtils;
|
||||
@@ -67,7 +70,18 @@ import org.springframework.util.ClassUtils;
|
||||
*/
|
||||
class OAuth2AuthorizationServerBeanRegistrationAotProcessor implements BeanRegistrationAotProcessor {
|
||||
|
||||
private boolean jackson2Contributed;
|
||||
private static final boolean jackson2Present;
|
||||
|
||||
private static final boolean jackson3Present;
|
||||
|
||||
static {
|
||||
ClassLoader classLoader = ClassUtils.getDefaultClassLoader();
|
||||
jackson2Present = ClassUtils.isPresent("com.fasterxml.jackson.databind.ObjectMapper", classLoader)
|
||||
&& ClassUtils.isPresent("com.fasterxml.jackson.core.JsonGenerator", classLoader);
|
||||
jackson3Present = ClassUtils.isPresent("tools.jackson.databind.json.JsonMapper", classLoader);
|
||||
}
|
||||
|
||||
private boolean jacksonContributed;
|
||||
|
||||
@Override
|
||||
public BeanRegistrationAotContribution processAheadOfTime(RegisteredBean registeredBean) {
|
||||
@@ -79,17 +93,17 @@ class OAuth2AuthorizationServerBeanRegistrationAotProcessor implements BeanRegis
|
||||
|
||||
// @formatter:off
|
||||
if ((isJdbcBasedOAuth2AuthorizationService || isJdbcBasedRegisteredClientRepository)
|
||||
&& !this.jackson2Contributed) {
|
||||
Jackson2ConfigurationBeanRegistrationAotContribution jackson2Contribution =
|
||||
new Jackson2ConfigurationBeanRegistrationAotContribution();
|
||||
this.jackson2Contributed = true;
|
||||
return jackson2Contribution;
|
||||
&& !this.jacksonContributed) {
|
||||
JacksonConfigurationBeanRegistrationAotContribution jacksonContribution =
|
||||
new JacksonConfigurationBeanRegistrationAotContribution();
|
||||
this.jacksonContributed = true;
|
||||
return jacksonContribution;
|
||||
}
|
||||
// @formatter:on
|
||||
return null;
|
||||
}
|
||||
|
||||
private static class Jackson2ConfigurationBeanRegistrationAotContribution
|
||||
private static class JacksonConfigurationBeanRegistrationAotContribution
|
||||
implements BeanRegistrationAotContribution {
|
||||
|
||||
private final BindingReflectionHintsRegistrar reflectionHintsRegistrar = new BindingReflectionHintsRegistrar();
|
||||
@@ -109,7 +123,6 @@ class OAuth2AuthorizationServerBeanRegistrationAotProcessor implements BeanRegis
|
||||
.registerType(HashSet.class, MemberCategory.DECLARED_FIELDS,
|
||||
MemberCategory.INVOKE_DECLARED_CONSTRUCTORS, MemberCategory.INVOKE_DECLARED_METHODS);
|
||||
|
||||
// Spring Security and Spring Authorization Server
|
||||
hints.reflection()
|
||||
.registerTypes(Arrays.asList(TypeReference.of(AbstractAuthenticationToken.class),
|
||||
TypeReference.of(DefaultSavedRequest.Builder.class),
|
||||
@@ -128,75 +141,143 @@ class OAuth2AuthorizationServerBeanRegistrationAotProcessor implements BeanRegis
|
||||
(builder) -> builder.withMembers(MemberCategory.DECLARED_FIELDS,
|
||||
MemberCategory.INVOKE_DECLARED_CONSTRUCTORS, MemberCategory.INVOKE_DECLARED_METHODS));
|
||||
|
||||
// Jackson Modules - Spring Security and Spring Authorization Server
|
||||
hints.reflection()
|
||||
.registerTypes(
|
||||
Arrays.asList(TypeReference.of(CoreJackson2Module.class),
|
||||
TypeReference.of(WebServletJackson2Module.class),
|
||||
TypeReference.of(OAuth2AuthorizationServerJackson2Module.class)),
|
||||
(builder) -> builder.withMembers(MemberCategory.DECLARED_FIELDS,
|
||||
MemberCategory.INVOKE_DECLARED_CONSTRUCTORS, MemberCategory.INVOKE_DECLARED_METHODS));
|
||||
// Jackson Modules
|
||||
if (jackson2Present) {
|
||||
hints.reflection()
|
||||
.registerTypes(
|
||||
Arrays.asList(TypeReference.of(CoreJackson2Module.class),
|
||||
TypeReference.of(WebServletJackson2Module.class),
|
||||
TypeReference.of(OAuth2AuthorizationServerJackson2Module.class)),
|
||||
(builder) -> builder.withMembers(MemberCategory.DECLARED_FIELDS,
|
||||
MemberCategory.INVOKE_DECLARED_CONSTRUCTORS,
|
||||
MemberCategory.INVOKE_DECLARED_METHODS));
|
||||
}
|
||||
if (jackson3Present) {
|
||||
hints.reflection()
|
||||
.registerTypes(
|
||||
Arrays.asList(TypeReference.of(CoreJacksonModule.class),
|
||||
TypeReference.of(WebServletJacksonModule.class),
|
||||
TypeReference.of(OAuth2AuthorizationServerJacksonModule.class)),
|
||||
(builder) -> builder.withMembers(MemberCategory.DECLARED_FIELDS,
|
||||
MemberCategory.INVOKE_DECLARED_CONSTRUCTORS,
|
||||
MemberCategory.INVOKE_DECLARED_METHODS));
|
||||
}
|
||||
|
||||
// Jackson Mixins - Spring Security and Spring Authorization Server
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.jackson2.UnmodifiableSetMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.jackson2.UnmodifiableListMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.jackson2.UnmodifiableMapMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(), loadClass(
|
||||
"org.springframework.security.oauth2.server.authorization.jackson2.UnmodifiableMapMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.oauth2.server.authorization.jackson2.HashSetMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.web.jackson2.DefaultSavedRequestMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.web.jackson2.WebAuthenticationDetailsMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.jackson2.UsernamePasswordAuthenticationTokenMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.jackson2.UserMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.jackson2.SimpleGrantedAuthorityMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(), loadClass(
|
||||
"org.springframework.security.oauth2.server.authorization.jackson2.OAuth2TokenExchangeActorMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(), loadClass(
|
||||
"org.springframework.security.oauth2.server.authorization.jackson2.OAuth2AuthorizationRequestMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(), loadClass(
|
||||
"org.springframework.security.oauth2.server.authorization.jackson2.OAuth2TokenExchangeCompositeAuthenticationTokenMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(), loadClass(
|
||||
"org.springframework.security.oauth2.server.authorization.jackson2.OAuth2TokenFormatMixin"));
|
||||
// Jackson Mixins
|
||||
if (jackson2Present) {
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.jackson2.UnmodifiableSetMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.jackson2.UnmodifiableListMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.jackson2.UnmodifiableMapMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(), loadClass(
|
||||
"org.springframework.security.oauth2.server.authorization.jackson2.UnmodifiableMapMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.oauth2.server.authorization.jackson2.HashSetMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.web.jackson2.DefaultSavedRequestMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.web.jackson2.WebAuthenticationDetailsMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.jackson2.UsernamePasswordAuthenticationTokenMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.jackson2.UserMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.jackson2.SimpleGrantedAuthorityMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(), loadClass(
|
||||
"org.springframework.security.oauth2.server.authorization.jackson2.OAuth2TokenExchangeActorMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(), loadClass(
|
||||
"org.springframework.security.oauth2.server.authorization.jackson2.OAuth2AuthorizationRequestMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(), loadClass(
|
||||
"org.springframework.security.oauth2.server.authorization.jackson2.OAuth2TokenExchangeCompositeAuthenticationTokenMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(), loadClass(
|
||||
"org.springframework.security.oauth2.server.authorization.jackson2.OAuth2TokenFormatMixin"));
|
||||
}
|
||||
if (jackson3Present) {
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.web.jackson.DefaultSavedRequestMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.web.jackson.WebAuthenticationDetailsMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.jackson.UsernamePasswordAuthenticationTokenMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.jackson.UserMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.jackson.SimpleGrantedAuthorityMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(), loadClass(
|
||||
"org.springframework.security.oauth2.server.authorization.jackson.OAuth2TokenExchangeActorMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(), loadClass(
|
||||
"org.springframework.security.oauth2.server.authorization.jackson.OAuth2AuthorizationRequestMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(), loadClass(
|
||||
"org.springframework.security.oauth2.server.authorization.jackson.OAuth2TokenExchangeCompositeAuthenticationTokenMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(), loadClass(
|
||||
"org.springframework.security.oauth2.server.authorization.jackson.OAuth2TokenFormatMixin"));
|
||||
}
|
||||
|
||||
// Check if Spring Security OAuth2 Client is on classpath
|
||||
// Check if OAuth2 Client is on classpath
|
||||
if (ClassUtils.isPresent("org.springframework.security.oauth2.client.registration.ClientRegistration",
|
||||
ClassUtils.getDefaultClassLoader())) {
|
||||
|
||||
// Jackson Module (and required types) - Spring Security OAuth2 Client
|
||||
hints.reflection()
|
||||
.registerTypes(Arrays.asList(
|
||||
TypeReference
|
||||
.of("org.springframework.security.oauth2.client.jackson2.OAuth2ClientJackson2Module"),
|
||||
TypeReference
|
||||
.of("org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken")),
|
||||
.registerType(TypeReference
|
||||
.of("org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken"),
|
||||
(builder) -> builder.withMembers(MemberCategory.DECLARED_FIELDS,
|
||||
MemberCategory.INVOKE_DECLARED_CONSTRUCTORS,
|
||||
MemberCategory.INVOKE_DECLARED_METHODS));
|
||||
|
||||
// Jackson Mixins - Spring Security OAuth2 Client
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(), loadClass(
|
||||
"org.springframework.security.oauth2.client.jackson2.OAuth2AuthenticationTokenMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.oauth2.client.jackson2.DefaultOidcUserMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.oauth2.client.jackson2.DefaultOAuth2UserMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.oauth2.client.jackson2.OidcUserAuthorityMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.oauth2.client.jackson2.OAuth2UserAuthorityMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.oauth2.client.jackson2.OidcIdTokenMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.oauth2.client.jackson2.OidcUserInfoMixin"));
|
||||
// Jackson Module
|
||||
if (jackson2Present) {
|
||||
hints.reflection()
|
||||
.registerType(TypeReference
|
||||
.of("org.springframework.security.oauth2.client.jackson2.OAuth2ClientJackson2Module"),
|
||||
(builder) -> builder.withMembers(MemberCategory.DECLARED_FIELDS,
|
||||
MemberCategory.INVOKE_DECLARED_CONSTRUCTORS,
|
||||
MemberCategory.INVOKE_DECLARED_METHODS));
|
||||
}
|
||||
if (jackson3Present) {
|
||||
hints.reflection()
|
||||
.registerType(
|
||||
TypeReference
|
||||
.of("org.springframework.security.oauth2.client.jackson.OAuth2ClientJacksonModule"),
|
||||
(builder) -> builder.withMembers(MemberCategory.DECLARED_FIELDS,
|
||||
MemberCategory.INVOKE_DECLARED_CONSTRUCTORS,
|
||||
MemberCategory.INVOKE_DECLARED_METHODS));
|
||||
}
|
||||
|
||||
// Jackson Mixins
|
||||
if (jackson2Present) {
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(), loadClass(
|
||||
"org.springframework.security.oauth2.client.jackson2.OAuth2AuthenticationTokenMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.oauth2.client.jackson2.DefaultOidcUserMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.oauth2.client.jackson2.DefaultOAuth2UserMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.oauth2.client.jackson2.OidcUserAuthorityMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.oauth2.client.jackson2.OAuth2UserAuthorityMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.oauth2.client.jackson2.OidcIdTokenMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.oauth2.client.jackson2.OidcUserInfoMixin"));
|
||||
}
|
||||
if (jackson3Present) {
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(), loadClass(
|
||||
"org.springframework.security.oauth2.client.jackson.OAuth2AuthenticationTokenMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.oauth2.client.jackson.DefaultOidcUserMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.oauth2.client.jackson.DefaultOAuth2UserMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.oauth2.client.jackson.OidcUserAuthorityMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.oauth2.client.jackson.OAuth2UserAuthorityMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.oauth2.client.jackson.OidcIdTokenMixin"));
|
||||
this.reflectionHintsRegistrar.registerReflectionHints(hints.reflection(),
|
||||
loadClass("org.springframework.security.oauth2.client.jackson.OidcUserInfoMixin"));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
+172
-43
@@ -28,19 +28,23 @@ import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.function.Function;
|
||||
|
||||
import com.fasterxml.jackson.core.type.TypeReference;
|
||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||
import com.fasterxml.jackson.databind.Module;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import tools.jackson.databind.JacksonModule;
|
||||
import tools.jackson.databind.json.JsonMapper;
|
||||
|
||||
import org.springframework.aot.hint.RuntimeHints;
|
||||
import org.springframework.aot.hint.RuntimeHintsRegistrar;
|
||||
import org.springframework.context.annotation.ImportRuntimeHints;
|
||||
import org.springframework.core.ParameterizedTypeReference;
|
||||
import org.springframework.core.io.ClassPathResource;
|
||||
import org.springframework.jdbc.core.ArgumentPreparedStatementSetter;
|
||||
import org.springframework.jdbc.core.JdbcOperations;
|
||||
import org.springframework.jdbc.core.PreparedStatementSetter;
|
||||
import org.springframework.jdbc.core.RowMapper;
|
||||
import org.springframework.jdbc.core.SqlParameterValue;
|
||||
import org.springframework.security.jackson.SecurityJacksonModules;
|
||||
import org.springframework.security.jackson2.SecurityJackson2Modules;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
@@ -134,8 +138,8 @@ public class JdbcRegisteredClientRepository implements RegisteredClientRepositor
|
||||
public JdbcRegisteredClientRepository(JdbcOperations jdbcOperations) {
|
||||
Assert.notNull(jdbcOperations, "jdbcOperations cannot be null");
|
||||
this.jdbcOperations = jdbcOperations;
|
||||
this.registeredClientRowMapper = new RegisteredClientRowMapper();
|
||||
this.registeredClientParametersMapper = new RegisteredClientParametersMapper();
|
||||
this.registeredClientRowMapper = new JsonMapperRegisteredClientRowMapper();
|
||||
this.registeredClientParametersMapper = new JsonMapperRegisteredClientParametersMapper();
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -206,7 +210,7 @@ public class JdbcRegisteredClientRepository implements RegisteredClientRepositor
|
||||
/**
|
||||
* Sets the {@link RowMapper} used for mapping the current row in
|
||||
* {@code java.sql.ResultSet} to {@link RegisteredClient}. The default is
|
||||
* {@link RegisteredClientRowMapper}.
|
||||
* {@link JsonMapperRegisteredClientRowMapper}.
|
||||
* @param registeredClientRowMapper the {@link RowMapper} used for mapping the current
|
||||
* row in {@code ResultSet} to {@link RegisteredClient}
|
||||
*/
|
||||
@@ -218,7 +222,7 @@ public class JdbcRegisteredClientRepository implements RegisteredClientRepositor
|
||||
/**
|
||||
* Sets the {@code Function} used for mapping {@link RegisteredClient} to a
|
||||
* {@code List} of {@link SqlParameterValue}. The default is
|
||||
* {@link RegisteredClientParametersMapper}.
|
||||
* {@link JsonMapperRegisteredClientParametersMapper}.
|
||||
* @param registeredClientParametersMapper the {@code Function} used for mapping
|
||||
* {@link RegisteredClient} to a {@code List} of {@link SqlParameterValue}
|
||||
*/
|
||||
@@ -242,17 +246,76 @@ public class JdbcRegisteredClientRepository implements RegisteredClientRepositor
|
||||
|
||||
/**
|
||||
* The default {@link RowMapper} that maps the current row in
|
||||
* {@code java.sql.ResultSet} to {@link RegisteredClient}.
|
||||
* {@code java.sql.ResultSet} to {@link RegisteredClient} using Jackson 3's
|
||||
* {@link JsonMapper}.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 7.0
|
||||
*/
|
||||
public static class RegisteredClientRowMapper implements RowMapper<RegisteredClient> {
|
||||
public static class JsonMapperRegisteredClientRowMapper extends AbstractRegisteredClientRowMapper {
|
||||
|
||||
private ObjectMapper objectMapper = new ObjectMapper();
|
||||
private final JsonMapper jsonMapper;
|
||||
|
||||
public RegisteredClientRowMapper() {
|
||||
ClassLoader classLoader = JdbcRegisteredClientRepository.class.getClassLoader();
|
||||
List<Module> securityModules = SecurityJackson2Modules.getModules(classLoader);
|
||||
this.objectMapper.registerModules(securityModules);
|
||||
this.objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
|
||||
public JsonMapperRegisteredClientRowMapper() {
|
||||
this(Jackson3.createJsonMapper());
|
||||
}
|
||||
|
||||
public JsonMapperRegisteredClientRowMapper(JsonMapper jsonMapper) {
|
||||
Assert.notNull(jsonMapper, "jsonMapper cannot be null");
|
||||
this.jsonMapper = jsonMapper;
|
||||
}
|
||||
|
||||
@Override
|
||||
Map<String, Object> readValue(String data) {
|
||||
final ParameterizedTypeReference<Map<String, Object>> typeReference = new ParameterizedTypeReference<>() {
|
||||
};
|
||||
tools.jackson.databind.JavaType javaType = this.jsonMapper.getTypeFactory()
|
||||
.constructType(typeReference.getType());
|
||||
return this.jsonMapper.readValue(data, javaType);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* A {@link RowMapper} that maps the current row in {@code java.sql.ResultSet} to
|
||||
* {@link RegisteredClient} using Jackson 2's {@link ObjectMapper}.
|
||||
*
|
||||
* @deprecated Use {@link JsonMapperRegisteredClientRowMapper} to switch to Jackson 3.
|
||||
*/
|
||||
@Deprecated(forRemoval = true, since = "7.0")
|
||||
public static class RegisteredClientRowMapper extends AbstractRegisteredClientRowMapper {
|
||||
|
||||
private ObjectMapper objectMapper = Jackson2.createObjectMapper();
|
||||
|
||||
public final void setObjectMapper(ObjectMapper objectMapper) {
|
||||
Assert.notNull(objectMapper, "objectMapper cannot be null");
|
||||
this.objectMapper = objectMapper;
|
||||
}
|
||||
|
||||
protected final ObjectMapper getObjectMapper() {
|
||||
return this.objectMapper;
|
||||
}
|
||||
|
||||
@Override
|
||||
Map<String, Object> readValue(String data) throws JsonProcessingException {
|
||||
final ParameterizedTypeReference<Map<String, Object>> typeReference = new ParameterizedTypeReference<>() {
|
||||
};
|
||||
com.fasterxml.jackson.databind.JavaType javaType = this.objectMapper.getTypeFactory()
|
||||
.constructType(typeReference.getType());
|
||||
return this.objectMapper.readValue(data, javaType);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* The base {@link RowMapper} that maps the current row in {@code java.sql.ResultSet}
|
||||
* to {@link RegisteredClient}. This is extracted to a distinct class so that
|
||||
* {@link RegisteredClientRowMapper} can be deprecated in favor of
|
||||
* {@link JsonMapperRegisteredClientRowMapper}.
|
||||
*/
|
||||
private abstract static class AbstractRegisteredClientRowMapper implements RowMapper<RegisteredClient> {
|
||||
|
||||
private AbstractRegisteredClientRowMapper() {
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -299,25 +362,17 @@ public class JdbcRegisteredClientRepository implements RegisteredClientRepositor
|
||||
return builder.build();
|
||||
}
|
||||
|
||||
public final void setObjectMapper(ObjectMapper objectMapper) {
|
||||
Assert.notNull(objectMapper, "objectMapper cannot be null");
|
||||
this.objectMapper = objectMapper;
|
||||
}
|
||||
|
||||
protected final ObjectMapper getObjectMapper() {
|
||||
return this.objectMapper;
|
||||
}
|
||||
|
||||
private Map<String, Object> parseMap(String data) {
|
||||
try {
|
||||
return this.objectMapper.readValue(data, new TypeReference<>() {
|
||||
});
|
||||
return readValue(data);
|
||||
}
|
||||
catch (Exception ex) {
|
||||
throw new IllegalArgumentException(ex.getMessage(), ex);
|
||||
}
|
||||
}
|
||||
|
||||
abstract Map<String, Object> readValue(String data) throws Exception;
|
||||
|
||||
private static AuthorizationGrantType resolveAuthorizationGrantType(String authorizationGrantType) {
|
||||
if (AuthorizationGrantType.AUTHORIZATION_CODE.getValue().equals(authorizationGrantType)) {
|
||||
return AuthorizationGrantType.AUTHORIZATION_CODE;
|
||||
@@ -350,18 +405,64 @@ public class JdbcRegisteredClientRepository implements RegisteredClientRepositor
|
||||
|
||||
/**
|
||||
* The default {@code Function} that maps {@link RegisteredClient} to a {@code List}
|
||||
* of {@link SqlParameterValue}.
|
||||
* of {@link SqlParameterValue} using an instance of Jackson 3's {@link JsonMapper}.
|
||||
*/
|
||||
public static class RegisteredClientParametersMapper
|
||||
public static class JsonMapperRegisteredClientParametersMapper extends AbstractRegisteredClientParametersMapper {
|
||||
|
||||
private final JsonMapper jsonMapper;
|
||||
|
||||
public JsonMapperRegisteredClientParametersMapper() {
|
||||
this(Jackson3.createJsonMapper());
|
||||
}
|
||||
|
||||
public JsonMapperRegisteredClientParametersMapper(JsonMapper jsonMapper) {
|
||||
Assert.notNull(jsonMapper, "jsonMapper cannot be null");
|
||||
this.jsonMapper = jsonMapper;
|
||||
}
|
||||
|
||||
@Override
|
||||
String writeValueAsString(Map<String, Object> data) throws Exception {
|
||||
return this.jsonMapper.writeValueAsString(data);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* A {@code Function} that maps {@link RegisteredClient} to a {@code List} of
|
||||
* {@link SqlParameterValue} using an instance of Jackson 2's {@link ObjectMapper}.
|
||||
*
|
||||
* @deprecated Use {@link JsonMapperRegisteredClientParametersMapper} to switch to
|
||||
* Jackson 3.
|
||||
*/
|
||||
@Deprecated(forRemoval = true, since = "7.0")
|
||||
public static class RegisteredClientParametersMapper extends AbstractRegisteredClientParametersMapper {
|
||||
|
||||
private ObjectMapper objectMapper = Jackson2.createObjectMapper();
|
||||
|
||||
public final void setObjectMapper(ObjectMapper objectMapper) {
|
||||
Assert.notNull(objectMapper, "objectMapper cannot be null");
|
||||
this.objectMapper = objectMapper;
|
||||
}
|
||||
|
||||
protected final ObjectMapper getObjectMapper() {
|
||||
return this.objectMapper;
|
||||
}
|
||||
|
||||
@Override
|
||||
String writeValueAsString(Map<String, Object> data) throws JsonProcessingException {
|
||||
return this.objectMapper.writeValueAsString(data);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* The base {@code Function} that maps {@link RegisteredClient} to a {@code List} of
|
||||
* {@link SqlParameterValue}.
|
||||
*/
|
||||
private abstract static class AbstractRegisteredClientParametersMapper
|
||||
implements Function<RegisteredClient, List<SqlParameterValue>> {
|
||||
|
||||
private ObjectMapper objectMapper = new ObjectMapper();
|
||||
|
||||
public RegisteredClientParametersMapper() {
|
||||
ClassLoader classLoader = JdbcRegisteredClientRepository.class.getClassLoader();
|
||||
List<Module> securityModules = SecurityJackson2Modules.getModules(classLoader);
|
||||
this.objectMapper.registerModules(securityModules);
|
||||
this.objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
|
||||
private AbstractRegisteredClientParametersMapper() {
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -403,24 +504,52 @@ public class JdbcRegisteredClientRepository implements RegisteredClientRepositor
|
||||
new SqlParameterValue(Types.VARCHAR, writeMap(registeredClient.getTokenSettings().getSettings())));
|
||||
}
|
||||
|
||||
public final void setObjectMapper(ObjectMapper objectMapper) {
|
||||
Assert.notNull(objectMapper, "objectMapper cannot be null");
|
||||
this.objectMapper = objectMapper;
|
||||
}
|
||||
|
||||
protected final ObjectMapper getObjectMapper() {
|
||||
return this.objectMapper;
|
||||
}
|
||||
|
||||
private String writeMap(Map<String, Object> data) {
|
||||
try {
|
||||
return this.objectMapper.writeValueAsString(data);
|
||||
return writeValueAsString(data);
|
||||
}
|
||||
catch (Exception ex) {
|
||||
throw new IllegalArgumentException(ex.getMessage(), ex);
|
||||
}
|
||||
}
|
||||
|
||||
abstract String writeValueAsString(Map<String, Object> data) throws Exception;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Nested class to protect from getting {@link NoClassDefFoundError} when Jackson 2 is
|
||||
* not on the classpath.
|
||||
*
|
||||
* @deprecated This is used to allow transition to Jackson 3. Use {@link Jackson3}
|
||||
* instead.
|
||||
*/
|
||||
@Deprecated(forRemoval = true, since = "7.0")
|
||||
private static final class Jackson2 {
|
||||
|
||||
private static ObjectMapper createObjectMapper() {
|
||||
ObjectMapper objectMapper = new ObjectMapper();
|
||||
ClassLoader classLoader = Jackson2.class.getClassLoader();
|
||||
List<Module> securityModules = SecurityJackson2Modules.getModules(classLoader);
|
||||
objectMapper.registerModules(securityModules);
|
||||
objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
|
||||
return objectMapper;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Nested class used to get a common default instance of {@link JsonMapper}. It is in
|
||||
* a nested class to protect from getting {@link NoClassDefFoundError} when Jackson 3
|
||||
* is not on the classpath.
|
||||
*/
|
||||
private static final class Jackson3 {
|
||||
|
||||
private static JsonMapper createJsonMapper() {
|
||||
List<JacksonModule> modules = SecurityJacksonModules.getModules(Jackson3.class.getClassLoader());
|
||||
return JsonMapper.builder().addModules(modules).build();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
static class JdbcRegisteredClientRepositoryRuntimeHintsRegistrar implements RuntimeHintsRegistrar {
|
||||
|
||||
+17
-17
@@ -25,13 +25,13 @@ import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.function.Function;
|
||||
|
||||
import com.fasterxml.jackson.core.type.TypeReference;
|
||||
import com.fasterxml.jackson.databind.Module;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import tools.jackson.databind.JacksonModule;
|
||||
import tools.jackson.databind.json.JsonMapper;
|
||||
|
||||
import org.springframework.core.ParameterizedTypeReference;
|
||||
import org.springframework.jdbc.core.ArgumentPreparedStatementSetter;
|
||||
import org.springframework.jdbc.core.JdbcOperations;
|
||||
import org.springframework.jdbc.core.JdbcTemplate;
|
||||
@@ -41,13 +41,12 @@ import org.springframework.jdbc.core.SqlParameterValue;
|
||||
import org.springframework.jdbc.datasource.embedded.EmbeddedDatabase;
|
||||
import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseBuilder;
|
||||
import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseType;
|
||||
import org.springframework.security.jackson2.SecurityJackson2Modules;
|
||||
import org.springframework.security.jackson.SecurityJacksonModules;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.jose.jws.MacAlgorithm;
|
||||
import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository.RegisteredClientParametersMapper;
|
||||
import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository.RegisteredClientRowMapper;
|
||||
import org.springframework.security.oauth2.server.authorization.jackson2.OAuth2AuthorizationServerJackson2Module;
|
||||
import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository.JsonMapperRegisteredClientParametersMapper;
|
||||
import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository.JsonMapperRegisteredClientRowMapper;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
|
||||
import org.springframework.util.StringUtils;
|
||||
@@ -222,9 +221,9 @@ public class JdbcRegisteredClientRepositoryTests {
|
||||
|
||||
@Test
|
||||
public void saveLoadRegisteredClientWhenCustomStrategiesSetThenCalled() throws Exception {
|
||||
RowMapper<RegisteredClient> registeredClientRowMapper = spy(new RegisteredClientRowMapper());
|
||||
RowMapper<RegisteredClient> registeredClientRowMapper = spy(new JsonMapperRegisteredClientRowMapper());
|
||||
this.registeredClientRepository.setRegisteredClientRowMapper(registeredClientRowMapper);
|
||||
RegisteredClientParametersMapper clientParametersMapper = new RegisteredClientParametersMapper();
|
||||
JsonMapperRegisteredClientParametersMapper clientParametersMapper = new JsonMapperRegisteredClientParametersMapper();
|
||||
Function<RegisteredClient, List<SqlParameterValue>> registeredClientParametersMapper = spy(
|
||||
clientParametersMapper);
|
||||
this.registeredClientRepository.setRegisteredClientParametersMapper(registeredClientParametersMapper);
|
||||
@@ -365,16 +364,14 @@ public class JdbcRegisteredClientRepositoryTests {
|
||||
return !result.isEmpty() ? result.get(0) : null;
|
||||
}
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
private static final class CustomRegisteredClientRowMapper implements RowMapper<RegisteredClient> {
|
||||
|
||||
private final ObjectMapper objectMapper = new ObjectMapper();
|
||||
private final JsonMapper jsonMapper;
|
||||
|
||||
private CustomRegisteredClientRowMapper() {
|
||||
ClassLoader classLoader = CustomJdbcRegisteredClientRepository.class.getClassLoader();
|
||||
List<Module> securityModules = SecurityJackson2Modules.getModules(classLoader);
|
||||
this.objectMapper.registerModules(securityModules);
|
||||
this.objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
|
||||
List<JacksonModule> modules = SecurityJacksonModules
|
||||
.getModules(CustomRegisteredClientRowMapper.class.getClassLoader());
|
||||
this.jsonMapper = JsonMapper.builder().addModules(modules).build();
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -418,9 +415,12 @@ public class JdbcRegisteredClientRepositoryTests {
|
||||
}
|
||||
|
||||
private Map<String, Object> parseMap(String data) {
|
||||
final ParameterizedTypeReference<Map<String, Object>> typeReference = new ParameterizedTypeReference<>() {
|
||||
};
|
||||
try {
|
||||
return this.objectMapper.readValue(data, new TypeReference<>() {
|
||||
});
|
||||
tools.jackson.databind.JavaType javaType = this.jsonMapper.getTypeFactory()
|
||||
.constructType(typeReference.getType());
|
||||
return this.jsonMapper.readValue(data, javaType);
|
||||
}
|
||||
catch (Exception ex) {
|
||||
throw new IllegalArgumentException(ex.getMessage(), ex);
|
||||
|
||||
+2
-2
@@ -58,7 +58,7 @@ public class RequestAttributeAuthenticationFilter extends AbstractPreAuthenticat
|
||||
* missing and {@code exceptionIfVariableMissing} is set to {@code true}.
|
||||
*/
|
||||
@Override
|
||||
protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
|
||||
protected @Nullable Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
|
||||
String principal = (String) request.getAttribute(this.principalEnvironmentVariable);
|
||||
if (principal == null && this.exceptionIfVariableMissing) {
|
||||
throw new PreAuthenticatedCredentialsNotFoundException(
|
||||
@@ -73,7 +73,7 @@ public class RequestAttributeAuthenticationFilter extends AbstractPreAuthenticat
|
||||
* credentials value. Otherwise a dummy value will be used.
|
||||
*/
|
||||
@Override
|
||||
protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
|
||||
protected @Nullable Object getPreAuthenticatedCredentials(HttpServletRequest request) {
|
||||
if (this.credentialsEnvironmentVariable != null) {
|
||||
return request.getAttribute(this.credentialsEnvironmentVariable);
|
||||
}
|
||||
|
||||
+2
-2
@@ -59,7 +59,7 @@ public class RequestHeaderAuthenticationFilter extends AbstractPreAuthenticatedP
|
||||
* {@code exceptionIfHeaderMissing} is set to {@code true}.
|
||||
*/
|
||||
@Override
|
||||
protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
|
||||
protected @Nullable Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
|
||||
String principal = request.getHeader(this.principalRequestHeader);
|
||||
if (principal == null && this.exceptionIfHeaderMissing) {
|
||||
throw new PreAuthenticatedCredentialsNotFoundException(
|
||||
@@ -74,7 +74,7 @@ public class RequestHeaderAuthenticationFilter extends AbstractPreAuthenticatedP
|
||||
* will be used.
|
||||
*/
|
||||
@Override
|
||||
protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
|
||||
protected @Nullable Object getPreAuthenticatedCredentials(HttpServletRequest request) {
|
||||
if (this.credentialsRequestHeader != null) {
|
||||
return request.getHeader(this.credentialsRequestHeader);
|
||||
}
|
||||
|
||||
+33
-17
@@ -22,15 +22,15 @@ import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.Set;
|
||||
import java.util.function.Consumer;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import com.webauthn4j.WebAuthnManager;
|
||||
import com.webauthn4j.authenticator.Authenticator;
|
||||
import com.webauthn4j.authenticator.AuthenticatorImpl;
|
||||
import com.webauthn4j.converter.util.CborConverter;
|
||||
import com.webauthn4j.converter.util.ObjectConverter;
|
||||
import com.webauthn4j.credential.CredentialRecordImpl;
|
||||
import com.webauthn4j.data.AuthenticationData;
|
||||
import com.webauthn4j.data.AuthenticationParameters;
|
||||
import com.webauthn4j.data.RegistrationData;
|
||||
@@ -248,9 +248,7 @@ public class Webauthn4JRelyingPartyOperations implements WebAuthnRelyingPartyOpe
|
||||
byte[] attestationObject = response.getAttestationObject().getBytes();
|
||||
byte[] clientDataJSON = response.getClientDataJSON().getBytes();
|
||||
Challenge challenge = new DefaultChallenge(base64Challenge);
|
||||
byte[] tokenBindingId = null /* set tokenBindingId */; // FIXME:
|
||||
// https://www.w3.org/TR/webauthn-1/#dom-collectedclientdata-tokenbinding
|
||||
ServerProperty serverProperty = new ServerProperty(origins, rpId, challenge, tokenBindingId);
|
||||
ServerProperty serverProperty = new ServerProperty(origins, rpId, challenge);
|
||||
boolean userVerificationRequired = creationOptions.getAuthenticatorSelection()
|
||||
.getUserVerification() == UserVerificationRequirement.REQUIRED;
|
||||
// requireUserPresence The constant Boolean value true
|
||||
@@ -263,7 +261,7 @@ public class Webauthn4JRelyingPartyOperations implements WebAuthnRelyingPartyOpe
|
||||
transports);
|
||||
RegistrationParameters registrationParameters = new RegistrationParameters(serverProperty, pubKeyCredParams,
|
||||
userVerificationRequired, userPresenceRequired);
|
||||
RegistrationData wa4jRegistrationData = this.webAuthnManager.validate(webauthn4jRegistrationRequest,
|
||||
RegistrationData wa4jRegistrationData = this.webAuthnManager.verify(webauthn4jRegistrationRequest,
|
||||
registrationParameters);
|
||||
AttestationObject wa4jAttestationObject = wa4jRegistrationData.getAttestationObject();
|
||||
Assert.notNull(wa4jAttestationObject, "attestationObject cannot be null");
|
||||
@@ -306,7 +304,7 @@ public class Webauthn4JRelyingPartyOperations implements WebAuthnRelyingPartyOpe
|
||||
|
||||
private List<com.webauthn4j.data.PublicKeyCredentialParameters> convertCredentialParamsToWebauthn4j(
|
||||
List<PublicKeyCredentialParameters> parameters) {
|
||||
return parameters.stream().map(this::convertParamToWebauthn4j).collect(Collectors.toUnmodifiableList());
|
||||
return parameters.stream().map(this::convertParamToWebauthn4j).toList();
|
||||
}
|
||||
|
||||
private com.webauthn4j.data.PublicKeyCredentialParameters convertParamToWebauthn4j(
|
||||
@@ -382,28 +380,29 @@ public class Webauthn4JRelyingPartyOperations implements WebAuthnRelyingPartyOpe
|
||||
.getAuthenticatorData();
|
||||
AttestedCredentialData wa4jCredData = wa4jAuthData.getAttestedCredentialData();
|
||||
Assert.notNull(wa4jCredData, "attestedCredentialData cannot be null");
|
||||
AttestedCredentialData data = new AttestedCredentialData(wa4jCredData.getAaguid(), keyId.getBytes(),
|
||||
wa4jCredData.getCOSEKey());
|
||||
|
||||
Authenticator authenticator = new AuthenticatorImpl(data, wa4jAttestationObject.getAttestationStatement(),
|
||||
credentialRecord.getSignatureCount());
|
||||
Set<Origin> origins = toOrigins();
|
||||
Challenge challenge = new DefaultChallenge(requestOptions.getChallenge().getBytes());
|
||||
// FIXME: should populate this
|
||||
byte[] tokenBindingId = null /* set tokenBindingId */;
|
||||
String rpId = requestOptions.getRpId();
|
||||
Assert.notNull(rpId, "rpId cannot be null");
|
||||
ServerProperty serverProperty = new ServerProperty(origins, rpId, challenge, tokenBindingId);
|
||||
ServerProperty serverProperty = new ServerProperty(origins, rpId, challenge);
|
||||
boolean userVerificationRequired = request.getRequestOptions()
|
||||
.getUserVerification() == UserVerificationRequirement.REQUIRED;
|
||||
|
||||
com.webauthn4j.data.AuthenticationRequest authenticationRequest = new com.webauthn4j.data.AuthenticationRequest(
|
||||
request.getPublicKey().getId().getBytes(), assertionResponse.getAuthenticatorData().getBytes(),
|
||||
assertionResponse.getClientDataJSON().getBytes(), assertionResponse.getSignature().getBytes());
|
||||
AuthenticationParameters authenticationParameters = new AuthenticationParameters(serverProperty, authenticator,
|
||||
userVerificationRequired);
|
||||
|
||||
AuthenticationData wa4jAuthenticationData = this.webAuthnManager.validate(authenticationRequest,
|
||||
// CollectedClientData and ExtensionsClientOutputs is registration data, and can
|
||||
// be null at authentication time.
|
||||
com.webauthn4j.credential.CredentialRecord wa4jCredentialRecord = new CredentialRecordImpl(
|
||||
wa4jAttestationObject, null, null, convertTransportsToWebauthn4j(credentialRecord.getTransports()));
|
||||
List<byte[]> allowCredentials = convertAllowedCredentialsToWebauthn4j(
|
||||
request.getRequestOptions().getAllowCredentials());
|
||||
AuthenticationParameters authenticationParameters = new AuthenticationParameters(serverProperty,
|
||||
wa4jCredentialRecord, allowCredentials.isEmpty() ? null : allowCredentials, userVerificationRequired);
|
||||
|
||||
AuthenticationData wa4jAuthenticationData = this.webAuthnManager.verify(authenticationRequest,
|
||||
authenticationParameters);
|
||||
|
||||
AuthenticatorData<AuthenticationExtensionAuthenticatorOutput> wa4jValidatedAuthData = wa4jAuthenticationData
|
||||
@@ -424,4 +423,21 @@ public class Webauthn4JRelyingPartyOperations implements WebAuthnRelyingPartyOpe
|
||||
return userEntity;
|
||||
}
|
||||
|
||||
private static Set<com.webauthn4j.data.AuthenticatorTransport> convertTransportsToWebauthn4j(
|
||||
Set<AuthenticatorTransport> transports) {
|
||||
return transports.stream()
|
||||
.map(AuthenticatorTransport::getValue)
|
||||
.map(com.webauthn4j.data.AuthenticatorTransport::create)
|
||||
.collect(Collectors.toSet());
|
||||
}
|
||||
|
||||
private static List<byte[]> convertAllowedCredentialsToWebauthn4j(
|
||||
List<PublicKeyCredentialDescriptor> allowedCredentials) {
|
||||
return allowedCredentials.stream()
|
||||
.map(PublicKeyCredentialDescriptor::getId)
|
||||
.filter(Objects::nonNull)
|
||||
.map(Bytes::getBytes)
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user