Merge branch '1.2.x' into 1.3.x

jgrandja · jgrandja · commit 41d3c30b4914 · 2024-07-19T15:49:04.000-04:00
diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java
@@ -241,10 +241,13 @@ void init(HttpSecurity httpSecurity) {
 				? OAuth2ConfigurerUtils
 					.withMultipleIssuersPattern(authorizationServerSettings.getAuthorizationEndpoint())
 				: authorizationServerSettings.getAuthorizationEndpoint();
-		this.requestMatcher = new OrRequestMatcher(
-				new AntPathRequestMatcher(authorizationEndpointUri, HttpMethod.GET.name()),
-				new AntPathRequestMatcher(authorizationEndpointUri, HttpMethod.POST.name()));
-
+		List<RequestMatcher> requestMatchers = new ArrayList<>();
+		requestMatchers.add(new AntPathRequestMatcher(authorizationEndpointUri, HttpMethod.GET.name()));
+		requestMatchers.add(new AntPathRequestMatcher(authorizationEndpointUri, HttpMethod.POST.name()));
+		if (StringUtils.hasText(this.consentPage)) {
+			requestMatchers.add(new AntPathRequestMatcher(this.consentPage));
+		}
+		this.requestMatcher = new OrRequestMatcher(requestMatchers);
 		List<AuthenticationProvider> authenticationProviders = createDefaultAuthenticationProviders(httpSecurity);
 		if (!this.authenticationProviders.isEmpty()) {
 			authenticationProviders.addAll(0, this.authenticationProviders);
diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java
@@ -104,6 +104,7 @@
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
 import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
 import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
+import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
 import org.springframework.security.oauth2.server.authorization.jackson2.TestingAuthenticationTokenMixin;
 import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
 import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
@@ -125,11 +126,14 @@
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.security.web.context.SecurityContextRepository;
 import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.stereotype.Controller;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.util.UriComponents;
 import org.springframework.web.util.UriComponentsBuilder;
 import org.springframework.web.util.UriUtils;
@@ -746,6 +750,15 @@ public void requestWhenCustomConsentPageConfiguredThenRedirect() throws Exceptio
 		assertThat(authorization).isNotNull();
 	}
 
+	// gh-1668
+	@Test
+	public void requestWhenCustomConsentPageConfiguredThenAuthorizationServerContextIsAccessible() throws Exception {
+		this.spring.register(AuthorizationServerConfigurationCustomConsentPageAccessAuthorizationServerContext.class)
+			.autowire();
+
+		this.mvc.perform(get(consentPage).with(user("user"))).andExpect(status().isOk());
+	}
+
 	@Test
 	public void requestWhenCustomConsentCustomizerConfiguredThenUsed() throws Exception {
 		this.spring.register(AuthorizationServerConfigurationCustomConsentRequest.class).autowire();
@@ -1209,6 +1222,26 @@ SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) th
 
 	}
 
+	@EnableWebSecurity
+	@Configuration(proxyBeanMethods = false)
+	static class AuthorizationServerConfigurationCustomConsentPageAccessAuthorizationServerContext
+			extends AuthorizationServerConfigurationCustomConsentPage {
+
+		@Controller
+		class ConsentController {
+
+			@GetMapping("/oauth2/consent")
+			@ResponseBody
+			String consent() {
+				// Ensure the AuthorizationServerContext is accessible
+				AuthorizationServerContextHolder.getContext().getIssuer();
+				return "";
+			}
+
+		}
+
+	}
+
 	@EnableWebSecurity
 	@Configuration(proxyBeanMethods = false)
 	static class AuthorizationServerConfigurationCustomConsentRequest extends AuthorizationServerConfiguration {
