Revert "AuthorizationServerContext is accessible in custom consent controller"

jgrandja · jgrandja · commit ab6f4e418653 · 2024-07-22T09:04:25.000-04:00
This reverts commit 9addcf6. Closes spring-projectsgh-1668 in 1.2.x
diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationEndpointConfigurer.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2024 the original author or authors.
+ * Copyright 2020-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -237,15 +237,12 @@ void setSessionAuthenticationStrategy(SessionAuthenticationStrategy sessionAuthe
 	void init(HttpSecurity httpSecurity) {
 		AuthorizationServerSettings authorizationServerSettings = OAuth2ConfigurerUtils
 			.getAuthorizationServerSettings(httpSecurity);
-		List<RequestMatcher> requestMatchers = new ArrayList<>();
-		requestMatchers.add(new AntPathRequestMatcher(authorizationServerSettings.getAuthorizationEndpoint(),
-				HttpMethod.GET.name()));
-		requestMatchers.add(new AntPathRequestMatcher(authorizationServerSettings.getAuthorizationEndpoint(),
-				HttpMethod.POST.name()));
-		if (StringUtils.hasText(this.consentPage)) {
-			requestMatchers.add(new AntPathRequestMatcher(this.consentPage));
-		}
-		this.requestMatcher = new OrRequestMatcher(requestMatchers);
+		this.requestMatcher = new OrRequestMatcher(
+				new AntPathRequestMatcher(authorizationServerSettings.getAuthorizationEndpoint(),
+						HttpMethod.GET.name()),
+				new AntPathRequestMatcher(authorizationServerSettings.getAuthorizationEndpoint(),
+						HttpMethod.POST.name()));
+
 		List<AuthenticationProvider> authenticationProviders = createDefaultAuthenticationProviders(httpSecurity);
 		if (!this.authenticationProviders.isEmpty()) {
 			authenticationProviders.addAll(0, this.authenticationProviders);
diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java
@@ -104,7 +104,6 @@
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
 import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
 import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
-import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
 import org.springframework.security.oauth2.server.authorization.jackson2.TestingAuthenticationTokenMixin;
 import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
 import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
@@ -126,14 +125,11 @@
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.security.web.context.SecurityContextRepository;
 import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.stereotype.Controller;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 import org.springframework.util.StringUtils;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.util.UriComponents;
 import org.springframework.web.util.UriComponentsBuilder;
 import org.springframework.web.util.UriUtils;
@@ -750,15 +746,6 @@ public void requestWhenCustomConsentPageConfiguredThenRedirect() throws Exceptio
 		assertThat(authorization).isNotNull();
 	}
 
-	// gh-1668
-	@Test
-	public void requestWhenCustomConsentPageConfiguredThenAuthorizationServerContextIsAccessible() throws Exception {
-		this.spring.register(AuthorizationServerConfigurationCustomConsentPageAccessAuthorizationServerContext.class)
-			.autowire();
-
-		this.mvc.perform(get(consentPage).with(user("user"))).andExpect(status().isOk());
-	}
-
 	@Test
 	public void requestWhenCustomConsentCustomizerConfiguredThenUsed() throws Exception {
 		this.spring.register(AuthorizationServerConfigurationCustomConsentRequest.class).autowire();
@@ -1179,26 +1166,6 @@ SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) th
 
 	}
 
-	@EnableWebSecurity
-	@Configuration(proxyBeanMethods = false)
-	static class AuthorizationServerConfigurationCustomConsentPageAccessAuthorizationServerContext
-			extends AuthorizationServerConfigurationCustomConsentPage {
-
-		@Controller
-		class ConsentController {
-
-			@GetMapping("/oauth2/consent")
-			@ResponseBody
-			String consent() {
-				// Ensure the AuthorizationServerContext is accessible
-				AuthorizationServerContextHolder.getContext().getIssuer();
-				return "";
-			}
-
-		}
-
-	}
-
 	@EnableWebSecurity
 	@Configuration(proxyBeanMethods = false)
 	static class AuthorizationServerConfigurationCustomConsentRequest extends AuthorizationServerConfiguration {
