From c27061d30510614cc92d3ce1c4b6b2933f2f8c9b Mon Sep 17 00:00:00 2001 From: chanbinme Date: Tue, 19 Aug 2025 23:55:24 +0900 Subject: [PATCH] Fix MVC OAuth2AuthorizationRequestResolver to use correct "login" action for redirect URI - Changed DefaultOAuth2AuthorizationRequestResolver.resolve(HttpServletRequest, String) to always use "login" as the redirect URI action instead of "authorize". - This aligns URI generation with Reactive stack behavior, fixing inconsistent OAuth2 login redirect URIs between MVC and Reactive. - Resolves authentication errors and token relay issues caused by incorrect URI paths. Signed-off-by: chanbinme --- .../client/web/DefaultOAuth2AuthorizationRequestResolver.java | 2 +- .../web/DefaultOAuth2AuthorizationRequestResolverTests.java | 2 +- .../web/OAuth2AuthorizationRequestRedirectFilterTests.java | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java index a420171ae34..aa0504d9f26 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java @@ -132,7 +132,7 @@ public OAuth2AuthorizationRequest resolve(HttpServletRequest request, String reg if (registrationId == null) { return null; } - String redirectUriAction = getAction(request, "authorize"); + String redirectUriAction = getAction(request, "login"); return resolve(request, registrationId, redirectUriAction); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java index ddaf962e9b5..07e5f2a10c4 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java @@ -307,7 +307,7 @@ public void resolveWhenClientAuthorizationRequiredExceptionAvailableThenRedirect assertThat(authorizationRequest.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&" - + "redirect_uri=http://localhost/authorize/oauth2/code/registration-id"); + + "redirect_uri=http://localhost/login/oauth2/code/registration-id"); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java index 834a647b02a..5e3cab1582d 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java @@ -231,7 +231,7 @@ public void doFilterWhenNotAuthorizationRequestAndClientAuthorizationRequiredExc verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&" - + "redirect_uri=http://localhost/authorize/oauth2/code/registration-id"); + + "redirect_uri=http://localhost/login/oauth2/code/registration-id"); verify(this.requestCache).saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); }