Skip to content

Fix OAuth2LoginConfigurer AuthenticationProvider decoration #17966

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+68 −3
Open

Fix OAuth2LoginConfigurer AuthenticationProvider decoration #17966

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions ...ework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -344,7 +344,7 @@ public void init(B http) {
if (userAuthoritiesMapper != null) {
oauth2LoginAuthenticationProvider.setAuthoritiesMapper(userAuthoritiesMapper);
}
http.authenticationProvider(this.postProcess(oauth2LoginAuthenticationProvider));
http.authenticationProvider((AuthenticationProvider) this.postProcess(oauth2LoginAuthenticationProvider));
boolean oidcAuthenticationProviderEnabled = ClassUtils
.isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
if (oidcAuthenticationProviderEnabled) {
Expand All @@ -365,7 +365,7 @@ public void init(B http) {
oidcAuthorizationCodeAuthenticationProvider.setAuthoritiesMapper(userAuthoritiesMapper);
oidcAuthorizedClientRefreshedEventListener.setAuthoritiesMapper(userAuthoritiesMapper);
}
http.authenticationProvider(this.postProcess(oidcAuthorizationCodeAuthenticationProvider));
http.authenticationProvider((AuthenticationProvider) this.postProcess(oidcAuthorizationCodeAuthenticationProvider));

registerDelegateApplicationListener(this.postProcess(oidcAuthorizedClientRefreshedEventListener));
configureOidcUserRefreshedEventListener(http);
Expand Down
67 changes: 66 additions & 1 deletion .../security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.core.oidc.OidcScopes;
import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
Expand Down Expand Up @@ -697,6 +697,22 @@ public void oauth2LoginWhenAuthenticationProviderPostProcessorThenUses() throws
verify(this.context.getBean(SpyObjectPostProcessor.class).spy).authenticate(any());
}

// gh-17357
@Test
public void oauth2LoginWhenOidcAuthenticationProviderPostProcessorThenUses() throws Exception {
loadConfig(OAuth2LoginConfigCustomWithOidcPostProcessor.class);
// setup authorization request with OIDC scope
OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest(OidcScopes.OPENID);
this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, this.request, this.response);
// setup authentication parameters
this.request.setParameter("code", "code123");
this.request.setParameter("state", authorizationRequest.getState());
// perform test
this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
// assertions
verify(this.context.getBean(OidcSpyObjectPostProcessor.class).spy).authenticate(any());
}

// gh-16623
@Test
public void oauth2LoginWithCustomSecurityContextRepository() {
Expand Down Expand Up @@ -1454,6 +1470,55 @@ JwtDecoderFactory<ClientRegistration> jwtDecoderFactory2() {
return (clientRegistration) -> JwtDecoderFactoryConfig.getJwtDecoder();
}

@Configuration
static class OAuth2LoginConfigCustomWithOidcPostProcessor {

private final ClientRegistrationRepository clientRegistrationRepository = new InMemoryClientRegistrationRepository(
TestClientRegistrations.oidc().build());

private final ObjectPostProcessor<AuthenticationProvider> postProcessor = new OidcSpyObjectPostProcessor();

@Bean
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
// @formatter:off
http
.oauth2Login((oauth2Login) -> oauth2Login
.clientRegistrationRepository(this.clientRegistrationRepository)
.withObjectPostProcessor(this.postProcessor)
);
// @formatter:on
return http.build();
}

@Bean
ObjectPostProcessor<AuthenticationProvider> mockPostProcessor() {
return this.postProcessor;
}

@Bean
HttpSessionOAuth2AuthorizationRequestRepository oauth2AuthorizationRequestRepository() {
return new HttpSessionOAuth2AuthorizationRequestRepository();
}

@Bean
JwtDecoderFactory<ClientRegistration> jwtDecoderFactory() {
return (clientRegistration) -> JwtDecoderFactoryConfig.getJwtDecoder();
}

static class OidcSpyObjectPostProcessor implements ObjectPostProcessor<AuthenticationProvider> {

AuthenticationProvider spy;

@Override
public <O extends AuthenticationProvider> O postProcess(O object) {
O spy = Mockito.spy(object);
this.spy = spy;
return spy;
}

}

}

}
}