Skip to content

Commit 3948440

Browse files
rwinchrwinch
committed
Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23
2 parents 0ec7a7a + 72b5e96 commit 3948440

File tree

21 files changed

+806
-75
lines changed

21 files changed

+806
-75
lines changed

config/src/main/java/org/springframework/security/config/annotation/method/configuration/AuthorizationProxyWebConfiguration.java

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
import org.springframework.context.annotation.Bean;
2727
import org.springframework.context.annotation.Configuration;
2828
import org.springframework.context.annotation.Role;
29+
import org.springframework.core.Ordered;
2930
import org.springframework.http.HttpEntity;
3031
import org.springframework.http.ResponseEntity;
3132
import org.springframework.security.access.AccessDeniedException;
@@ -58,7 +59,9 @@ public void extendHandlerExceptionResolvers(List<HandlerExceptionResolver> resol
5859
resolvers.add(new AccessDeniedExceptionResolver());
5960
}
6061

61-
static class WebTargetVisitor implements AuthorizationAdvisorProxyFactory.TargetVisitor {
62+
static class WebTargetVisitor implements AuthorizationAdvisorProxyFactory.TargetVisitor, Ordered {
63+
64+
private static final int DEFAULT_ORDER = 100;
6265

6366
@Override
6467
public Object visit(AuthorizationAdvisorProxyFactory proxyFactory, Object target) {
@@ -81,6 +84,11 @@ public Object visit(AuthorizationAdvisorProxyFactory proxyFactory, Object target
8184
return null;
8285
}
8386

87+
@Override
88+
public int getOrder() {
89+
return DEFAULT_ORDER;
90+
}
91+
8492
}
8593

8694
static class AccessDeniedExceptionResolver implements HandlerExceptionResolver {

config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveAuthorizationManagerMethodSecurityConfiguration.java

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2002-2024 the original author or authors.
2+
* Copyright 2002-2025 the original author or authors.
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -83,10 +83,11 @@ final class ReactiveAuthorizationManagerMethodSecurityConfiguration
8383

8484
private final AuthorizationManagerAfterReactiveMethodInterceptor postAuthorizeMethodInterceptor;
8585

86-
@Autowired(required = false)
87-
ReactiveAuthorizationManagerMethodSecurityConfiguration(MethodSecurityExpressionHandler expressionHandler,
86+
ReactiveAuthorizationManagerMethodSecurityConfiguration(
87+
ObjectProvider<MethodSecurityExpressionHandler> expressionHandlers,
8888
ObjectProvider<ObjectPostProcessor<ReactiveAuthorizationManager<MethodInvocation>>> preAuthorizePostProcessor,
8989
ObjectProvider<ObjectPostProcessor<ReactiveAuthorizationManager<MethodInvocationResult>>> postAuthorizePostProcessor) {
90+
MethodSecurityExpressionHandler expressionHandler = expressionHandlers.getIfUnique();
9091
if (expressionHandler != null) {
9192
this.preFilterMethodInterceptor = new PreFilterAuthorizationReactiveMethodInterceptor(expressionHandler);
9293
this.preAuthorizeAuthorizationManager = new PreAuthorizeReactiveAuthorizationManager(expressionHandler);

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/DPoPAuthenticationConfigurer.java

Lines changed: 22 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@
2929
import org.springframework.http.HttpHeaders;
3030
import org.springframework.http.HttpStatus;
3131
import org.springframework.security.authentication.AuthenticationManager;
32+
import org.springframework.security.authentication.AuthenticationManagerResolver;
3233
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
3334
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
3435
import org.springframework.security.core.Authentication;
@@ -51,6 +52,9 @@
5152
import org.springframework.security.web.util.matcher.RequestMatcher;
5253
import org.springframework.util.CollectionUtils;
5354
import org.springframework.util.StringUtils;
55+
import org.springframework.web.context.request.RequestAttributes;
56+
import org.springframework.web.context.request.RequestContextHolder;
57+
import org.springframework.web.context.request.ServletRequestAttributes;
5458

5559
/**
5660
* An {@link AbstractHttpConfigurer} for OAuth 2.0 Demonstrating Proof of Possession
@@ -76,7 +80,7 @@ final class DPoPAuthenticationConfigurer<B extends HttpSecurityBuilder<B>>
7680
@Override
7781
public void configure(B http) {
7882
AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManager.class);
79-
http.authenticationProvider(new DPoPAuthenticationProvider(authenticationManager));
83+
http.authenticationProvider(new DPoPAuthenticationProvider(getTokenAuthenticationManager(http)));
8084
AuthenticationFilter authenticationFilter = new AuthenticationFilter(authenticationManager,
8185
getAuthenticationConverter());
8286
authenticationFilter.setRequestMatcher(getRequestMatcher());
@@ -87,6 +91,23 @@ public void configure(B http) {
8791
http.addFilter(authenticationFilter);
8892
}
8993

94+
private AuthenticationManager getTokenAuthenticationManager(B http) {
95+
OAuth2ResourceServerConfigurer<B> resourceServerConfigurer = http
96+
.getConfigurer(OAuth2ResourceServerConfigurer.class);
97+
final AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver = resourceServerConfigurer
98+
.getAuthenticationManagerResolver();
99+
if (authenticationManagerResolver == null) {
100+
return resourceServerConfigurer.getAuthenticationManager(http);
101+
}
102+
return (authentication) -> {
103+
RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
104+
ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) requestAttributes;
105+
AuthenticationManager authenticationManager = authenticationManagerResolver
106+
.resolve(servletRequestAttributes.getRequest());
107+
return authenticationManager.authenticate(authentication);
108+
};
109+
}
110+
90111
private RequestMatcher getRequestMatcher() {
91112
if (this.requestMatcher == null) {
92113
this.requestMatcher = new DPoPRequestMatcher();

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java

Lines changed: 70 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@
3737
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
3838
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
3939
import org.springframework.security.config.http.SessionCreationPolicy;
40+
import org.springframework.security.core.Authentication;
4041
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
4142
import org.springframework.security.oauth2.jwt.Jwt;
4243
import org.springframework.security.oauth2.jwt.JwtDecoder;
@@ -49,13 +50,14 @@
4950
import org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector;
5051
import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint;
5152
import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
52-
import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver;
5353
import org.springframework.security.oauth2.server.resource.web.access.BearerTokenAccessDeniedHandler;
54+
import org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationConverter;
5455
import org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter;
5556
import org.springframework.security.web.AuthenticationEntryPoint;
5657
import org.springframework.security.web.access.AccessDeniedHandler;
5758
import org.springframework.security.web.access.AccessDeniedHandlerImpl;
5859
import org.springframework.security.web.access.DelegatingAccessDeniedHandler;
60+
import org.springframework.security.web.authentication.AuthenticationConverter;
5961
import org.springframework.security.web.csrf.CsrfException;
6062
import org.springframework.security.web.util.matcher.AndRequestMatcher;
6163
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
@@ -156,7 +158,7 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
156158

157159
private AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver;
158160

159-
private BearerTokenResolver bearerTokenResolver;
161+
private AuthenticationConverter authenticationConverter;
160162

161163
private JwtConfigurer jwtConfigurer;
162164

@@ -196,7 +198,19 @@ public OAuth2ResourceServerConfigurer<H> authenticationManagerResolver(
196198

197199
public OAuth2ResourceServerConfigurer<H> bearerTokenResolver(BearerTokenResolver bearerTokenResolver) {
198200
Assert.notNull(bearerTokenResolver, "bearerTokenResolver cannot be null");
199-
this.bearerTokenResolver = bearerTokenResolver;
201+
this.authenticationConverter = new BearerTokenResolverHoldingAuthenticationConverter(bearerTokenResolver);
202+
return this;
203+
}
204+
205+
/**
206+
* Sets the {@link AuthenticationConverter} to use.
207+
* @param authenticationConverter the authentication converter
208+
* @return the {@link OAuth2ResourceServerConfigurer} for further configuration
209+
* @since 7.0
210+
*/
211+
public OAuth2ResourceServerConfigurer<H> authenticationConverter(AuthenticationConverter authenticationConverter) {
212+
Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
213+
this.authenticationConverter = authenticationConverter;
200214
return this;
201215
}
202216

@@ -271,16 +285,15 @@ public void init(H http) {
271285

272286
@Override
273287
public void configure(H http) {
274-
BearerTokenResolver bearerTokenResolver = getBearerTokenResolver();
275-
this.requestMatcher.setBearerTokenResolver(bearerTokenResolver);
276288
AuthenticationManagerResolver resolver = this.authenticationManagerResolver;
277289
if (resolver == null) {
278290
AuthenticationManager authenticationManager = getAuthenticationManager(http);
279291
resolver = (request) -> authenticationManager;
280292
}
281293

282-
BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(resolver);
283-
filter.setBearerTokenResolver(bearerTokenResolver);
294+
AuthenticationConverter converter = getAuthenticationConverter();
295+
this.requestMatcher.setAuthenticationConverter(converter);
296+
BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(resolver, converter);
284297
filter.setAuthenticationEntryPoint(this.authenticationEntryPoint);
285298
filter.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy());
286299
filter = postProcess(filter);
@@ -363,16 +376,33 @@ AuthenticationManager getAuthenticationManager(H http) {
363376
return http.getSharedObject(AuthenticationManager.class);
364377
}
365378

379+
AuthenticationManagerResolver<HttpServletRequest> getAuthenticationManagerResolver() {
380+
return this.authenticationManagerResolver;
381+
}
382+
383+
AuthenticationConverter getAuthenticationConverter() {
384+
if (this.authenticationConverter != null) {
385+
return this.authenticationConverter;
386+
}
387+
if (this.context.getBeanNamesForType(AuthenticationConverter.class).length > 0) {
388+
this.authenticationConverter = this.context.getBean(AuthenticationConverter.class);
389+
}
390+
else if (this.context.getBeanNamesForType(BearerTokenResolver.class).length > 0) {
391+
BearerTokenResolver bearerTokenResolver = this.context.getBean(BearerTokenResolver.class);
392+
this.authenticationConverter = new BearerTokenResolverHoldingAuthenticationConverter(bearerTokenResolver);
393+
}
394+
else {
395+
this.authenticationConverter = new BearerTokenAuthenticationConverter();
396+
}
397+
return this.authenticationConverter;
398+
}
399+
366400
BearerTokenResolver getBearerTokenResolver() {
367-
if (this.bearerTokenResolver == null) {
368-
if (this.context.getBeanNamesForType(BearerTokenResolver.class).length > 0) {
369-
this.bearerTokenResolver = this.context.getBean(BearerTokenResolver.class);
370-
}
371-
else {
372-
this.bearerTokenResolver = new DefaultBearerTokenResolver();
373-
}
401+
AuthenticationConverter authenticationConverter = getAuthenticationConverter();
402+
if (authenticationConverter instanceof OAuth2ResourceServerConfigurer.BearerTokenResolverHoldingAuthenticationConverter bearer) {
403+
return bearer.bearerTokenResolver;
374404
}
375-
return this.bearerTokenResolver;
405+
return null;
376406
}
377407

378408
public class JwtConfigurer {
@@ -560,21 +590,41 @@ AuthenticationManager getAuthenticationManager(H http) {
560590

561591
private static final class BearerTokenRequestMatcher implements RequestMatcher {
562592

563-
private BearerTokenResolver bearerTokenResolver;
593+
private AuthenticationConverter authenticationConverter;
564594

565595
@Override
566596
public boolean matches(HttpServletRequest request) {
567597
try {
568-
return this.bearerTokenResolver.resolve(request) != null;
598+
return this.authenticationConverter.convert(request) != null;
569599
}
570600
catch (OAuth2AuthenticationException ex) {
571601
return false;
572602
}
573603
}
574604

575-
void setBearerTokenResolver(BearerTokenResolver tokenResolver) {
576-
Assert.notNull(tokenResolver, "resolver cannot be null");
577-
this.bearerTokenResolver = tokenResolver;
605+
void setAuthenticationConverter(AuthenticationConverter authenticationConverter) {
606+
Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
607+
this.authenticationConverter = authenticationConverter;
608+
}
609+
610+
}
611+
612+
private static final class BearerTokenResolverHoldingAuthenticationConverter implements AuthenticationConverter {
613+
614+
private final BearerTokenResolver bearerTokenResolver;
615+
616+
private final AuthenticationConverter authenticationConverter;
617+
618+
BearerTokenResolverHoldingAuthenticationConverter(BearerTokenResolver bearerTokenResolver) {
619+
this.bearerTokenResolver = bearerTokenResolver;
620+
BearerTokenAuthenticationConverter authenticationConverter = new BearerTokenAuthenticationConverter();
621+
authenticationConverter.setBearerTokenResolver(bearerTokenResolver);
622+
this.authenticationConverter = authenticationConverter;
623+
}
624+
625+
@Override
626+
public Authentication convert(HttpServletRequest request) {
627+
return this.authenticationConverter.convert(request);
578628
}
579629

580630
}

0 commit comments

Comments
 (0)