Make RedirectResolver configurable for AuthorizationEndpoint

etwillbefine · jgrandja · commit e5dab2393b19 · 2018-02-12T15:48:40.000-05:00
Fixes spring-atticgh-1190
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java
@@ -44,6 +44,7 @@
 import org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint;
 import org.springframework.security.oauth2.provider.endpoint.CheckTokenEndpoint;
 import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping;
+import org.springframework.security.oauth2.provider.endpoint.RedirectResolver;
 import org.springframework.security.oauth2.provider.endpoint.TokenEndpoint;
 import org.springframework.security.oauth2.provider.endpoint.TokenKeyEndpoint;
 import org.springframework.security.oauth2.provider.endpoint.WhitelabelApprovalEndpoint;
@@ -95,6 +96,7 @@ public AuthorizationEndpoint authorizationEndpoint() throws Exception {
 		authorizationEndpoint.setOAuth2RequestFactory(oauth2RequestFactory());
 		authorizationEndpoint.setOAuth2RequestValidator(oauth2RequestValidator());
 		authorizationEndpoint.setUserApprovalHandler(userApprovalHandler());
+		authorizationEndpoint.setRedirectResolver(redirectResolver());
 		return authorizationEndpoint;
 	}
 
@@ -200,6 +202,10 @@ private WebResponseExceptionTranslator exceptionTranslator() {
 		return getEndpointsConfigurer().getExceptionTranslator();
 	}
 
+	private RedirectResolver redirectResolver() {
+		return getEndpointsConfigurer().getRedirectResolver();
+	}
+
 	private TokenGranter tokenGranter() throws Exception {
 		return getEndpointsConfigurer().getTokenGranter();
 	}
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerEndpointsConfigurer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerEndpointsConfigurer.java
@@ -52,7 +52,9 @@
 import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
 import org.springframework.security.oauth2.provider.code.AuthorizationCodeTokenGranter;
 import org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices;
+import org.springframework.security.oauth2.provider.endpoint.DefaultRedirectResolver;
 import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping;
+import org.springframework.security.oauth2.provider.endpoint.RedirectResolver;
 import org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator;
 import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.security.oauth2.provider.implicit.ImplicitTokenGranter;
@@ -137,6 +139,8 @@ public final class AuthorizationServerEndpointsConfigurer {
 
 	private WebResponseExceptionTranslator exceptionTranslator;
 
+	private RedirectResolver redirectResolver;
+
 	public AuthorizationServerTokenServices getTokenServices() {
 		return ProxyCreator.getProxy(AuthorizationServerTokenServices.class,
 				new ObjectFactory<AuthorizationServerTokenServices>() {
@@ -217,6 +221,11 @@ public AuthorizationServerEndpointsConfigurer tokenServices(AuthorizationServerT
 		return this;
 	}
 
+	public AuthorizationServerEndpointsConfigurer redirectResolver(RedirectResolver redirectResolver) {
+		this.redirectResolver = redirectResolver;
+		return this;
+	}
+
 	public boolean isTokenServicesOverride() {
 		return tokenServicesOverride;
 	}
@@ -360,6 +369,10 @@ public WebResponseExceptionTranslator getExceptionTranslator() {
 		return exceptionTranslator();
 	}
 
+	public RedirectResolver getRedirectResolver() {
+		return redirectResolver();
+	}
+
 	private ResourceServerTokenServices resourceTokenServices() {
 		if (resourceTokenServices == null) {
 			if (tokenServices instanceof ResourceServerTokenServices) {
@@ -512,6 +525,14 @@ private WebResponseExceptionTranslator exceptionTranslator() {
 		return exceptionTranslator;
 	}
 
+	private RedirectResolver redirectResolver() {
+		if (redirectResolver != null) {
+			return redirectResolver;
+		}
+		redirectResolver = new DefaultRedirectResolver();
+		return redirectResolver;
+	}
+
 	private OAuth2RequestFactory requestFactory() {
 		if (requestFactory != null) {
 			return requestFactory;
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/AuthorizationServerConfigurationTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/AuthorizationServerConfigurationTests.java
@@ -37,12 +37,14 @@
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.jwt.crypto.sign.MacSigner;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
 import org.springframework.security.oauth2.provider.AuthorizationRequest;
+import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
 import org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler;
@@ -52,6 +54,7 @@
 import org.springframework.security.oauth2.provider.client.InMemoryClientDetailsService;
 import org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint;
 import org.springframework.security.oauth2.provider.endpoint.CheckTokenEndpoint;
+import org.springframework.security.oauth2.provider.endpoint.RedirectResolver;
 import org.springframework.security.oauth2.provider.endpoint.TokenEndpoint;
 import org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator;
 import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
@@ -107,7 +110,9 @@ public static List<Object[]> parameters() {
 				new Object[] { null, new Class<?>[] { AuthorizationServerAllowsOnlyPost.class } },
 				new Object[] { BeanCreationException.class, new Class<?>[] { AuthorizationServerTypes.class } },
 				new Object[] { null, new Class<?>[] { AuthorizationServerCustomGranter.class } },
-				new Object[] { null, new Class<?>[] { AuthorizationServerSslEnabled.class } }
+				new Object[] { null, new Class<?>[] { AuthorizationServerSslEnabled.class } },
+				new Object[] { null, new Class<?>[] { AuthorizationServerCustomRedirectResolver.class } },
+				new Object[] { null, new Class<?>[] { AuthorizationServerDefaultRedirectResolver.class } }
 		// @formatter:on
 		);
 	}
@@ -545,6 +550,51 @@ public void run() {
 
 	}
 
+	@EnableWebSecurity
+	@EnableAuthorizationServer
+	protected static class AuthorizationServerCustomRedirectResolver extends AuthorizationServerConfigurerAdapter
+			implements Runnable {
+
+		@Autowired
+		private ApplicationContext context;
+
+		@Override
+		public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+			endpoints.redirectResolver(new CustomRedirectResolver());
+		}
+
+		@Override
+		public void run() {
+			RedirectResolver resolver = (RedirectResolver) ReflectionTestUtils.getField(context.getBean(AuthorizationEndpoint.class), "redirectResolver");
+
+			assertNotNull(resolver);
+			assertTrue(resolver instanceof CustomRedirectResolver);
+		}
+
+		static class CustomRedirectResolver implements RedirectResolver {
+			@Override
+			public String resolveRedirect(final String requestedRedirect, final ClientDetails client) throws OAuth2Exception {
+				return "go/here";
+			}
+		}
+	}
+
+	@EnableWebSecurity
+	@EnableAuthorizationServer
+	protected static class AuthorizationServerDefaultRedirectResolver extends AuthorizationServerConfigurerAdapter
+			implements Runnable {
+
+		@Autowired
+		private ApplicationContext context;
+
+		@Override
+		public void run() {
+			assertNotNull(
+					ReflectionTestUtils.getField(context.getBean(AuthorizationEndpoint.class), "redirectResolver"));
+		}
+
+	}
+
 	@Configuration
 	@EnableWebMvcSecurity
 	@EnableAuthorizationServer
