Add Jwt Client Authentication support

Closes spring-projectsgh-8175
akohli96 · Aug 25, 2021 · d612f74 · d612f74
1 parent b09f498
commit d612f74
Show file tree

Hide file tree

Showing 36 changed files with 3,388 additions and 433 deletions.
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
@@ -49,4 +49,5 @@
 	<suppress files="WebSocketMessageBrokerConfigTests\.java" checks="SpringMethodVisibility"/>
 	<suppress files="WebSecurityConfigurationTests\.java" checks="SpringMethodVisibility"/>
 	<suppress files="WithSecurityContextTestExecutionListenerTests\.java" checks="SpringMethodVisibility"/>
+	<suppress files="AbstractOAuth2AuthorizationGrantRequestEntityConverter\.java" checks="SpringMethodVisibility"/>
 </suppressions>
diff --git a/...ingframework/security/oauth2/client/endpoint/AbstractOAuth2AuthorizationGrantRequest.java b/...ingframework/security/oauth2/client/endpoint/AbstractOAuth2AuthorizationGrantRequest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.oauth2.client.endpoint;
 
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.util.Assert;
 
@@ -27,20 +28,42 @@
  * @author Joe Grandja
  * @since 5.0
  * @see AuthorizationGrantType
+ * @see ClientRegistration
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3">Section
  * 1.3 Authorization Grant</a>
  */
 public abstract class AbstractOAuth2AuthorizationGrantRequest {
 
 	private final AuthorizationGrantType authorizationGrantType;
 
+	private final ClientRegistration clientRegistration;
+
 	/**
 	 * Sub-class constructor.
 	 * @param authorizationGrantType the authorization grant type
+	 * @deprecated Use
+	 * {@link #AbstractOAuth2AuthorizationGrantRequest(AuthorizationGrantType, ClientRegistration)}
+	 * instead
 	 */
+	@Deprecated
 	protected AbstractOAuth2AuthorizationGrantRequest(AuthorizationGrantType authorizationGrantType) {
 		Assert.notNull(authorizationGrantType, "authorizationGrantType cannot be null");
 		this.authorizationGrantType = authorizationGrantType;
+		this.clientRegistration = null;
+	}
+
+	/**
+	 * Sub-class constructor.
+	 * @param authorizationGrantType the authorization grant type
+	 * @param clientRegistration the client registration
+	 * @since 5.5
+	 */
+	protected AbstractOAuth2AuthorizationGrantRequest(AuthorizationGrantType authorizationGrantType,
+			ClientRegistration clientRegistration) {
+		Assert.notNull(authorizationGrantType, "authorizationGrantType cannot be null");
+		Assert.notNull(clientRegistration, "clientRegistration cannot be null");
+		this.authorizationGrantType = authorizationGrantType;
+		this.clientRegistration = clientRegistration;
 	}
 
 	/**
@@ -51,4 +74,13 @@ public AuthorizationGrantType getGrantType() {
 		return this.authorizationGrantType;
 	}
 
+	/**
+	 * Returns the {@link ClientRegistration client registration}.
+	 * @return the {@link ClientRegistration}
+	 * @since 5.5
+	 */
+	public ClientRegistration getClientRegistration() {
+		return this.clientRegistration;
+	}
+
 }
diff --git a/...curity/oauth2/client/endpoint/AbstractOAuth2AuthorizationGrantRequestEntityConverter.java b/...curity/oauth2/client/endpoint/AbstractOAuth2AuthorizationGrantRequestEntityConverter.java
@@ -0,0 +1,173 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.oauth2.client.endpoint;
+
+import java.net.URI;
+
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.RequestEntity;
+import org.springframework.util.Assert;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import org.springframework.web.util.UriComponentsBuilder;
+
+/**
+ * Base implementation of a {@link Converter} that converts the provided
+ * {@link AbstractOAuth2AuthorizationGrantRequest} instance to a {@link RequestEntity}
+ * representation of an OAuth 2.0 Access Token Request for the Authorization Grant.
+ *
+ * @param <T> the type of {@link AbstractOAuth2AuthorizationGrantRequest}
+ * @author Joe Grandja
+ * @since 5.5
+ * @see Converter
+ * @see AbstractOAuth2AuthorizationGrantRequest
+ * @see RequestEntity
+ */
+abstract class AbstractOAuth2AuthorizationGrantRequestEntityConverter<T extends AbstractOAuth2AuthorizationGrantRequest>
+		implements Converter<T, RequestEntity<?>> {
+
+	// @formatter:off
+	private Converter<T, HttpHeaders> headersConverter =
+			(authorizationGrantRequest) -> OAuth2AuthorizationGrantRequestEntityUtils
+					.getTokenRequestHeaders(authorizationGrantRequest.getClientRegistration());
+	// @formatter:on
+
+	private Converter<T, MultiValueMap<String, String>> parametersConverter = this::createParameters;
+
+	@Override
+	public RequestEntity<?> convert(T authorizationGrantRequest) {
+		HttpHeaders headers = getHeadersConverter().convert(authorizationGrantRequest);
+		MultiValueMap<String, String> parameters = getParametersConverter().convert(authorizationGrantRequest);
+		URI uri = UriComponentsBuilder
+				.fromUriString(authorizationGrantRequest.getClientRegistration().getProviderDetails().getTokenUri())
+				.build().toUri();
+		return new RequestEntity<>(parameters, headers, HttpMethod.POST, uri);
+	}
+
+	/**
+	 * Returns a {@link MultiValueMap} of the parameters used in the OAuth 2.0 Access
+	 * Token Request body.
+	 * @param authorizationGrantRequest the authorization grant request
+	 * @return a {@link MultiValueMap} of the parameters used in the OAuth 2.0 Access
+	 * Token Request body
+	 */
+	abstract MultiValueMap<String, String> createParameters(T authorizationGrantRequest);
+
+	/**
+	 * Returns the {@link Converter} used for converting the
+	 * {@link AbstractOAuth2AuthorizationGrantRequest} instance to a {@link HttpHeaders}
+	 * used in the OAuth 2.0 Access Token Request headers.
+	 * @return the {@link Converter} used for converting the
+	 * {@link OAuth2AuthorizationCodeGrantRequest} to {@link HttpHeaders}
+	 */
+	final Converter<T, HttpHeaders> getHeadersConverter() {
+		return this.headersConverter;
+	}
+
+	/**
+	 * Sets the {@link Converter} used for converting the
+	 * {@link AbstractOAuth2AuthorizationGrantRequest} instance to a {@link HttpHeaders}
+	 * used in the OAuth 2.0 Access Token Request headers.
+	 * @param headersConverter the {@link Converter} used for converting the
+	 * {@link OAuth2AuthorizationCodeGrantRequest} to {@link HttpHeaders}
+	 */
+	public final void setHeadersConverter(Converter<T, HttpHeaders> headersConverter) {
+		Assert.notNull(headersConverter, "headersConverter cannot be null");
+		this.headersConverter = headersConverter;
+	}
+
+	/**
+	 * Add (compose) the provided {@code headersConverter} to the current
+	 * {@link Converter} used for converting the
+	 * {@link AbstractOAuth2AuthorizationGrantRequest} instance to a {@link HttpHeaders}
+	 * used in the OAuth 2.0 Access Token Request headers.
+	 * @param headersConverter the {@link Converter} to add (compose) to the current
+	 * {@link Converter} used for converting the
+	 * {@link OAuth2AuthorizationCodeGrantRequest} to a {@link HttpHeaders}
+	 */
+	public final void addHeadersConverter(Converter<T, HttpHeaders> headersConverter) {
+		Assert.notNull(headersConverter, "headersConverter cannot be null");
+		Converter<T, HttpHeaders> currentHeadersConverter = this.headersConverter;
+		this.headersConverter = (authorizationGrantRequest) -> {
+			// Append headers using a Composite Converter
+			HttpHeaders headers = currentHeadersConverter.convert(authorizationGrantRequest);
+			if (headers == null) {
+				headers = new HttpHeaders();
+			}
+			HttpHeaders headersToAdd = headersConverter.convert(authorizationGrantRequest);
+			if (headersToAdd != null) {
+				headers.addAll(headersToAdd);
+			}
+			return headers;
+		};
+	}
+
+	/**
+	 * Returns the {@link Converter} used for converting the
+	 * {@link AbstractOAuth2AuthorizationGrantRequest} instance to a {@link MultiValueMap}
+	 * of the parameters used in the OAuth 2.0 Access Token Request body.
+	 * @return the {@link Converter} used for converting the
+	 * {@link OAuth2AuthorizationCodeGrantRequest} to a {@link MultiValueMap} of the
+	 * parameters
+	 */
+	final Converter<T, MultiValueMap<String, String>> getParametersConverter() {
+		return this.parametersConverter;
+	}
+
+	/**
+	 * Sets the {@link Converter} used for converting the
+	 * {@link AbstractOAuth2AuthorizationGrantRequest} instance to a {@link MultiValueMap}
+	 * of the parameters used in the OAuth 2.0 Access Token Request body.
+	 * @param parametersConverter the {@link Converter} used for converting the
+	 * {@link OAuth2AuthorizationCodeGrantRequest} to a {@link MultiValueMap} of the
+	 * parameters
+	 */
+	public final void setParametersConverter(Converter<T, MultiValueMap<String, String>> parametersConverter) {
+		Assert.notNull(parametersConverter, "parametersConverter cannot be null");
+		this.parametersConverter = parametersConverter;
+	}
+
+	/**
+	 * Add (compose) the provided {@code parametersConverter} to the current
+	 * {@link Converter} used for converting the
+	 * {@link AbstractOAuth2AuthorizationGrantRequest} instance to a {@link MultiValueMap}
+	 * of the parameters used in the OAuth 2.0 Access Token Request body.
+	 * @param parametersConverter the {@link Converter} to add (compose) to the current
+	 * {@link Converter} used for converting the
+	 * {@link OAuth2AuthorizationCodeGrantRequest} to a {@link MultiValueMap} of the
+	 * parameters
+	 */
+	public final void addParametersConverter(Converter<T, MultiValueMap<String, String>> parametersConverter) {
+		Assert.notNull(parametersConverter, "parametersConverter cannot be null");
+		Converter<T, MultiValueMap<String, String>> currentParametersConverter = this.parametersConverter;
+		this.parametersConverter = (authorizationGrantRequest) -> {
+			// Append parameters using a Composite Converter
+			MultiValueMap<String, String> parameters = currentParametersConverter.convert(authorizationGrantRequest);
+			if (parameters == null) {
+				parameters = new LinkedMultiValueMap<>();
+			}
+			MultiValueMap<String, String> parametersToAdd = parametersConverter.convert(authorizationGrantRequest);
+			if (parametersToAdd != null) {
+				parameters.addAll(parametersToAdd);
+			}
+			return parameters;
+		};
+	}
+
+}