Skip to content

Use the custom ServerRequestCache for Oauth2LoginSpec #7734

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 17, 2019
Merged

Use the custom ServerRequestCache for Oauth2LoginSpec #7734

merged 1 commit into from
Dec 17, 2019

Conversation

fhanik
Copy link
Contributor

@fhanik fhanik commented Dec 12, 2019

Fixes gh-7721

Test case provided

@fhanik fhanik added the type: bug A general bug label Dec 12, 2019
@fhanik fhanik added this to the 5.3.0.M1 milestone Dec 12, 2019
@fhanik fhanik requested a review from jgrandja December 12, 2019 19:58
@fhanik fhanik self-assigned this Dec 12, 2019
@fhanik fhanik added the in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) label Dec 12, 2019
@sdoxsee
Copy link
Contributor

sdoxsee commented Dec 13, 2019

Thanks @fhanik and @jgrandja! Any chance this could make it into 5.2.2 as well as it's a bug fix?

@sdoxsee
Copy link
Contributor

sdoxsee commented Dec 13, 2019

Also, the authenticationSuccessHandler has its own RequestCache but the authenticationSuccessHandler may or may not be provided as custom. Which RequestCache should it be using? It's own or the same one as the others?

@fhanik
Copy link
Contributor Author

fhanik commented Dec 13, 2019

Hi @sdoxsee

I believe the success handler should be using the same as the others

spring-security/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java

Lines 3115 to 3116 in c40a17b

ServerRequestCache requestCache = http.requestCache.requestCache;
this.defaultSuccessHandler.setRequestCache(requestCache);

@sdoxsee
Copy link
Contributor

sdoxsee commented Dec 13, 2019

Thanks @fhanik. I think that's for FormLoginSpec as opposed to OAuth2LoginSpec's configure?

@fhanik
Copy link
Contributor Author

fhanik commented Dec 13, 2019

Correct. So yes, it's still an issue in the OAuth2LoginSpec.

I'll update the PR to encapsulate both use scenarios.

jgrandja
jgrandja requested changes Dec 13, 2019
View reviewed changes
Copy link
Contributor

@jgrandja jgrandja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @fhanik. Please see my comments.

jgrandja
jgrandja approved these changes Dec 17, 2019
View reviewed changes
Copy link
Contributor

@jgrandja jgrandja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates @fhanik. Please go ahead and merge this after you remove the 2x unused imports.

config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -76,9 +76,11 @@
import org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationCodeGrantWebFilter;
import org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter;
import org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove unused import

config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationCodeAuthenticationTokenConverter;
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver;
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.server.WebSessionOAuth2ServerAuthorizationRequestRepository;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove unused import

@jgrandja
Copy link
Contributor

@fhanik I noticed you applied the "for: backport-to-5.2.x" to this PR, but it needs to be applied to the associated issue instead. The backport bot does not work on PR's.

@fhanik
Use the custom ServerRequestCache that the user configures
9537306 
on for the default authentication entry point and authentication
success handler

Fixes spring-projectsgh-7721

spring-projects#7721

Set RequestCache on the Oauth2LoginSpec default authentication success handler

import static ReflectionTestUtils.getField

Feedback incorporated per

spring-projects#7734 (review)
@fhanik fhanik merged commit 9aa333c into spring-projects:master Dec 17, 2019
fhanik added a commit to fhanik/spring-security that referenced this pull request Dec 18, 2019
@fhanik
Use the custom ServerRequestCache that the user configures
32a131c 
on for the default authentication entry point and authentication
success handler

Fixes spring-projectsgh-7721

spring-projects#7721

Set RequestCache on the Oauth2LoginSpec default authentication success handler

import static ReflectionTestUtils.getField

Feedback incorporated per

spring-projects#7734 (review)
fhanik added a commit that referenced this pull request Dec 18, 2019
@fhanik
Use the custom ServerRequestCache that the user configures
b754a3d 
on for the default authentication entry point and authentication
success handler

Fixes gh-7721

#7721

Set RequestCache on the Oauth2LoginSpec default authentication success handler

import static ReflectionTestUtils.getField

Feedback incorporated per

#7734 (review)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sdoxsee sdoxsee sdoxsee left review comments

@jgrandja jgrandja jgrandja approved these changes

Assignees

@fhanik fhanik

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: bug A general bug
Projects
None yet
Milestone
5.3.0.M1
Development

Successfully merging this pull request may close these issues.

RequestCacheSpec not used on RedirectServerAuthenticationEntryPoint for OAuth2LoginSpec.configure
3 participants
@fhanik @sdoxsee @jgrandja