Polish Authorization Server auto-configuration

Author: wilkinsona

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerPropertiesSettingsAdapter.java

@@ -16,19 +16,12 @@
 
 package org.springframework.boot.autoconfigure.security.oauth2.server.servlet;
 
-import java.util.List;
-
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.autoconfigure.security.oauth2.server.OAuth2AuthorizationServerProperties;
-import org.springframework.boot.autoconfigure.security.oauth2.server.OAuth2AuthorizationServerPropertiesRegistrationAdapter;
-import org.springframework.boot.autoconfigure.security.oauth2.server.OAuth2AuthorizationServerPropertiesSettingsAdapter;
-import org.springframework.boot.autoconfigure.security.oauth2.server.RegisteredClientsConfiguredCondition;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Conditional;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
-import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
 import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
 
@@ -42,19 +35,23 @@
 @EnableConfigurationProperties(OAuth2AuthorizationServerProperties.class)
 class OAuth2AuthorizationServerConfiguration {
 
+	private final OAuth2AuthorizationServerPropertiesMapper propertiesMapper;
+
+	OAuth2AuthorizationServerConfiguration(OAuth2AuthorizationServerProperties properties) {
+		this.propertiesMapper = new OAuth2AuthorizationServerPropertiesMapper(properties);
+	}
+
 	@Bean
 	@ConditionalOnMissingBean
 	@Conditional(RegisteredClientsConfiguredCondition.class)
-	RegisteredClientRepository registeredClientRepository(OAuth2AuthorizationServerProperties properties) {
-		List<RegisteredClient> registeredClients = OAuth2AuthorizationServerPropertiesRegistrationAdapter
-			.getRegisteredClients(properties);
-		return new InMemoryRegisteredClientRepository(registeredClients);
+	RegisteredClientRepository registeredClientRepository() {
+		return new InMemoryRegisteredClientRepository(this.propertiesMapper.asRegisteredClients());
 	}
 
 	@Bean
 	@ConditionalOnMissingBean
-	AuthorizationServerSettings authorizationServerSettings(OAuth2AuthorizationServerProperties properties) {
-		return OAuth2AuthorizationServerPropertiesSettingsAdapter.getAuthorizationServerSettings(properties);
+	AuthorizationServerSettings authorizationServerSettings() {
+		return this.propertiesMapper.asAuthorizationServerSettings();
 	}
 
 }

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/package-info.java

@@ -73,12 +73,9 @@ private static RSAKey getRsaKey() {
 		KeyPair keyPair = generateRsaKey();
 		RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
 		RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
-		// @formatter:off
-		RSAKey rsaKey = new RSAKey.Builder(publicKey)
-				.privateKey(privateKey)
-				.keyID(UUID.randomUUID().toString())
-				.build();
-		// @formatter:on
+		RSAKey rsaKey = new RSAKey.Builder(publicKey).privateKey(privateKey)
+			.keyID(UUID.randomUUID().toString())
+			.build();
 		return rsaKey;
 	}
 

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerConfiguration.java

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.boot.autoconfigure.security.oauth2.server;
+package org.springframework.boot.autoconfigure.security.oauth2.server.servlet;
 
 import java.time.Duration;
 import java.util.HashMap;

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerJwtAutoConfiguration.java

@@ -14,43 +14,63 @@
  * limitations under the License.
  */
 
-package org.springframework.boot.autoconfigure.security.oauth2.server;
+package org.springframework.boot.autoconfigure.security.oauth2.server.servlet;
 
 import java.util.ArrayList;
 import java.util.List;
 
-import org.springframework.boot.autoconfigure.security.oauth2.server.OAuth2AuthorizationServerProperties.Client;
-import org.springframework.boot.autoconfigure.security.oauth2.server.OAuth2AuthorizationServerProperties.Registration;
+import org.springframework.boot.autoconfigure.security.oauth2.server.servlet.OAuth2AuthorizationServerProperties.Client;
+import org.springframework.boot.autoconfigure.security.oauth2.server.servlet.OAuth2AuthorizationServerProperties.Registration;
 import org.springframework.boot.context.properties.PropertyMapper;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.jose.jws.JwsAlgorithm;
 import org.springframework.security.oauth2.jose.jws.MacAlgorithm;
 import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
+import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
 import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
 import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
 import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
 
 /**
- * Adapter class to convert {@link Client} to a {@link RegisteredClient}.
+ * Maps {@OAuth2AuthorizationServerProperties} to Authorization Server types.
  *
  * @author Steve Riesenberg
- * @since 3.1.0
  */
-public final class OAuth2AuthorizationServerPropertiesRegistrationAdapter {
+final class OAuth2AuthorizationServerPropertiesMapper {
 
-	private OAuth2AuthorizationServerPropertiesRegistrationAdapter() {
+	private final OAuth2AuthorizationServerProperties properties;
+
+	OAuth2AuthorizationServerPropertiesMapper(OAuth2AuthorizationServerProperties properties) {
+		this.properties = properties;
+	}
+
+	AuthorizationServerSettings asAuthorizationServerSettings() {
+		PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
+		OAuth2AuthorizationServerProperties.Endpoint endpoint = this.properties.getEndpoint();
+		OAuth2AuthorizationServerProperties.OidcEndpoint oidc = endpoint.getOidc();
+		AuthorizationServerSettings.Builder builder = AuthorizationServerSettings.builder();
+		map.from(this.properties::getIssuer).to(builder::issuer);
+		map.from(endpoint::getAuthorizationUri).to(builder::authorizationEndpoint);
+		map.from(endpoint::getTokenUri).to(builder::tokenEndpoint);
+		map.from(endpoint::getJwkSetUri).to(builder::jwkSetEndpoint);
+		map.from(endpoint::getTokenRevocationUri).to(builder::tokenRevocationEndpoint);
+		map.from(endpoint::getTokenIntrospectionUri).to(builder::tokenIntrospectionEndpoint);
+		map.from(oidc::getLogoutUri).to(builder::oidcLogoutEndpoint);
+		map.from(oidc::getClientRegistrationUri).to(builder::oidcClientRegistrationEndpoint);
+		map.from(oidc::getUserInfoUri).to(builder::oidcUserInfoEndpoint);
+		return builder.build();
 	}
 
-	public static List<RegisteredClient> getRegisteredClients(OAuth2AuthorizationServerProperties properties) {
+	List<RegisteredClient> asRegisteredClients() {
 		List<RegisteredClient> registeredClients = new ArrayList<>();
-		properties.getClient()
+		this.properties.getClient()
 			.forEach((registrationId, client) -> registeredClients.add(getRegisteredClient(registrationId, client)));
 		return registeredClients;
 	}
 
-	private static RegisteredClient getRegisteredClient(String registrationId, Client client) {
+	private RegisteredClient getRegisteredClient(String registrationId, Client client) {
 		Registration registration = client.getRegistration();
 		PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
 		RegisteredClient.Builder builder = RegisteredClient.withId(registrationId);
@@ -74,18 +94,18 @@ private static RegisteredClient getRegisteredClient(String registrationId, Clien
 		return builder.build();
 	}
 
-	private static ClientSettings getClientSettings(Client client, PropertyMapper map) {
+	private ClientSettings getClientSettings(Client client, PropertyMapper map) {
 		ClientSettings.Builder builder = ClientSettings.builder();
 		map.from(client::isRequireProofKey).to(builder::requireProofKey);
 		map.from(client::isRequireAuthorizationConsent).to(builder::requireAuthorizationConsent);
 		map.from(client::getJwkSetUri).to(builder::jwkSetUrl);
 		map.from(client::getTokenEndpointAuthenticationSigningAlgorithm)
-			.as(OAuth2AuthorizationServerPropertiesRegistrationAdapter::jwsAlgorithm)
+			.as(this::jwsAlgorithm)
 			.to(builder::tokenEndpointAuthenticationSigningAlgorithm);
 		return builder.build();
 	}
 
-	private static TokenSettings getTokenSettings(Client client, PropertyMapper map) {
+	private TokenSettings getTokenSettings(Client client, PropertyMapper map) {
 		OAuth2AuthorizationServerProperties.Token token = client.getToken();
 		TokenSettings.Builder builder = TokenSettings.builder();
 		map.from(token::getAuthorizationCodeTimeToLive).to(builder::authorizationCodeTimeToLive);
@@ -94,12 +114,12 @@ private static TokenSettings getTokenSettings(Client client, PropertyMapper map)
 		map.from(token::isReuseRefreshTokens).to(builder::reuseRefreshTokens);
 		map.from(token::getRefreshTokenTimeToLive).to(builder::refreshTokenTimeToLive);
 		map.from(token::getIdTokenSignatureAlgorithm)
-			.as(OAuth2AuthorizationServerPropertiesRegistrationAdapter::signatureAlgorithm)
+			.as(this::signatureAlgorithm)
 			.to(builder::idTokenSignatureAlgorithm);
 		return builder.build();
 	}
 
-	private static JwsAlgorithm jwsAlgorithm(String signingAlgorithm) {
+	private JwsAlgorithm jwsAlgorithm(String signingAlgorithm) {
 		String name = signingAlgorithm.toUpperCase();
 		JwsAlgorithm jwsAlgorithm = SignatureAlgorithm.from(name);
 		if (jwsAlgorithm == null) {
@@ -108,7 +128,7 @@ private static JwsAlgorithm jwsAlgorithm(String signingAlgorithm) {
 		return jwsAlgorithm;
 	}
 
-	private static SignatureAlgorithm signatureAlgorithm(String signatureAlgorithm) {
+	private SignatureAlgorithm signatureAlgorithm(String signatureAlgorithm) {
 		return SignatureAlgorithm.from(signatureAlgorithm.toUpperCase());
 	}
 

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerProperties.java renamed to spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerProperties.java

@@ -48,26 +48,17 @@ class OAuth2AuthorizationServerWebSecurityConfiguration {
 	SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
 		OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
 		http.getConfigurer(OAuth2AuthorizationServerConfigurer.class).oidc(Customizer.withDefaults());
-		// @formatter:off
-		http
-			.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
+		http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
 			.exceptionHandling((exceptions) -> exceptions
-				.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
-			);
-		// @formatter:on
+				.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")));
 		return http.build();
 	}
 
 	@Bean
 	@Order(SecurityProperties.BASIC_AUTH_ORDER)
 	SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
-		// @formatter:off
-		http
-			.authorizeHttpRequests((authorize) -> authorize
-				.anyRequest().authenticated()
-			)
+		http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated())
 			.formLogin(Customizer.withDefaults());
-		// @formatter:on
 		return http.build();
 	}
 

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/OAuth2AuthorizationServerPropertiesRegistrationAdapter.java renamed to spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesMapper.java

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.boot.autoconfigure.security.oauth2.server;
+package org.springframework.boot.autoconfigure.security.oauth2.server.servlet;
 
 import java.util.Collections;
 import java.util.Map;
@@ -34,9 +34,8 @@
  * properties are defined.
  *
  * @author Steve Riesenberg
- * @since 3.1.0
  */
-public class RegisteredClientsConfiguredCondition extends SpringBootCondition {
+class RegisteredClientsConfiguredCondition extends SpringBootCondition {
 
 	private static final Bindable<Map<String, OAuth2AuthorizationServerProperties.Client>> STRING_CLIENT_MAP = Bindable
 		.mapOf(String.class, OAuth2AuthorizationServerProperties.Client.class);