Skip to content

Commit

Permalink
Merge branch '1.1.x'
Browse files Browse the repository at this point in the history
  • Loading branch information
@jgrandja
jgrandja committed Nov 6, 2023
2 parents 6d15154 + 55595ac commit cf801c3
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 0 deletions.
4 changes: 4 additions & 0 deletions .../authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/**
* An {@link AbstractHttpConfigurer} for OAuth 2.0 Authorization Server support.
Expand Down Expand Up @@ -387,6 +388,9 @@ private static void validateAuthorizationServerSettings(AuthorizationServerSetti
} catch (Exception ex) {
throw new IllegalArgumentException("issuer must be a valid URL", ex);
}
if (StringUtils.hasText(issuerUri.getPath())) {
throw new IllegalArgumentException("Path component for issuer ('" + issuerUri.getPath() + "') is currently not supported");
}
// rfc8414 https://datatracker.ietf.org/doc/html/rfc8414#section-2
if (issuerUri.getQuery() != null || issuerUri.getFragment() != null) {
throw new IllegalArgumentException("issuer cannot contain query or fragment component");
Expand Down
32 changes: 32 additions & 0 deletions ...erver/authorization/config/annotation/web/configurers/OidcProviderConfigurationTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,6 +163,13 @@ public void loadContextWhenIssuerNotValidUriThenThrowException() {
);
}

@Test
public void loadContextWhenIssuerWithPathThenThrowException() {
assertThatThrownBy(
() -> this.spring.register(AuthorizationServerConfigurationWithIssuerPath.class).autowire()
);
}

@Test
public void loadContextWhenIssuerWithQueryThenThrowException() {
assertThatThrownBy(
Expand All @@ -184,6 +191,13 @@ public void loadContextWhenIssuerWithQueryAndFragmentThenThrowException() {
);
}

@Test
public void loadContextWhenIssuerWithEmptyPathThenThrowException() {
assertThatThrownBy(
() -> this.spring.register(AuthorizationServerConfigurationWithIssuerEmptyPath.class).autowire()
);
}

@Test
public void loadContextWhenIssuerWithEmptyQueryThenThrowException() {
assertThatThrownBy(
Expand Down Expand Up @@ -301,6 +315,15 @@ AuthorizationServerSettings authorizationServerSettings() {
}
}

@EnableWebSecurity
static class AuthorizationServerConfigurationWithIssuerPath extends AuthorizationServerConfiguration {

@Bean
AuthorizationServerSettings authorizationServerSettings() {
return AuthorizationServerSettings.builder().issuer(ISSUER_URL + "/issuer1").build();
}
}

@EnableWebSecurity
static class AuthorizationServerConfigurationWithIssuerQuery extends AuthorizationServerConfiguration {

Expand Down Expand Up @@ -328,6 +351,15 @@ AuthorizationServerSettings authorizationServerSettings() {
}
}

@EnableWebSecurity
static class AuthorizationServerConfigurationWithIssuerEmptyPath extends AuthorizationServerConfiguration {

@Bean
AuthorizationServerSettings authorizationServerSettings() {
return AuthorizationServerSettings.builder().issuer(ISSUER_URL + "/").build();
}
}

@EnableWebSecurity
static class AuthorizationServerConfigurationWithIssuerEmptyQuery extends AuthorizationServerConfiguration {

Expand Down

0 comments on commit cf801c3

Please sign in to comment.