问题
What I'm trying to do is to add an extra parameter openid.realm to my authorization request.
My problem is very similar to https://github.com/spring-projects/spring-security-oauth/issues/123 and I tried to follow the outlined to way solve it:
// Create an enhancer that adds openid.realm
DefaultRequestEnhancer enhancer = new DefaultRequestEnhancer();
enhancer.setParameterIncludes(Arrays.asList("openid.realm"));
// Create tokenprovider that use the enhancer
AuthorizationCodeAccessTokenProvider tokenProvider =
new AuthorizationCodeAccessTokenProvider();
tokenProvider.setAuthorizationRequestEnhancer(enhancer);
// Give the tokenProvider to the rest template
googleOauthRestTemplate.setAccessTokenProvider(tokenProvider);
googleOauthRestTemplate.
getOAuth2ClientContext().
getAccessTokenRequest().set("openid.realm", "http://localhost:8080/");
// Try to get the protected resource
googleOauthRestTemplate.
getForObject("https://www.googleapis.com/...", String.class);
Now when a user first hits this code he is thrown out with a UserRedirectRequiredException (originating at getRedirectForAuthorization) and the parameters there are client_id, redirect_uri, response_type and scope, they all look ok but I'm missing the openid.realm parameter that I though I've just set.
Shouldn't it be there during the redirect as well?
Update:
Here is a new testcase that fails on the last assert. (put in file: AuthorizationCodeAccessTokenProviderTests.java)
@Test
public void testEnhancedRedirectToAuthorizationEndpoint() throws Exception {
DefaultRequestEnhancer enhancer = new DefaultRequestEnhancer();
enhancer.setParameterIncludes(Arrays.asList("openid.realm"));
provider.setAuthorizationRequestEnhancer(enhancer);
AccessTokenRequest request = new DefaultAccessTokenRequest();
request.set("openid.realm", "http://localhost:8080");
request.setCurrentUri("/come/back/soon");
resource.setUserAuthorizationUri("http://localhost/oauth/authorize");
try {
provider.obtainAccessToken(resource, request);
fail("Expected UserRedirectRequiredException");
}
catch (UserRedirectRequiredException e) {
assertEquals("http://localhost/oauth/authorize", e.getRedirectUri());
assertEquals("/come/back/soon", e.getStateToPreserve());
assertEquals("code", e.getRequestParams().get("response_type"));
assertEquals("http://localhost:8080", e.getRequestParams().get("openid.realm"));
}
}
Update 2: I've worked around the problem by extending the token provider and adding the params manually. Maybe its not the right way to do it but it seems to work for my specific case at least:
class EnhancedAuthorizationCodeAccessTokenProvider extends AuthorizationCodeAccessTokenProvider {
static String REQUEST_PARAM_OPENID_REALM = "openid.realm";
@Override
public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails details, AccessTokenRequest request) throws UserRedirectRequiredException, UserApprovalRequiredException, AccessDeniedException, OAuth2AccessDeniedException {
try {
return super.obtainAccessToken(details, request);
} catch (UserRedirectRequiredException e) {
Map<String, String> requestParams = e.getRequestParams();
if (!requestParams.containsKey(REQUEST_PARAM_OPENID_REALM) && request.containsKey(REQUEST_PARAM_OPENID_REALM)) {
requestParams.put(REQUEST_PARAM_OPENID_REALM, request.getFirst(REQUEST_PARAM_OPENID_REALM));
}
throw e;
}
}
}
来源:https://stackoverflow.com/questions/24424715/requestenhancer-not-used-for-authorizationcodeaccesstokenprovider-during-getredi