Update exception handling config in samples

Closes spring-projectsgh-1204
sjohnr · May 9, 2023 · 4a7b0a8 · 4a7b0a8
1 parent 51f266b
commit 4a7b0a8
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 7 deletions.
diff --git a/samples/demo-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java b/samples/demo-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java
@@ -22,9 +22,8 @@
 import com.nimbusds.jose.jwk.source.JWKSource;
 import com.nimbusds.jose.proc.SecurityContext;
 import sample.authentication.DeviceClientAuthenticationProvider;
-import sample.jose.Jwks;
-import sample.federation.FederatedIdentityConfigurer;
 import sample.federation.FederatedIdentityIdTokenCustomizer;
+import sample.jose.Jwks;
 import sample.web.authentication.DeviceClientAuthenticationConverter;
 
 import org.springframework.context.annotation.Bean;
@@ -55,7 +54,8 @@
 import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
+
+import static sample.federation.FederatedIdentityAuthenticationEntryPoint.loginPage;
 
 /**
  * @author Joe Grandja
@@ -117,13 +117,11 @@ public SecurityFilterChain authorizationServerSecurityFilterChain(
 
 		// @formatter:off
 		http
-			.exceptionHandling(exceptions ->
-				exceptions.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
-			)
 			.oauth2ResourceServer(oauth2ResourceServer ->
 				oauth2ResourceServer.jwt(Customizer.withDefaults()))
-			.apply(new FederatedIdentityConfigurer());
+			.apply(loginPage("/login"));
 		// @formatter:on
+
 		return http.build();
 	}
 

diff --git a/...tionserver/src/main/java/sample/federation/FederatedIdentityAuthenticationEntryPoint.java b/...tionserver/src/main/java/sample/federation/FederatedIdentityAuthenticationEntryPoint.java
@@ -21,15 +21,22 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 
+import org.springframework.context.ApplicationContext;
+import org.springframework.http.MediaType;
 import org.springframework.http.server.ServletServerHttpRequest;
+import org.springframework.security.config.annotation.SecurityConfigurer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.DefaultRedirectStrategy;
+import org.springframework.security.web.DefaultSecurityFilterChain;
 import org.springframework.security.web.RedirectStrategy;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
+import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
 import org.springframework.web.util.UriComponentsBuilder;
 
 /**
@@ -79,4 +86,46 @@ public void setAuthorizationRequestUri(String authorizationRequestUri) {
 		this.authorizationRequestUri = authorizationRequestUri;
 	}
 
+	/**
+	 * Create a configurer for setting up the {@link FederatedIdentityAuthenticationEntryPoint} to redirect to the
+	 * login page.
+	 * <p>
+	 * Use this configurer with the {@code authorizationServerSecurityFilterChain(http)}.
+	 *
+	 * @param loginPageUrl The URL of the login page, defaults to {@code "/login"}
+	 */
+	public static SecurityConfigurer<DefaultSecurityFilterChain, HttpSecurity> loginPage(String loginPageUrl) {
+		return new DefaultEntryPointConfigurer(loginPageUrl);
+	}
+
+	/**
+	 * A configurer for setting up the {@link FederatedIdentityAuthenticationEntryPoint} to redirect to the login page.
+	 */
+	private static final class DefaultEntryPointConfigurer extends AbstractHttpConfigurer<DefaultEntryPointConfigurer, HttpSecurity> {
+
+		private final String loginPageUrl;
+
+		private DefaultEntryPointConfigurer(String loginPageUrl) {
+			this.loginPageUrl = loginPageUrl;
+		}
+
+		@Override
+		public void init(HttpSecurity http) throws Exception {
+			ApplicationContext applicationContext = http.getSharedObject(ApplicationContext.class);
+
+			ClientRegistrationRepository clientRegistrationRepository =
+					applicationContext.getBean(ClientRegistrationRepository.class);
+
+			// @formatter:off
+			http
+				.exceptionHandling(exceptionHandling ->
+					exceptionHandling.defaultAuthenticationEntryPointFor(
+						new FederatedIdentityAuthenticationEntryPoint(this.loginPageUrl, clientRegistrationRepository),
+						new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
+					)
+				);
+			// @formatter:on
+		}
+	}
+
 }