Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Register OAuth2AuthorizedClientArgumentResolver for XML Config #8669

Closed
realulim opened this issue Jun 9, 2020 · 9 comments
Closed

Register OAuth2AuthorizedClientArgumentResolver for XML Config #8669

realulim opened this issue Jun 9, 2020 · 9 comments
Assignees
@jgrandja
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Milestone
5.4.0-M2

Comments

@realulim
Copy link

realulim commented Jun 9, 2020

Describe the bug
Normally, when oauth2-login is configured, it is possible to inject @AuthenticationPrincipal and @RegisteredOAuth2AuthorizedClient into controller methods. The former always works, the latter only with Java configuration. With an XML configuration like this:

        <sec:http pattern="/my-api/**" use-expressions="true" auto-config="false">
            <sec:csrf disabled="true"/>
            <sec:intercept-url pattern="/my-api/**" access="authenticated"/>
            <sec:oauth2-login access-token-response-client-ref="accessTokenResponseClient"/>
        </sec:http>
...
        <sec:client-registrations>
            <sec:client-registration registration-id="myId" ... />
            <sec:provider provider-id="myProvider" .../>
        </sec:client-registrations>

And controller code like this:

    public Map<String, Object> getStuff(
            @AuthenticationPrincipal Principal principal,
            @RegisteredOAuth2AuthorizedClient(registrationId = "myId") OAuth2AuthorizedClient client) {
...
}

I am getting the following stacktrace:

| Caused by: java.lang.IllegalStateException: No primary or default constructor found for class org.springframework.security.oauth2.client.OAuth2AuthorizedClient
| at org.springframework.web.method.annotation.ModelAttributeMethodProcessor.createAttribute(ModelAttributeMethodProcessor.java:219)
| at org.springframework.web.servlet.mvc.method.annotation.ServletModelAttributeMethodProcessor.createAttribute(ServletModelAttributeMethodProcessor.java:85)
...
Caused by: java.lang.NoSuchMethodException: org.springframework.security.oauth2.client.OAuth2AuthorizedClient.()
| at java.lang.Class.getConstructor0(Class.java:3082)

With the equivalent configuration in Java it works. There might be a problem with the client registrations being an inner bean and somehow not getting managed properly in the OAuth2AuthorizedClientRepository.
@realulim realulim added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Jun 9, 2020
@jgrandja
Copy link
Contributor

Thanks for the report @realulim.

The Java configuration registers OAuth2ClientConfiguration.OAuth2ClientWebMvcSecurityConfiguration and adds OAuth2AuthorizedClientArgumentResolver, which resolves OAuth2AuthorizedClient via @RegisteredOAuth2AuthorizedClient.

The issue is that OAuth2AuthorizedClientArgumentResolver is not automatically registered when using XML config.

I'll add this to our backlog as an enhancement.

@jgrandja jgrandja added in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Jun 22, 2020
@jgrandja jgrandja changed the title Injection of @RegisteredOAuth2AuthorizedClient fails with XML Config Register OAuth2AuthorizedClientArgumentResolver for XML Config Jun 22, 2020
@jgrandja jgrandja removed their assignment Jun 22, 2020
@jgrandja jgrandja mentioned this issue Jun 22, 2020
Closed
@realulim
Copy link
Author

Thank you for confirming and taking it on. As a workaround, would it be somehow possible to manually configure the OAuth2AuthorizedClientArgumentResolver?

@jgrandja jgrandja self-assigned this Jun 25, 2020
@jgrandja jgrandja added this to the 5.4.0-M2 milestone Jun 25, 2020
@jgrandja
Copy link
Contributor

@realulim I just pushed this enhancement to master. Let me know how it goes.

@realulim
Copy link
Author

I checked out master and did ./gradlew install and ./gradlew build, but the generated jar in build/libs has no classes. Is there a place where binaries could be downloaded, perhaps a nightly build?

@jgrandja
Copy link
Contributor

@realulim You'll need to test this against the snapshot repository https://repo.spring.io/snapshot.
See the reference doc for maven configuration.

@realulim
Copy link
Author

I have tried this with the snapshot repo enabled and for the following gradle dependency:

implementation "org.springframework.security:spring-security-oauth2-client:5.4.0.BUILD-SNAPSHOT"

Perhaps this is the wrong version tag, because the behavior is unchanged to what I see with version 5.3.3.RELEASE.

jgrandja added a commit that referenced this issue Jul 1, 2020
@jgrandja
Register OAuth2AuthorizedClientArgumentResolver as custom resolver fo…
0b5a14a 
…r XML config

Issue gh-8669
@jgrandja
Copy link
Contributor

jgrandja commented Jul 1, 2020

@realulim The Spring versioning scheme changed recently - see announcement.

Instead of 5.4.0.BUILD-SNAPSHOT use the new tag 5.4.0-SNAPSHOT.

Here is a working sample (xml-config branch) for your reference.

@realulim
Copy link
Author

realulim commented Jul 2, 2020

I am still getting the same exception. My configuration is very similar to the example, only that I am using an external authorisation server and thus need a custom AccessTokenClient. I suppose at this point I need to create a minimal example to reproduce the error.

| Caused by: java.lang.NoSuchMethodException: org.springframework.security.oauth2.client.OAuth2AuthorizedClient.<init>()
|         at java.lang.Class.getConstructor0(Class.java:3082)
|         at java.lang.Class.getDeclaredConstructor(Class.java:2178)
|         at org.springframework.web.method.annotation.ModelAttributeMethodProcessor.createAttribute(ModelAttributeMethodProcessor.java:216)
|         ... 149 more

@jgrandja
Copy link
Contributor

jgrandja commented Jul 2, 2020

Yes, please put together a minimal sample that reproduces the issue.

jgrandja added a commit that referenced this issue Jul 15, 2020
@jgrandja
Polish gh-8669
7cc6509
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Milestone
5.4.0-M2
Development

No branches or pull requests
2 participants
@jgrandja @realulim