Skip to content

OidcLoginRequestPostProcessor should respect configuration order #7794

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jzheaux opened this issue Jan 7, 2020 · 1 comment
Closed

OidcLoginRequestPostProcessor should respect configuration order #7794

jzheaux opened this issue Jan 7, 2020 · 1 comment
Assignees
@jzheaux
Labels
in: test An issue in spring-security-test type: bug A general bug
Milestone
5.3.0.M1

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Jan 7, 2020

Currently, the OidcLoginRequestPostProcessor documentation states:

Supplying an {@link OidcUser} will take precedence over {@link #idToken}, {@link #userInfo}, and list of {@link GrantedAuthority}s to use.

This means that if an app does:

oidcLogin()
    .oidcUser(fooOidcUser)
    .authorities(barAuthority)

Then the second call will have no effect.

This isn't consistent, though, with how other builders in Spring Security work. Generally speaking, builders should respect the order in which its methods are invoked,

Instead,

oidcLogin()
    .oidcUser(fooOidcUser)
    .authorities(barAuthority)

should cause the builder to give precedence to the authorities given since that's what was called last.

The reason for this is so that apps can more easily build helper methods that construct and return an OidcLoginRequestPostProcessor for further configuration:

private static OidcLoginRequestPostProcessor fooOidcLogin() {
    return oidcLogin().oidcUser(fooOidcUser);
}

And then

@Test
public void test() {
    this.mvc.perform(get("/")
        .with(fooOidcLogin()
            .authorities(barAuthority))) // ...
}

will work as expected.
@jzheaux jzheaux added in: test An issue in spring-security-test type: bug A general bug labels Jan 7, 2020
@jzheaux jzheaux added this to the 5.3.0.M1 milestone Jan 7, 2020
@jzheaux jzheaux self-assigned this Jan 7, 2020
@jzheaux
Copy link
Contributor Author

jzheaux commented Jan 8, 2020

This should be addressed for OidcLoginMutator as well.

@jzheaux jzheaux closed this as completed in 09810b8 Jan 8, 2020
@jzheaux jzheaux mentioned this issue Jan 8, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: test An issue in spring-security-test type: bug A general bug
Projects
None yet
Milestone
5.3.0.M1
Development

No branches or pull requests
1 participant
@jzheaux