From 2a5c0a3b6ffea7b313e605504f3303bc1ee1a94a Mon Sep 17 00:00:00 2001 From: ch4mpy Date: Thu, 6 Jun 2024 15:37:42 -1000 Subject: [PATCH] Add a query parameter to authorization failure URI --- release-notes.md | 4 ++++ .../properties/SpringAddonsOidcClientProperties.java | 1 + ...AddonsOauth2ServerAuthenticationFailureHandler.java | 8 ++++++-- ...SpringAddonsOauth2AuthenticationFailureHandler.java | 10 +++++++--- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/release-notes.md b/release-notes.md index 1ed5889a4..32ae90c84 100644 --- a/release-notes.md +++ b/release-notes.md @@ -2,6 +2,10 @@ ## `7.x` Branch +### `7.8.1` +- Fix default authorization failure handler auto-configuration +- Add a `error` query parameter to authorization failure URI + ### `7.8.0` - Spring Boot `3.3.0` as transitive dependency diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcClientProperties.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcClientProperties.java index 591c23608..191fca0db 100644 --- a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcClientProperties.java +++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcClientProperties.java @@ -37,6 +37,7 @@ public class SpringAddonsOidcClientProperties { public static final String POST_AUTHENTICATION_FAILURE_URI_HEADER = "X-POST-LOGIN-FAILURE-URI"; public static final String POST_AUTHENTICATION_FAILURE_URI_PARAM = "post_login_failure_uri"; public static final String POST_AUTHENTICATION_FAILURE_URI_SESSION_ATTRIBUTE = POST_AUTHENTICATION_FAILURE_URI_PARAM; + public static final String POST_AUTHENTICATION_FAILURE_CAUSE_ATTRIBUTE = "error"; public static final String POST_LOGOUT_SUCCESS_URI_HEADER = "X-POST-LOGOUT-SUCCESS-URI"; public static final String POST_LOGOUT_SUCCESS_URI_PARAM = "post_logout_success_uri"; diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/SpringAddonsOauth2ServerAuthenticationFailureHandler.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/SpringAddonsOauth2ServerAuthenticationFailureHandler.java index ab9cc6ddc..76685fe69 100644 --- a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/SpringAddonsOauth2ServerAuthenticationFailureHandler.java +++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/SpringAddonsOauth2ServerAuthenticationFailureHandler.java @@ -5,6 +5,8 @@ import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.server.WebFilterExchange; import org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler; +import org.springframework.web.util.HtmlUtils; +import org.springframework.web.util.UriComponentsBuilder; import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcClientProperties; import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties; @@ -31,8 +33,10 @@ public SpringAddonsOauth2ServerAuthenticationFailureHandler(SpringAddonsOidcProp @Override public Mono onAuthenticationFailure(WebFilterExchange webFilterExchange, AuthenticationException exception) { return webFilterExchange.getExchange().getSession().flatMap(session -> { - final var uri = - session.getAttributeOrDefault(SpringAddonsOidcClientProperties.POST_AUTHENTICATION_FAILURE_URI_SESSION_ATTRIBUTE, defaultRedirectUri); + final var uri = UriComponentsBuilder.fromUri( + session.getAttributeOrDefault(SpringAddonsOidcClientProperties.POST_AUTHENTICATION_FAILURE_URI_SESSION_ATTRIBUTE, defaultRedirectUri)) + .queryParam(SpringAddonsOidcClientProperties.POST_AUTHENTICATION_FAILURE_CAUSE_ATTRIBUTE, HtmlUtils.htmlEscape(exception.getMessage())) + .build().toUri(); return redirectStrategy.sendRedirect(webFilterExchange.getExchange(), uri); }); } diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOauth2AuthenticationFailureHandler.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOauth2AuthenticationFailureHandler.java index 6e1de8036..ea5bd8a26 100644 --- a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOauth2AuthenticationFailureHandler.java +++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOauth2AuthenticationFailureHandler.java @@ -6,6 +6,8 @@ import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.authentication.AuthenticationFailureHandler; +import org.springframework.web.util.HtmlUtils; +import org.springframework.web.util.UriComponentsBuilder; import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcClientProperties; import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties; @@ -35,9 +37,11 @@ public SpringAddonsOauth2AuthenticationFailureHandler(SpringAddonsOidcProperties public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { - final var uri = + final var uri = UriComponentsBuilder.fromUriString( Optional.ofNullable(request.getSession().getAttribute(SpringAddonsOidcClientProperties.POST_AUTHENTICATION_FAILURE_URI_SESSION_ATTRIBUTE)) - .map(Object::toString).orElse(redirectUri); - redirectStrategy.sendRedirect(request, response, uri); + .map(Object::toString).orElse(redirectUri)) + .queryParam(SpringAddonsOidcClientProperties.POST_AUTHENTICATION_FAILURE_CAUSE_ATTRIBUTE, HtmlUtils.htmlEscape(exception.getMessage())).build() + .toUri(); + redirectStrategy.sendRedirect(request, response, uri.toString()); } }