-
Notifications
You must be signed in to change notification settings - Fork 742
feat(OAuth2): Remove deprecated OAuth2 annotation. Instead Use Java DSL way of OAuth2 #1887
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Draft
rahul-chekuri
wants to merge
17
commits into
spinnaker:master
Choose a base branch
from
rahul-chekuri:oauth2-ss5-migration
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Changes from all commits
Commits
Show all changes
17 commits
Select commit
Hold shift + click to select a range
fe51eda
feature(OAuth2): Remove deprecated OAuth2 annotation. Instead Use Jav…
rahul-chekuri 1092acc
Add javadoc
rahul-chekuri 1f9f384
Use Objects.toString instead of custom toStringOrNull method
rahul-chekuri 3e64fb6
Remove unused class member
rahul-chekuri 0207ced
Add construtor injection
rahul-chekuri 49dcc5a
Call get property than the direct access
rahul-chekuri af1c8db
Add javadoc, made class level properties final, Add GithubProviderTok…
rahul-chekuri 2b67a51
Enhance null attributes and authorities logic. Correct Copyright. Add…
rahul-chekuri 3efc6ad
Use constructor injection for SpinnakerProviderTokenServices
rahul-chekuri c08c328
Tests: Refactor test initialization by replacing MockitoAnnotations.o…
rahul-chekuri 7e9f3da
chore(dependencies): Autobump korkVersion (#1889)
spinnakerbot 0d7820b
chore(dependencies): Autobump fiatVersion (#1890)
spinnakerbot fe8b522
chore(dependencies): Autobump korkVersion (#1891)
spinnakerbot fb27b30
chore(dependencies): Autobump fiatVersion (#1892)
spinnakerbot 327c7ec
chore(dependencies): Autobump korkVersion (#1894)
spinnakerbot 4172fd0
chore(dependencies): Autobump fiatVersion (#1895)
spinnakerbot 8ef7e4a
Merge branch 'master' into oauth2-ss5-migration
rahul-chekuri File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
71 changes: 0 additions & 71 deletions
71
...th2/src/main/java/com/netflix/spinnaker/gate/security/oauth2/ExternalAuthTokenFilter.java
This file was deleted.
Oops, something went wrong.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
101 changes: 101 additions & 0 deletions
101
gate-oauth2/src/main/java/com/netflix/spinnaker/gate/security/oauth2/OAuthConfigEnabled.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,101 @@ | ||
| /* | ||
| * Copyright 2025 OpsMx, Inc. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package com.netflix.spinnaker.gate.security.oauth2; | ||
|
|
||
| import java.util.regex.Pattern; | ||
| import lombok.extern.slf4j.Slf4j; | ||
| import org.springframework.context.annotation.Condition; | ||
| import org.springframework.context.annotation.ConditionContext; | ||
| import org.springframework.core.env.ConfigurableEnvironment; | ||
| import org.springframework.core.env.EnumerablePropertySource; | ||
| import org.springframework.core.env.PropertySource; | ||
| import org.springframework.core.type.AnnotatedTypeMetadata; | ||
|
|
||
| /** | ||
| * This class implements the {@link Condition} interface to check if OAuth2 configuration is enabled | ||
| * in the Spring environment based on the presence of a client ID property. It inspects the | ||
| * environment's property sources for any property matching the regular expression for OAuth2 client | ||
| * registration. | ||
| * | ||
| * <p>The condition matches if there is any property key that matches the pattern: | ||
| * "spring.security.oauth2.client.registration.<client-name>.client-id". If such a property exists, | ||
| * the condition returns {@code true}, indicating that OAuth2 configuration is enabled. Otherwise, | ||
| * it returns {@code false}. | ||
| * | ||
| * <p>This condition can be used in Spring's {@link | ||
| * org.springframework.context.annotation.Conditional} annotations to conditionally enable or | ||
| * disable beans based on the presence of OAuth2 client properties in the application's | ||
| * configuration. | ||
| * | ||
| * <p>Example: | ||
| * | ||
| * <pre> | ||
| * @Configuration | ||
| * @Conditional(OAuthConfigEnabled.class) | ||
| * public class OAuth2SsoConfig { | ||
| * // Bean definitions for OAuth2 configuration | ||
| * } | ||
| * </pre> | ||
| * | ||
| * <p>Note: The condition looks for the client ID property in the environment, which is a standard | ||
| * property for configuring OAuth2 client registration in Spring Security. | ||
| */ | ||
| @Slf4j | ||
| public class OAuthConfigEnabled implements Condition { | ||
dbyron-sf marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| private static final String SPRING_SECURITY_OAUTH2_REGEX = | ||
| "spring\\.security\\.oauth2\\.client\\.registration\\..*\\.client-id"; | ||
| private static final Pattern SPRING_SECURITY_OAUTH2_PATTERN = | ||
| Pattern.compile(SPRING_SECURITY_OAUTH2_REGEX); | ||
|
|
||
| /** | ||
| * Evaluates whether the condition matches based on the presence of OAuth2 client registration | ||
| * properties in the Spring environment. | ||
| * | ||
| * <p>This method checks if the application's {@link ConfigurableEnvironment} contains any | ||
| * property names that match the pattern <code> | ||
| * spring.security.oauth2.client.registration.<client-name>.client-id</code>. If at least | ||
| * one such property exists, the method returns {@code true}, indicating that OAuth2 configuration | ||
| * is enabled. Otherwise, it returns {@code false}. | ||
| * | ||
| * @param context The {@link ConditionContext}, which provides access to the Spring environment | ||
| * and application context. | ||
| * @param metadata The {@link AnnotatedTypeMetadata} of the annotated component. (Not used in this | ||
| * implementation.) | ||
| * @return {@code true} if at least one OAuth2 client registration property is found, {@code | ||
| * false} otherwise. | ||
| */ | ||
| @Override | ||
| public boolean matches(ConditionContext context, AnnotatedTypeMetadata metadata) { | ||
| if (!(context.getEnvironment() instanceof ConfigurableEnvironment)) { | ||
dbyron-sf marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| return false; | ||
| } | ||
|
|
||
| ConfigurableEnvironment env = (ConfigurableEnvironment) context.getEnvironment(); | ||
|
|
||
| for (PropertySource<?> propertySource : env.getPropertySources()) { | ||
| if (propertySource instanceof EnumerablePropertySource) { | ||
| for (String propertyName : | ||
| ((EnumerablePropertySource<?>) propertySource).getPropertyNames()) { | ||
| if (SPRING_SECURITY_OAUTH2_PATTERN.matcher(propertyName).matches()) { | ||
| return true; // If any property matches, load the configuration | ||
| } | ||
| } | ||
| } | ||
| } | ||
| return false; // Skip configuration if no matching properties found | ||
| } | ||
| } | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
WebSecurityConfigurerAdapter is deprecated. Are there plans to move to something that's not?
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We plan to delete the Adapter from the gate as part of the springboot3 upgrade.