diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerUtils.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerUtils.java index 184042f8231..485c068e85b 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerUtils.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerUtils.java @@ -116,10 +116,17 @@ private static > OAuth2AuthorizedClientService static > OidcSessionRegistry getOidcSessionRegistry(B builder) { OidcSessionRegistry sessionRegistry = builder.getSharedObject(OidcSessionRegistry.class); - if (sessionRegistry == null) { + if (sessionRegistry != null) { + return sessionRegistry; + } + ApplicationContext context = builder.getSharedObject(ApplicationContext.class); + if (context.getBeanNamesForType(OidcSessionRegistry.class).length == 1) { + sessionRegistry = context.getBean(OidcSessionRegistry.class); + } + else { sessionRegistry = new InMemoryOidcSessionRegistry(); - builder.setSharedObject(OidcSessionRegistry.class, sessionRegistry); } + builder.setSharedObject(OidcSessionRegistry.class, sessionRegistry); return sessionRegistry; } diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java index b6000b73224..cd52e80738a 100644 --- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java @@ -5496,7 +5496,7 @@ private ReactiveClientRegistrationRepository getClientRegistrationRepository() { private ReactiveOidcSessionRegistry getSessionRegistry() { if (this.sessionRegistry == null && ServerHttpSecurity.this.oauth2Login == null) { - return new InMemoryReactiveOidcSessionRegistry(); + return getBeanOrDefault(ReactiveOidcSessionRegistry.class, new InMemoryReactiveOidcSessionRegistry()); } if (this.sessionRegistry == null) { return ServerHttpSecurity.this.oauth2Login.oidcSessionRegistry; diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcLogoutConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcLogoutConfigurerTests.java index e1a6c357fa6..2b85cb72a26 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcLogoutConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcLogoutConfigurerTests.java @@ -396,15 +396,13 @@ SecurityFilterChain filters(HttpSecurity http) throws Exception { @Import(RegistrationConfig.class) static class SelfLogoutUriConfig { - private final OidcSessionRegistry sessionRegistry = new InMemoryOidcSessionRegistry(); - @Bean @Order(1) SecurityFilterChain filters(HttpSecurity http) throws Exception { // @formatter:off http .authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()) - .oauth2Login((oauth2) -> oauth2.oidcSessionRegistry(this.sessionRegistry)) + .oauth2Login(Customizer.withDefaults()) .oidcLogout((oidc) -> oidc .backChannel(Customizer.withDefaults()) ); @@ -413,11 +411,6 @@ SecurityFilterChain filters(HttpSecurity http) throws Exception { return http.build(); } - @Bean - OidcBackChannelLogoutHandler oidcLogoutHandler() { - return new OidcBackChannelLogoutHandler(this.sessionRegistry); - } - } @Configuration @@ -427,15 +420,13 @@ static class CookieConfig { private final MockWebServer server = new MockWebServer(); - private final OidcSessionRegistry sessionRegistry = new InMemoryOidcSessionRegistry(); - @Bean @Order(1) SecurityFilterChain filters(HttpSecurity http) throws Exception { // @formatter:off http .authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()) - .oauth2Login((oauth2) -> oauth2.oidcSessionRegistry(this.sessionRegistry)) + .oauth2Login(Customizer.withDefaults()) .oidcLogout((oidc) -> oidc .backChannel(Customizer.withDefaults()) ); @@ -445,8 +436,13 @@ SecurityFilterChain filters(HttpSecurity http) throws Exception { } @Bean - OidcBackChannelLogoutHandler oidcLogoutHandler() { - OidcBackChannelLogoutHandler logoutHandler = new OidcBackChannelLogoutHandler(this.sessionRegistry); + OidcSessionRegistry sessionRegistry() { + return new InMemoryOidcSessionRegistry(); + } + + @Bean + OidcBackChannelLogoutHandler oidcLogoutHandler(OidcSessionRegistry sessionRegistry) { + OidcBackChannelLogoutHandler logoutHandler = new OidcBackChannelLogoutHandler(sessionRegistry); logoutHandler.setSessionCookieName("SESSION"); return logoutHandler; } @@ -485,7 +481,7 @@ SecurityFilterChain filters(HttpSecurity http) throws Exception { // @formatter:off http .authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()) - .oauth2Login((oauth2) -> oauth2.oidcSessionRegistry(this.sessionRegistry)) + .oauth2Login(Customizer.withDefaults()) .oidcLogout((oidc) -> oidc.backChannel(Customizer.withDefaults())); // @formatter:on diff --git a/config/src/test/java/org/springframework/security/config/web/server/OidcLogoutSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OidcLogoutSpecTests.java index 63845b7fcf5..7e24cd3816f 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/OidcLogoutSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/OidcLogoutSpecTests.java @@ -519,8 +519,6 @@ SecurityWebFilterChain filters(ServerHttpSecurity http) throws Exception { @Import(RegistrationConfig.class) static class CookieConfig { - private final ReactiveOidcSessionRegistry sessionRegistry = new InMemoryReactiveOidcSessionRegistry(); - private final MockWebServer server = new MockWebServer(); @Bean @@ -529,7 +527,7 @@ SecurityWebFilterChain filters(ServerHttpSecurity http) throws Exception { // @formatter:off http .authorizeExchange((authorize) -> authorize.anyExchange().authenticated()) - .oauth2Login((oauth2) -> oauth2.oidcSessionRegistry(this.sessionRegistry)) + .oauth2Login(Customizer.withDefaults()) .oidcLogout((oidc) -> oidc .backChannel(Customizer.withDefaults()) ); @@ -539,9 +537,13 @@ SecurityWebFilterChain filters(ServerHttpSecurity http) throws Exception { } @Bean - OidcBackChannelServerLogoutHandler oidcLogoutHandler() { - OidcBackChannelServerLogoutHandler logoutHandler = new OidcBackChannelServerLogoutHandler( - this.sessionRegistry); + ReactiveOidcSessionRegistry oidcSessionRegistry() { + return new InMemoryReactiveOidcSessionRegistry(); + } + + @Bean + OidcBackChannelServerLogoutHandler oidcLogoutHandler(ReactiveOidcSessionRegistry sessionRegistry) { + OidcBackChannelServerLogoutHandler logoutHandler = new OidcBackChannelServerLogoutHandler(sessionRegistry); logoutHandler.setSessionCookieName("JSESSIONID"); return logoutHandler; } @@ -580,7 +582,7 @@ SecurityWebFilterChain filters(ServerHttpSecurity http) throws Exception { // @formatter:off http .authorizeExchange((authorize) -> authorize.anyExchange().authenticated()) - .oauth2Login((oauth2) -> oauth2.oidcSessionRegistry(this.sessionRegistry)) + .oauth2Login(Customizer.withDefaults()) .oidcLogout((oidc) -> oidc.backChannel(Customizer.withDefaults())); // @formatter:on