Chapter 18 request matcher serverwebexchangematcher of oauth2loginauthenticationwebfilter

In the last article, we analyzed OAuth2LoginAuthentiationWebFilter The successful matching request path will be intercepted . Which request paths will be blocked 、 How to customize the request path to be intercepted . These two questions will be the theme of today .

initialization ServerWebExchageMatcher

stay ServerHttpSecurity The inner class of a class OAuth2LoginSpec Of configure() In the way ,OAuth2LoginAuthenticationWebFilter Initialize the ServerWebExchangeMather. If we don't specify ServerWebExchangeMather, Create the default ; Otherwise use the specified . The creation process is probably shown in the following source code .

protected void configure(ServerHttpSecurity http) {
    
		//  Omit other configuration 
		AuthenticationWebFilter authenticationFilter = new OAuth2LoginAuthenticationWebFilter(manager, authorizedClientRepository);
		authenticationFilter.setRequiresAuthenticationMatcher(this.getAuthenticationMatcher());
}

private ServerWebExchangeMatcher getAuthenticationMatcher() {
    
		//  If you do not specify your own configuration , Use the default 
    if (this.authenticationMatcher == null) {
    
        this.authenticationMatcher = this.createAttemptAuthenticationRequestMatcher();
    }

    return this.authenticationMatcher;
}

private ServerWebExchangeMatcher createAttemptAuthenticationRequestMatcher() {
    
    return new PathPatternParserServerWebExchangeMatcher("/login/oauth2/code/{registrationId}");
}

From the source , We can observe that the default intercepted request path is ：/login/oauth2/code/{registrationId}
PathPatterParserServerWebExchangeMatcher
The function of matching the request path is determined by PathPatterParserServerWebExchangeMatcher To achieve . It will intercept the request path , And extract the parameters of the request path . for example , The request path is /login/oauth2/code/google Parameters will be extracted google, And put in Map in . The core source code is shown below .

public Mono<MatchResult> matches(ServerWebExchange exchange) {
    
    ServerHttpRequest request = exchange.getRequest();
    PathContainer path = request.getPath().pathWithinApplication();
		//  The request method is different from the configuration method , The match is not successful 
    if (this.method != null && !this.method.equals(request.getMethod())) {
    
        return MatchResult.notMatch().doOnNext((result) -> {
    
            if (logger.isDebugEnabled()) {
    
                logger.debug("Request '" + request.getMethod() + " " + path + "' doesn't match '" + this.method + " " + this.pattern.getPatternString() + "'");
            }

        });
    } else {
    
        boolean match = this.pattern.matches(path);
        if (!match) {
    
            return MatchResult.notMatch().doOnNext((result) -> {
    
                if (logger.isDebugEnabled()) {
    
                    logger.debug("Request '" + request.getMethod() + " " + path + "' doesn't match '" + this.method + " " + this.pattern.getPatternString() + "'");
                }

            });
        } else {
    
						//  Extract request parameters 
            Map<String, String> pathVariables = this.pattern.matchAndExtract(path).getUriVariables();
            Map<String, Object> variables = new HashMap(pathVariables);
            if (logger.isDebugEnabled()) {
    
                logger.debug("Checking match of request : '" + path + "'; against '" + this.pattern.getPatternString() + "'");
            }
						//  Return the result of successful matching , And put the extracted parameters into the results .
            return MatchResult.match(variables);
        }
    }
}

Custom interception path
If you don't want to intercept the request, the default path is /login/oauth2/code/{registrationId} Request , We can configure . The configuration is as follows .

@Configuration
@EnableWebFluxSecurity
@Slf4j
public class SecurityConfig {
    
		@Bean
    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
    
				return http
                .csrf().disable()
								.oauth2Login(oauth2Login -> oauth2Login
												.authenticationMatcher(new PathPatternParserServerWebExchangeMatcher(
                                "/oauth2/code/{registrationId}"))
												)
												.build();
		}
}