Skip to content
This repository was archived by the owner on May 31, 2022. It is now read-only.

Commit 3379a36

Browse files
jgrandjajgrandja
committed
Reset state for client authorization request
1 parent ad62bd5 commit 3379a36

File tree

2 files changed

+24
-2
lines changed

2 files changed

+24
-2
lines changed

spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/DefaultOAuth2ClientContext.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
package org.springframework.security.oauth2.client;
22

33
import java.io.Serializable;
4-
import java.util.HashMap;
54
import java.util.Map;
5+
import java.util.concurrent.ConcurrentHashMap;
66

77
import org.springframework.security.oauth2.client.token.AccessTokenRequest;
88
import org.springframework.security.oauth2.client.token.DefaultAccessTokenRequest;
@@ -25,7 +25,7 @@ public class DefaultOAuth2ClientContext implements OAuth2ClientContext, Serializ
2525

2626
private AccessTokenRequest accessTokenRequest;
2727

28-
private Map<String, Object> state = new HashMap<String, Object>();
28+
private Map<String, Object> state = new ConcurrentHashMap<String, Object>();
2929

3030
public DefaultOAuth2ClientContext() {
3131
this(new DefaultAccessTokenRequest());
@@ -54,6 +54,7 @@ public AccessTokenRequest getAccessTokenRequest() {
5454
}
5555

5656
public void setPreservedState(String stateKey, Object preservedState) {
57+
state.clear();
5758
state.put(stateKey, preservedState);
5859
}
5960

spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/DefaultOAuth2ClientContextTests.java

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
package org.springframework.security.oauth2.client;
2+
3+
import org.junit.Test;
4+
5+
import static org.junit.Assert.assertEquals;
6+
import static org.junit.Assert.assertNull;
7+
8+
public class DefaultOAuth2ClientContextTests {
9+
10+
@Test
11+
public void resetsState() {
12+
DefaultOAuth2ClientContext clientContext = new DefaultOAuth2ClientContext();
13+
clientContext.setPreservedState("state1", "some-state-1");
14+
clientContext.setPreservedState("state2", "some-state-2");
15+
clientContext.setPreservedState("state3", "some-state-3");
16+
assertNull(clientContext.removePreservedState("state1"));
17+
assertNull(clientContext.removePreservedState("state2"));
18+
assertEquals("some-state-3", clientContext.removePreservedState("state3"));
19+
}
20+
21+
}

0 commit comments

Comments
 (0)