Polish "Add configurable property for JWK encryption algorithm"

Closes gh-15145
2018-12-03 11:49:18 +01:00 · 2018-12-03 11:49:18 +01:00 · 0df13baa0f
parent 460fdaf52f
commit 0df13baa0f
3 changed files with 21 additions and 16 deletions
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerJwkConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerJwkConfiguration.java
@ -36,26 +36,25 @@ import org.springframework.security.oauth2.jwt.NimbusJwtDecoderJwkSupport;
@Configuration
 class OAuth2ResourceServerJwkConfiguration {

-	private final OAuth2ResourceServerProperties properties;
+	private final OAuth2ResourceServerProperties.Jwt properties;

 	OAuth2ResourceServerJwkConfiguration(OAuth2ResourceServerProperties properties) {
-		this.properties = properties;
+		this.properties = properties.getJwt();
 	}

 	@Bean
 	@ConditionalOnProperty(name = "spring.security.oauth2.resourceserver.jwt.jwk-set-uri")
 	@ConditionalOnMissingBean
 	public JwtDecoder jwtDecoderByJwkKeySetUri() {
-		return new NimbusJwtDecoderJwkSupport(this.properties.getJwt().getJwkSetUri(),
-				this.properties.getJwt().getJwsAlgorithm());
+		return new NimbusJwtDecoderJwkSupport(this.properties.getJwkSetUri(),
+				this.properties.getJwsAlgorithm());
 	}

 	@Bean
 	@Conditional(IssuerUriCondition.class)
 	@ConditionalOnMissingBean
 	public JwtDecoder jwtDecoderByIssuerUri() {
-		return JwtDecoders
-				.fromOidcIssuerLocation(this.properties.getJwt().getIssuerUri());
+		return JwtDecoders.fromOidcIssuerLocation(this.properties.getIssuerUri());
 	}

 }
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java
@ -79,25 +79,31 @@ public class OAuth2ResourceServerAutoConfigurationTests {
 		this.contextRunner.withPropertyValues(
 				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://jwk-set-uri.com")
 				.run((context) -> {
-					JwtDecoder jwtDecoder = context.getBean(JwtDecoder.class);
-					assertThat(jwtDecoder).isInstanceOf(NimbusJwtDecoderJwkSupport.class);
-					NimbusJwtDecoderJwkSupport decoder = (NimbusJwtDecoderJwkSupport) jwtDecoder;
-					assertThat(decoder).hasFieldOrPropertyWithValue("jwsAlgorithm",
-							JWSAlgorithm.RS256);
+					assertThat(context.getBean(JwtDecoder.class))
+							.isInstanceOf(NimbusJwtDecoderJwkSupport.class);
 					assertThat(getBearerTokenFilter(context)).isNotNull();
 				});
 	}

 	@Test
-	public void autoConfigurationShouldConfigureResourceServerWithJwsAlgotihms() {
+	public void autoConfigurationShouldMatchDefaultJwsAlgorithm() {
+		this.contextRunner.withPropertyValues(
+				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://jwk-set-uri.com")
+				.run((context) -> {
+					JwtDecoder jwtDecoder = context.getBean(JwtDecoder.class);
+					assertThat(jwtDecoder).hasFieldOrPropertyWithValue("jwsAlgorithm",
+							JWSAlgorithm.RS256);
+				});
+	}
+
+	@Test
+	public void autoConfigurationShouldConfigureResourceServerWithJwsAlgorithm() {
 		this.contextRunner.withPropertyValues(
 				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://jwk-set-uri.com",
 				"spring.security.oauth2.resourceserver.jwt.jws-algorithm=HS512")
 				.run((context) -> {
 					JwtDecoder jwtDecoder = context.getBean(JwtDecoder.class);
-					assertThat(jwtDecoder).isInstanceOf(NimbusJwtDecoderJwkSupport.class);
-					NimbusJwtDecoderJwkSupport decoder = (NimbusJwtDecoderJwkSupport) jwtDecoder;
-					assertThat(decoder).hasFieldOrPropertyWithValue("jwsAlgorithm",
+					assertThat(jwtDecoder).hasFieldOrPropertyWithValue("jwsAlgorithm",
 							JWSAlgorithm.HS512);
 					assertThat(getBearerTokenFilter(context)).isNotNull();
 				});
--- a/spring-boot-project/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
+++ b/spring-boot-project/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
@ -547,7 +547,7 @@ content into your application. Rather, pick only the properties that you need.

 	# SECURITY OAUTH2 RESOURCE SERVER ({sc-spring-boot-autoconfigure}/security/oauth2/resource/OAuth2ResourceServerProperties.{sc-ext}[OAuth2ResourceServerProperties])
 	spring.security.oauth2.resourceserver.jwt.jwk-set-uri= # JSON Web Key URI to use to verify the JWT token.
-    spring.security.oauth2.resourceserver.jwt.jws-algorithm= # JSON Web Algorithm used for verifying the digital signatures.
+    spring.security.oauth2.resourceserver.jwt.jws-algorithm=RS256 # JSON Web Algorithm used for verifying the digital signatures.
    spring.security.oauth2.resourceserver.jwt.issuer-uri= # URI that an OpenID Connect Provider asserts as its Issuer Identifier.

 	# ----------------------------------------