Polish "Add configuration property to allow multiple issuers"

See gh-41355
2024-07-17 11:58:59 +01:00 · 2024-07-17 11:58:59 +01:00 · 1a6760e21d
parent b0b97fb1d2
commit 1a6760e21d
3 changed files with 46 additions and 24 deletions
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerProperties.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerProperties.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2023 the original author or authors.
+ * Copyright 2012-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -43,26 +43,9 @@ public class OAuth2AuthorizationServerProperties implements InitializingBean {
 	private String issuer;

 	/**
-	 * Set to {@code true} if multiple issuers are allowed per host. Using path
-	 * components in the URL of the issuer identifier enables supporting multiple
-	 * issuers per host in a multi-tenant hosting configuration.
-	 *
-	 * <p>
-	 * For example:
-	 * <ul>
-	 * <li>{@code https://example.com/issuer1}</li>
-	 * <li>{@code https://example.com/authz/issuer2}</li>
-	 * </ul>
-	 *
-	 * <p>
-	 * <b>NOTE:</b> Explicitly configuring the issuer identifier via
-	 * {@link #issuer(String)} forces to a single-tenant configuration. Avoid
-	 * configuring the issuer identifier when using a multi-tenant hosting
-	 * configuration, allowing the issuer identifier to be resolved from the
-	 * <i>"current"</i> request.
-	 * @param multipleIssuersAllowed {@code true} if multiple issuers are allowed per
-	 * host, {@code false} otherwise
-	 * @return the {@link Builder} for further configuration
+	 * Whether multiple issuers are allowed per host. Using path components in the URL of
+	 * the issuer identifier enables supporting multiple issuers per host in a
+	 * multi-tenant hosting configuration.
 	 */
 	private boolean multipleIssuersAllowed = false;

@ -76,6 +59,14 @@ public class OAuth2AuthorizationServerProperties implements InitializingBean {
 	 */
 	private final Endpoint endpoint = new Endpoint();

+	public boolean isMultipleIssuersAllowed() {
+		return this.multipleIssuersAllowed;
+	}
+
+	public void setMultipleIssuersAllowed(boolean multipleIssuersAllowed) {
+		this.multipleIssuersAllowed = multipleIssuersAllowed;
+	}
+
 	public String getIssuer() {
 		return this.issuer;
 	}
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesMapper.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesMapper.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2023 the original author or authors.
+ * Copyright 2012-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -51,7 +51,7 @@ final class OAuth2AuthorizationServerPropertiesMapper {
 		OAuth2AuthorizationServerProperties.Endpoint endpoint = this.properties.getEndpoint();
 		OAuth2AuthorizationServerProperties.OidcEndpoint oidc = endpoint.getOidc();
 		AuthorizationServerSettings.Builder builder = AuthorizationServerSettings.builder();
-		map.from(this.properties::getIssuer).whenHasText().to(builder::issuer);
+		map.from(this.properties::getIssuer).to(builder::issuer);
 		map.from(this.properties::isMultipleIssuersAllowed).to(builder::multipleIssuersAllowed);
 		map.from(endpoint::getAuthorizationUri).to(builder::authorizationEndpoint);
 		map.from(endpoint::getDeviceAuthorizationUri).to(builder::deviceAuthorizationEndpoint);
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesMapperTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesMapperTests.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2023 the original author or authors.
+ * Copyright 2012-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -113,6 +113,37 @@ class OAuth2AuthorizationServerPropertiesMapperTests {
 		oidc.setUserInfoUri("/user");
 		AuthorizationServerSettings settings = this.mapper.asAuthorizationServerSettings();
 		assertThat(settings.getIssuer()).isEqualTo("https://example.com");
+		assertThat(settings.isMultipleIssuersAllowed()).isFalse();
+		assertThat(settings.getAuthorizationEndpoint()).isEqualTo("/authorize");
+		assertThat(settings.getDeviceAuthorizationEndpoint()).isEqualTo("/device_authorization");
+		assertThat(settings.getDeviceVerificationEndpoint()).isEqualTo("/device_verification");
+		assertThat(settings.getTokenEndpoint()).isEqualTo("/token");
+		assertThat(settings.getJwkSetEndpoint()).isEqualTo("/jwks");
+		assertThat(settings.getTokenRevocationEndpoint()).isEqualTo("/revoke");
+		assertThat(settings.getTokenIntrospectionEndpoint()).isEqualTo("/introspect");
+		assertThat(settings.getOidcLogoutEndpoint()).isEqualTo("/logout");
+		assertThat(settings.getOidcClientRegistrationEndpoint()).isEqualTo("/register");
+		assertThat(settings.getOidcUserInfoEndpoint()).isEqualTo("/user");
+	}
+
+	@Test
+	void getAuthorizationServerSettingsWhenMultipleIssuersAllowedShouldAdapt() {
+		this.properties.setMultipleIssuersAllowed(true);
+		OAuth2AuthorizationServerProperties.Endpoint endpoints = this.properties.getEndpoint();
+		endpoints.setAuthorizationUri("/authorize");
+		endpoints.setDeviceAuthorizationUri("/device_authorization");
+		endpoints.setDeviceVerificationUri("/device_verification");
+		endpoints.setTokenUri("/token");
+		endpoints.setJwkSetUri("/jwks");
+		endpoints.setTokenRevocationUri("/revoke");
+		endpoints.setTokenIntrospectionUri("/introspect");
+		OAuth2AuthorizationServerProperties.OidcEndpoint oidc = endpoints.getOidc();
+		oidc.setLogoutUri("/logout");
+		oidc.setClientRegistrationUri("/register");
+		oidc.setUserInfoUri("/user");
+		AuthorizationServerSettings settings = this.mapper.asAuthorizationServerSettings();
+		assertThat(settings.getIssuer()).isNull();
+		assertThat(settings.isMultipleIssuersAllowed()).isTrue();
 		assertThat(settings.getAuthorizationEndpoint()).isEqualTo("/authorize");
 		assertThat(settings.getDeviceAuthorizationEndpoint()).isEqualTo("/device_authorization");
 		assertThat(settings.getDeviceVerificationEndpoint()).isEqualTo("/device_verification");