root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 15 Packages Projects Releases Wiki Activity

Polish "Add configuration property to allow multiple issuers" 

See gh-41355
This commit is contained in:
Andy Wilkinson 2024-07-17 11:58:59 +01:00
parent b0b97fb1d2
commit 1a6760e21d
3 changed files with 46 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerProperties.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2023 the original author or authors. * Copyright 2012-2024 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -43,26 +43,9 @@ public class OAuth2AuthorizationServerProperties implements InitializingBean {
private String issuer; private String issuer;
/** /**
* Set to {@code true} if multiple issuers are allowed per host. Using path * Whether multiple issuers are allowed per host. Using path components in the URL of
* components in the URL of the issuer identifier enables supporting multiple * the issuer identifier enables supporting multiple issuers per host in a
* issuers per host in a multi-tenant hosting configuration. * multi-tenant hosting configuration.
*
* <p>
* For example:
* <ul>
* <li>{@code https://example.com/issuer1}</li>
* <li>{@code https://example.com/authz/issuer2}</li>
* </ul>
*
* <p>
* <b>NOTE:</b> Explicitly configuring the issuer identifier via
* {@link #issuer(String)} forces to a single-tenant configuration. Avoid
* configuring the issuer identifier when using a multi-tenant hosting
* configuration, allowing the issuer identifier to be resolved from the
* <i>"current"</i> request.
* @param multipleIssuersAllowed {@code true} if multiple issuers are allowed per
* host, {@code false} otherwise
* @return the {@link Builder} for further configuration
*/ */
private boolean multipleIssuersAllowed = false; private boolean multipleIssuersAllowed = false;
@ -76,6 +59,14 @@ public class OAuth2AuthorizationServerProperties implements InitializingBean {
*/ */
private final Endpoint endpoint = new Endpoint(); private final Endpoint endpoint = new Endpoint();
public boolean isMultipleIssuersAllowed() {
return this.multipleIssuersAllowed;
}
public void setMultipleIssuersAllowed(boolean multipleIssuersAllowed) {
this.multipleIssuersAllowed = multipleIssuersAllowed;
}
public String getIssuer() { public String getIssuer() {
return this.issuer; return this.issuer;
} }

4
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesMapper.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2023 the original author or authors. * Copyright 2012-2024 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -51,7 +51,7 @@ final class OAuth2AuthorizationServerPropertiesMapper {
OAuth2AuthorizationServerProperties.Endpoint endpoint = this.properties.getEndpoint(); OAuth2AuthorizationServerProperties.Endpoint endpoint = this.properties.getEndpoint();
OAuth2AuthorizationServerProperties.OidcEndpoint oidc = endpoint.getOidc(); OAuth2AuthorizationServerProperties.OidcEndpoint oidc = endpoint.getOidc();
AuthorizationServerSettings.Builder builder = AuthorizationServerSettings.builder(); AuthorizationServerSettings.Builder builder = AuthorizationServerSettings.builder();
map.from(this.properties::getIssuer).whenHasText().to(builder::issuer); map.from(this.properties::getIssuer).to(builder::issuer);
map.from(this.properties::isMultipleIssuersAllowed).to(builder::multipleIssuersAllowed); map.from(this.properties::isMultipleIssuersAllowed).to(builder::multipleIssuersAllowed);
map.from(endpoint::getAuthorizationUri).to(builder::authorizationEndpoint); map.from(endpoint::getAuthorizationUri).to(builder::authorizationEndpoint);
map.from(endpoint::getDeviceAuthorizationUri).to(builder::deviceAuthorizationEndpoint); map.from(endpoint::getDeviceAuthorizationUri).to(builder::deviceAuthorizationEndpoint);

33
spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesMapperTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2023 the original author or authors. * Copyright 2012-2024 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -113,6 +113,37 @@ class OAuth2AuthorizationServerPropertiesMapperTests {
oidc.setUserInfoUri("/user"); oidc.setUserInfoUri("/user");
AuthorizationServerSettings settings = this.mapper.asAuthorizationServerSettings(); AuthorizationServerSettings settings = this.mapper.asAuthorizationServerSettings();
assertThat(settings.getIssuer()).isEqualTo("https://example.com"); assertThat(settings.getIssuer()).isEqualTo("https://example.com");
assertThat(settings.isMultipleIssuersAllowed()).isFalse();
assertThat(settings.getAuthorizationEndpoint()).isEqualTo("/authorize");
assertThat(settings.getDeviceAuthorizationEndpoint()).isEqualTo("/device_authorization");
assertThat(settings.getDeviceVerificationEndpoint()).isEqualTo("/device_verification");
assertThat(settings.getTokenEndpoint()).isEqualTo("/token");
assertThat(settings.getJwkSetEndpoint()).isEqualTo("/jwks");
assertThat(settings.getTokenRevocationEndpoint()).isEqualTo("/revoke");
assertThat(settings.getTokenIntrospectionEndpoint()).isEqualTo("/introspect");
assertThat(settings.getOidcLogoutEndpoint()).isEqualTo("/logout");
assertThat(settings.getOidcClientRegistrationEndpoint()).isEqualTo("/register");
assertThat(settings.getOidcUserInfoEndpoint()).isEqualTo("/user");
}
@Test
void getAuthorizationServerSettingsWhenMultipleIssuersAllowedShouldAdapt() {
this.properties.setMultipleIssuersAllowed(true);
OAuth2AuthorizationServerProperties.Endpoint endpoints = this.properties.getEndpoint();
endpoints.setAuthorizationUri("/authorize");
endpoints.setDeviceAuthorizationUri("/device_authorization");
endpoints.setDeviceVerificationUri("/device_verification");
endpoints.setTokenUri("/token");
endpoints.setJwkSetUri("/jwks");
endpoints.setTokenRevocationUri("/revoke");
endpoints.setTokenIntrospectionUri("/introspect");
OAuth2AuthorizationServerProperties.OidcEndpoint oidc = endpoints.getOidc();
oidc.setLogoutUri("/logout");
oidc.setClientRegistrationUri("/register");
oidc.setUserInfoUri("/user");
AuthorizationServerSettings settings = this.mapper.asAuthorizationServerSettings();
assertThat(settings.getIssuer()).isNull();
assertThat(settings.isMultipleIssuersAllowed()).isTrue();
assertThat(settings.getAuthorizationEndpoint()).isEqualTo("/authorize"); assertThat(settings.getAuthorizationEndpoint()).isEqualTo("/authorize");
assertThat(settings.getDeviceAuthorizationEndpoint()).isEqualTo("/device_authorization"); assertThat(settings.getDeviceAuthorizationEndpoint()).isEqualTo("/device_authorization");
assertThat(settings.getDeviceVerificationEndpoint()).isEqualTo("/device_verification"); assertThat(settings.getDeviceVerificationEndpoint()).isEqualTo("/device_verification");