From 1b85ce0769a55dec1f2f8a93ea01caba14fe7730 Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Tue, 7 Jul 2020 12:22:27 +0100 Subject: [PATCH] Streamline OAuth2 resource server auto-config class conditions Fixes gh-22233 --- .../OAuth2ResourceServerAutoConfiguration.java | 3 +++ .../Oauth2ResourceServerConfiguration.java | 6 +----- ...th2ResourceServerAutoConfigurationTests.java | 17 ++++++++++------- 3 files changed, 14 insertions(+), 12 deletions(-) diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfiguration.java index 1ceb7308a6f..80bb6aabc01 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfiguration.java @@ -17,6 +17,7 @@ package org.springframework.boot.autoconfigure.security.oauth2.resource.servlet; import org.springframework.boot.autoconfigure.AutoConfigureBefore; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; +import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication; import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties; import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration; @@ -24,6 +25,7 @@ import org.springframework.boot.autoconfigure.security.servlet.UserDetailsServic import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; +import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken; /** * {@link EnableAutoConfiguration Auto-configuration} for OAuth2 resource server support. @@ -34,6 +36,7 @@ import org.springframework.context.annotation.Import; @Configuration(proxyBeanMethods = false) @AutoConfigureBefore({ SecurityAutoConfiguration.class, UserDetailsServiceAutoConfiguration.class }) @EnableConfigurationProperties(OAuth2ResourceServerProperties.class) +@ConditionalOnClass(BearerTokenAuthenticationToken.class) @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET) @Import({ Oauth2ResourceServerConfiguration.JwtConfiguration.class, Oauth2ResourceServerConfiguration.OpaqueTokenConfiguration.class }) diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/Oauth2ResourceServerConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/Oauth2ResourceServerConfiguration.java index 6d62636681e..e14e1034d48 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/Oauth2ResourceServerConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/Oauth2ResourceServerConfiguration.java @@ -20,9 +20,6 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; import org.springframework.security.oauth2.jwt.JwtDecoder; -import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken; -import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; -import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector; /** * Configuration classes for OAuth2 Resource Server These should be {@code @Import} in a @@ -33,7 +30,7 @@ import org.springframework.security.oauth2.server.resource.introspection.OpaqueT class Oauth2ResourceServerConfiguration { @Configuration(proxyBeanMethods = false) - @ConditionalOnClass({ JwtAuthenticationToken.class, JwtDecoder.class }) + @ConditionalOnClass(JwtDecoder.class) @Import({ OAuth2ResourceServerJwtConfiguration.JwtDecoderConfiguration.class, OAuth2ResourceServerJwtConfiguration.OAuth2WebSecurityConfigurerAdapter.class }) static class JwtConfiguration { @@ -41,7 +38,6 @@ class Oauth2ResourceServerConfiguration { } @Configuration(proxyBeanMethods = false) - @ConditionalOnClass({ BearerTokenAuthenticationToken.class, OpaqueTokenIntrospector.class }) @Import({ OAuth2ResourceServerOpaqueTokenConfiguration.OpaqueTokenIntrospectionClientConfiguration.class, OAuth2ResourceServerOpaqueTokenConfiguration.OAuth2WebSecurityConfigurerAdapter.class }) static class OpaqueTokenConfiguration { diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java index ae987c4bc31..6106f6ad3fc 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java @@ -50,7 +50,6 @@ import org.springframework.security.oauth2.jwt.JwtDecoder; import org.springframework.security.oauth2.jwt.JwtIssuerValidator; import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken; import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider; -import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector; import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter; import org.springframework.security.web.FilterChainProxy; @@ -262,21 +261,25 @@ class OAuth2ResourceServerAutoConfigurationTests { } @Test - void autoConfigurationShouldBeConditionalOnJwtAuthenticationTokenClass() { + void autoConfigurationShouldBeConditionalOnResourceServerClass() { this.contextRunner .withPropertyValues("spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com") .withUserConfiguration(JwtDecoderConfig.class) - .withClassLoader(new FilteredClassLoader(JwtAuthenticationToken.class)) - .run((context) -> assertThat(getBearerTokenFilter(context)).isNull()); + .withClassLoader(new FilteredClassLoader(BearerTokenAuthenticationToken.class)).run((context) -> { + assertThat(context).doesNotHaveBean(OAuth2ResourceServerAutoConfiguration.class); + assertThat(getBearerTokenFilter(context)).isNull(); + }); } @Test - void autoConfigurationShouldBeConditionalOnJwtDecoderClass() { + void autoConfigurationForJwtShouldBeConditionalOnJwtDecoderClass() { this.contextRunner .withPropertyValues("spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com") .withUserConfiguration(JwtDecoderConfig.class) - .withClassLoader(new FilteredClassLoader(JwtDecoder.class)) - .run((context) -> assertThat(getBearerTokenFilter(context)).isNull()); + .withClassLoader(new FilteredClassLoader(JwtDecoder.class)).run((context) -> { + assertThat(context).hasSingleBean(OAuth2ResourceServerAutoConfiguration.class); + assertThat(getBearerTokenFilter(context)).isNull(); + }); } @Test