Madhura Bhave
commit
3ad1aa7b32
|
|
@ -31,6 +31,7 @@ import org.springframework.context.annotation.Conditional;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||||
import org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec;
|
import org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec;
|
||||||
|
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
|
||||||
import org.springframework.security.oauth2.jwt.JwtValidators;
|
import org.springframework.security.oauth2.jwt.JwtValidators;
|
||||||
import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder;
|
import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder;
|
||||||
import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
|
import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
|
||||||
|
|
@ -45,6 +46,7 @@ import org.springframework.security.web.server.SecurityWebFilterChain;
|
||||||
* @author Madhura Bhave
|
* @author Madhura Bhave
|
||||||
* @author Artsiom Yudovin
|
* @author Artsiom Yudovin
|
||||||
* @author HaiTao Zhang
|
* @author HaiTao Zhang
|
||||||
|
* @author Anastasiia Losieva
|
||||||
*/
|
*/
|
||||||
@Configuration(proxyBeanMethods = false)
|
@Configuration(proxyBeanMethods = false)
|
||||||
class ReactiveOAuth2ResourceServerJwkConfiguration {
|
class ReactiveOAuth2ResourceServerJwkConfiguration {
|
||||||
|
|
@ -62,8 +64,9 @@ class ReactiveOAuth2ResourceServerJwkConfiguration {
|
||||||
@Bean
|
@Bean
|
||||||
@ConditionalOnProperty(name = "spring.security.oauth2.resourceserver.jwt.jwk-set-uri")
|
@ConditionalOnProperty(name = "spring.security.oauth2.resourceserver.jwt.jwk-set-uri")
|
||||||
ReactiveJwtDecoder jwtDecoder() {
|
ReactiveJwtDecoder jwtDecoder() {
|
||||||
NimbusReactiveJwtDecoder nimbusReactiveJwtDecoder = new NimbusReactiveJwtDecoder(
|
NimbusReactiveJwtDecoder nimbusReactiveJwtDecoder = NimbusReactiveJwtDecoder
|
||||||
this.properties.getJwkSetUri());
|
.withJwkSetUri(this.properties.getJwkSetUri())
|
||||||
|
.jwsAlgorithm(SignatureAlgorithm.from(this.properties.getJwsAlgorithm())).build();
|
||||||
String issuerUri = this.properties.getIssuerUri();
|
String issuerUri = this.properties.getIssuerUri();
|
||||||
if (issuerUri != null) {
|
if (issuerUri != null) {
|
||||||
nimbusReactiveJwtDecoder.setJwtValidator(JwtValidators.createDefaultWithIssuer(issuerUri));
|
nimbusReactiveJwtDecoder.setJwtValidator(JwtValidators.createDefaultWithIssuer(issuerUri));
|
||||||
|
|
@ -76,7 +79,8 @@ class ReactiveOAuth2ResourceServerJwkConfiguration {
|
||||||
NimbusReactiveJwtDecoder jwtDecoderByPublicKeyValue() throws Exception {
|
NimbusReactiveJwtDecoder jwtDecoderByPublicKeyValue() throws Exception {
|
||||||
RSAPublicKey publicKey = (RSAPublicKey) KeyFactory.getInstance("RSA")
|
RSAPublicKey publicKey = (RSAPublicKey) KeyFactory.getInstance("RSA")
|
||||||
.generatePublic(new X509EncodedKeySpec(getKeySpec(this.properties.readPublicKey())));
|
.generatePublic(new X509EncodedKeySpec(getKeySpec(this.properties.readPublicKey())));
|
||||||
return NimbusReactiveJwtDecoder.withPublicKey(publicKey).build();
|
return NimbusReactiveJwtDecoder.withPublicKey(publicKey)
|
||||||
|
.signatureAlgorithm(SignatureAlgorithm.from(this.properties.getJwsAlgorithm())).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
private byte[] getKeySpec(String keyValue) {
|
private byte[] getKeySpec(String keyValue) {
|
||||||
|
|
|
||||||
|
|
@ -20,10 +20,12 @@ import java.util.Collection;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
import java.util.Set;
|
||||||
import java.util.stream.Stream;
|
import java.util.stream.Stream;
|
||||||
|
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
|
import com.nimbusds.jose.JWSAlgorithm;
|
||||||
import okhttp3.mockwebserver.MockResponse;
|
import okhttp3.mockwebserver.MockResponse;
|
||||||
import okhttp3.mockwebserver.MockWebServer;
|
import okhttp3.mockwebserver.MockWebServer;
|
||||||
import org.junit.jupiter.api.AfterEach;
|
import org.junit.jupiter.api.AfterEach;
|
||||||
|
|
@ -68,6 +70,7 @@ import static org.mockito.Mockito.mock;
|
||||||
* @author Madhura Bhave
|
* @author Madhura Bhave
|
||||||
* @author Artsiom Yudovin
|
* @author Artsiom Yudovin
|
||||||
* @author HaiTao Zhang
|
* @author HaiTao Zhang
|
||||||
|
* @author Anastasiia Losieva
|
||||||
*/
|
*/
|
||||||
class ReactiveOAuth2ResourceServerAutoConfigurationTests {
|
class ReactiveOAuth2ResourceServerAutoConfigurationTests {
|
||||||
|
|
||||||
|
|
@ -94,6 +97,31 @@ class ReactiveOAuth2ResourceServerAutoConfigurationTests {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@SuppressWarnings("unchecked")
|
||||||
|
@Test
|
||||||
|
void autoConfigurationUsingJwkSetUriShouldConfigureResourceServerUsingJwsAlgorithm() {
|
||||||
|
this.contextRunner
|
||||||
|
.withPropertyValues("spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com",
|
||||||
|
"spring.security.oauth2.resourceserver.jwt.jws-algorithm=RS512")
|
||||||
|
.run((context) -> {
|
||||||
|
NimbusReactiveJwtDecoder nimbusReactiveJwtDecoder = context.getBean(NimbusReactiveJwtDecoder.class);
|
||||||
|
assertThat(nimbusReactiveJwtDecoder).extracting("jwtProcessor.arg$2")
|
||||||
|
.matches((algorithms) -> ((Set<JWSAlgorithm>) algorithms).contains(JWSAlgorithm.RS512));
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void autoConfigurationUsingPublicKeyValueShouldConfigureResourceServerUsingJwsAlgorithm() {
|
||||||
|
this.contextRunner.withPropertyValues(
|
||||||
|
"spring.security.oauth2.resourceserver.jwt.public-key-location=classpath:public-key-location",
|
||||||
|
"spring.security.oauth2.resourceserver.jwt.jws-algorithm=RS384").run((context) -> {
|
||||||
|
NimbusReactiveJwtDecoder nimbusReactiveJwtDecoder = context.getBean(NimbusReactiveJwtDecoder.class);
|
||||||
|
assertThat(nimbusReactiveJwtDecoder)
|
||||||
|
.extracting("jwtProcessor.arg$1.jwsKeySelector.expectedJwsAlgorithm")
|
||||||
|
.isEqualTo(JWSAlgorithm.RS384);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void autoConfigurationShouldConfigureResourceServerUsingOidcIssuerUri() throws IOException {
|
void autoConfigurationShouldConfigureResourceServerUsingOidcIssuerUri() throws IOException {
|
||||||
this.server = new MockWebServer();
|
this.server = new MockWebServer();
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue