root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Do not set order of ResourceServerConfiguration instances 

The need to set the order of ResourceServerConfiguration was
a bad assumption. The value of the order seems strange as well
(-10), and a comment explaining it makes no sense (a resource
server normally wants its filter *after* not *before* the existing
auth server filter). Removing the bean post processor didn't
fail any tests.

In case there are multiple resource servers in the same context
there was also a problem that they ended up with the same order.
This commit is contained in:
Dave Syer 2015-11-28 11:49:12 +00:00
parent afd38c7a35
commit 521ae35f56
1 changed files with 0 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/OAuth2AutoConfiguration.java
View File

@ -16,13 +16,10 @@
package org.springframework.boot.autoconfigure.security.oauth2;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.security.oauth2.authserver.OAuth2AuthorizationServerConfiguration;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2RestOperationsConfiguration;
import org.springframework.boot.autoconfigure.security.oauth2.method.OAuth2MethodSecurityConfiguration;
@ -34,7 +31,6 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
/**
@ -62,31 +58,4 @@ public class OAuth2AutoConfiguration {
this.credentials.getClientSecret());
}
@Configuration
@ConditionalOnWebApplication
protected static class ResourceServerOrderProcessor implements BeanPostProcessor {
@Override
public Object postProcessAfterInitialization(Object bean, String beanName)
throws BeansException {
if (bean instanceof ResourceServerConfiguration) {
ResourceServerConfiguration configuration = (ResourceServerConfiguration) bean;
configuration.setOrder(getOrder());
}
return bean;
}
@Override
public Object postProcessBeforeInitialization(Object bean, String beanName)
throws BeansException {
return bean;
}
private int getOrder() {
// Before the authorization server (default 0)
return -10;
}
}
}