root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #15145 from ayudovin 

* pr/15145:
  Polish "Add configurable property for JWK encryption algorithm"
  Add configurable property for JWK encryption algorithm
This commit is contained in:
Stephane Nicoll 2018-12-03 11:50:10 +01:00
parent 5674a53d67 0df13baa0f
commit cc69b08cbe
4 changed files with 44 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerProperties.java
View File

@ -40,6 +40,11 @@ public class OAuth2ResourceServerProperties {
*/ */
private String jwkSetUri; private String jwkSetUri;
/**
* JSON Web Algorithm used for verifying the digital signatures.
*/
private String jwsAlgorithm = "RS256";
/** /**
* URI that an OpenID Connect Provider asserts as its Issuer Identifier. * URI that an OpenID Connect Provider asserts as its Issuer Identifier.
*/ */
@ -53,6 +58,14 @@ public class OAuth2ResourceServerProperties {
this.jwkSetUri = jwkSetUri; this.jwkSetUri = jwkSetUri;
} }
public String getJwsAlgorithm() {
return this.jwsAlgorithm;
}
public void setJwsAlgorithm(String jwsAlgorithm) {
this.jwsAlgorithm = jwsAlgorithm;
}
public String getIssuerUri() { public String getIssuerUri() {
return this.issuerUri; return this.issuerUri;
} }

10
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerJwkConfiguration.java
View File

@ -36,25 +36,25 @@ import org.springframework.security.oauth2.jwt.NimbusJwtDecoderJwkSupport;
@Configuration @Configuration
class OAuth2ResourceServerJwkConfiguration { class OAuth2ResourceServerJwkConfiguration {
private final OAuth2ResourceServerProperties properties; private final OAuth2ResourceServerProperties.Jwt properties;
OAuth2ResourceServerJwkConfiguration(OAuth2ResourceServerProperties properties) { OAuth2ResourceServerJwkConfiguration(OAuth2ResourceServerProperties properties) {
this.properties = properties; this.properties = properties.getJwt();
} }
@Bean @Bean
@ConditionalOnProperty(name = "spring.security.oauth2.resourceserver.jwt.jwk-set-uri") @ConditionalOnProperty(name = "spring.security.oauth2.resourceserver.jwt.jwk-set-uri")
@ConditionalOnMissingBean @ConditionalOnMissingBean
public JwtDecoder jwtDecoderByJwkKeySetUri() { public JwtDecoder jwtDecoderByJwkKeySetUri() {
return new NimbusJwtDecoderJwkSupport(this.properties.getJwt().getJwkSetUri()); return new NimbusJwtDecoderJwkSupport(this.properties.getJwkSetUri(),
this.properties.getJwsAlgorithm());
} }
@Bean @Bean
@Conditional(IssuerUriCondition.class) @Conditional(IssuerUriCondition.class)
@ConditionalOnMissingBean @ConditionalOnMissingBean
public JwtDecoder jwtDecoderByIssuerUri() { public JwtDecoder jwtDecoderByIssuerUri() {
return JwtDecoders return JwtDecoders.fromOidcIssuerLocation(this.properties.getIssuerUri());
.fromOidcIssuerLocation(this.properties.getJwt().getIssuerUri());
} }
} }

25
spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java
View File

@ -22,6 +22,7 @@ import java.util.Map;
import javax.servlet.Filter; import javax.servlet.Filter;
import com.nimbusds.jose.JWSAlgorithm;
import okhttp3.mockwebserver.MockResponse; import okhttp3.mockwebserver.MockResponse;
import okhttp3.mockwebserver.MockWebServer; import okhttp3.mockwebserver.MockWebServer;
import org.junit.After; import org.junit.After;
@ -84,6 +85,30 @@ public class OAuth2ResourceServerAutoConfigurationTests {
}); });
} }
@Test
public void autoConfigurationShouldMatchDefaultJwsAlgorithm() {
this.contextRunner.withPropertyValues(
"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://jwk-set-uri.com")
.run((context) -> {
JwtDecoder jwtDecoder = context.getBean(JwtDecoder.class);
assertThat(jwtDecoder).hasFieldOrPropertyWithValue("jwsAlgorithm",
JWSAlgorithm.RS256);
});
}
@Test
public void autoConfigurationShouldConfigureResourceServerWithJwsAlgorithm() {
this.contextRunner.withPropertyValues(
"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://jwk-set-uri.com",
"spring.security.oauth2.resourceserver.jwt.jws-algorithm=HS512")
.run((context) -> {
JwtDecoder jwtDecoder = context.getBean(JwtDecoder.class);
assertThat(jwtDecoder).hasFieldOrPropertyWithValue("jwsAlgorithm",
JWSAlgorithm.HS512);
assertThat(getBearerTokenFilter(context)).isNotNull();
});
}
@Test @Test
public void autoConfigurationShouldConfigureResourceServerUsingOidcIssuerUri() public void autoConfigurationShouldConfigureResourceServerUsingOidcIssuerUri()
throws Exception { throws Exception {

1
spring-boot-project/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
View File

@ -547,6 +547,7 @@ content into your application. Rather, pick only the properties that you need.
# SECURITY OAUTH2 RESOURCE SERVER ({sc-spring-boot-autoconfigure}/security/oauth2/resource/OAuth2ResourceServerProperties.{sc-ext}[OAuth2ResourceServerProperties]) # SECURITY OAUTH2 RESOURCE SERVER ({sc-spring-boot-autoconfigure}/security/oauth2/resource/OAuth2ResourceServerProperties.{sc-ext}[OAuth2ResourceServerProperties])
spring.security.oauth2.resourceserver.jwt.jwk-set-uri= # JSON Web Key URI to use to verify the JWT token. spring.security.oauth2.resourceserver.jwt.jwk-set-uri= # JSON Web Key URI to use to verify the JWT token.
spring.security.oauth2.resourceserver.jwt.jws-algorithm=RS256 # JSON Web Algorithm used for verifying the digital signatures.
spring.security.oauth2.resourceserver.jwt.issuer-uri= # URI that an OpenID Connect Provider asserts as its Issuer Identifier. spring.security.oauth2.resourceserver.jwt.issuer-uri= # URI that an OpenID Connect Provider asserts as its Issuer Identifier.
# ---------------------------------------- # ----------------------------------------