Merge pull request #15145 from ayudovin
* pr/15145: Polish "Add configurable property for JWK encryption algorithm" Add configurable property for JWK encryption algorithm
This commit is contained in:
commit
cc69b08cbe
|
@ -40,6 +40,11 @@ public class OAuth2ResourceServerProperties {
|
||||||
*/
|
*/
|
||||||
private String jwkSetUri;
|
private String jwkSetUri;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* JSON Web Algorithm used for verifying the digital signatures.
|
||||||
|
*/
|
||||||
|
private String jwsAlgorithm = "RS256";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* URI that an OpenID Connect Provider asserts as its Issuer Identifier.
|
* URI that an OpenID Connect Provider asserts as its Issuer Identifier.
|
||||||
*/
|
*/
|
||||||
|
@ -53,6 +58,14 @@ public class OAuth2ResourceServerProperties {
|
||||||
this.jwkSetUri = jwkSetUri;
|
this.jwkSetUri = jwkSetUri;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String getJwsAlgorithm() {
|
||||||
|
return this.jwsAlgorithm;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setJwsAlgorithm(String jwsAlgorithm) {
|
||||||
|
this.jwsAlgorithm = jwsAlgorithm;
|
||||||
|
}
|
||||||
|
|
||||||
public String getIssuerUri() {
|
public String getIssuerUri() {
|
||||||
return this.issuerUri;
|
return this.issuerUri;
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,25 +36,25 @@ import org.springframework.security.oauth2.jwt.NimbusJwtDecoderJwkSupport;
|
||||||
@Configuration
|
@Configuration
|
||||||
class OAuth2ResourceServerJwkConfiguration {
|
class OAuth2ResourceServerJwkConfiguration {
|
||||||
|
|
||||||
private final OAuth2ResourceServerProperties properties;
|
private final OAuth2ResourceServerProperties.Jwt properties;
|
||||||
|
|
||||||
OAuth2ResourceServerJwkConfiguration(OAuth2ResourceServerProperties properties) {
|
OAuth2ResourceServerJwkConfiguration(OAuth2ResourceServerProperties properties) {
|
||||||
this.properties = properties;
|
this.properties = properties.getJwt();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@ConditionalOnProperty(name = "spring.security.oauth2.resourceserver.jwt.jwk-set-uri")
|
@ConditionalOnProperty(name = "spring.security.oauth2.resourceserver.jwt.jwk-set-uri")
|
||||||
@ConditionalOnMissingBean
|
@ConditionalOnMissingBean
|
||||||
public JwtDecoder jwtDecoderByJwkKeySetUri() {
|
public JwtDecoder jwtDecoderByJwkKeySetUri() {
|
||||||
return new NimbusJwtDecoderJwkSupport(this.properties.getJwt().getJwkSetUri());
|
return new NimbusJwtDecoderJwkSupport(this.properties.getJwkSetUri(),
|
||||||
|
this.properties.getJwsAlgorithm());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@Conditional(IssuerUriCondition.class)
|
@Conditional(IssuerUriCondition.class)
|
||||||
@ConditionalOnMissingBean
|
@ConditionalOnMissingBean
|
||||||
public JwtDecoder jwtDecoderByIssuerUri() {
|
public JwtDecoder jwtDecoderByIssuerUri() {
|
||||||
return JwtDecoders
|
return JwtDecoders.fromOidcIssuerLocation(this.properties.getIssuerUri());
|
||||||
.fromOidcIssuerLocation(this.properties.getJwt().getIssuerUri());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,6 +22,7 @@ import java.util.Map;
|
||||||
|
|
||||||
import javax.servlet.Filter;
|
import javax.servlet.Filter;
|
||||||
|
|
||||||
|
import com.nimbusds.jose.JWSAlgorithm;
|
||||||
import okhttp3.mockwebserver.MockResponse;
|
import okhttp3.mockwebserver.MockResponse;
|
||||||
import okhttp3.mockwebserver.MockWebServer;
|
import okhttp3.mockwebserver.MockWebServer;
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
|
@ -84,6 +85,30 @@ public class OAuth2ResourceServerAutoConfigurationTests {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void autoConfigurationShouldMatchDefaultJwsAlgorithm() {
|
||||||
|
this.contextRunner.withPropertyValues(
|
||||||
|
"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://jwk-set-uri.com")
|
||||||
|
.run((context) -> {
|
||||||
|
JwtDecoder jwtDecoder = context.getBean(JwtDecoder.class);
|
||||||
|
assertThat(jwtDecoder).hasFieldOrPropertyWithValue("jwsAlgorithm",
|
||||||
|
JWSAlgorithm.RS256);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void autoConfigurationShouldConfigureResourceServerWithJwsAlgorithm() {
|
||||||
|
this.contextRunner.withPropertyValues(
|
||||||
|
"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://jwk-set-uri.com",
|
||||||
|
"spring.security.oauth2.resourceserver.jwt.jws-algorithm=HS512")
|
||||||
|
.run((context) -> {
|
||||||
|
JwtDecoder jwtDecoder = context.getBean(JwtDecoder.class);
|
||||||
|
assertThat(jwtDecoder).hasFieldOrPropertyWithValue("jwsAlgorithm",
|
||||||
|
JWSAlgorithm.HS512);
|
||||||
|
assertThat(getBearerTokenFilter(context)).isNotNull();
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void autoConfigurationShouldConfigureResourceServerUsingOidcIssuerUri()
|
public void autoConfigurationShouldConfigureResourceServerUsingOidcIssuerUri()
|
||||||
throws Exception {
|
throws Exception {
|
||||||
|
|
|
@ -547,6 +547,7 @@ content into your application. Rather, pick only the properties that you need.
|
||||||
|
|
||||||
# SECURITY OAUTH2 RESOURCE SERVER ({sc-spring-boot-autoconfigure}/security/oauth2/resource/OAuth2ResourceServerProperties.{sc-ext}[OAuth2ResourceServerProperties])
|
# SECURITY OAUTH2 RESOURCE SERVER ({sc-spring-boot-autoconfigure}/security/oauth2/resource/OAuth2ResourceServerProperties.{sc-ext}[OAuth2ResourceServerProperties])
|
||||||
spring.security.oauth2.resourceserver.jwt.jwk-set-uri= # JSON Web Key URI to use to verify the JWT token.
|
spring.security.oauth2.resourceserver.jwt.jwk-set-uri= # JSON Web Key URI to use to verify the JWT token.
|
||||||
|
spring.security.oauth2.resourceserver.jwt.jws-algorithm=RS256 # JSON Web Algorithm used for verifying the digital signatures.
|
||||||
spring.security.oauth2.resourceserver.jwt.issuer-uri= # URI that an OpenID Connect Provider asserts as its Issuer Identifier.
|
spring.security.oauth2.resourceserver.jwt.issuer-uri= # URI that an OpenID Connect Provider asserts as its Issuer Identifier.
|
||||||
|
|
||||||
# ----------------------------------------
|
# ----------------------------------------
|
||||||
|
|
Loading…
Reference in New Issue