Add additional pre-validation check in ResourceServerProperties
With this change a user can have `@EnableOAuth2Client` without `@EnableOAuth2Sso`. Fixes gh-3568
This commit is contained in:
Dave Syer
parent
6f6f898739
commit
da816526bd
|
|
@ -165,12 +165,16 @@ public class ResourceServerProperties implements Validator, BeanFactoryAware {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void validate(Object target, Errors errors) {
|
public void validate(Object target, Errors errors) {
|
||||||
if (BeanFactoryUtils.beanNamesForTypeIncludingAncestors(this.beanFactory,
|
if (countBeans(AuthorizationServerEndpointsConfiguration.class) > 0) {
|
||||||
AuthorizationServerEndpointsConfiguration.class).length > 0) {
|
|
||||||
// If we are an authorization server we don't need remote resource token
|
// If we are an authorization server we don't need remote resource token
|
||||||
// services
|
// services
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
if (countBeans(ResourceServerTokenServicesConfiguration.class) == 0) {
|
||||||
|
// If we are not a resource server or an SSO client we don't need remote
|
||||||
|
// resource token services
|
||||||
|
return;
|
||||||
|
}
|
||||||
ResourceServerProperties resource = (ResourceServerProperties) target;
|
ResourceServerProperties resource = (ResourceServerProperties) target;
|
||||||
if (StringUtils.hasText(this.clientId)) {
|
if (StringUtils.hasText(this.clientId)) {
|
||||||
if (!StringUtils.hasText(this.clientSecret)) {
|
if (!StringUtils.hasText(this.clientSecret)) {
|
||||||
|
|
@ -197,6 +201,11 @@ public class ResourceServerProperties implements Validator, BeanFactoryAware {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private int countBeans(Class<?> type) {
|
||||||
|
return BeanFactoryUtils.beanNamesForTypeIncludingAncestors(this.beanFactory,
|
||||||
|
type, true, false).length;
|
||||||
|
}
|
||||||
|
|
||||||
public class Jwt {
|
public class Jwt {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,9 @@
|
||||||
|
|
||||||
package org.springframework.boot.autoconfigure.security.oauth2;
|
package org.springframework.boot.autoconfigure.security.oauth2;
|
||||||
|
|
||||||
|
import static org.hamcrest.CoreMatchers.equalTo;
|
||||||
|
import static org.hamcrest.MatcherAssert.assertThat;
|
||||||
|
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
@ -60,9 +63,11 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||||
import org.springframework.security.core.authority.AuthorityUtils;
|
import org.springframework.security.core.authority.AuthorityUtils;
|
||||||
import org.springframework.security.crypto.codec.Base64;
|
import org.springframework.security.crypto.codec.Base64;
|
||||||
|
import org.springframework.security.oauth2.client.OAuth2ClientContext;
|
||||||
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
|
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
|
||||||
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
|
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
|
||||||
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
|
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
|
||||||
|
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
|
||||||
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
|
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
|
||||||
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
|
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
|
||||||
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
|
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
|
||||||
|
|
@ -89,9 +94,6 @@ import org.springframework.web.client.RestTemplate;
|
||||||
|
|
||||||
import com.fasterxml.jackson.databind.JsonNode;
|
import com.fasterxml.jackson.databind.JsonNode;
|
||||||
|
|
||||||
import static org.hamcrest.CoreMatchers.equalTo;
|
|
||||||
import static org.hamcrest.MatcherAssert.assertThat;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Verify Spring Security OAuth2 auto-configuration secures end points properly, accepts
|
* Verify Spring Security OAuth2 auto-configuration secures end points properly, accepts
|
||||||
* environmental overrides, and also backs off in the presence of other
|
* environmental overrides, and also backs off in the presence of other
|
||||||
|
|
@ -159,6 +161,18 @@ public class OAuth2AutoConfigurationTests {
|
||||||
assertThat(countBeans(AUTHORIZATION_SERVER_CONFIG), equalTo(1));
|
assertThat(countBeans(AUTHORIZATION_SERVER_CONFIG), equalTo(1));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testClientIsNotResourceServer() {
|
||||||
|
this.context = new AnnotationConfigEmbeddedWebApplicationContext();
|
||||||
|
this.context.register(ClientConfiguration.class,
|
||||||
|
MinimalSecureWebApplication.class);
|
||||||
|
this.context.refresh();
|
||||||
|
assertThat(countBeans(RESOURCE_SERVER_CONFIG), equalTo(0));
|
||||||
|
assertThat(countBeans(AUTHORIZATION_SERVER_CONFIG), equalTo(0));
|
||||||
|
// Scoped target and proxy:
|
||||||
|
assertThat(countBeans(OAuth2ClientContext.class), equalTo(2));
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testDisablingAuthorizationServer() {
|
public void testDisablingAuthorizationServer() {
|
||||||
this.context = new AnnotationConfigEmbeddedWebApplicationContext();
|
this.context = new AnnotationConfigEmbeddedWebApplicationContext();
|
||||||
|
|
@ -372,6 +386,11 @@ public class OAuth2AutoConfigurationTests {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Configuration
|
||||||
|
@EnableOAuth2Client
|
||||||
|
protected static class ClientConfiguration extends TestSecurityConfiguration {
|
||||||
|
}
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableAuthorizationServer
|
@EnableAuthorizationServer
|
||||||
@EnableResourceServer
|
@EnableResourceServer
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue