root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 12 Packages Projects Releases Wiki Activity

Merge pull request #20523 from m-kay 

* pr/20523:
  Polish "Configure signature algorithm when using public key jwt decoder"
  Configure signature algorithm when using public key jwt decoder

Closes gh-20523
This commit is contained in:
Stephane Nicoll 2020-03-23 11:17:36 +01:00
parent a2d70d46e1 08a89b6288
commit ef1f9b951d
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerJwtConfiguration.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2019 the original author or authors. * Copyright 2012-2020 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -78,7 +78,8 @@ class OAuth2ResourceServerJwtConfiguration {
JwtDecoder jwtDecoderByPublicKeyValue() throws Exception { JwtDecoder jwtDecoderByPublicKeyValue() throws Exception {
RSAPublicKey publicKey = (RSAPublicKey) KeyFactory.getInstance("RSA") RSAPublicKey publicKey = (RSAPublicKey) KeyFactory.getInstance("RSA")
.generatePublic(new X509EncodedKeySpec(getKeySpec(this.properties.readPublicKey()))); .generatePublic(new X509EncodedKeySpec(getKeySpec(this.properties.readPublicKey())));
return NimbusJwtDecoder.withPublicKey(publicKey).build(); return NimbusJwtDecoder.withPublicKey(publicKey)
.signatureAlgorithm(SignatureAlgorithm.from(this.properties.getJwsAlgorithm())).build();
} }
private byte[] getKeySpec(String keyValue) { private byte[] getKeySpec(String keyValue) {

12
spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2019 the original author or authors. * Copyright 2012-2020 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -190,6 +190,16 @@ class OAuth2ResourceServerAutoConfigurationTests {
.hasMessageContaining("Public key location does not exist")); .hasMessageContaining("Public key location does not exist"));
} }
@Test
void autoConfigurationShouldFailIfAlgorithmIsInvalid() {
this.contextRunner
.withPropertyValues(
"spring.security.oauth2.resourceserver.jwt.public-key-location=classpath:public-key-location",
"spring.security.oauth2.resourceserver.jwt.jws-algorithm=NOT_VALID")
.run((context) -> assertThat(context).hasFailed().getFailure()
.hasMessageContaining("signatureAlgorithm cannot be null"));
}
@Test @Test
void autoConfigurationWhenSetUriKeyLocationAndIssuerUriPresentShouldUseSetUri() { void autoConfigurationWhenSetUriKeyLocationAndIssuerUriPresentShouldUseSetUri() {
this.contextRunner this.contextRunner