root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 5 Packages Projects Releases Wiki Activity

Revert "Support overriding RestOperations in OidcIdTokenDecoderFactory" 

This reverts commit 9c352c4b4b.

Issue gh-14178
This commit is contained in:
Josh Cummings 2024-04-10 16:44:10 -06:00
parent 5a50bfccac
commit b1b84f9b8a
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
2 changed files with 3 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2024 the original author or authors. * Copyright 2002-2019 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -49,8 +49,6 @@ import org.springframework.security.oauth2.jwt.JwtTimestampValidator;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder; import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.springframework.web.client.RestOperations;
import org.springframework.web.client.RestTemplate;
/** /**
* A {@link JwtDecoderFactory factory} that provides a {@link JwtDecoder} used for * A {@link JwtDecoderFactory factory} that provides a {@link JwtDecoder} used for
@ -90,9 +88,6 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client
private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory = ( private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory = (
clientRegistration) -> DEFAULT_CLAIM_TYPE_CONVERTER; clientRegistration) -> DEFAULT_CLAIM_TYPE_CONVERTER;
private Function<ClientRegistration, RestOperations> restOperationsFactory = (
clientRegistration) -> new RestTemplate();
/** /**
* Returns the default {@link Converter}'s used for type conversion of claim values * Returns the default {@link Converter}'s used for type conversion of claim values
* for an {@link OidcIdToken}. * for an {@link OidcIdToken}.
@ -179,10 +174,7 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client
null); null);
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
} }
return NimbusJwtDecoder.withJwkSetUri(jwkSetUri) return NimbusJwtDecoder.withJwkSetUri(jwkSetUri).jwsAlgorithm((SignatureAlgorithm) jwsAlgorithm).build();
.jwsAlgorithm((SignatureAlgorithm) jwsAlgorithm)
.restOperations(this.restOperationsFactory.apply(clientRegistration))
.build();
} }
if (jwsAlgorithm != null && MacAlgorithm.class.isAssignableFrom(jwsAlgorithm.getClass())) { if (jwsAlgorithm != null && MacAlgorithm.class.isAssignableFrom(jwsAlgorithm.getClass())) {
// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation // https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
@ -255,18 +247,4 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client
this.claimTypeConverterFactory = claimTypeConverterFactory; this.claimTypeConverterFactory = claimTypeConverterFactory;
} }
/**
* Sets the factory that provides a {@link RestOperations} used by
* {@link NimbusJwtDecoder} to coordinate with the authorization servers indicated in
* the <a href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a> uri.
* @param restOperationsFactory the factory that provides a {@link RestOperations}
* used by {@link NimbusJwtDecoder}
*
* @since 6.3
*/
public void setRestOperationsFactory(Function<ClientRegistration, RestOperations> restOperationsFactory) {
Assert.notNull(restOperationsFactory, "restOperationsFactory cannot be null");
this.restOperationsFactory = restOperationsFactory;
}
} }

20
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2024 the original author or authors. * Copyright 2002-2019 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -34,8 +34,6 @@ import org.springframework.security.oauth2.jose.jws.JwsAlgorithm;
import org.springframework.security.oauth2.jose.jws.MacAlgorithm; import org.springframework.security.oauth2.jose.jws.MacAlgorithm;
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm; import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
import org.springframework.security.oauth2.jwt.Jwt; import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.web.client.RestOperations;
import org.springframework.web.client.RestTemplate;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType; import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@ -97,12 +95,6 @@ public class OidcIdTokenDecoderFactoryTests {
.isThrownBy(() -> this.idTokenDecoderFactory.setClaimTypeConverterFactory(null)); .isThrownBy(() -> this.idTokenDecoderFactory.setClaimTypeConverterFactory(null));
} }
@Test
public void setRestOperationsFactoryWhenNullThenThrowIllegalArgumentException() {
assertThatIllegalArgumentException()
.isThrownBy(() -> this.idTokenDecoderFactory.setRestOperationsFactory(null));
}
@Test @Test
public void createDecoderWhenClientRegistrationNullThenThrowIllegalArgumentException() { public void createDecoderWhenClientRegistrationNullThenThrowIllegalArgumentException() {
assertThatIllegalArgumentException().isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(null)); assertThatIllegalArgumentException().isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(null));
@ -185,14 +177,4 @@ public class OidcIdTokenDecoderFactoryTests {
verify(customClaimTypeConverterFactory).apply(same(clientRegistration)); verify(customClaimTypeConverterFactory).apply(same(clientRegistration));
} }
@Test
public void createDecoderWhenCustomRestOperationsFactorySetThenApplied() {
Function<ClientRegistration, RestOperations> customRestOperationsFactory = mock(Function.class);
this.idTokenDecoderFactory.setRestOperationsFactory(customRestOperationsFactory);
ClientRegistration clientRegistration = this.registration.build();
given(customRestOperationsFactory.apply(same(clientRegistration))).willReturn(new RestTemplate());
this.idTokenDecoderFactory.createDecoder(clientRegistration);
verify(customRestOperationsFactory).apply(same(clientRegistration));
}
} }