From 8deb72be8043c02dd4b0f1b6220bef19d8d74e71 Mon Sep 17 00:00:00 2001 From: Madhura Bhave Date: Tue, 14 Mar 2017 11:01:02 -0700 Subject: [PATCH] Fix ResourceServerProperties validation Only try and validate if clientId is present. Fixes gh-8565 --- .../oauth2/resource/ResourceServerProperties.java | 6 ++++-- .../oauth2/resource/ResourceServerPropertiesTests.java | 8 ++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerProperties.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerProperties.java index 10a9ff2388..4da99ade0c 100644 --- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerProperties.java +++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerProperties.java @@ -207,6 +207,9 @@ public class ResourceServerProperties implements Validator, BeanFactoryAware { } private void validate(ResourceServerProperties target, Errors errors) { + if (!StringUtils.hasText(this.clientId)) { + return; + } boolean jwtConfigPresent = StringUtils.hasText(this.jwt.getKeyUri()) || StringUtils.hasText(this.jwt.getKeyValue()); boolean jwkConfigPresent = StringUtils.hasText(this.jwk.getKeySetUri()); @@ -228,8 +231,7 @@ public class ResourceServerProperties implements Validator, BeanFactoryAware { + "JWT verifier key"); } if (StringUtils.hasText(target.getTokenInfoUri()) && isPreferTokenInfo()) { - if (StringUtils.hasText(this.clientId) - && !StringUtils.hasText(this.clientSecret)) { + if (!StringUtils.hasText(this.clientSecret)) { errors.rejectValue("clientSecret", "missing.clientSecret", "Missing client secret"); } diff --git a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerPropertiesTests.java b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerPropertiesTests.java index 5c3df8890e..d78cfe3ef0 100644 --- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerPropertiesTests.java +++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerPropertiesTests.java @@ -55,6 +55,14 @@ public class ResourceServerPropertiesTests { assertThat(jwt.get("keyUri")).isNotNull(); } + @Test + public void validateWhenClientIdNullShouldNotFail() throws Exception { + this.properties = new ResourceServerProperties(null, "secret"); + setListableBeanFactory(); + this.properties.validate(this.properties, this.errors); + verifyZeroInteractions(this.errors); + } + @Test public void validateWhenBothJwtAndJwkKeyUrisPresentShouldFail() throws Exception { this.properties.getJwk().setKeySetUri("http://my-auth-server/token_keys");