Merge branch '3.0.x'

Closes gh-35789

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerJwkConfiguration.java

@@ -24,7 +24,6 @@ import java.util.Base64;
 import java.util.Collections;
 import java.util.List;
 import java.util.Set;
-import java.util.function.Supplier;
 
 import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
@@ -85,8 +84,8 @@ class ReactiveOAuth2ResourceServerJwkConfiguration {
 			customizers.orderedStream().forEach((customizer) -> customizer.customize(builder));
 			NimbusReactiveJwtDecoder nimbusReactiveJwtDecoder = builder.build();
 			String issuerUri = this.properties.getIssuerUri();
-			Supplier<OAuth2TokenValidator<Jwt>> defaultValidator = (issuerUri != null)
+			OAuth2TokenValidator<Jwt> defaultValidator = (issuerUri != null)
-					? () -> JwtValidators.createDefaultWithIssuer(issuerUri) : JwtValidators::createDefault;
+					? JwtValidators.createDefaultWithIssuer(issuerUri) : JwtValidators.createDefault();
 			nimbusReactiveJwtDecoder.setJwtValidator(getValidators(defaultValidator));
 			return nimbusReactiveJwtDecoder;
 		}
@@ -97,14 +96,13 @@ class ReactiveOAuth2ResourceServerJwkConfiguration {
 			}
 		}
 
-		private OAuth2TokenValidator<Jwt> getValidators(Supplier<OAuth2TokenValidator<Jwt>> defaultValidator) {
+		private OAuth2TokenValidator<Jwt> getValidators(OAuth2TokenValidator<Jwt> defaultValidator) {
-			OAuth2TokenValidator<Jwt> defaultValidators = defaultValidator.get();
 			List<String> audiences = this.properties.getAudiences();
 			if (CollectionUtils.isEmpty(audiences)) {
-				return defaultValidators;
+				return defaultValidator;
 			}
 			List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
-			validators.add(defaultValidators);
+			validators.add(defaultValidator);
 			validators.add(new JwtClaimValidator<List<String>>(JwtClaimNames.AUD,
 					(aud) -> aud != null && !Collections.disjoint(aud, audiences)));
 			return new DelegatingOAuth2TokenValidator<>(validators);
@@ -118,7 +116,7 @@ class ReactiveOAuth2ResourceServerJwkConfiguration {
 			NimbusReactiveJwtDecoder jwtDecoder = NimbusReactiveJwtDecoder.withPublicKey(publicKey)
 				.signatureAlgorithm(SignatureAlgorithm.from(exactlyOneAlgorithm()))
 				.build();
-			jwtDecoder.setJwtValidator(getValidators(JwtValidators::createDefault));
+			jwtDecoder.setJwtValidator(getValidators(JwtValidators.createDefault()));
 			return jwtDecoder;
 		}
 
@@ -148,7 +146,7 @@ class ReactiveOAuth2ResourceServerJwkConfiguration {
 				customizers.orderedStream().forEach((customizer) -> customizer.customize(builder));
 				NimbusReactiveJwtDecoder jwtDecoder = builder.build();
 				jwtDecoder.setJwtValidator(
-						getValidators(() -> JwtValidators.createDefaultWithIssuer(this.properties.getIssuerUri())));
+						getValidators(JwtValidators.createDefaultWithIssuer(this.properties.getIssuerUri())));
 				return jwtDecoder;
 			});
 		}

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerJwtConfiguration.java

@@ -24,7 +24,6 @@ import java.util.Base64;
 import java.util.Collections;
 import java.util.List;
 import java.util.Set;
-import java.util.function.Supplier;
 
 import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
@@ -85,8 +84,8 @@ class OAuth2ResourceServerJwtConfiguration {
 			customizers.orderedStream().forEach((customizer) -> customizer.customize(builder));
 			NimbusJwtDecoder nimbusJwtDecoder = builder.build();
 			String issuerUri = this.properties.getIssuerUri();
-			Supplier<OAuth2TokenValidator<Jwt>> defaultValidator = (issuerUri != null)
+			OAuth2TokenValidator<Jwt> defaultValidator = (issuerUri != null)
-					? () -> JwtValidators.createDefaultWithIssuer(issuerUri) : JwtValidators::createDefault;
+					? JwtValidators.createDefaultWithIssuer(issuerUri) : JwtValidators.createDefault();
 			nimbusJwtDecoder.setJwtValidator(getValidators(defaultValidator));
 			return nimbusJwtDecoder;
 		}
@@ -97,14 +96,13 @@ class OAuth2ResourceServerJwtConfiguration {
 			}
 		}
 
-		private OAuth2TokenValidator<Jwt> getValidators(Supplier<OAuth2TokenValidator<Jwt>> defaultValidator) {
+		private OAuth2TokenValidator<Jwt> getValidators(OAuth2TokenValidator<Jwt> defaultValidator) {
-			OAuth2TokenValidator<Jwt> defaultValidators = defaultValidator.get();
 			List<String> audiences = this.properties.getAudiences();
 			if (CollectionUtils.isEmpty(audiences)) {
-				return defaultValidators;
+				return defaultValidator;
 			}
 			List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
-			validators.add(defaultValidators);
+			validators.add(defaultValidator);
 			validators.add(new JwtClaimValidator<List<String>>(JwtClaimNames.AUD,
 					(aud) -> aud != null && !Collections.disjoint(aud, audiences)));
 			return new DelegatingOAuth2TokenValidator<>(validators);
@@ -118,7 +116,7 @@ class OAuth2ResourceServerJwtConfiguration {
 			NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withPublicKey(publicKey)
 				.signatureAlgorithm(SignatureAlgorithm.from(exactlyOneAlgorithm()))
 				.build();
-			jwtDecoder.setJwtValidator(getValidators(JwtValidators::createDefault));
+			jwtDecoder.setJwtValidator(getValidators(JwtValidators.createDefault()));
 			return jwtDecoder;
 		}
 
@@ -146,7 +144,7 @@ class OAuth2ResourceServerJwtConfiguration {
 				JwkSetUriJwtDecoderBuilder builder = NimbusJwtDecoder.withIssuerLocation(issuerUri);
 				customizers.orderedStream().forEach((customizer) -> customizer.customize(builder));
 				NimbusJwtDecoder jwtDecoder = builder.build();
-				jwtDecoder.setJwtValidator(getValidators(() -> JwtValidators.createDefaultWithIssuer(issuerUri)));
+				jwtDecoder.setJwtValidator(getValidators(JwtValidators.createDefaultWithIssuer(issuerUri)));
 				return jwtDecoder;
 			});
 		}