Merge branch '3.0.x'

Closes gh-35789
pull/35818/head
Andy Wilkinson 1 year ago
commit b9f7df6cc2

@ -24,7 +24,6 @@ import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.function.Supplier;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
@ -85,8 +84,8 @@ class ReactiveOAuth2ResourceServerJwkConfiguration {
customizers.orderedStream().forEach((customizer) -> customizer.customize(builder));
NimbusReactiveJwtDecoder nimbusReactiveJwtDecoder = builder.build();
String issuerUri = this.properties.getIssuerUri();
Supplier<OAuth2TokenValidator<Jwt>> defaultValidator = (issuerUri != null)
? () -> JwtValidators.createDefaultWithIssuer(issuerUri) : JwtValidators::createDefault;
OAuth2TokenValidator<Jwt> defaultValidator = (issuerUri != null)
? JwtValidators.createDefaultWithIssuer(issuerUri) : JwtValidators.createDefault();
nimbusReactiveJwtDecoder.setJwtValidator(getValidators(defaultValidator));
return nimbusReactiveJwtDecoder;
}
@ -97,14 +96,13 @@ class ReactiveOAuth2ResourceServerJwkConfiguration {
}
}
private OAuth2TokenValidator<Jwt> getValidators(Supplier<OAuth2TokenValidator<Jwt>> defaultValidator) {
OAuth2TokenValidator<Jwt> defaultValidators = defaultValidator.get();
private OAuth2TokenValidator<Jwt> getValidators(OAuth2TokenValidator<Jwt> defaultValidator) {
List<String> audiences = this.properties.getAudiences();
if (CollectionUtils.isEmpty(audiences)) {
return defaultValidators;
return defaultValidator;
}
List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
validators.add(defaultValidators);
validators.add(defaultValidator);
validators.add(new JwtClaimValidator<List<String>>(JwtClaimNames.AUD,
(aud) -> aud != null && !Collections.disjoint(aud, audiences)));
return new DelegatingOAuth2TokenValidator<>(validators);
@ -118,7 +116,7 @@ class ReactiveOAuth2ResourceServerJwkConfiguration {
NimbusReactiveJwtDecoder jwtDecoder = NimbusReactiveJwtDecoder.withPublicKey(publicKey)
.signatureAlgorithm(SignatureAlgorithm.from(exactlyOneAlgorithm()))
.build();
jwtDecoder.setJwtValidator(getValidators(JwtValidators::createDefault));
jwtDecoder.setJwtValidator(getValidators(JwtValidators.createDefault()));
return jwtDecoder;
}
@ -148,7 +146,7 @@ class ReactiveOAuth2ResourceServerJwkConfiguration {
customizers.orderedStream().forEach((customizer) -> customizer.customize(builder));
NimbusReactiveJwtDecoder jwtDecoder = builder.build();
jwtDecoder.setJwtValidator(
getValidators(() -> JwtValidators.createDefaultWithIssuer(this.properties.getIssuerUri())));
getValidators(JwtValidators.createDefaultWithIssuer(this.properties.getIssuerUri())));
return jwtDecoder;
});
}

@ -24,7 +24,6 @@ import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.function.Supplier;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
@ -85,8 +84,8 @@ class OAuth2ResourceServerJwtConfiguration {
customizers.orderedStream().forEach((customizer) -> customizer.customize(builder));
NimbusJwtDecoder nimbusJwtDecoder = builder.build();
String issuerUri = this.properties.getIssuerUri();
Supplier<OAuth2TokenValidator<Jwt>> defaultValidator = (issuerUri != null)
? () -> JwtValidators.createDefaultWithIssuer(issuerUri) : JwtValidators::createDefault;
OAuth2TokenValidator<Jwt> defaultValidator = (issuerUri != null)
? JwtValidators.createDefaultWithIssuer(issuerUri) : JwtValidators.createDefault();
nimbusJwtDecoder.setJwtValidator(getValidators(defaultValidator));
return nimbusJwtDecoder;
}
@ -97,14 +96,13 @@ class OAuth2ResourceServerJwtConfiguration {
}
}
private OAuth2TokenValidator<Jwt> getValidators(Supplier<OAuth2TokenValidator<Jwt>> defaultValidator) {
OAuth2TokenValidator<Jwt> defaultValidators = defaultValidator.get();
private OAuth2TokenValidator<Jwt> getValidators(OAuth2TokenValidator<Jwt> defaultValidator) {
List<String> audiences = this.properties.getAudiences();
if (CollectionUtils.isEmpty(audiences)) {
return defaultValidators;
return defaultValidator;
}
List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
validators.add(defaultValidators);
validators.add(defaultValidator);
validators.add(new JwtClaimValidator<List<String>>(JwtClaimNames.AUD,
(aud) -> aud != null && !Collections.disjoint(aud, audiences)));
return new DelegatingOAuth2TokenValidator<>(validators);
@ -118,7 +116,7 @@ class OAuth2ResourceServerJwtConfiguration {
NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withPublicKey(publicKey)
.signatureAlgorithm(SignatureAlgorithm.from(exactlyOneAlgorithm()))
.build();
jwtDecoder.setJwtValidator(getValidators(JwtValidators::createDefault));
jwtDecoder.setJwtValidator(getValidators(JwtValidators.createDefault()));
return jwtDecoder;
}
@ -146,7 +144,7 @@ class OAuth2ResourceServerJwtConfiguration {
JwkSetUriJwtDecoderBuilder builder = NimbusJwtDecoder.withIssuerLocation(issuerUri);
customizers.orderedStream().forEach((customizer) -> customizer.customize(builder));
NimbusJwtDecoder jwtDecoder = builder.build();
jwtDecoder.setJwtValidator(getValidators(() -> JwtValidators.createDefaultWithIssuer(issuerUri)));
jwtDecoder.setJwtValidator(getValidators(JwtValidators.createDefaultWithIssuer(issuerUri)));
return jwtDecoder;
});
}

Loading…
Cancel
Save