diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/JwtAccessTokenConverterRestTemplateCustomizer.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/JwtAccessTokenConverterRestTemplateCustomizer.java new file mode 100644 index 0000000000..2fa90587b4 --- /dev/null +++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/JwtAccessTokenConverterRestTemplateCustomizer.java @@ -0,0 +1,40 @@ +/* + * Copyright 2012-2017 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.boot.autoconfigure.security.oauth2.resource; + +import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; +import org.springframework.web.client.RestTemplate; + +/** + * Callback for customizing the {@link RestTemplate} that is used to fetch the keys used + * by {@link JwtAccessTokenConverter}. + * + * @author Eddú Meléndez + * @since 1.5.2 + * @see JwtAccessTokenConverter#setSigningKey(String) + * @see JwtAccessTokenConverter#setVerifierKey(String) + */ +@FunctionalInterface +public interface JwtAccessTokenConverterRestTemplateCustomizer { + + /** + * Customize the {@code template} before it is initialized. + * @param template the rest template + */ + void customize(RestTemplate template); + +} diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfiguration.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfiguration.java index bf101e8281..7e1504ad82 100644 --- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfiguration.java +++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfiguration.java @@ -76,6 +76,7 @@ import org.springframework.web.client.RestTemplate; * * @author Dave Syer * @author Madhura Bhave + * @author Eddú Meléndez * @since 1.3.0 */ @Configuration @@ -245,16 +246,18 @@ public class ResourceServerTokenServicesConfiguration { @Conditional(JwtTokenCondition.class) protected static class JwtTokenServicesConfiguration { - private RestTemplate keyUriRestTemplate = new RestTemplate(); - private final ResourceServerProperties resource; private final List configurers; + private final List customizers; + public JwtTokenServicesConfiguration(ResourceServerProperties resource, - ObjectProvider> configurers) { + ObjectProvider> configurers, + ObjectProvider> customizers) { this.resource = resource; this.configurers = configurers.getIfAvailable(); + this.customizers = customizers.getIfAvailable(); } @Bean @@ -299,6 +302,12 @@ public class ResourceServerTokenServicesConfiguration { } private String getKeyFromServer() { + RestTemplate keyUriRestTemplate = new RestTemplate(); + if (!CollectionUtils.isEmpty(this.customizers)) { + for (JwtAccessTokenConverterRestTemplateCustomizer customizer : this.customizers) { + customizer.customize(keyUriRestTemplate); + } + } HttpHeaders headers = new HttpHeaders(); String username = this.resource.getClientId(); String password = this.resource.getClientSecret(); @@ -308,7 +317,7 @@ public class ResourceServerTokenServicesConfiguration { } HttpEntity request = new HttpEntity(headers); String url = this.resource.getJwt().getKeyUri(); - return (String) this.keyUriRestTemplate + return (String) keyUriRestTemplate .exchange(url, HttpMethod.GET, request, Map.class).getBody() .get("value"); } diff --git a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfigurationTests.java b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfigurationTests.java index a94703a36e..fceac6d7b4 100644 --- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfigurationTests.java +++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfigurationTests.java @@ -55,17 +55,22 @@ import org.springframework.security.oauth2.client.OAuth2RestTemplate; import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails; import org.springframework.security.oauth2.provider.token.DefaultTokenServices; import org.springframework.security.oauth2.provider.token.RemoteTokenServices; +import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; import org.springframework.social.connect.ConnectionFactoryLocator; import org.springframework.stereotype.Component; +import org.springframework.web.client.RestTemplate; import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Matchers.any; import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; /** * Tests for {@link ResourceServerTokenServicesConfiguration}. * * @author Dave Syer * @author Madhura Bhave + * @author Eddú Meléndez */ public class ResourceServerTokenServicesConfigurationTests { @@ -242,6 +247,27 @@ public class ResourceServerTokenServicesConfigurationTests { .isInstanceOf(CustomUserInfoRestTemplateFactory.class); } + @Test + public void jwtAccessTokenConverterIsConfiguredWhenKeyUriIsProvided() { + EnvironmentTestUtils.addEnvironment(this.environment, + "security.oauth2.resource.jwt.key-uri=http://localhost:12345/banana"); + this.context = new SpringApplicationBuilder(ResourceConfiguration.class) + .environment(this.environment).web(false).run(); + assertThat(this.context.getBeansOfType(JwtAccessTokenConverter.class)).hasSize(1); + } + + @Test + public void jwtAccessTokenConverterRestTemplateCanBeCustomized() { + EnvironmentTestUtils.addEnvironment(this.environment, + "security.oauth2.resource.jwt.key-uri=http://localhost:12345/banana"); + this.context = new SpringApplicationBuilder(ResourceConfiguration.class, + JwtAccessTokenConverterRestTemplateCustomizerConfiguration.class) + .environment(this.environment).web(false).run(); + JwtAccessTokenConverterRestTemplateCustomizer customizer = this.context + .getBean(JwtAccessTokenConverterRestTemplateCustomizer.class); + verify(customizer).customize(any(RestTemplate.class)); + } + @Configuration @Import({ ResourceServerTokenServicesConfiguration.class, ResourceServerPropertiesConfiguration.class, @@ -356,4 +382,14 @@ public class ResourceServerTokenServicesConfigurationTests { } + @Configuration + static class JwtAccessTokenConverterRestTemplateCustomizerConfiguration { + + @Bean + public JwtAccessTokenConverterRestTemplateCustomizer restTemplateCustomizer() { + return mock(JwtAccessTokenConverterRestTemplateCustomizer.class); + } + + } + }