From dc9ff73805b45aa79c15eee89030df9e0cd5c86c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edd=C3=BA=20Mel=C3=A9ndez?= Date: Sun, 12 Feb 2017 18:31:10 -0500 Subject: [PATCH 1/2] Enable customization of RestTemplate that retrieves JwtAccessTokenConverter's key Closes gh-8268 See gh-5859 --- ...sTokenConverterRestTemplateCustomizer.java | 35 ++++++++++++++++++ ...ourceServerTokenServicesConfiguration.java | 15 ++++++-- ...ServerTokenServicesConfigurationTests.java | 37 +++++++++++++++++++ 3 files changed, 83 insertions(+), 4 deletions(-) create mode 100644 spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/JwtAccessTokenConverterRestTemplateCustomizer.java diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/JwtAccessTokenConverterRestTemplateCustomizer.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/JwtAccessTokenConverterRestTemplateCustomizer.java new file mode 100644 index 0000000000..bb5b8e00dd --- /dev/null +++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/JwtAccessTokenConverterRestTemplateCustomizer.java @@ -0,0 +1,35 @@ +/* + * Copyright 2012-2017 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.boot.autoconfigure.security.oauth2.resource; + +import org.springframework.web.client.RestTemplate; + +/** + * Callback for customizing the rest template used to fetch the token key. + * + * @author Eddú Meléndez + * @since 1.5.2 + */ +public interface JwtAccessTokenConverterRestTemplateCustomizer { + + /** + * Customize the rest template before it is initialized. + * @param template the rest template + */ + void customize(RestTemplate template); + +} diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfiguration.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfiguration.java index bf101e8281..4c3b3e018f 100644 --- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfiguration.java +++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfiguration.java @@ -76,6 +76,7 @@ import org.springframework.web.client.RestTemplate; * * @author Dave Syer * @author Madhura Bhave + * @author Eddú Meléndez * @since 1.3.0 */ @Configuration @@ -245,16 +246,18 @@ public class ResourceServerTokenServicesConfiguration { @Conditional(JwtTokenCondition.class) protected static class JwtTokenServicesConfiguration { - private RestTemplate keyUriRestTemplate = new RestTemplate(); - private final ResourceServerProperties resource; private final List configurers; + private final List customizers; + public JwtTokenServicesConfiguration(ResourceServerProperties resource, - ObjectProvider> configurers) { + ObjectProvider> configurers, + ObjectProvider> customizers) { this.resource = resource; this.configurers = configurers.getIfAvailable(); + this.customizers = customizers.getIfAvailable(); } @Bean @@ -299,6 +302,10 @@ public class ResourceServerTokenServicesConfiguration { } private String getKeyFromServer() { + RestTemplate keyUriRestTemplate = new RestTemplate(); + for (JwtAccessTokenConverterRestTemplateCustomizer customizer : this.customizers) { + customizer.customize(keyUriRestTemplate); + } HttpHeaders headers = new HttpHeaders(); String username = this.resource.getClientId(); String password = this.resource.getClientSecret(); @@ -308,7 +315,7 @@ public class ResourceServerTokenServicesConfiguration { } HttpEntity request = new HttpEntity(headers); String url = this.resource.getJwt().getKeyUri(); - return (String) this.keyUriRestTemplate + return (String) keyUriRestTemplate .exchange(url, HttpMethod.GET, request, Map.class).getBody() .get("value"); } diff --git a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfigurationTests.java b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfigurationTests.java index 54a988619b..8532beadce 100644 --- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfigurationTests.java +++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfigurationTests.java @@ -56,6 +56,7 @@ import org.springframework.security.oauth2.provider.token.DefaultTokenServices; import org.springframework.security.oauth2.provider.token.RemoteTokenServices; import org.springframework.social.connect.ConnectionFactoryLocator; import org.springframework.stereotype.Component; +import org.springframework.web.client.RestTemplate; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; @@ -65,6 +66,7 @@ import static org.mockito.Mockito.mock; * * @author Dave Syer * @author Madhura Bhave + * @author Eddú Meléndez */ public class ResourceServerTokenServicesConfigurationTests { @@ -240,6 +242,23 @@ public class ResourceServerTokenServicesConfigurationTests { .isInstanceOf(CustomUserInfoRestTemplateFactory.class); } + @Test + public void customRestTemplate() { + EnvironmentTestUtils.addEnvironment(this.environment, + "security.oauth2.resource.userInfoUri:http://example.com", + "security.oauth2.resource.tokenInfoUri:http://example.com", + "security.oauth2.resource.preferTokenInfo:false"); + this.context = new SpringApplicationBuilder(ResourceConfiguration.class, + RestTemplateCustomizer.class).environment(this.environment).web(false) + .run(); + String[] restTemplateCustomizers = this.context + .getBeanNamesForType(JwtAccessTokenConverterRestTemplateCustomizer.class); + UserInfoTokenServices services = this.context + .getBean(UserInfoTokenServices.class); + assertThat(restTemplateCustomizers).hasSize(1); + assertThat(services).isNotNull(); + } + @Configuration @Import({ ResourceServerTokenServicesConfiguration.class, ResourceServerPropertiesConfiguration.class, @@ -354,4 +373,22 @@ public class ResourceServerTokenServicesConfigurationTests { } + @Component + protected static class RestTemplateCustomizer + implements JwtAccessTokenConverterRestTemplateCustomizer { + + @Override + public void customize(RestTemplate template) { + template.getInterceptors().add(new ClientHttpRequestInterceptor() { + + @Override + public ClientHttpResponse intercept(HttpRequest request, byte[] body, + ClientHttpRequestExecution execution) throws IOException { + return execution.execute(request, body); + } + + }); + } + } + } From 9e9f006720a31d31cdaa45339fc62c82209ee6fa Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Fri, 3 Mar 2017 13:54:19 +0000 Subject: [PATCH 2/2] Polish "Enable customization of RestTemplate that retrieves JwtAccessTokenConverter's key" See gh-8268 See gh-5859 --- ...sTokenConverterRestTemplateCustomizer.java | 8 ++- ...ourceServerTokenServicesConfiguration.java | 6 ++- ...ServerTokenServicesConfigurationTests.java | 51 +++++++++---------- 3 files changed, 35 insertions(+), 30 deletions(-) diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/JwtAccessTokenConverterRestTemplateCustomizer.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/JwtAccessTokenConverterRestTemplateCustomizer.java index bb5b8e00dd..e8aaff3157 100644 --- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/JwtAccessTokenConverterRestTemplateCustomizer.java +++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/JwtAccessTokenConverterRestTemplateCustomizer.java @@ -16,18 +16,22 @@ package org.springframework.boot.autoconfigure.security.oauth2.resource; +import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; import org.springframework.web.client.RestTemplate; /** - * Callback for customizing the rest template used to fetch the token key. + * Callback for customizing the {@link RestTemplate} that is used to fetch the keys used + * by {@link JwtAccessTokenConverter}. * * @author Eddú Meléndez * @since 1.5.2 + * @see JwtAccessTokenConverter#setSigningKey(String) + * @see JwtAccessTokenConverter#setVerifierKey(String) */ public interface JwtAccessTokenConverterRestTemplateCustomizer { /** - * Customize the rest template before it is initialized. + * Customize the {@code template} before it is initialized. * @param template the rest template */ void customize(RestTemplate template); diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfiguration.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfiguration.java index 4c3b3e018f..7e1504ad82 100644 --- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfiguration.java +++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfiguration.java @@ -303,8 +303,10 @@ public class ResourceServerTokenServicesConfiguration { private String getKeyFromServer() { RestTemplate keyUriRestTemplate = new RestTemplate(); - for (JwtAccessTokenConverterRestTemplateCustomizer customizer : this.customizers) { - customizer.customize(keyUriRestTemplate); + if (!CollectionUtils.isEmpty(this.customizers)) { + for (JwtAccessTokenConverterRestTemplateCustomizer customizer : this.customizers) { + customizer.customize(keyUriRestTemplate); + } } HttpHeaders headers = new HttpHeaders(); String username = this.resource.getClientId(); diff --git a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfigurationTests.java b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfigurationTests.java index 8532beadce..e41923711e 100644 --- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfigurationTests.java +++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfigurationTests.java @@ -54,12 +54,15 @@ import org.springframework.security.oauth2.client.OAuth2RestTemplate; import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails; import org.springframework.security.oauth2.provider.token.DefaultTokenServices; import org.springframework.security.oauth2.provider.token.RemoteTokenServices; +import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; import org.springframework.social.connect.ConnectionFactoryLocator; import org.springframework.stereotype.Component; import org.springframework.web.client.RestTemplate; import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Matchers.any; import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; /** * Tests for {@link ResourceServerTokenServicesConfiguration}. @@ -243,20 +246,24 @@ public class ResourceServerTokenServicesConfigurationTests { } @Test - public void customRestTemplate() { + public void jwtAccessTokenConverterIsConfiguredWhenKeyUriIsProvided() { EnvironmentTestUtils.addEnvironment(this.environment, - "security.oauth2.resource.userInfoUri:http://example.com", - "security.oauth2.resource.tokenInfoUri:http://example.com", - "security.oauth2.resource.preferTokenInfo:false"); + "security.oauth2.resource.jwt.key-uri=http://localhost:12345/banana"); + this.context = new SpringApplicationBuilder(ResourceConfiguration.class) + .environment(this.environment).web(false).run(); + assertThat(this.context.getBeansOfType(JwtAccessTokenConverter.class)).hasSize(1); + } + + @Test + public void jwtAccessTokenConverterRestTemplateCanBeCustomized() { + EnvironmentTestUtils.addEnvironment(this.environment, + "security.oauth2.resource.jwt.key-uri=http://localhost:12345/banana"); this.context = new SpringApplicationBuilder(ResourceConfiguration.class, - RestTemplateCustomizer.class).environment(this.environment).web(false) - .run(); - String[] restTemplateCustomizers = this.context - .getBeanNamesForType(JwtAccessTokenConverterRestTemplateCustomizer.class); - UserInfoTokenServices services = this.context - .getBean(UserInfoTokenServices.class); - assertThat(restTemplateCustomizers).hasSize(1); - assertThat(services).isNotNull(); + JwtAccessTokenConverterRestTemplateCustomizerConfiguration.class) + .environment(this.environment).web(false).run(); + JwtAccessTokenConverterRestTemplateCustomizer customizer = this.context + .getBean(JwtAccessTokenConverterRestTemplateCustomizer.class); + verify(customizer).customize(any(RestTemplate.class)); } @Configuration @@ -373,22 +380,14 @@ public class ResourceServerTokenServicesConfigurationTests { } - @Component - protected static class RestTemplateCustomizer - implements JwtAccessTokenConverterRestTemplateCustomizer { - - @Override - public void customize(RestTemplate template) { - template.getInterceptors().add(new ClientHttpRequestInterceptor() { - - @Override - public ClientHttpResponse intercept(HttpRequest request, byte[] body, - ClientHttpRequestExecution execution) throws IOException { - return execution.execute(request, body); - } + @Configuration + static class JwtAccessTokenConverterRestTemplateCustomizerConfiguration { - }); + @Bean + public JwtAccessTokenConverterRestTemplateCustomizer restTemplateCustomizer() { + return mock(JwtAccessTokenConverterRestTemplateCustomizer.class); } + } }