From f13697b278a6614fd0d48d78e07956b2210df5e0 Mon Sep 17 00:00:00 2001 From: Madhura Bhave Date: Fri, 7 Dec 2018 13:48:32 -0800 Subject: [PATCH] Make Resource Server auto-config conditional on JwtDecoder class Fixes gh-15372 --- .../ReactiveOAuth2ResourceServerAutoConfiguration.java | 4 +++- .../servlet/OAuth2ResourceServerAutoConfiguration.java | 3 ++- ...tiveOAuth2ResourceServerAutoConfigurationTests.java | 10 ++++++++++ .../OAuth2ResourceServerAutoConfigurationTests.java | 9 +++++++++ 4 files changed, 24 insertions(+), 2 deletions(-) diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerAutoConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerAutoConfiguration.java index 72cfb654de..de543cb160 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerAutoConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerAutoConfiguration.java @@ -25,6 +25,7 @@ import org.springframework.boot.context.properties.EnableConfigurationProperties import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; +import org.springframework.security.oauth2.jwt.JwtDecoder; import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken; /** @@ -37,7 +38,8 @@ import org.springframework.security.oauth2.server.resource.BearerTokenAuthentica @Configuration @AutoConfigureBefore(ReactiveSecurityAutoConfiguration.class) @EnableConfigurationProperties(OAuth2ResourceServerProperties.class) -@ConditionalOnClass({ EnableWebFluxSecurity.class, BearerTokenAuthenticationToken.class }) +@ConditionalOnClass({ EnableWebFluxSecurity.class, BearerTokenAuthenticationToken.class, + JwtDecoder.class }) @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE) @Import({ ReactiveOAuth2ResourceServerJwkConfiguration.class, ReactiveOAuth2ResourceServerWebSecurityConfiguration.class }) diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfiguration.java index d3e9f813e7..52432d77c4 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfiguration.java @@ -24,6 +24,7 @@ import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfi import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; +import org.springframework.security.oauth2.jwt.JwtDecoder; import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; /** @@ -35,7 +36,7 @@ import org.springframework.security.oauth2.server.resource.authentication.JwtAut @Configuration @AutoConfigureBefore(SecurityAutoConfiguration.class) @EnableConfigurationProperties(OAuth2ResourceServerProperties.class) -@ConditionalOnClass(JwtAuthenticationToken.class) +@ConditionalOnClass({ JwtAuthenticationToken.class, JwtDecoder.class }) @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET) @Import({ OAuth2ResourceServerJwtConfiguration.class, OAuth2ResourceServerWebSecurityConfiguration.class }) diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerAutoConfigurationTests.java index bcca68b151..7f30959d93 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerAutoConfigurationTests.java @@ -154,6 +154,16 @@ public class ReactiveOAuth2ResourceServerAutoConfigurationTests { .doesNotHaveBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN)); } + @Test + public void autoConfigurationShouldBeConditionalOnReactiveJwtDecoderClass() { + this.contextRunner.withPropertyValues( + "spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://jwk-set-uri.com") + .withUserConfiguration(JwtDecoderConfig.class) + .withClassLoader(new FilteredClassLoader(ReactiveJwtDecoder.class)) + .run((context) -> assertThat(context) + .doesNotHaveBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN)); + } + @Test public void autoConfigurationWhenSecurityWebFilterChainConfigPresentShouldNotAddOne() { this.contextRunner.withPropertyValues( diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java index 56cda029bb..2ce65ef901 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java @@ -149,6 +149,15 @@ public class OAuth2ResourceServerAutoConfigurationTests { .run((context) -> assertThat(getBearerTokenFilter(context)).isNull()); } + @Test + public void autoConfigurationShouldBeConditionalOnJwtDecoderClass() { + this.contextRunner.withPropertyValues( + "spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://jwk-set-uri.com") + .withUserConfiguration(JwtDecoderConfig.class) + .withClassLoader(new FilteredClassLoader(JwtDecoder.class)) + .run((context) -> assertThat(getBearerTokenFilter(context)).isNull()); + } + @SuppressWarnings("unchecked") private Filter getBearerTokenFilter(AssertableWebApplicationContext context) { FilterChainProxy filterChain = (FilterChainProxy) context