Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Polish 

- Added JavaDoc @since attribute
- Added Predicate based test
- Adjusted test names

Issue gh-13427
This commit is contained in:
Josh Cummings 2023-08-07 14:34:18 -06:00
parent e1bae73703
commit 3307c656f4
4 changed files with 69 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
View File

@ -91,6 +91,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
* Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided * Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided
* parameters * parameters
* @param trustedIssuers an array of trusted issuers * @param trustedIssuers an array of trusted issuers
* @since 6.2
*/ */
public static JwtIssuerAuthenticationManagerResolver fromTrustedIssuers(String... trustedIssuers) { public static JwtIssuerAuthenticationManagerResolver fromTrustedIssuers(String... trustedIssuers) {
return fromTrustedIssuers(Set.of(trustedIssuers)); return fromTrustedIssuers(Set.of(trustedIssuers));
@ -100,6 +101,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
* Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided * Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided
* parameters * parameters
* @param trustedIssuers a collection of trusted issuers * @param trustedIssuers a collection of trusted issuers
* @since 6.2
*/ */
public static JwtIssuerAuthenticationManagerResolver fromTrustedIssuers(Collection<String> trustedIssuers) { public static JwtIssuerAuthenticationManagerResolver fromTrustedIssuers(Collection<String> trustedIssuers) {
Assert.notEmpty(trustedIssuers, "trustedIssuers cannot be empty"); Assert.notEmpty(trustedIssuers, "trustedIssuers cannot be empty");
@ -110,6 +112,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
* Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided * Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided
* parameters * parameters
* @param trustedIssuers a predicate to validate issuers * @param trustedIssuers a predicate to validate issuers
* @since 6.2
*/ */
public static JwtIssuerAuthenticationManagerResolver fromTrustedIssuers(Predicate<String> trustedIssuers) { public static JwtIssuerAuthenticationManagerResolver fromTrustedIssuers(Predicate<String> trustedIssuers) {
Assert.notNull(trustedIssuers, "trustedIssuers cannot be null"); Assert.notNull(trustedIssuers, "trustedIssuers cannot be null");
@ -225,7 +228,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
} }
else { else {
this.logger.debug(LogMessage this.logger.debug(LogMessage
.format("Did not resolve AuthenticationManager since issuer '%s' is not trusted", issuer)); .format("Did not resolve AuthenticationManager since issuer is not trusted", issuer));
} }
return null; return null;
} }

5
oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
View File

@ -95,6 +95,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
* Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the * Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the
* provided parameters * provided parameters
* @param trustedIssuers an array of trusted issuers * @param trustedIssuers an array of trusted issuers
* @since 6.2
*/ */
public static JwtIssuerReactiveAuthenticationManagerResolver fromTrustedIssuers(String... trustedIssuers) { public static JwtIssuerReactiveAuthenticationManagerResolver fromTrustedIssuers(String... trustedIssuers) {
return fromTrustedIssuers(Set.of(trustedIssuers)); return fromTrustedIssuers(Set.of(trustedIssuers));
@ -104,6 +105,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
* Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the * Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the
* provided parameters * provided parameters
* @param trustedIssuers a collection of trusted issuers * @param trustedIssuers a collection of trusted issuers
* @since 6.2
*/ */
public static JwtIssuerReactiveAuthenticationManagerResolver fromTrustedIssuers(Collection<String> trustedIssuers) { public static JwtIssuerReactiveAuthenticationManagerResolver fromTrustedIssuers(Collection<String> trustedIssuers) {
Assert.notEmpty(trustedIssuers, "trustedIssuers cannot be empty"); Assert.notEmpty(trustedIssuers, "trustedIssuers cannot be empty");
@ -114,6 +116,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
* Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the * Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the
* provided parameters * provided parameters
* @param trustedIssuers a predicate to validate issuers * @param trustedIssuers a predicate to validate issuers
* @since 6.2
*/ */
public static JwtIssuerReactiveAuthenticationManagerResolver fromTrustedIssuers(Predicate<String> trustedIssuers) { public static JwtIssuerReactiveAuthenticationManagerResolver fromTrustedIssuers(Predicate<String> trustedIssuers) {
Assert.notNull(trustedIssuers, "trustedIssuers cannot be null"); Assert.notNull(trustedIssuers, "trustedIssuers cannot be null");
@ -219,7 +222,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
public Mono<ReactiveAuthenticationManager> resolve(String issuer) { public Mono<ReactiveAuthenticationManager> resolve(String issuer) {
if (!this.trustedIssuer.test(issuer)) { if (!this.trustedIssuer.test(issuer)) {
this.logger.debug(LogMessage this.logger.debug(LogMessage
.format("Did not resolve AuthenticationManager since issuer '%s' is not trusted", issuer)); .format("Did not resolve AuthenticationManager since issuer is not trusted", issuer));
return Mono.empty(); return Mono.empty();
} }
// @formatter:off // @formatter:off

38
oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
View File

@ -65,7 +65,7 @@ public class JwtIssuerAuthenticationManagerResolverTests {
private String noIssuer = jwt("sub", "sub"); private String noIssuer = jwt("sub", "sub");
@Test @Test
public void resolveWhenUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception { public void resolveWhenUsingFromTrustedIssuersThenReturnsAuthenticationManager() throws Exception {
try (MockWebServer server = new MockWebServer()) { try (MockWebServer server = new MockWebServer()) {
server.start(); server.start();
String issuer = server.url("").toString(); String issuer = server.url("").toString();
@ -73,7 +73,7 @@ public class JwtIssuerAuthenticationManagerResolverTests {
server.enqueue(new MockResponse().setResponseCode(200) server.enqueue(new MockResponse().setResponseCode(200)
.setHeader("Content-Type", "application/json") .setHeader("Content-Type", "application/json")
.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer) .setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)
)); ));
server.enqueue(new MockResponse().setResponseCode(200) server.enqueue(new MockResponse().setResponseCode(200)
.setHeader("Content-Type", "application/json") .setHeader("Content-Type", "application/json")
.setBody(JWK_SET) .setBody(JWK_SET)
@ -96,6 +96,38 @@ public class JwtIssuerAuthenticationManagerResolverTests {
} }
} }
@Test
public void resolveWhenUsingFromTrustedIssuersPredicateThenReturnsAuthenticationManager() throws Exception {
try (MockWebServer server = new MockWebServer()) {
server.start();
String issuer = server.url("").toString();
// @formatter:off
server.enqueue(new MockResponse().setResponseCode(200)
.setHeader("Content-Type", "application/json")
.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)
));
server.enqueue(new MockResponse().setResponseCode(200)
.setHeader("Content-Type", "application/json")
.setBody(JWK_SET)
);
server.enqueue(new MockResponse().setResponseCode(200)
.setHeader("Content-Type", "application/json")
.setBody(JWK_SET)
);
// @formatter:on
JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256),
new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer))));
jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = JwtIssuerAuthenticationManagerResolver
.fromTrustedIssuers(issuer::equals);
Authentication token = withBearerToken(jws.serialize());
AuthenticationManager authenticationManager = authenticationManagerResolver.resolve(null);
assertThat(authenticationManager).isNotNull();
Authentication authentication = authenticationManager.authenticate(token);
assertThat(authentication.isAuthenticated()).isTrue();
}
}
@Test @Test
public void resolveWhednUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception { public void resolveWhednUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception {
try (MockWebServer server = new MockWebServer()) { try (MockWebServer server = new MockWebServer()) {
@ -230,7 +262,7 @@ public class JwtIssuerAuthenticationManagerResolverTests {
} }
@Test @Test
public void constructorWhenNullOrEmptyIssuersThenException() { public void factoryWhenNullOrEmptyIssuersThenException() {
assertThatIllegalArgumentException() assertThatIllegalArgumentException()
.isThrownBy(() -> JwtIssuerAuthenticationManagerResolver.fromTrustedIssuers((Predicate<String>) null)); .isThrownBy(() -> JwtIssuerAuthenticationManagerResolver.fromTrustedIssuers((Predicate<String>) null));
assertThatIllegalArgumentException() assertThatIllegalArgumentException()

28
oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
View File

@ -72,7 +72,7 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
private String noIssuer = jwt("sub", "sub"); private String noIssuer = jwt("sub", "sub");
@Test @Test
public void resolveWhenUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception { public void resolveWhenUsingFromTrustedIssuersThenReturnsAuthenticationManager() throws Exception {
try (MockWebServer server = new MockWebServer()) { try (MockWebServer server = new MockWebServer()) {
String issuer = server.url("").toString(); String issuer = server.url("").toString();
server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json") server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
@ -95,6 +95,30 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
} }
} }
@Test
public void resolveWhenUsingFromTrustedIssuersPredicateThenReturnsAuthenticationManager() throws Exception {
try (MockWebServer server = new MockWebServer()) {
String issuer = server.url("").toString();
server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)));
server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
.setBody(JWK_SET));
server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
.setBody(JWK_SET));
JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256),
new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer))));
jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = JwtIssuerReactiveAuthenticationManagerResolver
.fromTrustedIssuers(issuer::equals);
ReactiveAuthenticationManager authenticationManager = authenticationManagerResolver.resolve(null).block();
assertThat(authenticationManager).isNotNull();
BearerTokenAuthenticationToken token = withBearerToken(jws.serialize());
Authentication authentication = authenticationManager.authenticate(token).block();
assertThat(authentication).isNotNull();
assertThat(authentication.isAuthenticated()).isTrue();
}
}
// gh-10444 // gh-10444
@Test @Test
public void resolveWhednUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception { public void resolveWhednUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception {
@ -229,7 +253,7 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
} }
@Test @Test
public void constructorWhenNullOrEmptyIssuersThenException() { public void factoryWhenNullOrEmptyIssuersThenException() {
assertThatIllegalArgumentException().isThrownBy( assertThatIllegalArgumentException().isThrownBy(
() -> JwtIssuerReactiveAuthenticationManagerResolver.fromTrustedIssuers((Predicate<String>) null)); () -> JwtIssuerReactiveAuthenticationManagerResolver.fromTrustedIssuers((Predicate<String>) null));
assertThatIllegalArgumentException().isThrownBy( assertThatIllegalArgumentException().isThrownBy(