parent
00f4033b9b
commit
72db6a20c9
|
@ -16,6 +16,7 @@
|
||||||
|
|
||||||
package org.springframework.security.oauth2.server.resource.authentication;
|
package org.springframework.security.oauth2.server.resource.authentication;
|
||||||
|
|
||||||
|
import java.time.Duration;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
@ -186,7 +187,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
|
||||||
return this.authenticationManagers.computeIfAbsent(issuer,
|
return this.authenticationManagers.computeIfAbsent(issuer,
|
||||||
(k) -> Mono.<ReactiveAuthenticationManager>fromCallable(() -> new JwtReactiveAuthenticationManager(ReactiveJwtDecoders.fromIssuerLocation(k)))
|
(k) -> Mono.<ReactiveAuthenticationManager>fromCallable(() -> new JwtReactiveAuthenticationManager(ReactiveJwtDecoders.fromIssuerLocation(k)))
|
||||||
.subscribeOn(Schedulers.boundedElastic())
|
.subscribeOn(Schedulers.boundedElastic())
|
||||||
.cache()
|
.cache((manager) -> Duration.ofMillis(Long.MAX_VALUE), (ex) -> Duration.ZERO, () -> Duration.ZERO)
|
||||||
);
|
);
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
}
|
}
|
||||||
|
|
|
@ -96,6 +96,44 @@ public class JwtIssuerAuthenticationManagerResolverTests {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void resolveWhednUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception {
|
||||||
|
try (MockWebServer server = new MockWebServer()) {
|
||||||
|
server.start();
|
||||||
|
String issuer = server.url("").toString();
|
||||||
|
// @formatter:off
|
||||||
|
server.enqueue(new MockResponse().setResponseCode(500)
|
||||||
|
.setHeader("Content-Type", "application/json")
|
||||||
|
.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer))
|
||||||
|
);
|
||||||
|
server.enqueue(new MockResponse().setResponseCode(200)
|
||||||
|
.setHeader("Content-Type", "application/json")
|
||||||
|
.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer))
|
||||||
|
);
|
||||||
|
server.enqueue(new MockResponse().setResponseCode(200)
|
||||||
|
.setHeader("Content-Type", "application/json")
|
||||||
|
.setBody(JWK_SET)
|
||||||
|
);
|
||||||
|
server.enqueue(new MockResponse().setResponseCode(200)
|
||||||
|
.setHeader("Content-Type", "application/json")
|
||||||
|
.setBody(JWK_SET)
|
||||||
|
);
|
||||||
|
// @formatter:on
|
||||||
|
JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256),
|
||||||
|
new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer))));
|
||||||
|
jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
|
||||||
|
JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(
|
||||||
|
issuer);
|
||||||
|
Authentication token = withBearerToken(jws.serialize());
|
||||||
|
AuthenticationManager authenticationManager = authenticationManagerResolver.resolve(null);
|
||||||
|
assertThat(authenticationManager).isNotNull();
|
||||||
|
assertThatExceptionOfType(IllegalArgumentException.class)
|
||||||
|
.isThrownBy(() -> authenticationManager.authenticate(token));
|
||||||
|
Authentication authentication = authenticationManager.authenticate(token);
|
||||||
|
assertThat(authentication.isAuthenticated()).isTrue();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void resolveWhenUsingSameIssuerThenReturnsSameAuthenticationManager() throws Exception {
|
public void resolveWhenUsingSameIssuerThenReturnsSameAuthenticationManager() throws Exception {
|
||||||
try (MockWebServer server = new MockWebServer()) {
|
try (MockWebServer server = new MockWebServer()) {
|
||||||
|
|
|
@ -95,6 +95,36 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// gh-10444
|
||||||
|
@Test
|
||||||
|
public void resolveWhednUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception {
|
||||||
|
try (MockWebServer server = new MockWebServer()) {
|
||||||
|
String issuer = server.url("").toString();
|
||||||
|
// @formatter:off
|
||||||
|
server.enqueue(new MockResponse().setResponseCode(500).setHeader("Content-Type", "application/json")
|
||||||
|
.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)));
|
||||||
|
server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
|
||||||
|
.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)));
|
||||||
|
server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
|
||||||
|
.setBody(JWK_SET));
|
||||||
|
server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
|
||||||
|
.setBody(JWK_SET));
|
||||||
|
// @formatter:on
|
||||||
|
JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256),
|
||||||
|
new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer))));
|
||||||
|
jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
|
||||||
|
JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
|
||||||
|
issuer);
|
||||||
|
ReactiveAuthenticationManager authenticationManager = authenticationManagerResolver.resolve(null).block();
|
||||||
|
assertThat(authenticationManager).isNotNull();
|
||||||
|
Authentication token = withBearerToken(jws.serialize());
|
||||||
|
assertThatExceptionOfType(IllegalArgumentException.class)
|
||||||
|
.isThrownBy(() -> authenticationManager.authenticate(token).block());
|
||||||
|
Authentication authentication = authenticationManager.authenticate(token).block();
|
||||||
|
assertThat(authentication.isAuthenticated()).isTrue();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void resolveWhenUsingSameIssuerThenReturnsSameAuthenticationManager() throws Exception {
|
public void resolveWhenUsingSameIssuerThenReturnsSameAuthenticationManager() throws Exception {
|
||||||
try (MockWebServer server = new MockWebServer()) {
|
try (MockWebServer server = new MockWebServer()) {
|
||||||
|
|
Loading…
Reference in New Issue