improve performance of Jwt issuer resolvers
This commit is contained in:
parent
da35fa0485
commit
7a713cab6f
|
@ -16,10 +16,9 @@
|
|||
|
||||
package org.springframework.security.oauth2.server.resource.authentication;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
import java.util.function.Predicate;
|
||||
|
||||
|
@ -49,7 +48,7 @@ import org.springframework.util.Assert;
|
|||
*
|
||||
* To use, this class must be able to determine whether the `iss` claim is trusted. Recall
|
||||
* that anyone can stand up an authorization server and issue valid tokens to a resource
|
||||
* server. The simplest way to achieve this is to supply a list of trusted issuers in the
|
||||
* server. The simplest way to achieve this is to supply a set of trusted issuers in the
|
||||
* constructor.
|
||||
*
|
||||
* This class derives the Issuer from the `iss` claim found in the
|
||||
|
@ -70,7 +69,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
|
|||
* @param trustedIssuers an array of trusted issuers
|
||||
*/
|
||||
public JwtIssuerAuthenticationManagerResolver(String... trustedIssuers) {
|
||||
this(Arrays.asList(trustedIssuers));
|
||||
this(Set.of(trustedIssuers));
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -81,8 +80,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
|
|||
public JwtIssuerAuthenticationManagerResolver(Collection<String> trustedIssuers) {
|
||||
Assert.notEmpty(trustedIssuers, "trustedIssuers cannot be empty");
|
||||
this.authenticationManager = new ResolvingAuthenticationManager(
|
||||
new TrustedIssuerJwtAuthenticationManagerResolver(
|
||||
Collections.unmodifiableCollection(trustedIssuers)::contains));
|
||||
new TrustedIssuerJwtAuthenticationManagerResolver(Set.copyOf(trustedIssuers)::contains));
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -91,7 +89,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
|
|||
*
|
||||
* Note that the {@link AuthenticationManagerResolver} provided in this constructor
|
||||
* will need to verify that the issuer is trusted. This should be done via an allowed
|
||||
* list of issuers.
|
||||
* set of issuers.
|
||||
*
|
||||
* One way to achieve this is with a {@link Map} where the keys are the known issuers:
|
||||
* <pre>
|
||||
|
|
|
@ -17,10 +17,9 @@
|
|||
package org.springframework.security.oauth2.server.resource.authentication;
|
||||
|
||||
import java.time.Duration;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
import java.util.function.Predicate;
|
||||
|
||||
|
@ -51,7 +50,7 @@ import org.springframework.web.server.ServerWebExchange;
|
|||
*
|
||||
* To use, this class must be able to determine whether the `iss` claim is trusted. Recall
|
||||
* that anyone can stand up an authorization server and issue valid tokens to a resource
|
||||
* server. The simplest way to achieve this is to supply a list of trusted issuers in the
|
||||
* server. The simplest way to achieve this is to supply a set of trusted issuers in the
|
||||
* constructor.
|
||||
*
|
||||
* This class derives the Issuer from the `iss` claim found in the
|
||||
|
@ -74,7 +73,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
|
|||
* @param trustedIssuers an array of trusted issuers
|
||||
*/
|
||||
public JwtIssuerReactiveAuthenticationManagerResolver(String... trustedIssuers) {
|
||||
this(Arrays.asList(trustedIssuers));
|
||||
this(Set.of(trustedIssuers));
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -85,7 +84,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
|
|||
public JwtIssuerReactiveAuthenticationManagerResolver(Collection<String> trustedIssuers) {
|
||||
Assert.notEmpty(trustedIssuers, "trustedIssuers cannot be empty");
|
||||
this.authenticationManager = new ResolvingAuthenticationManager(
|
||||
new TrustedIssuerJwtAuthenticationManagerResolver(new ArrayList<>(trustedIssuers)::contains));
|
||||
new TrustedIssuerJwtAuthenticationManagerResolver(Set.copyOf(trustedIssuers)::contains));
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -94,7 +93,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
|
|||
*
|
||||
* Note that the {@link ReactiveAuthenticationManagerResolver} provided in this
|
||||
* constructor will need to verify that the issuer is trusted. This should be done via
|
||||
* an allowed list of issuers.
|
||||
* an allowed set of issuers.
|
||||
*
|
||||
* One way to achieve this is with a {@link Map} where the keys are the known issuers:
|
||||
* <pre>
|
||||
|
|
Loading…
Reference in New Issue