improve performance of Jwt issuer resolvers

This commit is contained in:
Baljit Singh 2023-07-13 10:57:13 -04:00 committed by Josh Cummings
parent da35fa0485
commit 7a713cab6f
2 changed files with 10 additions and 13 deletions

View File

@ -16,10 +16,9 @@
package org.springframework.security.oauth2.server.resource.authentication;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Predicate;
@ -49,7 +48,7 @@ import org.springframework.util.Assert;
*
* To use, this class must be able to determine whether the `iss` claim is trusted. Recall
* that anyone can stand up an authorization server and issue valid tokens to a resource
* server. The simplest way to achieve this is to supply a list of trusted issuers in the
* server. The simplest way to achieve this is to supply a set of trusted issuers in the
* constructor.
*
* This class derives the Issuer from the `iss` claim found in the
@ -70,7 +69,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
* @param trustedIssuers an array of trusted issuers
*/
public JwtIssuerAuthenticationManagerResolver(String... trustedIssuers) {
this(Arrays.asList(trustedIssuers));
this(Set.of(trustedIssuers));
}
/**
@ -81,8 +80,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
public JwtIssuerAuthenticationManagerResolver(Collection<String> trustedIssuers) {
Assert.notEmpty(trustedIssuers, "trustedIssuers cannot be empty");
this.authenticationManager = new ResolvingAuthenticationManager(
new TrustedIssuerJwtAuthenticationManagerResolver(
Collections.unmodifiableCollection(trustedIssuers)::contains));
new TrustedIssuerJwtAuthenticationManagerResolver(Set.copyOf(trustedIssuers)::contains));
}
/**
@ -91,7 +89,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
*
* Note that the {@link AuthenticationManagerResolver} provided in this constructor
* will need to verify that the issuer is trusted. This should be done via an allowed
* list of issuers.
* set of issuers.
*
* One way to achieve this is with a {@link Map} where the keys are the known issuers:
* <pre>

View File

@ -17,10 +17,9 @@
package org.springframework.security.oauth2.server.resource.authentication;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Predicate;
@ -51,7 +50,7 @@ import org.springframework.web.server.ServerWebExchange;
*
* To use, this class must be able to determine whether the `iss` claim is trusted. Recall
* that anyone can stand up an authorization server and issue valid tokens to a resource
* server. The simplest way to achieve this is to supply a list of trusted issuers in the
* server. The simplest way to achieve this is to supply a set of trusted issuers in the
* constructor.
*
* This class derives the Issuer from the `iss` claim found in the
@ -74,7 +73,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
* @param trustedIssuers an array of trusted issuers
*/
public JwtIssuerReactiveAuthenticationManagerResolver(String... trustedIssuers) {
this(Arrays.asList(trustedIssuers));
this(Set.of(trustedIssuers));
}
/**
@ -85,7 +84,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
public JwtIssuerReactiveAuthenticationManagerResolver(Collection<String> trustedIssuers) {
Assert.notEmpty(trustedIssuers, "trustedIssuers cannot be empty");
this.authenticationManager = new ResolvingAuthenticationManager(
new TrustedIssuerJwtAuthenticationManagerResolver(new ArrayList<>(trustedIssuers)::contains));
new TrustedIssuerJwtAuthenticationManagerResolver(Set.copyOf(trustedIssuers)::contains));
}
/**
@ -94,7 +93,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
*
* Note that the {@link ReactiveAuthenticationManagerResolver} provided in this
* constructor will need to verify that the issuer is trusted. This should be done via
* an allowed list of issuers.
* an allowed set of issuers.
*
* One way to achieve this is with a {@link Map} where the keys are the known issuers:
* <pre>