Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

improve performance of Jwt issuer resolvers

This commit is contained in:
Baljit Singh 2023-07-13 10:57:13 -04:00 committed by Josh Cummings
parent da35fa0485
commit 7a713cab6f
2 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
View File

@ -16,10 +16,9 @@
package org.springframework.security.oauth2.server.resource.authentication; package org.springframework.security.oauth2.server.resource.authentication;
import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
import java.util.Collections;
import java.util.Map; import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Predicate; import java.util.function.Predicate;
@ -49,7 +48,7 @@ import org.springframework.util.Assert;
* *
* To use, this class must be able to determine whether the `iss` claim is trusted. Recall * To use, this class must be able to determine whether the `iss` claim is trusted. Recall
* that anyone can stand up an authorization server and issue valid tokens to a resource * that anyone can stand up an authorization server and issue valid tokens to a resource
* server. The simplest way to achieve this is to supply a list of trusted issuers in the * server. The simplest way to achieve this is to supply a set of trusted issuers in the
* constructor. * constructor.
* *
* This class derives the Issuer from the `iss` claim found in the * This class derives the Issuer from the `iss` claim found in the
@ -70,7 +69,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
* @param trustedIssuers an array of trusted issuers * @param trustedIssuers an array of trusted issuers
*/ */
public JwtIssuerAuthenticationManagerResolver(String... trustedIssuers) { public JwtIssuerAuthenticationManagerResolver(String... trustedIssuers) {
this(Arrays.asList(trustedIssuers)); this(Set.of(trustedIssuers));
} }
/** /**
@ -81,8 +80,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
public JwtIssuerAuthenticationManagerResolver(Collection<String> trustedIssuers) { public JwtIssuerAuthenticationManagerResolver(Collection<String> trustedIssuers) {
Assert.notEmpty(trustedIssuers, "trustedIssuers cannot be empty"); Assert.notEmpty(trustedIssuers, "trustedIssuers cannot be empty");
this.authenticationManager = new ResolvingAuthenticationManager( this.authenticationManager = new ResolvingAuthenticationManager(
new TrustedIssuerJwtAuthenticationManagerResolver( new TrustedIssuerJwtAuthenticationManagerResolver(Set.copyOf(trustedIssuers)::contains));
Collections.unmodifiableCollection(trustedIssuers)::contains));
} }
/** /**
@ -91,7 +89,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
* *
* Note that the {@link AuthenticationManagerResolver} provided in this constructor * Note that the {@link AuthenticationManagerResolver} provided in this constructor
* will need to verify that the issuer is trusted. This should be done via an allowed * will need to verify that the issuer is trusted. This should be done via an allowed
* list of issuers. * set of issuers.
* *
* One way to achieve this is with a {@link Map} where the keys are the known issuers: * One way to achieve this is with a {@link Map} where the keys are the known issuers:
* <pre> * <pre>

11
oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
View File

@ -17,10 +17,9 @@
package org.springframework.security.oauth2.server.resource.authentication; package org.springframework.security.oauth2.server.resource.authentication;
import java.time.Duration; import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
import java.util.Map; import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Predicate; import java.util.function.Predicate;
@ -51,7 +50,7 @@ import org.springframework.web.server.ServerWebExchange;
* *
* To use, this class must be able to determine whether the `iss` claim is trusted. Recall * To use, this class must be able to determine whether the `iss` claim is trusted. Recall
* that anyone can stand up an authorization server and issue valid tokens to a resource * that anyone can stand up an authorization server and issue valid tokens to a resource
* server. The simplest way to achieve this is to supply a list of trusted issuers in the * server. The simplest way to achieve this is to supply a set of trusted issuers in the
* constructor. * constructor.
* *
* This class derives the Issuer from the `iss` claim found in the * This class derives the Issuer from the `iss` claim found in the
@ -74,7 +73,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
* @param trustedIssuers an array of trusted issuers * @param trustedIssuers an array of trusted issuers
*/ */
public JwtIssuerReactiveAuthenticationManagerResolver(String... trustedIssuers) { public JwtIssuerReactiveAuthenticationManagerResolver(String... trustedIssuers) {
this(Arrays.asList(trustedIssuers)); this(Set.of(trustedIssuers));
} }
/** /**
@ -85,7 +84,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
public JwtIssuerReactiveAuthenticationManagerResolver(Collection<String> trustedIssuers) { public JwtIssuerReactiveAuthenticationManagerResolver(Collection<String> trustedIssuers) {
Assert.notEmpty(trustedIssuers, "trustedIssuers cannot be empty"); Assert.notEmpty(trustedIssuers, "trustedIssuers cannot be empty");
this.authenticationManager = new ResolvingAuthenticationManager( this.authenticationManager = new ResolvingAuthenticationManager(
new TrustedIssuerJwtAuthenticationManagerResolver(new ArrayList<>(trustedIssuers)::contains)); new TrustedIssuerJwtAuthenticationManagerResolver(Set.copyOf(trustedIssuers)::contains));
} }
/** /**
@ -94,7 +93,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
* *
* Note that the {@link ReactiveAuthenticationManagerResolver} provided in this * Note that the {@link ReactiveAuthenticationManagerResolver} provided in this
* constructor will need to verify that the issuer is trusted. This should be done via * constructor will need to verify that the issuer is trusted. This should be done via
* an allowed list of issuers. * an allowed set of issuers.
* *
* One way to achieve this is with a {@link Map} where the keys are the known issuers: * One way to achieve this is with a {@link Map} where the keys are the known issuers:
* <pre> * <pre>