Remove oauth2-oidc-sdk dependency from oauth2-jose module

Fixes gh-5891
2018-09-20 15:20:11 -04:00 · 2018-09-20 15:20:11 -04:00 · 9565e90b6e
parent d46f83caf4
commit 9565e90b6e
3 changed files with 39 additions and 37 deletions
--- a/oauth2/oauth2-jose/spring-security-oauth2-jose.gradle
+++ b/oauth2/oauth2-jose/spring-security-oauth2-jose.gradle
@ -6,11 +6,11 @@ dependencies {
 	compile springCoreDependency
 	compile 'com.nimbusds:nimbus-jose-jwt'
 	optional 'com.nimbusds:oauth2-oidc-sdk'
 	optional 'io.projectreactor:reactor-core'
 	optional 'org.springframework:spring-webflux'
 	testCompile powerMock2Dependencies
 	testCompile 'com.squareup.okhttp3:mockwebserver'
 	testCompile 'io.projectreactor.netty:reactor-netty'
 	testCompile 'com.fasterxml.jackson.core:jackson-databind'
 }
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java
@ -15,11 +15,14 @@
 */
 package org.springframework.security.oauth2.jwt;
-import com.nimbusds.oauth2.sdk.ParseException;
+import org.springframework.core.ParameterizedTypeReference;
-import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
+import org.springframework.http.RequestEntity;
 import org.springframework.security.oauth2.core.OAuth2TokenValidator;
 import org.springframework.web.client.RestTemplate;
 import org.springframework.web.util.UriComponentsBuilder;
 import java.net.URI;
 import java.util.Map;
 /**
 * Allows creating a {@link JwtDecoder} from an
@ -42,9 +45,11 @@ public final class JwtDecoders {
 	 * @return a {@link JwtDecoder} that was initialized by the OpenID Provider Configuration.
 	 */
 	public static JwtDecoder fromOidcIssuerLocation(String oidcIssuerLocation) {
-		String openidConfiguration = getOpenidConfiguration(oidcIssuerLocation);
+		Map<String, Object> openidConfiguration = getOpenidConfiguration(oidcIssuerLocation);
-		OIDCProviderMetadata metadata = parse(openidConfiguration);
+		String metadataIssuer = "(unavailable)";
-		String metadataIssuer = metadata.getIssuer().getValue();
+		if (openidConfiguration.containsKey("issuer")) {
 			metadataIssuer = openidConfiguration.get("issuer").toString();
 		}
 		if (!oidcIssuerLocation.equals(metadataIssuer)) {
 			throw new IllegalStateException("The Issuer \"" + metadataIssuer + "\" provided in the OpenID Configuration " +
 					"did not match the requested issuer \"" + oidcIssuerLocation + "\"");
@ -54,30 +59,26 @@ public final class JwtDecoders {
 				JwtValidators.createDefaultWithIssuer(oidcIssuerLocation);
 		NimbusJwtDecoderJwkSupport jwtDecoder =
-				new NimbusJwtDecoderJwkSupport(metadata.getJWKSetURI().toASCIIString());
+				new NimbusJwtDecoderJwkSupport(openidConfiguration.get("jwks_uri").toString());
 		jwtDecoder.setJwtValidator(jwtValidator);
 		return jwtDecoder;
 	}
-	private static String getOpenidConfiguration(String issuer) {
+	private static Map<String, Object> getOpenidConfiguration(String issuer) {
 		ParameterizedTypeReference<Map<String, Object>> typeReference = new ParameterizedTypeReference<Map<String, Object>>() {};
 		RestTemplate rest = new RestTemplate();
 		try {
-			return rest.getForObject(issuer + "/.well-known/openid-configuration", String.class);
+			URI uri = UriComponentsBuilder.fromUriString(issuer + "/.well-known/openid-configuration")
 					.build()
 					.toUri();
 			RequestEntity<Void> request = RequestEntity.get(uri).build();
 			return rest.exchange(request, typeReference).getBody();
 		} catch(RuntimeException e) {
 			throw new IllegalArgumentException("Unable to resolve the OpenID Configuration with the provided Issuer of " +
 					"\"" + issuer + "\"", e);
 		}
 	}
 	private static OIDCProviderMetadata parse(String body) {
 		try {
 			return OIDCProviderMetadata.parse(body);
 		}
 		catch (ParseException e) {
 			throw new RuntimeException(e);
 		}
 	}
 	private JwtDecoders() {}
 }
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java
@ -15,11 +15,14 @@
 */
 package org.springframework.security.oauth2.jwt;
-import com.nimbusds.oauth2.sdk.ParseException;
+import org.springframework.core.ParameterizedTypeReference;
-import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
+import org.springframework.http.RequestEntity;
 import org.springframework.security.oauth2.core.OAuth2TokenValidator;
 import org.springframework.web.client.RestTemplate;
 import org.springframework.web.util.UriComponentsBuilder;
 import java.net.URI;
 import java.util.Map;
 /**
 * Allows creating a {@link ReactiveJwtDecoder} from an
@ -42,9 +45,11 @@ public final class ReactiveJwtDecoders {
 	 * @return a {@link ReactiveJwtDecoder} that was initialized by the OpenID Provider Configuration.
 	 */
 	public static ReactiveJwtDecoder fromOidcIssuerLocation(String oidcIssuerLocation) {
-		String openidConfiguration = getOpenidConfiguration(oidcIssuerLocation);
+		Map<String, Object> openidConfiguration = getOpenidConfiguration(oidcIssuerLocation);
-		OIDCProviderMetadata metadata = parse(openidConfiguration);
+		String metadataIssuer = "(unavailable)";
-		String metadataIssuer = metadata.getIssuer().getValue();
+		if (openidConfiguration.containsKey("issuer")) {
 			metadataIssuer = openidConfiguration.get("issuer").toString();
 		}
 		if (!oidcIssuerLocation.equals(metadataIssuer)) {
 			throw new IllegalStateException("The Issuer \"" + metadataIssuer + "\" provided in the OpenID Configuration " +
 					"did not match the requested issuer \"" + oidcIssuerLocation + "\"");
@ -54,30 +59,26 @@ public final class ReactiveJwtDecoders {
 				JwtValidators.createDefaultWithIssuer(oidcIssuerLocation);
 		NimbusReactiveJwtDecoder jwtDecoder =
-				new NimbusReactiveJwtDecoder(metadata.getJWKSetURI().toASCIIString());
+				new NimbusReactiveJwtDecoder(openidConfiguration.get("jwks_uri").toString());
 		jwtDecoder.setJwtValidator(jwtValidator);
 		return jwtDecoder;
 	}
-	private static String getOpenidConfiguration(String issuer) {
+	private static Map<String, Object> getOpenidConfiguration(String issuer) {
 		ParameterizedTypeReference<Map<String, Object>> typeReference = new ParameterizedTypeReference<Map<String, Object>>() {};
 		RestTemplate rest = new RestTemplate();
 		try {
-			return rest.getForObject(issuer + "/.well-known/openid-configuration", String.class);
+			URI uri = UriComponentsBuilder.fromUriString(issuer + "/.well-known/openid-configuration")
 					.build()
 					.toUri();
 			RequestEntity<Void> request = RequestEntity.get(uri).build();
 			return rest.exchange(request, typeReference).getBody();
 		} catch(RuntimeException e) {
 			throw new IllegalArgumentException("Unable to resolve the OpenID Configuration with the provided Issuer of " +
 					"\"" + issuer + "\"", e);
 		}
 	}
 	private static OIDCProviderMetadata parse(String body) {
 		try {
 			return OIDCProviderMetadata.parse(body);
 		}
 		catch (ParseException e) {
 			throw new RuntimeException(e);
 		}
 	}
 	private ReactiveJwtDecoders() {}
 }