Remove oauth2-oidc-sdk dependency from oauth2-jose module
Fixes gh-5891
This commit is contained in:
Joe Grandja
parent
d46f83caf4
commit
9565e90b6e
|
|
@ -6,11 +6,11 @@ dependencies {
|
|||
compile springCoreDependency
|
||||
compile 'com.nimbusds:nimbus-jose-jwt'
|
||||
|
||||
optional 'com.nimbusds:oauth2-oidc-sdk'
|
||||
optional 'io.projectreactor:reactor-core'
|
||||
optional 'org.springframework:spring-webflux'
|
||||
|
||||
testCompile powerMock2Dependencies
|
||||
testCompile 'com.squareup.okhttp3:mockwebserver'
|
||||
testCompile 'io.projectreactor.netty:reactor-netty'
|
||||
testCompile 'com.fasterxml.jackson.core:jackson-databind'
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,11 +15,14 @@
|
|||
*/
|
||||
package org.springframework.security.oauth2.jwt;
|
||||
|
||||
import com.nimbusds.oauth2.sdk.ParseException;
|
||||
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
|
||||
|
||||
import org.springframework.core.ParameterizedTypeReference;
|
||||
import org.springframework.http.RequestEntity;
|
||||
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
import org.springframework.web.util.UriComponentsBuilder;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* Allows creating a {@link JwtDecoder} from an
|
||||
|
|
@ -42,9 +45,11 @@ public final class JwtDecoders {
|
|||
* @return a {@link JwtDecoder} that was initialized by the OpenID Provider Configuration.
|
||||
*/
|
||||
public static JwtDecoder fromOidcIssuerLocation(String oidcIssuerLocation) {
|
||||
String openidConfiguration = getOpenidConfiguration(oidcIssuerLocation);
|
||||
OIDCProviderMetadata metadata = parse(openidConfiguration);
|
||||
String metadataIssuer = metadata.getIssuer().getValue();
|
||||
Map<String, Object> openidConfiguration = getOpenidConfiguration(oidcIssuerLocation);
|
||||
String metadataIssuer = "(unavailable)";
|
||||
if (openidConfiguration.containsKey("issuer")) {
|
||||
metadataIssuer = openidConfiguration.get("issuer").toString();
|
||||
}
|
||||
if (!oidcIssuerLocation.equals(metadataIssuer)) {
|
||||
throw new IllegalStateException("The Issuer \"" + metadataIssuer + "\" provided in the OpenID Configuration " +
|
||||
"did not match the requested issuer \"" + oidcIssuerLocation + "\"");
|
||||
|
|
@ -54,30 +59,26 @@ public final class JwtDecoders {
|
|||
JwtValidators.createDefaultWithIssuer(oidcIssuerLocation);
|
||||
|
||||
NimbusJwtDecoderJwkSupport jwtDecoder =
|
||||
new NimbusJwtDecoderJwkSupport(metadata.getJWKSetURI().toASCIIString());
|
||||
new NimbusJwtDecoderJwkSupport(openidConfiguration.get("jwks_uri").toString());
|
||||
jwtDecoder.setJwtValidator(jwtValidator);
|
||||
|
||||
return jwtDecoder;
|
||||
}
|
||||
|
||||
private static String getOpenidConfiguration(String issuer) {
|
||||
private static Map<String, Object> getOpenidConfiguration(String issuer) {
|
||||
ParameterizedTypeReference<Map<String, Object>> typeReference = new ParameterizedTypeReference<Map<String, Object>>() {};
|
||||
RestTemplate rest = new RestTemplate();
|
||||
try {
|
||||
return rest.getForObject(issuer + "/.well-known/openid-configuration", String.class);
|
||||
URI uri = UriComponentsBuilder.fromUriString(issuer + "/.well-known/openid-configuration")
|
||||
.build()
|
||||
.toUri();
|
||||
RequestEntity<Void> request = RequestEntity.get(uri).build();
|
||||
return rest.exchange(request, typeReference).getBody();
|
||||
} catch(RuntimeException e) {
|
||||
throw new IllegalArgumentException("Unable to resolve the OpenID Configuration with the provided Issuer of " +
|
||||
"\"" + issuer + "\"", e);
|
||||
}
|
||||
}
|
||||
|
||||
private static OIDCProviderMetadata parse(String body) {
|
||||
try {
|
||||
return OIDCProviderMetadata.parse(body);
|
||||
}
|
||||
catch (ParseException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
private JwtDecoders() {}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,11 +15,14 @@
|
|||
*/
|
||||
package org.springframework.security.oauth2.jwt;
|
||||
|
||||
import com.nimbusds.oauth2.sdk.ParseException;
|
||||
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
|
||||
|
||||
import org.springframework.core.ParameterizedTypeReference;
|
||||
import org.springframework.http.RequestEntity;
|
||||
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
import org.springframework.web.util.UriComponentsBuilder;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* Allows creating a {@link ReactiveJwtDecoder} from an
|
||||
|
|
@ -42,9 +45,11 @@ public final class ReactiveJwtDecoders {
|
|||
* @return a {@link ReactiveJwtDecoder} that was initialized by the OpenID Provider Configuration.
|
||||
*/
|
||||
public static ReactiveJwtDecoder fromOidcIssuerLocation(String oidcIssuerLocation) {
|
||||
String openidConfiguration = getOpenidConfiguration(oidcIssuerLocation);
|
||||
OIDCProviderMetadata metadata = parse(openidConfiguration);
|
||||
String metadataIssuer = metadata.getIssuer().getValue();
|
||||
Map<String, Object> openidConfiguration = getOpenidConfiguration(oidcIssuerLocation);
|
||||
String metadataIssuer = "(unavailable)";
|
||||
if (openidConfiguration.containsKey("issuer")) {
|
||||
metadataIssuer = openidConfiguration.get("issuer").toString();
|
||||
}
|
||||
if (!oidcIssuerLocation.equals(metadataIssuer)) {
|
||||
throw new IllegalStateException("The Issuer \"" + metadataIssuer + "\" provided in the OpenID Configuration " +
|
||||
"did not match the requested issuer \"" + oidcIssuerLocation + "\"");
|
||||
|
|
@ -54,30 +59,26 @@ public final class ReactiveJwtDecoders {
|
|||
JwtValidators.createDefaultWithIssuer(oidcIssuerLocation);
|
||||
|
||||
NimbusReactiveJwtDecoder jwtDecoder =
|
||||
new NimbusReactiveJwtDecoder(metadata.getJWKSetURI().toASCIIString());
|
||||
new NimbusReactiveJwtDecoder(openidConfiguration.get("jwks_uri").toString());
|
||||
jwtDecoder.setJwtValidator(jwtValidator);
|
||||
|
||||
return jwtDecoder;
|
||||
}
|
||||
|
||||
private static String getOpenidConfiguration(String issuer) {
|
||||
private static Map<String, Object> getOpenidConfiguration(String issuer) {
|
||||
ParameterizedTypeReference<Map<String, Object>> typeReference = new ParameterizedTypeReference<Map<String, Object>>() {};
|
||||
RestTemplate rest = new RestTemplate();
|
||||
try {
|
||||
return rest.getForObject(issuer + "/.well-known/openid-configuration", String.class);
|
||||
URI uri = UriComponentsBuilder.fromUriString(issuer + "/.well-known/openid-configuration")
|
||||
.build()
|
||||
.toUri();
|
||||
RequestEntity<Void> request = RequestEntity.get(uri).build();
|
||||
return rest.exchange(request, typeReference).getBody();
|
||||
} catch(RuntimeException e) {
|
||||
throw new IllegalArgumentException("Unable to resolve the OpenID Configuration with the provided Issuer of " +
|
||||
"\"" + issuer + "\"", e);
|
||||
}
|
||||
}
|
||||
|
||||
private static OIDCProviderMetadata parse(String body) {
|
||||
try {
|
||||
return OIDCProviderMetadata.parse(body);
|
||||
}
|
||||
catch (ParseException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
private ReactiveJwtDecoders() {}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue