Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch '6.0.x' into 6.1.x 

Closes gh-14041
This commit is contained in:
Steve Riesenberg 2023-10-19 16:43:21 -05:00
parent 8ca7d19de6 bb732e9d35
commit b4e0873b1e
No known key found for this signature in database
GPG Key ID: 5F311AB48A55D521
2 changed files with 45 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
View File

@ -43,28 +43,34 @@ class ReactiveRemoteJWKSource implements ReactiveJWKSource {
*/ */
private final AtomicReference<Mono<JWKSet>> cachedJWKSet = new AtomicReference<>(Mono.empty()); private final AtomicReference<Mono<JWKSet>> cachedJWKSet = new AtomicReference<>(Mono.empty());
/**
* The cached JWK set URL.
*/
private final AtomicReference<String> cachedJwkSetUrl = new AtomicReference<>();
private WebClient webClient = WebClient.create(); private WebClient webClient = WebClient.create();
private final Mono<String> jwkSetURL; private final Mono<String> jwkSetUrlProvider;
ReactiveRemoteJWKSource(String jwkSetURL) { ReactiveRemoteJWKSource(String jwkSetURL) {
Assert.hasText(jwkSetURL, "jwkSetURL cannot be empty"); Assert.hasText(jwkSetURL, "jwkSetURL cannot be empty");
this.jwkSetURL = Mono.just(jwkSetURL); this.jwkSetUrlProvider = Mono.just(jwkSetURL);
} }
ReactiveRemoteJWKSource(Mono<String> jwkSetURL) { ReactiveRemoteJWKSource(Mono<String> jwkSetUrlProvider) {
Assert.notNull(jwkSetURL, "jwkSetURL cannot be null"); Assert.notNull(jwkSetUrlProvider, "jwkSetUrlProvider cannot be null");
this.jwkSetURL = jwkSetURL.cache(); this.jwkSetUrlProvider = Mono.fromCallable(this.cachedJwkSetUrl::get)
.switchIfEmpty(Mono.defer(() -> jwkSetUrlProvider.doOnNext(this.cachedJwkSetUrl::set)));
} }
@Override @Override
public Mono<List<JWK>> get(JWKSelector jwkSelector) { public Mono<List<JWK>> get(JWKSelector jwkSelector) {
// @formatter:off // @formatter:off
return this.cachedJWKSet.get() return this.cachedJWKSet.get()
.switchIfEmpty(Mono.defer(() -> getJWKSet())) .switchIfEmpty(Mono.defer(this::getJWKSet))
.flatMap((jwkSet) -> get(jwkSelector, jwkSet)) .flatMap((jwkSet) -> get(jwkSelector, jwkSet))
.switchIfEmpty(Mono.defer(() -> getJWKSet() .switchIfEmpty(Mono.defer(() -> getJWKSet()
.map((jwkSet) -> jwkSelector.select(jwkSet))) .map(jwkSelector::select))
); );
// @formatter:on // @formatter:on
} }
@ -100,10 +106,12 @@ class ReactiveRemoteJWKSource implements ReactiveJWKSource {
*/ */
private Mono<JWKSet> getJWKSet() { private Mono<JWKSet> getJWKSet() {
// @formatter:off // @formatter:off
return this.jwkSetURL.flatMap((jwkSetURL) -> this.webClient.get() return this.jwkSetUrlProvider
.flatMap((jwkSetURL) -> this.webClient.get()
.uri(jwkSetURL) .uri(jwkSetURL)
.retrieve() .retrieve()
.bodyToMono(String.class)) .bodyToMono(String.class)
)
.map(this::parse) .map(this::parse)
.doOnNext((jwkSet) -> this.cachedJWKSet .doOnNext((jwkSet) -> this.cachedJWKSet
.set(Mono.just(jwkSet)) .set(Mono.just(jwkSet))

26
oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2018 the original author or authors. * Copyright 2002-2023 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -18,6 +18,7 @@ package org.springframework.security.oauth2.jwt;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.function.Supplier;
import com.nimbusds.jose.jwk.JWK; import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKMatcher; import com.nimbusds.jose.jwk.JWKMatcher;
@ -31,10 +32,16 @@ import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import reactor.core.publisher.Mono;
import org.springframework.web.reactive.function.client.WebClientResponseException;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.any;
import static org.mockito.BDDMockito.given; import static org.mockito.BDDMockito.given;
import static org.mockito.BDDMockito.willReturn;
import static org.mockito.BDDMockito.willThrow;
/** /**
* @author Rob Winch * @author Rob Winch
@ -52,6 +59,9 @@ public class ReactiveRemoteJWKSourceTests {
private MockWebServer server; private MockWebServer server;
@Mock
private Supplier<String> mockStringSupplier;
// @formatter:off // @formatter:off
private String keys = "{\n" private String keys = "{\n"
+ " \"keys\": [\n" + " \"keys\": [\n"
@ -156,4 +166,18 @@ public class ReactiveRemoteJWKSourceTests {
assertThat(this.source.get(this.selector).block()).isEmpty(); assertThat(this.source.get(this.selector).block()).isEmpty();
} }
@Test
public void getShouldRecoverAndReturnKeysAfterErrorCase() {
given(this.matcher.matches(any())).willReturn(true);
this.source = new ReactiveRemoteJWKSource(Mono.fromSupplier(this.mockStringSupplier));
willThrow(WebClientResponseException.ServiceUnavailable.class).given(this.mockStringSupplier).get();
// first case: id provider has error state
assertThatExceptionOfType(WebClientResponseException.ServiceUnavailable.class)
.isThrownBy(() -> this.source.get(this.selector).block());
// second case: id provider is healthy again
willReturn(this.server.url("/").toString()).given(this.mockStringSupplier).get();
List<JWK> actual = this.source.get(this.selector).block();
assertThat(actual).isNotEmpty();
}
} }