Merge branch '6.1.x' into 6.2.x

docs/modules/ROOT/pages/servlet/oauth2/resource-server/multitenancy.adoc

@@ -374,29 +374,22 @@ Java::
 ----
 @Component
 public class TenantJwtIssuerValidator implements OAuth2TokenValidator<Jwt> {
-	private final TenantRepository tenants;
+    private final TenantRepository tenants;
-	private final Map<String, JwtIssuerValidator> validators = new ConcurrentHashMap<>();
 
-	public TenantJwtIssuerValidator(TenantRepository tenants) {
+    private final OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, "The iss claim is not valid",
-		this.tenants = tenants;
+            "https://tools.ietf.org/html/rfc6750#section-3.1");
-	}
 
-	@Override
+    public TenantJwtIssuerValidator(TenantRepository tenants) {
-	public OAuth2TokenValidatorResult validate(Jwt token) {
+        this.tenants = tenants;
-		return this.validators.computeIfAbsent(toTenant(token), this::fromTenant)
+    }
-				.validate(token);
-	}
 
-	private String toTenant(Jwt jwt) {
+    @Override
-		return jwt.getIssuer();
+    public OAuth2TokenValidatorResult validate(Jwt token) {
-	}
+        if(this.tenants.findById(token.getIssuer()) != null) {
-
+            return OAuth2TokenValidatorResult.success();
-	private JwtIssuerValidator fromTenant(String tenant) {
+        }
-		return Optional.ofNullable(this.tenants.findById(tenant))
+        return OAuth2TokenValidatorResult.failure(this.error);
-		        .map(t -> t.getAttribute("issuer"))
+    }
-				.map(JwtIssuerValidator::new)
-				.orElseThrow(() -> new IllegalArgumentException("unknown tenant"));
-	}
 }
 ----
 
@@ -405,32 +398,17 @@ Kotlin::
 [source,kotlin,role="secondary"]
 ----
 @Component
-class TenantJwtIssuerValidator(tenants: TenantRepository) : OAuth2TokenValidator<Jwt> {
+class TenantJwtIssuerValidator(private val tenants: TenantRepository) : OAuth2TokenValidator<Jwt> {
-    private val tenants: TenantRepository
+    private val error: OAuth2Error = OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, "The iss claim is not valid",
-    private val validators: MutableMap<String, JwtIssuerValidator> = ConcurrentHashMap()
+            "https://tools.ietf.org/html/rfc6750#section-3.1")
+
     override fun validate(token: Jwt): OAuth2TokenValidatorResult {
-        return validators.computeIfAbsent(toTenant(token)) { tenant: String -> fromTenant(tenant) }
+        return if (tenants.findById(token.issuer) != null)
-                .validate(token)
+            OAuth2TokenValidatorResult.success() else OAuth2TokenValidatorResult.failure(error)
-    }
-
-    private fun toTenant(jwt: Jwt): String {
-        return jwt.issuer.toString()
-    }
-
-    private fun fromTenant(tenant: String): JwtIssuerValidator {
-        return Optional.ofNullable(tenants.findById(tenant))
-                .map({ t -> t.getAttribute("issuer") })
-                .map({ JwtIssuerValidator() })
-                .orElseThrow({ IllegalArgumentException("unknown tenant") })
-    }
-
-    init {
-        this.tenants = tenants
     }
 }
 ----
 ======
-
 Now that we have a tenant-aware processor and a tenant-aware validator, we can proceed with creating our xref:servlet/oauth2/resource-server/jwt.adoc#oauth2resourceserver-jwt-architecture-jwtdecoder[`JwtDecoder`]:
 
 [tabs]