GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Polish 

- Added JavaDoc @since attribute
- Added Predicate based test
- Adjusted test names

Issue gh-13427
pull/13631/head
Josh Cummings 2 years ago
parent
e1bae73703
commit
3307c656f4
4 changed files with 69 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
  2. 5
      oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
  3. 38
      oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
  4. 28
      oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java

5
oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
Unescape View File

@ -91,6 +91,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
* Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided * Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided
* parameters * parameters
* @param trustedIssuers an array of trusted issuers * @param trustedIssuers an array of trusted issuers
* @since 6.2
*/ */
public static JwtIssuerAuthenticationManagerResolver fromTrustedIssuers(String... trustedIssuers) { public static JwtIssuerAuthenticationManagerResolver fromTrustedIssuers(String... trustedIssuers) {
return fromTrustedIssuers(Set.of(trustedIssuers)); return fromTrustedIssuers(Set.of(trustedIssuers));
@ -100,6 +101,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
* Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided * Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided
* parameters * parameters
* @param trustedIssuers a collection of trusted issuers * @param trustedIssuers a collection of trusted issuers
* @since 6.2
*/ */
public static JwtIssuerAuthenticationManagerResolver fromTrustedIssuers(Collection<String> trustedIssuers) { public static JwtIssuerAuthenticationManagerResolver fromTrustedIssuers(Collection<String> trustedIssuers) {
Assert.notEmpty(trustedIssuers, "trustedIssuers cannot be empty"); Assert.notEmpty(trustedIssuers, "trustedIssuers cannot be empty");
@ -110,6 +112,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
* Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided * Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided
* parameters * parameters
* @param trustedIssuers a predicate to validate issuers * @param trustedIssuers a predicate to validate issuers
* @since 6.2
*/ */
public static JwtIssuerAuthenticationManagerResolver fromTrustedIssuers(Predicate<String> trustedIssuers) { public static JwtIssuerAuthenticationManagerResolver fromTrustedIssuers(Predicate<String> trustedIssuers) {
Assert.notNull(trustedIssuers, "trustedIssuers cannot be null"); Assert.notNull(trustedIssuers, "trustedIssuers cannot be null");
@ -225,7 +228,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
} }
else { else {
this.logger.debug(LogMessage this.logger.debug(LogMessage
.format("Did not resolve AuthenticationManager since issuer '%s' is not trusted", issuer)); .format("Did not resolve AuthenticationManager since issuer is not trusted", issuer));
} }
return null; return null;
} }

5
oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
Unescape View File

@ -95,6 +95,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
* Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the * Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the
* provided parameters * provided parameters
* @param trustedIssuers an array of trusted issuers * @param trustedIssuers an array of trusted issuers
* @since 6.2
*/ */
public static JwtIssuerReactiveAuthenticationManagerResolver fromTrustedIssuers(String... trustedIssuers) { public static JwtIssuerReactiveAuthenticationManagerResolver fromTrustedIssuers(String... trustedIssuers) {
return fromTrustedIssuers(Set.of(trustedIssuers)); return fromTrustedIssuers(Set.of(trustedIssuers));
@ -104,6 +105,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
* Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the * Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the
* provided parameters * provided parameters
* @param trustedIssuers a collection of trusted issuers * @param trustedIssuers a collection of trusted issuers
* @since 6.2
*/ */
public static JwtIssuerReactiveAuthenticationManagerResolver fromTrustedIssuers(Collection<String> trustedIssuers) { public static JwtIssuerReactiveAuthenticationManagerResolver fromTrustedIssuers(Collection<String> trustedIssuers) {
Assert.notEmpty(trustedIssuers, "trustedIssuers cannot be empty"); Assert.notEmpty(trustedIssuers, "trustedIssuers cannot be empty");
@ -114,6 +116,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
* Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the * Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the
* provided parameters * provided parameters
* @param trustedIssuers a predicate to validate issuers * @param trustedIssuers a predicate to validate issuers
* @since 6.2
*/ */
public static JwtIssuerReactiveAuthenticationManagerResolver fromTrustedIssuers(Predicate<String> trustedIssuers) { public static JwtIssuerReactiveAuthenticationManagerResolver fromTrustedIssuers(Predicate<String> trustedIssuers) {
Assert.notNull(trustedIssuers, "trustedIssuers cannot be null"); Assert.notNull(trustedIssuers, "trustedIssuers cannot be null");
@ -219,7 +222,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
public Mono<ReactiveAuthenticationManager> resolve(String issuer) { public Mono<ReactiveAuthenticationManager> resolve(String issuer) {
if (!this.trustedIssuer.test(issuer)) { if (!this.trustedIssuer.test(issuer)) {
this.logger.debug(LogMessage this.logger.debug(LogMessage
.format("Did not resolve AuthenticationManager since issuer '%s' is not trusted", issuer)); .format("Did not resolve AuthenticationManager since issuer is not trusted", issuer));
return Mono.empty(); return Mono.empty();
} }
// @formatter:off // @formatter:off

38
oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
Unescape View File

@ -65,7 +65,7 @@ public class JwtIssuerAuthenticationManagerResolverTests {
private String noIssuer = jwt("sub", "sub"); private String noIssuer = jwt("sub", "sub");
@Test @Test
public void resolveWhenUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception { public void resolveWhenUsingFromTrustedIssuersThenReturnsAuthenticationManager() throws Exception {
try (MockWebServer server = new MockWebServer()) { try (MockWebServer server = new MockWebServer()) {
server.start(); server.start();
String issuer = server.url("").toString(); String issuer = server.url("").toString();
@ -73,7 +73,7 @@ public class JwtIssuerAuthenticationManagerResolverTests {
server.enqueue(new MockResponse().setResponseCode(200) server.enqueue(new MockResponse().setResponseCode(200)
.setHeader("Content-Type", "application/json") .setHeader("Content-Type", "application/json")
.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer) .setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)
)); ));
server.enqueue(new MockResponse().setResponseCode(200) server.enqueue(new MockResponse().setResponseCode(200)
.setHeader("Content-Type", "application/json") .setHeader("Content-Type", "application/json")
.setBody(JWK_SET) .setBody(JWK_SET)
@ -96,6 +96,38 @@ public class JwtIssuerAuthenticationManagerResolverTests {
} }
} }
@Test
public void resolveWhenUsingFromTrustedIssuersPredicateThenReturnsAuthenticationManager() throws Exception {
try (MockWebServer server = new MockWebServer()) {
server.start();
String issuer = server.url("").toString();
// @formatter:off
server.enqueue(new MockResponse().setResponseCode(200)
.setHeader("Content-Type", "application/json")
.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)
));
server.enqueue(new MockResponse().setResponseCode(200)
.setHeader("Content-Type", "application/json")
.setBody(JWK_SET)
);
server.enqueue(new MockResponse().setResponseCode(200)
.setHeader("Content-Type", "application/json")
.setBody(JWK_SET)
);
// @formatter:on
JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256),
new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer))));
jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = JwtIssuerAuthenticationManagerResolver
.fromTrustedIssuers(issuer::equals);
Authentication token = withBearerToken(jws.serialize());
AuthenticationManager authenticationManager = authenticationManagerResolver.resolve(null);
assertThat(authenticationManager).isNotNull();
Authentication authentication = authenticationManager.authenticate(token);
assertThat(authentication.isAuthenticated()).isTrue();
}
}
@Test @Test
public void resolveWhednUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception { public void resolveWhednUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception {
try (MockWebServer server = new MockWebServer()) { try (MockWebServer server = new MockWebServer()) {
@ -230,7 +262,7 @@ public class JwtIssuerAuthenticationManagerResolverTests {
} }
@Test @Test
public void constructorWhenNullOrEmptyIssuersThenException() { public void factoryWhenNullOrEmptyIssuersThenException() {
assertThatIllegalArgumentException() assertThatIllegalArgumentException()
.isThrownBy(() -> JwtIssuerAuthenticationManagerResolver.fromTrustedIssuers((Predicate<String>) null)); .isThrownBy(() -> JwtIssuerAuthenticationManagerResolver.fromTrustedIssuers((Predicate<String>) null));
assertThatIllegalArgumentException() assertThatIllegalArgumentException()

28
oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
Unescape View File

@ -72,7 +72,7 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
private String noIssuer = jwt("sub", "sub"); private String noIssuer = jwt("sub", "sub");
@Test @Test
public void resolveWhenUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception { public void resolveWhenUsingFromTrustedIssuersThenReturnsAuthenticationManager() throws Exception {
try (MockWebServer server = new MockWebServer()) { try (MockWebServer server = new MockWebServer()) {
String issuer = server.url("").toString(); String issuer = server.url("").toString();
server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json") server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
@ -95,6 +95,30 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
} }
} }
@Test
public void resolveWhenUsingFromTrustedIssuersPredicateThenReturnsAuthenticationManager() throws Exception {
try (MockWebServer server = new MockWebServer()) {
String issuer = server.url("").toString();
server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)));
server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
.setBody(JWK_SET));
server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
.setBody(JWK_SET));
JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256),
new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer))));
jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = JwtIssuerReactiveAuthenticationManagerResolver
.fromTrustedIssuers(issuer::equals);
ReactiveAuthenticationManager authenticationManager = authenticationManagerResolver.resolve(null).block();
assertThat(authenticationManager).isNotNull();
BearerTokenAuthenticationToken token = withBearerToken(jws.serialize());
Authentication authentication = authenticationManager.authenticate(token).block();
assertThat(authentication).isNotNull();
assertThat(authentication.isAuthenticated()).isTrue();
}
}
// gh-10444 // gh-10444
@Test @Test
public void resolveWhednUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception { public void resolveWhednUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception {
@ -229,7 +253,7 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
} }
@Test @Test
public void constructorWhenNullOrEmptyIssuersThenException() { public void factoryWhenNullOrEmptyIssuersThenException() {
assertThatIllegalArgumentException().isThrownBy( assertThatIllegalArgumentException().isThrownBy(
() -> JwtIssuerReactiveAuthenticationManagerResolver.fromTrustedIssuers((Predicate<String>) null)); () -> JwtIssuerReactiveAuthenticationManagerResolver.fromTrustedIssuers((Predicate<String>) null));
assertThatIllegalArgumentException().isThrownBy( assertThatIllegalArgumentException().isThrownBy(

Write Preview
Loading…
Cancel
Save