GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge branch '6.0.x' into 6.1.x 

Closes gh-14041
pull/14059/head
Steve Riesenberg 2 years ago
parent
8ca7d19de6 bb732e9d35
commit
b4e0873b1e
No known key found for this signature in database
GPG Key ID: 5F311AB48A55D521
2 changed files with 45 additions and 13 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 32
      oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
  2. 26
      oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java

32
oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
Unescape View File

@ -43,28 +43,34 @@ class ReactiveRemoteJWKSource implements ReactiveJWKSource {
*/ */
private final AtomicReference<Mono<JWKSet>> cachedJWKSet = new AtomicReference<>(Mono.empty()); private final AtomicReference<Mono<JWKSet>> cachedJWKSet = new AtomicReference<>(Mono.empty());
/**
* The cached JWK set URL.
*/
private final AtomicReference<String> cachedJwkSetUrl = new AtomicReference<>();
private WebClient webClient = WebClient.create(); private WebClient webClient = WebClient.create();
private final Mono<String> jwkSetURL; private final Mono<String> jwkSetUrlProvider;
ReactiveRemoteJWKSource(String jwkSetURL) { ReactiveRemoteJWKSource(String jwkSetURL) {
Assert.hasText(jwkSetURL, "jwkSetURL cannot be empty"); Assert.hasText(jwkSetURL, "jwkSetURL cannot be empty");
this.jwkSetURL = Mono.just(jwkSetURL); this.jwkSetUrlProvider = Mono.just(jwkSetURL);
} }
ReactiveRemoteJWKSource(Mono<String> jwkSetURL) { ReactiveRemoteJWKSource(Mono<String> jwkSetUrlProvider) {
Assert.notNull(jwkSetURL, "jwkSetURL cannot be null"); Assert.notNull(jwkSetUrlProvider, "jwkSetUrlProvider cannot be null");
this.jwkSetURL = jwkSetURL.cache(); this.jwkSetUrlProvider = Mono.fromCallable(this.cachedJwkSetUrl::get)
.switchIfEmpty(Mono.defer(() -> jwkSetUrlProvider.doOnNext(this.cachedJwkSetUrl::set)));
} }
@Override @Override
public Mono<List<JWK>> get(JWKSelector jwkSelector) { public Mono<List<JWK>> get(JWKSelector jwkSelector) {
// @formatter:off // @formatter:off
return this.cachedJWKSet.get() return this.cachedJWKSet.get()
.switchIfEmpty(Mono.defer(() -> getJWKSet())) .switchIfEmpty(Mono.defer(this::getJWKSet))
.flatMap((jwkSet) -> get(jwkSelector, jwkSet)) .flatMap((jwkSet) -> get(jwkSelector, jwkSet))
.switchIfEmpty(Mono.defer(() -> getJWKSet() .switchIfEmpty(Mono.defer(() -> getJWKSet()
.map((jwkSet) -> jwkSelector.select(jwkSet))) .map(jwkSelector::select))
); );
// @formatter:on // @formatter:on
} }
@ -100,13 +106,15 @@ class ReactiveRemoteJWKSource implements ReactiveJWKSource {
*/ */
private Mono<JWKSet> getJWKSet() { private Mono<JWKSet> getJWKSet() {
// @formatter:off // @formatter:off
return this.jwkSetURL.flatMap((jwkSetURL) -> this.webClient.get() return this.jwkSetUrlProvider
.uri(jwkSetURL) .flatMap((jwkSetURL) -> this.webClient.get()
.retrieve() .uri(jwkSetURL)
.bodyToMono(String.class)) .retrieve()
.bodyToMono(String.class)
)
.map(this::parse) .map(this::parse)
.doOnNext((jwkSet) -> this.cachedJWKSet .doOnNext((jwkSet) -> this.cachedJWKSet
.set(Mono.just(jwkSet)) .set(Mono.just(jwkSet))
) )
.cache(); .cache();
// @formatter:on // @formatter:on

26
oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSourceTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2018 the original author or authors. * Copyright 2002-2023 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -18,6 +18,7 @@ package org.springframework.security.oauth2.jwt;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.function.Supplier;
import com.nimbusds.jose.jwk.JWK; import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKMatcher; import com.nimbusds.jose.jwk.JWKMatcher;
@ -31,10 +32,16 @@ import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import reactor.core.publisher.Mono;
import org.springframework.web.reactive.function.client.WebClientResponseException;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.any;
import static org.mockito.BDDMockito.given; import static org.mockito.BDDMockito.given;
import static org.mockito.BDDMockito.willReturn;
import static org.mockito.BDDMockito.willThrow;
/** /**
* @author Rob Winch * @author Rob Winch
@ -52,6 +59,9 @@ public class ReactiveRemoteJWKSourceTests {
private MockWebServer server; private MockWebServer server;
@Mock
private Supplier<String> mockStringSupplier;
// @formatter:off // @formatter:off
private String keys = "{\n" private String keys = "{\n"
+ " \"keys\": [\n" + " \"keys\": [\n"
@ -156,4 +166,18 @@ public class ReactiveRemoteJWKSourceTests {
assertThat(this.source.get(this.selector).block()).isEmpty(); assertThat(this.source.get(this.selector).block()).isEmpty();
} }
@Test
public void getShouldRecoverAndReturnKeysAfterErrorCase() {
given(this.matcher.matches(any())).willReturn(true);
this.source = new ReactiveRemoteJWKSource(Mono.fromSupplier(this.mockStringSupplier));
willThrow(WebClientResponseException.ServiceUnavailable.class).given(this.mockStringSupplier).get();
// first case: id provider has error state
assertThatExceptionOfType(WebClientResponseException.ServiceUnavailable.class)
.isThrownBy(() -> this.source.get(this.selector).block());
// second case: id provider is healthy again
willReturn(this.server.url("/").toString()).given(this.mockStringSupplier).get();
List<JWK> actual = this.source.get(this.selector).block();
assertThat(actual).isNotEmpty();
}
} }

Write Preview
Loading…
Cancel
Save