GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Favor URL.toExternalForm 

Converts URLs to Strings before comparing them. Uses toString(),
which delegates to toExternalForm().

Fixes: gh-6073
pull/6079/head
Josh Cummings 7 years ago
parent
a32d19ec7d
commit
c70b65c5df
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
2 changed files with 17 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtIssuerValidator.java
  2. 16
      oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java

7
oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtIssuerValidator.java
Unescape View File

@ -37,7 +37,7 @@ public final class JwtIssuerValidator implements OAuth2TokenValidator<Jwt> { @@ -37,7 +37,7 @@ public final class JwtIssuerValidator implements OAuth2TokenValidator<Jwt> {
"This iss claim is not equal to the configured issuer",
"https://tools.ietf.org/html/rfc6750#section-3.1");
private final URL issuer;
private final String issuer;
/**
* Constructs a {@link JwtIssuerValidator} using the provided parameters
@ -48,7 +48,7 @@ public final class JwtIssuerValidator implements OAuth2TokenValidator<Jwt> { @@ -48,7 +48,7 @@ public final class JwtIssuerValidator implements OAuth2TokenValidator<Jwt> {
Assert.notNull(issuer, "issuer cannot be null");
try {
this.issuer = new URL(issuer);
this.issuer = new URL(issuer).toString();
} catch (MalformedURLException ex) {
throw new IllegalArgumentException(
"Invalid Issuer URL " + issuer + " : " + ex.getMessage(),
@ -63,7 +63,8 @@ public final class JwtIssuerValidator implements OAuth2TokenValidator<Jwt> { @@ -63,7 +63,8 @@ public final class JwtIssuerValidator implements OAuth2TokenValidator<Jwt> {
public OAuth2TokenValidatorResult validate(Jwt token) {
Assert.notNull(token, "token cannot be null");
if (this.issuer.equals(token.getIssuer())) {
String tokenIssuer = token.getClaimAsString(JwtClaimNames.ISS);
if (this.issuer.equals(tokenIssuer)) {
return OAuth2TokenValidatorResult.success();
} else {
return OAuth2TokenValidatorResult.failure(INVALID_ISSUER);

16
oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtIssuerValidatorTests.java
Unescape View File

@ -23,9 +23,6 @@ import org.junit.Test; @@ -23,9 +23,6 @@ import org.junit.Test;
import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
import org.springframework.security.oauth2.jose.jws.JwsAlgorithms;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtClaimNames;
import org.springframework.security.oauth2.jwt.JwtIssuerValidator;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatCode;
@ -72,6 +69,19 @@ public class JwtIssuerValidatorTests { @@ -72,6 +69,19 @@ public class JwtIssuerValidatorTests {
assertThat(result.getErrors()).isNotEmpty();
}
@Test
public void validateWhenJwtHasNoIssuerThenReturnsError() {
Jwt jwt = new Jwt(
MOCK_TOKEN,
MOCK_ISSUED_AT,
MOCK_EXPIRES_AT,
MOCK_HEADERS,
Collections.singletonMap(JwtClaimNames.AUD, "https://aud"));
OAuth2TokenValidatorResult result = this.validator.validate(jwt);
assertThat(result.getErrors()).isNotEmpty();
}
@Test
public void validateWhenJwtIsNullThenThrowsIllegalArgumentException() {
assertThatCode(() -> this.validator.validate(null))

Write Preview
Loading…
Cancel
Save