GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge branch '6.5.x'

pull/17703/head
Joe Grandja 4 months ago
parent
a5c38bdc94 518ae27105
commit
df3080b0e2
1 changed files with 13 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java

16
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
Unescape View File

@ -66,6 +66,7 @@ import org.springframework.security.web.util.matcher.OrRequestMatcher; @@ -66,6 +66,7 @@ import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.util.ClassUtils;
import org.springframework.web.accept.ContentNegotiationStrategy;
import org.springframework.web.accept.HeaderContentNegotiationStrategy;
@ -149,13 +150,19 @@ import org.springframework.web.accept.HeaderContentNegotiationStrategy; @@ -149,13 +150,19 @@ import org.springframework.web.accept.HeaderContentNegotiationStrategy;
public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractHttpConfigurer<OAuth2ResourceServerConfigurer<H>, H> {
private static final boolean dPoPAuthenticationAvailable;
static {
ClassLoader classLoader = OAuth2ResourceServerConfigurer.class.getClassLoader();
dPoPAuthenticationAvailable = ClassUtils
.isPresent("org.springframework.security.oauth2.jwt.DPoPProofJwtDecoderFactory", classLoader);
}
private static final RequestHeaderRequestMatcher X_REQUESTED_WITH = new RequestHeaderRequestMatcher(
"X-Requested-With", "XMLHttpRequest");
private final ApplicationContext context;
private final DPoPAuthenticationConfigurer<H> dPoPAuthenticationConfigurer = new DPoPAuthenticationConfigurer<>();
private AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver;
private AuthenticationConverter authenticationConverter;
@ -269,7 +276,10 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder< @@ -269,7 +276,10 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
filter.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy());
filter = postProcess(filter);
http.addFilter(filter);
this.dPoPAuthenticationConfigurer.configure(http);
if (dPoPAuthenticationAvailable) {
DPoPAuthenticationConfigurer<H> dPoPAuthenticationConfigurer = new DPoPAuthenticationConfigurer<>();
dPoPAuthenticationConfigurer.configure(http);
}
}
private void validateConfiguration() {

Write Preview
Loading…
Cancel
Save