From 9e9f006720a31d31cdaa45339fc62c82209ee6fa Mon Sep 17 00:00:00 2001
From: Andy Wilkinson <awilkinson@pivotal.io>
Date: Fri, 3 Mar 2017 13:54:19 +0000
Subject: [PATCH] Polish "Enable customization of RestTemplate that retrieves
 JwtAccessTokenConverter's key"

See gh-8268
See gh-5859
---
 ...sTokenConverterRestTemplateCustomizer.java |  8 ++-
 ...ourceServerTokenServicesConfiguration.java |  6 ++-
 ...ServerTokenServicesConfigurationTests.java | 51 +++++++++----------
 3 files changed, 35 insertions(+), 30 deletions(-)

diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/JwtAccessTokenConverterRestTemplateCustomizer.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/JwtAccessTokenConverterRestTemplateCustomizer.java
index bb5b8e00dd..e8aaff3157 100644
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/JwtAccessTokenConverterRestTemplateCustomizer.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/JwtAccessTokenConverterRestTemplateCustomizer.java
@@ -16,18 +16,22 @@
 
 package org.springframework.boot.autoconfigure.security.oauth2.resource;
 
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
 import org.springframework.web.client.RestTemplate;
 
 /**
- * Callback for customizing the rest template used to fetch the token key.
+ * Callback for customizing the {@link RestTemplate} that is used to fetch the keys used
+ * by {@link JwtAccessTokenConverter}.
  *
  * @author Eddú Meléndez
  * @since 1.5.2
+ * @see JwtAccessTokenConverter#setSigningKey(String)
+ * @see JwtAccessTokenConverter#setVerifierKey(String)
  */
 public interface JwtAccessTokenConverterRestTemplateCustomizer {
 
 	/**
-	 * Customize the rest template before it is initialized.
+	 * Customize the {@code template} before it is initialized.
 	 * @param template the rest template
 	 */
 	void customize(RestTemplate template);
diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfiguration.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfiguration.java
index 4c3b3e018f..7e1504ad82 100644
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfiguration.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfiguration.java
@@ -303,8 +303,10 @@ public class ResourceServerTokenServicesConfiguration {
 
 		private String getKeyFromServer() {
 			RestTemplate keyUriRestTemplate = new RestTemplate();
-			for (JwtAccessTokenConverterRestTemplateCustomizer customizer : this.customizers) {
-				customizer.customize(keyUriRestTemplate);
+			if (!CollectionUtils.isEmpty(this.customizers)) {
+				for (JwtAccessTokenConverterRestTemplateCustomizer customizer : this.customizers) {
+					customizer.customize(keyUriRestTemplate);
+				}
 			}
 			HttpHeaders headers = new HttpHeaders();
 			String username = this.resource.getClientId();
diff --git a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfigurationTests.java b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfigurationTests.java
index 8532beadce..e41923711e 100644
--- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfigurationTests.java
+++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfigurationTests.java
@@ -54,12 +54,15 @@ import org.springframework.security.oauth2.client.OAuth2RestTemplate;
 import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
 import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
 import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
 import org.springframework.social.connect.ConnectionFactoryLocator;
 import org.springframework.stereotype.Component;
 import org.springframework.web.client.RestTemplate;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Matchers.any;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
 
 /**
  * Tests for {@link ResourceServerTokenServicesConfiguration}.
@@ -243,20 +246,24 @@ public class ResourceServerTokenServicesConfigurationTests {
 	}
 
 	@Test
-	public void customRestTemplate() {
+	public void jwtAccessTokenConverterIsConfiguredWhenKeyUriIsProvided() {
 		EnvironmentTestUtils.addEnvironment(this.environment,
-				"security.oauth2.resource.userInfoUri:http://example.com",
-				"security.oauth2.resource.tokenInfoUri:http://example.com",
-				"security.oauth2.resource.preferTokenInfo:false");
+				"security.oauth2.resource.jwt.key-uri=http://localhost:12345/banana");
+		this.context = new SpringApplicationBuilder(ResourceConfiguration.class)
+				.environment(this.environment).web(false).run();
+		assertThat(this.context.getBeansOfType(JwtAccessTokenConverter.class)).hasSize(1);
+	}
+
+	@Test
+	public void jwtAccessTokenConverterRestTemplateCanBeCustomized() {
+		EnvironmentTestUtils.addEnvironment(this.environment,
+				"security.oauth2.resource.jwt.key-uri=http://localhost:12345/banana");
 		this.context = new SpringApplicationBuilder(ResourceConfiguration.class,
-				RestTemplateCustomizer.class).environment(this.environment).web(false)
-						.run();
-		String[] restTemplateCustomizers = this.context
-				.getBeanNamesForType(JwtAccessTokenConverterRestTemplateCustomizer.class);
-		UserInfoTokenServices services = this.context
-				.getBean(UserInfoTokenServices.class);
-		assertThat(restTemplateCustomizers).hasSize(1);
-		assertThat(services).isNotNull();
+				JwtAccessTokenConverterRestTemplateCustomizerConfiguration.class)
+						.environment(this.environment).web(false).run();
+		JwtAccessTokenConverterRestTemplateCustomizer customizer = this.context
+				.getBean(JwtAccessTokenConverterRestTemplateCustomizer.class);
+		verify(customizer).customize(any(RestTemplate.class));
 	}
 
 	@Configuration
@@ -373,22 +380,14 @@ public class ResourceServerTokenServicesConfigurationTests {
 
 	}
 
-	@Component
-	protected static class RestTemplateCustomizer
-			implements JwtAccessTokenConverterRestTemplateCustomizer {
-
-		@Override
-		public void customize(RestTemplate template) {
-			template.getInterceptors().add(new ClientHttpRequestInterceptor() {
-
-				@Override
-				public ClientHttpResponse intercept(HttpRequest request, byte[] body,
-						ClientHttpRequestExecution execution) throws IOException {
-					return execution.execute(request, body);
-				}
+	@Configuration
+	static class JwtAccessTokenConverterRestTemplateCustomizerConfiguration {
 
-			});
+		@Bean
+		public JwtAccessTokenConverterRestTemplateCustomizer restTemplateCustomizer() {
+			return mock(JwtAccessTokenConverterRestTemplateCustomizer.class);
 		}
+
 	}
 
 }