|
|
@ -114,10 +114,9 @@ class OAuth2ResourceServerAutoConfigurationTests {
|
|
|
|
.withPropertyValues("spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com")
|
|
|
|
.withPropertyValues("spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com")
|
|
|
|
.run((context) -> {
|
|
|
|
.run((context) -> {
|
|
|
|
JwtDecoder jwtDecoder = context.getBean(JwtDecoder.class);
|
|
|
|
JwtDecoder jwtDecoder = context.getBean(JwtDecoder.class);
|
|
|
|
Object processor = ReflectionTestUtils.getField(jwtDecoder, "jwtProcessor");
|
|
|
|
assertThat(jwtDecoder).extracting("jwtProcessor.jwsKeySelector.jwsAlgs")
|
|
|
|
Object keySelector = ReflectionTestUtils.getField(processor, "jwsKeySelector");
|
|
|
|
.asInstanceOf(InstanceOfAssertFactories.collection(JWSAlgorithm.class))
|
|
|
|
assertThat(keySelector).hasFieldOrPropertyWithValue("jwsAlgs",
|
|
|
|
.containsExactlyInAnyOrder(JWSAlgorithm.RS256);
|
|
|
|
Collections.singleton(JWSAlgorithm.RS256));
|
|
|
|
|
|
|
|
});
|
|
|
|
});
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -144,9 +143,7 @@ class OAuth2ResourceServerAutoConfigurationTests {
|
|
|
|
"spring.security.oauth2.resourceserver.jwt.jws-algorithms=RS384")
|
|
|
|
"spring.security.oauth2.resourceserver.jwt.jws-algorithms=RS384")
|
|
|
|
.run((context) -> {
|
|
|
|
.run((context) -> {
|
|
|
|
JwtDecoder jwtDecoder = context.getBean(JwtDecoder.class);
|
|
|
|
JwtDecoder jwtDecoder = context.getBean(JwtDecoder.class);
|
|
|
|
Object processor = ReflectionTestUtils.getField(jwtDecoder, "jwtProcessor");
|
|
|
|
assertThat(jwtDecoder).extracting("jwtProcessor.jwsKeySelector.jwsAlgs")
|
|
|
|
Object keySelector = ReflectionTestUtils.getField(processor, "jwsKeySelector");
|
|
|
|
|
|
|
|
assertThat(keySelector).extracting("jwsAlgs")
|
|
|
|
|
|
|
|
.asInstanceOf(InstanceOfAssertFactories.collection(JWSAlgorithm.class))
|
|
|
|
.asInstanceOf(InstanceOfAssertFactories.collection(JWSAlgorithm.class))
|
|
|
|
.containsExactlyInAnyOrder(JWSAlgorithm.RS384);
|
|
|
|
.containsExactlyInAnyOrder(JWSAlgorithm.RS384);
|
|
|
|
assertThat(getBearerTokenFilter(context)).isNotNull();
|
|
|
|
assertThat(getBearerTokenFilter(context)).isNotNull();
|
|
|
@ -160,9 +157,7 @@ class OAuth2ResourceServerAutoConfigurationTests {
|
|
|
|
"spring.security.oauth2.resourceserver.jwt.jws-algorithms=RS256, RS384, RS512")
|
|
|
|
"spring.security.oauth2.resourceserver.jwt.jws-algorithms=RS256, RS384, RS512")
|
|
|
|
.run((context) -> {
|
|
|
|
.run((context) -> {
|
|
|
|
JwtDecoder jwtDecoder = context.getBean(JwtDecoder.class);
|
|
|
|
JwtDecoder jwtDecoder = context.getBean(JwtDecoder.class);
|
|
|
|
Object processor = ReflectionTestUtils.getField(jwtDecoder, "jwtProcessor");
|
|
|
|
assertThat(jwtDecoder).extracting("jwtProcessor.jwsKeySelector.jwsAlgs")
|
|
|
|
Object keySelector = ReflectionTestUtils.getField(processor, "jwsKeySelector");
|
|
|
|
|
|
|
|
assertThat(keySelector).extracting("jwsAlgs")
|
|
|
|
|
|
|
|
.asInstanceOf(InstanceOfAssertFactories.collection(JWSAlgorithm.class))
|
|
|
|
.asInstanceOf(InstanceOfAssertFactories.collection(JWSAlgorithm.class))
|
|
|
|
.containsExactlyInAnyOrder(JWSAlgorithm.RS256, JWSAlgorithm.RS384, JWSAlgorithm.RS512);
|
|
|
|
.containsExactlyInAnyOrder(JWSAlgorithm.RS256, JWSAlgorithm.RS384, JWSAlgorithm.RS512);
|
|
|
|
assertThat(getBearerTokenFilter(context)).isNotNull();
|
|
|
|
assertThat(getBearerTokenFilter(context)).isNotNull();
|
|
|
@ -472,11 +467,9 @@ class OAuth2ResourceServerAutoConfigurationTests {
|
|
|
|
.run((context) -> {
|
|
|
|
.run((context) -> {
|
|
|
|
assertThat(context).hasSingleBean(JwtDecoder.class);
|
|
|
|
assertThat(context).hasSingleBean(JwtDecoder.class);
|
|
|
|
JwtDecoder jwtDecoder = context.getBean(JwtDecoder.class);
|
|
|
|
JwtDecoder jwtDecoder = context.getBean(JwtDecoder.class);
|
|
|
|
DelegatingOAuth2TokenValidator<Jwt> jwtValidator = (DelegatingOAuth2TokenValidator<Jwt>) ReflectionTestUtils
|
|
|
|
assertThat(jwtDecoder).extracting("jwtValidator.tokenValidators")
|
|
|
|
.getField(jwtDecoder, "jwtValidator");
|
|
|
|
.asInstanceOf(InstanceOfAssertFactories.collection(OAuth2TokenValidator.class))
|
|
|
|
Collection<OAuth2TokenValidator<Jwt>> tokenValidators = (Collection<OAuth2TokenValidator<Jwt>>) ReflectionTestUtils
|
|
|
|
.hasAtLeastOneElementOfType(JwtIssuerValidator.class);
|
|
|
|
.getField(jwtValidator, "tokenValidators");
|
|
|
|
|
|
|
|
assertThat(tokenValidators).hasAtLeastOneElementOfType(JwtIssuerValidator.class);
|
|
|
|
|
|
|
|
});
|
|
|
|
});
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -494,13 +487,11 @@ class OAuth2ResourceServerAutoConfigurationTests {
|
|
|
|
.run((context) -> {
|
|
|
|
.run((context) -> {
|
|
|
|
assertThat(context).hasSingleBean(JwtDecoder.class);
|
|
|
|
assertThat(context).hasSingleBean(JwtDecoder.class);
|
|
|
|
JwtDecoder jwtDecoder = context.getBean(JwtDecoder.class);
|
|
|
|
JwtDecoder jwtDecoder = context.getBean(JwtDecoder.class);
|
|
|
|
DelegatingOAuth2TokenValidator<Jwt> jwtValidator = (DelegatingOAuth2TokenValidator<Jwt>) ReflectionTestUtils
|
|
|
|
assertThat(jwtDecoder).extracting("jwtValidator.tokenValidators")
|
|
|
|
.getField(jwtDecoder, "jwtValidator");
|
|
|
|
.asInstanceOf(InstanceOfAssertFactories.collection(OAuth2TokenValidator.class))
|
|
|
|
Collection<OAuth2TokenValidator<Jwt>> tokenValidators = (Collection<OAuth2TokenValidator<Jwt>>) ReflectionTestUtils
|
|
|
|
.hasExactlyElementsOfTypes(JwtTimestampValidator.class)
|
|
|
|
.getField(jwtValidator, "tokenValidators");
|
|
|
|
.doesNotHaveAnyElementsOfTypes(JwtClaimValidator.class)
|
|
|
|
assertThat(tokenValidators).hasExactlyElementsOfTypes(JwtTimestampValidator.class);
|
|
|
|
.doesNotHaveAnyElementsOfTypes(JwtIssuerValidator.class);
|
|
|
|
assertThat(tokenValidators).doesNotHaveAnyElementsOfTypes(JwtClaimValidator.class);
|
|
|
|
|
|
|
|
assertThat(tokenValidators).doesNotHaveAnyElementsOfTypes(JwtIssuerValidator.class);
|
|
|
|
|
|
|
|
});
|
|
|
|
});
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -565,10 +556,10 @@ class OAuth2ResourceServerAutoConfigurationTests {
|
|
|
|
assertThat(delegates).hasAtLeastOneElementOfType(JwtClaimValidator.class);
|
|
|
|
assertThat(delegates).hasAtLeastOneElementOfType(JwtClaimValidator.class);
|
|
|
|
OAuth2TokenValidator<Jwt> delegatingValidator = delegates.stream()
|
|
|
|
OAuth2TokenValidator<Jwt> delegatingValidator = delegates.stream()
|
|
|
|
.filter((v) -> v instanceof DelegatingOAuth2TokenValidator).findFirst().get();
|
|
|
|
.filter((v) -> v instanceof DelegatingOAuth2TokenValidator).findFirst().get();
|
|
|
|
Collection<OAuth2TokenValidator<Jwt>> nestedDelegates = (Collection<OAuth2TokenValidator<Jwt>>) ReflectionTestUtils
|
|
|
|
|
|
|
|
.getField(delegatingValidator, "tokenValidators");
|
|
|
|
|
|
|
|
if (issuerUri != null) {
|
|
|
|
if (issuerUri != null) {
|
|
|
|
assertThat(nestedDelegates).hasAtLeastOneElementOfType(JwtIssuerValidator.class);
|
|
|
|
assertThat(delegatingValidator).extracting("tokenValidators")
|
|
|
|
|
|
|
|
.asInstanceOf(InstanceOfAssertFactories.collection(OAuth2TokenValidator.class))
|
|
|
|
|
|
|
|
.hasAtLeastOneElementOfType(JwtIssuerValidator.class);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|