|
|
|
|
@ -24,7 +24,6 @@ import java.util.Collection;
|
|
|
|
|
import java.util.Collections;
|
|
|
|
|
import java.util.HashMap;
|
|
|
|
|
import java.util.Map;
|
|
|
|
|
import java.util.Set;
|
|
|
|
|
import java.util.stream.Stream;
|
|
|
|
|
|
|
|
|
|
import com.fasterxml.jackson.core.JsonProcessingException;
|
|
|
|
|
@ -53,6 +52,7 @@ import org.springframework.security.config.web.server.ServerHttpSecurity;
|
|
|
|
|
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
|
|
|
|
|
import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
|
|
|
|
|
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
|
|
|
|
|
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
|
|
|
|
|
import org.springframework.security.oauth2.jwt.Jwt;
|
|
|
|
|
import org.springframework.security.oauth2.jwt.JwtClaimValidator;
|
|
|
|
|
import org.springframework.security.oauth2.jwt.JwtIssuerValidator;
|
|
|
|
|
@ -113,7 +113,6 @@ class ReactiveOAuth2ResourceServerAutoConfigurationTests {
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@SuppressWarnings("unchecked")
|
|
|
|
|
@Test
|
|
|
|
|
@Deprecated
|
|
|
|
|
void autoConfigurationUsingJwkSetUriShouldConfigureResourceServerUsingJwsAlgorithm() {
|
|
|
|
|
@ -122,8 +121,9 @@ class ReactiveOAuth2ResourceServerAutoConfigurationTests {
|
|
|
|
|
"spring.security.oauth2.resourceserver.jwt.jws-algorithm=RS512")
|
|
|
|
|
.run((context) -> {
|
|
|
|
|
NimbusReactiveJwtDecoder nimbusReactiveJwtDecoder = context.getBean(NimbusReactiveJwtDecoder.class);
|
|
|
|
|
assertThat(nimbusReactiveJwtDecoder).extracting("jwtProcessor.arg$2.arg$1.jwsAlgs")
|
|
|
|
|
.matches((algorithms) -> ((Set<JWSAlgorithm>) algorithms).contains(JWSAlgorithm.RS512));
|
|
|
|
|
assertThat(nimbusReactiveJwtDecoder).extracting("jwtProcessor.arg$1.signatureAlgorithms")
|
|
|
|
|
.asInstanceOf(InstanceOfAssertFactories.collection(SignatureAlgorithm.class))
|
|
|
|
|
.containsExactlyInAnyOrder(SignatureAlgorithm.RS512);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -134,9 +134,9 @@ class ReactiveOAuth2ResourceServerAutoConfigurationTests {
|
|
|
|
|
"spring.security.oauth2.resourceserver.jwt.jws-algorithms=RS512")
|
|
|
|
|
.run((context) -> {
|
|
|
|
|
NimbusReactiveJwtDecoder nimbusReactiveJwtDecoder = context.getBean(NimbusReactiveJwtDecoder.class);
|
|
|
|
|
assertThat(nimbusReactiveJwtDecoder).extracting("jwtProcessor.arg$2.arg$1.jwsAlgs")
|
|
|
|
|
.asInstanceOf(InstanceOfAssertFactories.collection(JWSAlgorithm.class))
|
|
|
|
|
.containsExactlyInAnyOrder(JWSAlgorithm.RS512);
|
|
|
|
|
assertThat(nimbusReactiveJwtDecoder).extracting("jwtProcessor.arg$1.signatureAlgorithms")
|
|
|
|
|
.asInstanceOf(InstanceOfAssertFactories.collection(SignatureAlgorithm.class))
|
|
|
|
|
.containsExactlyInAnyOrder(SignatureAlgorithm.RS512);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -147,9 +147,10 @@ class ReactiveOAuth2ResourceServerAutoConfigurationTests {
|
|
|
|
|
"spring.security.oauth2.resourceserver.jwt.jws-algorithms=RS256, RS384, RS512")
|
|
|
|
|
.run((context) -> {
|
|
|
|
|
NimbusReactiveJwtDecoder nimbusReactiveJwtDecoder = context.getBean(NimbusReactiveJwtDecoder.class);
|
|
|
|
|
assertThat(nimbusReactiveJwtDecoder).extracting("jwtProcessor.arg$2.arg$1.jwsAlgs")
|
|
|
|
|
.asInstanceOf(InstanceOfAssertFactories.collection(JWSAlgorithm.class))
|
|
|
|
|
.containsExactlyInAnyOrder(JWSAlgorithm.RS256, JWSAlgorithm.RS384, JWSAlgorithm.RS512);
|
|
|
|
|
assertThat(nimbusReactiveJwtDecoder).extracting("jwtProcessor.arg$1.signatureAlgorithms")
|
|
|
|
|
.asInstanceOf(InstanceOfAssertFactories.collection(SignatureAlgorithm.class))
|
|
|
|
|
.containsExactlyInAnyOrder(SignatureAlgorithm.RS256, SignatureAlgorithm.RS384,
|
|
|
|
|
SignatureAlgorithm.RS512);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
Andy Wilkinson
2 years ago