Merge pull request #8924 from walterjs/master

* pull8924:
  Fail fast on getKeyFromServer() failure
pull/8930/merge
Phillip Webb 8 years ago
commit f3c45077ac

@ -21,9 +21,6 @@ import java.util.Arrays;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.ObjectProvider; import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.autoconfigure.condition.ConditionMessage; import org.springframework.boot.autoconfigure.condition.ConditionMessage;
import org.springframework.boot.autoconfigure.condition.ConditionOutcome; import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
@ -68,7 +65,6 @@ import org.springframework.social.connect.support.OAuth2ConnectionFactory;
import org.springframework.util.CollectionUtils; import org.springframework.util.CollectionUtils;
import org.springframework.util.MultiValueMap; import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.springframework.web.client.ResourceAccessException;
import org.springframework.web.client.RestTemplate; import org.springframework.web.client.RestTemplate;
/** /**
@ -83,9 +79,6 @@ import org.springframework.web.client.RestTemplate;
@ConditionalOnMissingBean(AuthorizationServerEndpointsConfiguration.class) @ConditionalOnMissingBean(AuthorizationServerEndpointsConfiguration.class)
public class ResourceServerTokenServicesConfiguration { public class ResourceServerTokenServicesConfiguration {
private static final Log logger = LogFactory
.getLog(ResourceServerTokenServicesConfiguration.class);
@Bean @Bean
@ConditionalOnMissingBean @ConditionalOnMissingBean
public UserInfoRestTemplateFactory userInfoRestTemplateFactory( public UserInfoRestTemplateFactory userInfoRestTemplateFactory(
@ -278,14 +271,8 @@ public class ResourceServerTokenServicesConfiguration {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
String keyValue = this.resource.getJwt().getKeyValue(); String keyValue = this.resource.getJwt().getKeyValue();
if (!StringUtils.hasText(keyValue)) { if (!StringUtils.hasText(keyValue)) {
try {
keyValue = getKeyFromServer(); keyValue = getKeyFromServer();
} }
catch (ResourceAccessException ex) {
logger.warn("Failed to fetch token key (you may need to refresh "
+ "when the auth server is back)");
}
}
if (StringUtils.hasText(keyValue) && !keyValue.startsWith("-----BEGIN")) { if (StringUtils.hasText(keyValue) && !keyValue.startsWith("-----BEGIN")) {
converter.setSigningKey(keyValue); converter.setSigningKey(keyValue);
} }

@ -45,9 +45,12 @@ import org.springframework.context.annotation.Import;
import org.springframework.core.env.ConfigurableEnvironment; import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.core.env.StandardEnvironment; import org.springframework.core.env.StandardEnvironment;
import org.springframework.http.HttpRequest; import org.springframework.http.HttpRequest;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.client.ClientHttpRequestExecution; import org.springframework.http.client.ClientHttpRequestExecution;
import org.springframework.http.client.ClientHttpRequestInterceptor; import org.springframework.http.client.ClientHttpRequestInterceptor;
import org.springframework.http.client.ClientHttpResponse; import org.springframework.http.client.ClientHttpResponse;
import org.springframework.mock.http.client.MockClientHttpResponse;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.client.OAuth2RestTemplate; import org.springframework.security.oauth2.client.OAuth2RestTemplate;
@ -60,9 +63,7 @@ import org.springframework.stereotype.Component;
import org.springframework.web.client.RestTemplate; import org.springframework.web.client.RestTemplate;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.mock; import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
/** /**
* Tests for {@link ResourceServerTokenServicesConfiguration}. * Tests for {@link ResourceServerTokenServicesConfiguration}.
@ -247,23 +248,12 @@ public class ResourceServerTokenServicesConfigurationTests {
@Test @Test
public void jwtAccessTokenConverterIsConfiguredWhenKeyUriIsProvided() { public void jwtAccessTokenConverterIsConfiguredWhenKeyUriIsProvided() {
EnvironmentTestUtils.addEnvironment(this.environment,
"security.oauth2.resource.jwt.key-uri=http://localhost:12345/banana");
this.context = new SpringApplicationBuilder(ResourceConfiguration.class)
.environment(this.environment).web(false).run();
assertThat(this.context.getBeansOfType(JwtAccessTokenConverter.class)).hasSize(1);
}
@Test
public void jwtAccessTokenConverterRestTemplateCanBeCustomized() {
EnvironmentTestUtils.addEnvironment(this.environment, EnvironmentTestUtils.addEnvironment(this.environment,
"security.oauth2.resource.jwt.key-uri=http://localhost:12345/banana"); "security.oauth2.resource.jwt.key-uri=http://localhost:12345/banana");
this.context = new SpringApplicationBuilder(ResourceConfiguration.class, this.context = new SpringApplicationBuilder(ResourceConfiguration.class,
JwtAccessTokenConverterRestTemplateCustomizerConfiguration.class) JwtAccessTokenConverterRestTemplateCustomizerConfiguration.class)
.environment(this.environment).web(false).run(); .environment(this.environment).web(false).run();
JwtAccessTokenConverterRestTemplateCustomizer customizer = this.context assertThat(this.context.getBeansOfType(JwtAccessTokenConverter.class)).hasSize(1);
.getBean(JwtAccessTokenConverterRestTemplateCustomizer.class);
verify(customizer).customize(any(RestTemplate.class));
} }
@Configuration @Configuration
@ -385,7 +375,29 @@ public class ResourceServerTokenServicesConfigurationTests {
@Bean @Bean
public JwtAccessTokenConverterRestTemplateCustomizer restTemplateCustomizer() { public JwtAccessTokenConverterRestTemplateCustomizer restTemplateCustomizer() {
return mock(JwtAccessTokenConverterRestTemplateCustomizer.class); return new MockRestCallCustomizer();
}
}
private static class MockRestCallCustomizer
implements JwtAccessTokenConverterRestTemplateCustomizer {
@Override
public void customize(RestTemplate template) {
template.getInterceptors().add(new ClientHttpRequestInterceptor() {
@Override
public ClientHttpResponse intercept(HttpRequest request, byte[] body,
ClientHttpRequestExecution execution) throws IOException {
String payload = "{\"value\":\"FOO\"}";
MockClientHttpResponse response = new MockClientHttpResponse(
payload.getBytes(), HttpStatus.OK);
response.getHeaders().setContentType(MediaType.APPLICATION_JSON);
return response;
}
});
} }
} }

Loading…
Cancel
Save