Streamline OAuth2 resource server auto-config class conditions

Fixes gh-22233

Streamline OAuth2 resource server auto-config class conditions
Fixes gh-22233
1b85ce07 · Andy Wilkinson · b8bc219b · 1b85ce07 · 1b85ce07 · 1b85ce07
Commit 1b85ce07 authored Jul 07, 2020 by Andy Wilkinson
3 changed files
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfiguration.java
@@ -17,6 +17,7 @@ package org.springframework.boot.autoconfigure.security.oauth2.resource.servlet;

 import org.springframework.boot.autoconfigure.AutoConfigureBefore;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
 import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
@@ -24,6 +25,7 @@ import org.springframework.boot.autoconfigure.security.servlet.UserDetailsServic
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
+import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;

 /**
 * {@link EnableAutoConfiguration Auto-configuration} for OAuth2 resource server support.
@@ -34,6 +36,7 @@ import org.springframework.context.annotation.Import;
 @Configuration(proxyBeanMethods = false)
 @AutoConfigureBefore({ SecurityAutoConfiguration.class, UserDetailsServiceAutoConfiguration.class })
 @EnableConfigurationProperties(OAuth2ResourceServerProperties.class)
+@ConditionalOnClass(BearerTokenAuthenticationToken.class)
 @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
 @Import({ Oauth2ResourceServerConfiguration.JwtConfiguration.class,
 		Oauth2ResourceServerConfiguration.OpaqueTokenConfiguration.class })

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/Oauth2ResourceServerConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/Oauth2ResourceServerConfiguration.java
@@ -20,9 +20,6 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
-import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
-import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
-import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;

 /**
 * Configuration classes for OAuth2 Resource Server These should be {@code @Import} in a
@@ -33,7 +30,7 @@ import org.springframework.security.oauth2.server.resource.introspection.OpaqueT
 class Oauth2ResourceServerConfiguration {

 	@Configuration(proxyBeanMethods = false)
-	@ConditionalOnClass({ JwtAuthenticationToken.class, JwtDecoder.class })
+	@ConditionalOnClass(JwtDecoder.class)
 	@Import({ OAuth2ResourceServerJwtConfiguration.JwtDecoderConfiguration.class,
 			OAuth2ResourceServerJwtConfiguration.OAuth2WebSecurityConfigurerAdapter.class })
 	static class JwtConfiguration {
@@ -41,7 +38,6 @@ class Oauth2ResourceServerConfiguration {
 	}

 	@Configuration(proxyBeanMethods = false)
-	@ConditionalOnClass({ BearerTokenAuthenticationToken.class, OpaqueTokenIntrospector.class })
 	@Import({ OAuth2ResourceServerOpaqueTokenConfiguration.OpaqueTokenIntrospectionClientConfiguration.class,
 			OAuth2ResourceServerOpaqueTokenConfiguration.OAuth2WebSecurityConfigurerAdapter.class })
 	static class OpaqueTokenConfiguration {

--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java
@@ -50,7 +50,6 @@ import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.JwtIssuerValidator;
 import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider;
-import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
 import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter;
 import org.springframework.security.web.FilterChainProxy;
@@ -262,21 +261,25 @@ class OAuth2ResourceServerAutoConfigurationTests {
 	}

 	@Test
-	void autoConfigurationShouldBeConditionalOnJwtAuthenticationTokenClass() {
+	void autoConfigurationShouldBeConditionalOnResourceServerClass() {
 		this.contextRunner
 				.withPropertyValues("spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com")
 				.withUserConfiguration(JwtDecoderConfig.class)
-				.withClassLoader(new FilteredClassLoader(JwtAuthenticationToken.class))
-				.run((context) -> assertThat(getBearerTokenFilter(context)).isNull());
+				.withClassLoader(new FilteredClassLoader(BearerTokenAuthenticationToken.class)).run((context) -> {
+					assertThat(context).doesNotHaveBean(OAuth2ResourceServerAutoConfiguration.class);
+					assertThat(getBearerTokenFilter(context)).isNull();
+				});
 	}

 	@Test
-	void autoConfigurationShouldBeConditionalOnJwtDecoderClass() {
+	void autoConfigurationForJwtShouldBeConditionalOnJwtDecoderClass() {
 		this.contextRunner
 				.withPropertyValues("spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com")
 				.withUserConfiguration(JwtDecoderConfig.class)
-				.withClassLoader(new FilteredClassLoader(JwtDecoder.class))
-				.run((context) -> assertThat(getBearerTokenFilter(context)).isNull());
+				.withClassLoader(new FilteredClassLoader(JwtDecoder.class)).run((context) -> {
+					assertThat(context).hasSingleBean(OAuth2ResourceServerAutoConfiguration.class);
+					assertThat(getBearerTokenFilter(context)).isNull();
+				});
 	}

 	@Test