Skip to content

S
spring-boot
Commit 3735771f authored by Stephane Nicoll's avatar Stephane Nicoll
Browse files
Options

Merge branch '2.2.x' 

Closes gh-20612
parents 535e782d ef1f9b95
Hide whitespace changes
Inline Side-by-side
Showing with 14 additions and 3 deletions
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerJwtConfiguration.java
View file @ 3735771f
/* /*
* Copyright 2012-2019 the original author or authors. * Copyright 2012-2020 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
...@@ -78,7 +78,8 @@ class OAuth2ResourceServerJwtConfiguration { ...@@ -78,7 +78,8 @@ class OAuth2ResourceServerJwtConfiguration {
JwtDecoder jwtDecoderByPublicKeyValue() throws Exception { JwtDecoder jwtDecoderByPublicKeyValue() throws Exception {
RSAPublicKey publicKey = (RSAPublicKey) KeyFactory.getInstance("RSA") RSAPublicKey publicKey = (RSAPublicKey) KeyFactory.getInstance("RSA")
.generatePublic(new X509EncodedKeySpec(getKeySpec(this.properties.readPublicKey()))); .generatePublic(new X509EncodedKeySpec(getKeySpec(this.properties.readPublicKey())));
return NimbusJwtDecoder.withPublicKey(publicKey).build(); return NimbusJwtDecoder.withPublicKey(publicKey)
.signatureAlgorithm(SignatureAlgorithm.from(this.properties.getJwsAlgorithm())).build();
} }
private byte[] getKeySpec(String keyValue) { private byte[] getKeySpec(String keyValue) {
......
spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java
View file @ 3735771f
/* /*
* Copyright 2012-2019 the original author or authors. * Copyright 2012-2020 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
...@@ -190,6 +190,16 @@ class OAuth2ResourceServerAutoConfigurationTests { ...@@ -190,6 +190,16 @@ class OAuth2ResourceServerAutoConfigurationTests {
.hasMessageContaining("Public key location does not exist")); .hasMessageContaining("Public key location does not exist"));
} }
@Test
void autoConfigurationShouldFailIfAlgorithmIsInvalid() {
this.contextRunner
.withPropertyValues(
"spring.security.oauth2.resourceserver.jwt.public-key-location=classpath:public-key-location",
"spring.security.oauth2.resourceserver.jwt.jws-algorithm=NOT_VALID")
.run((context) -> assertThat(context).hasFailed().getFailure()
.hasMessageContaining("signatureAlgorithm cannot be null"));
}
@Test @Test
void autoConfigurationWhenSetUriKeyLocationAndIssuerUriPresentShouldUseSetUri() { void autoConfigurationWhenSetUriKeyLocationAndIssuerUriPresentShouldUseSetUri() {
this.contextRunner this.contextRunner
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment