Ana Sayfa Keşfet Yardım
Üye Ol Giriş Yap
github
/
spring-security
şunun yansıması https://github.com/spring-projects/spring-security
2
0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Kaynağa Gözat

Remove oauth2-oidc-sdk dependency from oauth2-jose module

Fixes gh-5891
Joe Grandja 7 yıl önce
ebeveyn
d46f83caf4
işleme
9565e90b6e
3 değiştirilmiş dosya ile 39 ekleme ve 37 silme
Görünümü Böl Farklılık Durumunu Göster
  1. 1 1
      oauth2/oauth2-jose/spring-security-oauth2-jose.gradle
  2. 19 18
      oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java
  3. 19 18
      oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java

+ 1 - 1
oauth2/oauth2-jose/spring-security-oauth2-jose.gradle
Dosyayı Görüntüle 

@@ -6,11 +6,11 @@ dependencies {
 
 	compile springCoreDependency
 
 	compile 'com.nimbusds:nimbus-jose-jwt'
 
 
-	optional 'com.nimbusds:oauth2-oidc-sdk'
 
 	optional 'io.projectreactor:reactor-core'
 
 	optional 'org.springframework:spring-webflux'
 
 
 	testCompile powerMock2Dependencies
 
 	testCompile 'com.squareup.okhttp3:mockwebserver'
 
 	testCompile 'io.projectreactor.netty:reactor-netty'
 
+	testCompile 'com.fasterxml.jackson.core:jackson-databind'
 
 }

+ 19 - 18
oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java
Dosyayı Görüntüle 

@@ -15,11 +15,14 @@
 
  */
 
 package org.springframework.security.oauth2.jwt;
 
 
-import com.nimbusds.oauth2.sdk.ParseException;
 
-import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
 
-
 
+import org.springframework.core.ParameterizedTypeReference;
 
+import org.springframework.http.RequestEntity;
 
 import org.springframework.security.oauth2.core.OAuth2TokenValidator;
 
 import org.springframework.web.client.RestTemplate;
 
+import org.springframework.web.util.UriComponentsBuilder;
 
+
 
+import java.net.URI;
 
+import java.util.Map;
 
 
 /**
 
  * Allows creating a {@link JwtDecoder} from an
 
@@ -42,9 +45,11 @@ public final class JwtDecoders {
 
 	 * @return a {@link JwtDecoder} that was initialized by the OpenID Provider Configuration.
 
 	 */
 
 	public static JwtDecoder fromOidcIssuerLocation(String oidcIssuerLocation) {
 
-		String openidConfiguration = getOpenidConfiguration(oidcIssuerLocation);
 
-		OIDCProviderMetadata metadata = parse(openidConfiguration);
 
-		String metadataIssuer = metadata.getIssuer().getValue();
 
+		Map<String, Object> openidConfiguration = getOpenidConfiguration(oidcIssuerLocation);
 
+		String metadataIssuer = "(unavailable)";
 
+		if (openidConfiguration.containsKey("issuer")) {
 
+			metadataIssuer = openidConfiguration.get("issuer").toString();
 
+		}
 
 		if (!oidcIssuerLocation.equals(metadataIssuer)) {
 
 			throw new IllegalStateException("The Issuer \"" + metadataIssuer + "\" provided in the OpenID Configuration " +
 
 					"did not match the requested issuer \"" + oidcIssuerLocation + "\"");
 
@@ -54,30 +59,26 @@ public final class JwtDecoders {
 
 				JwtValidators.createDefaultWithIssuer(oidcIssuerLocation);
 
 
 		NimbusJwtDecoderJwkSupport jwtDecoder =
 
-				new NimbusJwtDecoderJwkSupport(metadata.getJWKSetURI().toASCIIString());
 
+				new NimbusJwtDecoderJwkSupport(openidConfiguration.get("jwks_uri").toString());
 
 		jwtDecoder.setJwtValidator(jwtValidator);
 
 
 		return jwtDecoder;
 
 	}
 
 
-	private static String getOpenidConfiguration(String issuer) {
 
+	private static Map<String, Object> getOpenidConfiguration(String issuer) {
 
+		ParameterizedTypeReference<Map<String, Object>> typeReference = new ParameterizedTypeReference<Map<String, Object>>() {};
 
 		RestTemplate rest = new RestTemplate();
 
 		try {
 
-			return rest.getForObject(issuer + "/.well-known/openid-configuration", String.class);
 
+			URI uri = UriComponentsBuilder.fromUriString(issuer + "/.well-known/openid-configuration")
 
+					.build()
 
+					.toUri();
 
+			RequestEntity<Void> request = RequestEntity.get(uri).build();
 
+			return rest.exchange(request, typeReference).getBody();
 
 		} catch(RuntimeException e) {
 
 			throw new IllegalArgumentException("Unable to resolve the OpenID Configuration with the provided Issuer of " +
 
 					"\"" + issuer + "\"", e);
 
 		}
 
 	}
 
 
-	private static OIDCProviderMetadata parse(String body) {
 
-		try {
 
-			return OIDCProviderMetadata.parse(body);
 
-		}
 
-		catch (ParseException e) {
 
-			throw new RuntimeException(e);
 
-		}
 
-	}
 
-
 
 	private JwtDecoders() {}
 
 }

+ 19 - 18
oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java
Dosyayı Görüntüle 

@@ -15,11 +15,14 @@
 
  */
 
 package org.springframework.security.oauth2.jwt;
 
 
-import com.nimbusds.oauth2.sdk.ParseException;
 
-import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
 
-
 
+import org.springframework.core.ParameterizedTypeReference;
 
+import org.springframework.http.RequestEntity;
 
 import org.springframework.security.oauth2.core.OAuth2TokenValidator;
 
 import org.springframework.web.client.RestTemplate;
 
+import org.springframework.web.util.UriComponentsBuilder;
 
+
 
+import java.net.URI;
 
+import java.util.Map;
 
 
 /**
 
  * Allows creating a {@link ReactiveJwtDecoder} from an
 
@@ -42,9 +45,11 @@ public final class ReactiveJwtDecoders {
 
 	 * @return a {@link ReactiveJwtDecoder} that was initialized by the OpenID Provider Configuration.
 
 	 */
 
 	public static ReactiveJwtDecoder fromOidcIssuerLocation(String oidcIssuerLocation) {
 
-		String openidConfiguration = getOpenidConfiguration(oidcIssuerLocation);
 
-		OIDCProviderMetadata metadata = parse(openidConfiguration);
 
-		String metadataIssuer = metadata.getIssuer().getValue();
 
+		Map<String, Object> openidConfiguration = getOpenidConfiguration(oidcIssuerLocation);
 
+		String metadataIssuer = "(unavailable)";
 
+		if (openidConfiguration.containsKey("issuer")) {
 
+			metadataIssuer = openidConfiguration.get("issuer").toString();
 
+		}
 
 		if (!oidcIssuerLocation.equals(metadataIssuer)) {
 
 			throw new IllegalStateException("The Issuer \"" + metadataIssuer + "\" provided in the OpenID Configuration " +
 
 					"did not match the requested issuer \"" + oidcIssuerLocation + "\"");
 
@@ -54,30 +59,26 @@ public final class ReactiveJwtDecoders {
 
 				JwtValidators.createDefaultWithIssuer(oidcIssuerLocation);
 
 
 		NimbusReactiveJwtDecoder jwtDecoder =
 
-				new NimbusReactiveJwtDecoder(metadata.getJWKSetURI().toASCIIString());
 
+				new NimbusReactiveJwtDecoder(openidConfiguration.get("jwks_uri").toString());
 
 		jwtDecoder.setJwtValidator(jwtValidator);
 
 
 		return jwtDecoder;
 
 	}
 
 
-	private static String getOpenidConfiguration(String issuer) {
 
+	private static Map<String, Object> getOpenidConfiguration(String issuer) {
 
+		ParameterizedTypeReference<Map<String, Object>> typeReference = new ParameterizedTypeReference<Map<String, Object>>() {};
 
 		RestTemplate rest = new RestTemplate();
 
 		try {
 
-			return rest.getForObject(issuer + "/.well-known/openid-configuration", String.class);
 
+			URI uri = UriComponentsBuilder.fromUriString(issuer + "/.well-known/openid-configuration")
 
+					.build()
 
+					.toUri();
 
+			RequestEntity<Void> request = RequestEntity.get(uri).build();
 
+			return rest.exchange(request, typeReference).getBody();
 
 		} catch(RuntimeException e) {
 
 			throw new IllegalArgumentException("Unable to resolve the OpenID Configuration with the provided Issuer of " +
 
 					"\"" + issuer + "\"", e);
 
 		}
 
 	}
 
 
-	private static OIDCProviderMetadata parse(String body) {
 
-		try {
 
-			return OIDCProviderMetadata.parse(body);
 
-		}
 
-		catch (ParseException e) {
 
-			throw new RuntimeException(e);
 
-		}
 
-	}
 
-
 
 	private ReactiveJwtDecoders() {}
 
 }