首页 发现 帮助
注册 登录
github
/
spring-security
镜像自地址 https://github.com/spring-projects/spring-security
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

Merge branch '6.5.x'

Joe Grandja 1 周之前
父节点
a5c38bdc94 518ae27105
当前提交
df3080b0e2
共有 1 个文件被更改,包括 13 次插入3 次删除
分列视图 显示文件统计
  1. 13 3
      config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java

+ 13 - 3
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
查看文件 

@@ -66,6 +66,7 @@ import org.springframework.security.web.util.matcher.OrRequestMatcher;
 
 import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
 
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
 import org.springframework.util.Assert;
 
+import org.springframework.util.ClassUtils;
 
 import org.springframework.web.accept.ContentNegotiationStrategy;
 
 import org.springframework.web.accept.HeaderContentNegotiationStrategy;
 
 
@@ -149,13 +150,19 @@ import org.springframework.web.accept.HeaderContentNegotiationStrategy;
 
 public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>>
 
 		extends AbstractHttpConfigurer<OAuth2ResourceServerConfigurer<H>, H> {
 
 
+	private static final boolean dPoPAuthenticationAvailable;
 
+
 
+	static {
 
+		ClassLoader classLoader = OAuth2ResourceServerConfigurer.class.getClassLoader();
 
+		dPoPAuthenticationAvailable = ClassUtils
 
+			.isPresent("org.springframework.security.oauth2.jwt.DPoPProofJwtDecoderFactory", classLoader);
 
+	}
 
+
 
 	private static final RequestHeaderRequestMatcher X_REQUESTED_WITH = new RequestHeaderRequestMatcher(
 
 			"X-Requested-With", "XMLHttpRequest");
 
 
 	private final ApplicationContext context;
 
 
-	private final DPoPAuthenticationConfigurer<H> dPoPAuthenticationConfigurer = new DPoPAuthenticationConfigurer<>();
 
-
 
 	private AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver;
 
 
 	private AuthenticationConverter authenticationConverter;
 
@@ -269,7 +276,10 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 
 		filter.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy());
 
 		filter = postProcess(filter);
 
 		http.addFilter(filter);
 
-		this.dPoPAuthenticationConfigurer.configure(http);
 
+		if (dPoPAuthenticationAvailable) {
 
+			DPoPAuthenticationConfigurer<H> dPoPAuthenticationConfigurer = new DPoPAuthenticationConfigurer<>();
 
+			dPoPAuthenticationConfigurer.configure(http);
 
+		}
 
 	}
 
 
 	private void validateConfiguration() {