Inicio Explorar Ayuda
Registro Iniciar sesión
github
/
spring-security
espejo de https://github.com/spring-projects/spring-security
2
0
Fork 0
Archivos Incidencias 0 Wiki
Explorar el Código

Don't Cache ReactiveJwtDecoders Errors

Closes gh-10444
Josh Cummings hace 3 años
padre
89db1c37a3
commit
f89a34c30b
Se han modificado 3 ficheros con 56 adiciones y 1 borrados
Dividir vista Mostrar estadísticas de diff
  1. 2 1
      oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
  2. 29 0
      oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
  3. 25 0
      oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java

+ 2 - 1
oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
Ver fichero 

@@ -16,6 +16,7 @@
 
 
 package org.springframework.security.oauth2.server.resource.authentication;
 
 
+import java.time.Duration;
 
 import java.util.ArrayList;
 
 import java.util.Arrays;
 
 import java.util.Collection;
 
@@ -174,7 +175,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
 
 			return this.authenticationManagers.computeIfAbsent(issuer,
 
 					(k) -> Mono.<ReactiveAuthenticationManager>fromCallable(() -> new JwtReactiveAuthenticationManager(ReactiveJwtDecoders.fromIssuerLocation(k)))
 
 							.subscribeOn(Schedulers.boundedElastic())
 
-							.cache()
 
+							.cache((manager) -> Duration.ofMillis(Long.MAX_VALUE), (ex) -> Duration.ZERO, () -> Duration.ZERO)
 
 			);
 
 			// @formatter:on
 
 		}

+ 29 - 0
oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java
Ver fichero 

@@ -84,6 +84,35 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 
 		}
 
 	}
 
 
+	@Test
 
+	public void resolveWhednUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception {
 
+		try (MockWebServer server = new MockWebServer()) {
 
+			server.start();
 
+			String issuer = server.url("").toString();
 
+			// @formatter:off
 
+			server.enqueue(new MockResponse().setResponseCode(500)
 
+					.setHeader("Content-Type", "application/json")
 
+					.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer))
 
+			);
 
+			server.enqueue(new MockResponse().setResponseCode(200)
 
+					.setHeader("Content-Type", "application/json")
 
+					.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer))
 
+			);
 
+			// @formatter:on
 
+			JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256),
 
+					new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer))));
 
+			jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
 
+			JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(
 
+					issuer);
 
+			MockHttpServletRequest request = new MockHttpServletRequest();
 
+			request.addHeader("Authorization", "Bearer " + jws.serialize());
 
+			assertThatExceptionOfType(IllegalArgumentException.class)
 
+					.isThrownBy(() -> authenticationManagerResolver.resolve(request));
 
+			AuthenticationManager authenticationManager = authenticationManagerResolver.resolve(request);
 
+			assertThat(authenticationManager).isNotNull();
 
+		}
 
+	}
 
+
 
 	@Test
 
 	public void resolveWhenUsingUntrustedIssuerThenException() {
 
 		JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(

+ 25 - 0
oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java
Ver fichero 

@@ -86,6 +86,31 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 
 		}
 
 	}
 
 
+	// gh-10444
 
+	@Test
 
+	public void resolveWhednUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception {
 
+		try (MockWebServer server = new MockWebServer()) {
 
+			String issuer = server.url("").toString();
 
+			// @formatter:off
 
+			server.enqueue(new MockResponse().setResponseCode(500).setHeader("Content-Type", "application/json")
 
+					.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)));
 
+			server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
 
+					.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)));
 
+			// @formatter:on
 
+			JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256),
 
+					new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer))));
 
+			jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
 
+			JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(
 
+					issuer);
 
+			MockServerWebExchange exchange = withBearerToken(jws.serialize());
 
+			assertThatExceptionOfType(IllegalArgumentException.class)
 
+					.isThrownBy(() -> authenticationManagerResolver.resolve(exchange).block());
 
+			ReactiveAuthenticationManager authenticationManager = authenticationManagerResolver.resolve(exchange)
 
+					.block();
 
+			assertThat(authenticationManager).isNotNull();
 
+		}
 
+	}
 
+
 
 	@Test
 
 	public void resolveWhenUsingUntrustedIssuerThenException() {
 
 		JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(