Skip to content

Commit 1b85ce0

Browse files
committed
Streamline OAuth2 resource server auto-config class conditions
Fixes gh-22233
1 parent b8bc219 commit 1b85ce0

File tree

3 files changed

+14
-12
lines changed

3 files changed

+14
-12
lines changed

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfiguration.java

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,13 +17,15 @@
1717

1818
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
1919
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
20+
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
2021
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
2122
import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
2223
import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
2324
import org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration;
2425
import org.springframework.boot.context.properties.EnableConfigurationProperties;
2526
import org.springframework.context.annotation.Configuration;
2627
import org.springframework.context.annotation.Import;
28+
import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
2729

2830
/**
2931
* {@link EnableAutoConfiguration Auto-configuration} for OAuth2 resource server support.
@@ -34,6 +36,7 @@
3436
@Configuration(proxyBeanMethods = false)
3537
@AutoConfigureBefore({ SecurityAutoConfiguration.class, UserDetailsServiceAutoConfiguration.class })
3638
@EnableConfigurationProperties(OAuth2ResourceServerProperties.class)
39+
@ConditionalOnClass(BearerTokenAuthenticationToken.class)
3740
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
3841
@Import({ Oauth2ResourceServerConfiguration.JwtConfiguration.class,
3942
Oauth2ResourceServerConfiguration.OpaqueTokenConfiguration.class })

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/Oauth2ResourceServerConfiguration.java

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -20,9 +20,6 @@
2020
import org.springframework.context.annotation.Configuration;
2121
import org.springframework.context.annotation.Import;
2222
import org.springframework.security.oauth2.jwt.JwtDecoder;
23-
import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
24-
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
25-
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
2623

2724
/**
2825
* Configuration classes for OAuth2 Resource Server These should be {@code @Import} in a
@@ -33,15 +30,14 @@
3330
class Oauth2ResourceServerConfiguration {
3431

3532
@Configuration(proxyBeanMethods = false)
36-
@ConditionalOnClass({ JwtAuthenticationToken.class, JwtDecoder.class })
33+
@ConditionalOnClass(JwtDecoder.class)
3734
@Import({ OAuth2ResourceServerJwtConfiguration.JwtDecoderConfiguration.class,
3835
OAuth2ResourceServerJwtConfiguration.OAuth2WebSecurityConfigurerAdapter.class })
3936
static class JwtConfiguration {
4037

4138
}
4239

4340
@Configuration(proxyBeanMethods = false)
44-
@ConditionalOnClass({ BearerTokenAuthenticationToken.class, OpaqueTokenIntrospector.class })
4541
@Import({ OAuth2ResourceServerOpaqueTokenConfiguration.OpaqueTokenIntrospectionClientConfiguration.class,
4642
OAuth2ResourceServerOpaqueTokenConfiguration.OAuth2WebSecurityConfigurerAdapter.class })
4743
static class OpaqueTokenConfiguration {

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,6 @@
5050
import org.springframework.security.oauth2.jwt.JwtIssuerValidator;
5151
import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
5252
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider;
53-
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
5453
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
5554
import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter;
5655
import org.springframework.security.web.FilterChainProxy;
@@ -262,21 +261,25 @@ void jwtDecoderByOidcIssuerUriIsConditionalOnMissingBean() {
262261
}
263262

264263
@Test
265-
void autoConfigurationShouldBeConditionalOnJwtAuthenticationTokenClass() {
264+
void autoConfigurationShouldBeConditionalOnResourceServerClass() {
266265
this.contextRunner
267266
.withPropertyValues("spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com")
268267
.withUserConfiguration(JwtDecoderConfig.class)
269-
.withClassLoader(new FilteredClassLoader(JwtAuthenticationToken.class))
270-
.run((context) -> assertThat(getBearerTokenFilter(context)).isNull());
268+
.withClassLoader(new FilteredClassLoader(BearerTokenAuthenticationToken.class)).run((context) -> {
269+
assertThat(context).doesNotHaveBean(OAuth2ResourceServerAutoConfiguration.class);
270+
assertThat(getBearerTokenFilter(context)).isNull();
271+
});
271272
}
272273

273274
@Test
274-
void autoConfigurationShouldBeConditionalOnJwtDecoderClass() {
275+
void autoConfigurationForJwtShouldBeConditionalOnJwtDecoderClass() {
275276
this.contextRunner
276277
.withPropertyValues("spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com")
277278
.withUserConfiguration(JwtDecoderConfig.class)
278-
.withClassLoader(new FilteredClassLoader(JwtDecoder.class))
279-
.run((context) -> assertThat(getBearerTokenFilter(context)).isNull());
279+
.withClassLoader(new FilteredClassLoader(JwtDecoder.class)).run((context) -> {
280+
assertThat(context).hasSingleBean(OAuth2ResourceServerAutoConfiguration.class);
281+
assertThat(getBearerTokenFilter(context)).isNull();
282+
});
280283
}
281284

282285
@Test

0 commit comments

Comments
 (0)