mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-07-15 01:07:30 +08:00
Revert "Do not enable WebFlux security unless other configuration is active"
This reverts commit beba1f176a
.
See gh-38713
This commit is contained in:
parent
3ac9c44942
commit
964ccbb000
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -40,9 +40,7 @@ import org.springframework.security.config.annotation.web.reactive.EnableWebFlux
|
||||
@ConditionalOnClass({ EnableWebFluxSecurity.class })
|
||||
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
|
||||
@Import({ ReactiveOAuth2ResourceServerConfiguration.JwtConfiguration.class,
|
||||
ReactiveOAuth2ResourceServerConfiguration.OpaqueTokenConfiguration.class,
|
||||
ReactiveOAuth2ResourceServerConfiguration.JwtWebSecurityConfiguration.class,
|
||||
ReactiveOAuth2ResourceServerConfiguration.OpaqueTokenWebSecurityConfiguration.class })
|
||||
ReactiveOAuth2ResourceServerConfiguration.OpaqueTokenConfiguration.class })
|
||||
public class ReactiveOAuth2ResourceServerAutoConfiguration {
|
||||
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -24,8 +24,8 @@ import org.springframework.security.oauth2.server.resource.authentication.Bearer
|
||||
import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
|
||||
|
||||
/**
|
||||
* Configuration classes for OAuth2 Resource Server. These should be {@code @Import}ed in
|
||||
* a regular auto-configuration class to guarantee their order of execution.
|
||||
* Configuration classes for OAuth2 Resource Server These should be {@code @Import} in a
|
||||
* regular auto-configuration class to guarantee their order of execution.
|
||||
*
|
||||
* @author Madhura Bhave
|
||||
*/
|
||||
@ -33,30 +33,18 @@ class ReactiveOAuth2ResourceServerConfiguration {
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@ConditionalOnClass({ BearerTokenAuthenticationToken.class, ReactiveJwtDecoder.class })
|
||||
@Import(ReactiveOAuth2ResourceServerJwkConfiguration.JwtConfiguration.class)
|
||||
@Import({ ReactiveOAuth2ResourceServerJwkConfiguration.JwtConfiguration.class,
|
||||
ReactiveOAuth2ResourceServerJwkConfiguration.WebSecurityConfiguration.class })
|
||||
static class JwtConfiguration {
|
||||
|
||||
}
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@ConditionalOnClass({ BearerTokenAuthenticationToken.class, ReactiveJwtDecoder.class })
|
||||
@Import(ReactiveOAuth2ResourceServerJwkConfiguration.WebSecurityConfiguration.class)
|
||||
static class JwtWebSecurityConfiguration {
|
||||
|
||||
}
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@ConditionalOnClass({ BearerTokenAuthenticationToken.class, ReactiveOpaqueTokenIntrospector.class })
|
||||
@Import(ReactiveOAuth2ResourceServerOpaqueTokenConfiguration.OpaqueTokenIntrospectionClientConfiguration.class)
|
||||
@Import({ ReactiveOAuth2ResourceServerOpaqueTokenConfiguration.OpaqueTokenIntrospectionClientConfiguration.class,
|
||||
ReactiveOAuth2ResourceServerOpaqueTokenConfiguration.WebSecurityConfiguration.class })
|
||||
static class OpaqueTokenConfiguration {
|
||||
|
||||
}
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@ConditionalOnClass({ BearerTokenAuthenticationToken.class, ReactiveOpaqueTokenIntrospector.class })
|
||||
@Import(ReactiveOAuth2ResourceServerOpaqueTokenConfiguration.WebSecurityConfiguration.class)
|
||||
static class OpaqueTokenWebSecurityConfiguration {
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -164,11 +164,11 @@ class ReactiveOAuth2ResourceServerJwkConfiguration {
|
||||
}
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@ConditionalOnBean(ReactiveJwtDecoder.class)
|
||||
@ConditionalOnMissingBean(SecurityWebFilterChain.class)
|
||||
static class WebSecurityConfiguration {
|
||||
|
||||
@Bean
|
||||
@ConditionalOnBean(ReactiveJwtDecoder.class)
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http, ReactiveJwtDecoder jwtDecoder) {
|
||||
http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated());
|
||||
http.oauth2ResourceServer((server) -> customDecoder(server, jwtDecoder));
|
||||
|
@ -56,10 +56,10 @@ class ReactiveOAuth2ResourceServerOpaqueTokenConfiguration {
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@ConditionalOnMissingBean(SecurityWebFilterChain.class)
|
||||
@ConditionalOnBean(ReactiveOpaqueTokenIntrospector.class)
|
||||
static class WebSecurityConfiguration {
|
||||
|
||||
@Bean
|
||||
@ConditionalOnBean(ReactiveOpaqueTokenIntrospector.class)
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated());
|
||||
http.oauth2ResourceServer((resourceServer) -> resourceServer.opaqueToken(withDefaults()));
|
||||
|
@ -43,8 +43,6 @@ import org.mockito.InOrder;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import org.springframework.boot.autoconfigure.AutoConfigurations;
|
||||
import org.springframework.boot.autoconfigure.logging.ConditionEvaluationReportLoggingListener;
|
||||
import org.springframework.boot.logging.LogLevel;
|
||||
import org.springframework.boot.test.context.FilteredClassLoader;
|
||||
import org.springframework.boot.test.context.assertj.AssertableReactiveWebApplicationContext;
|
||||
import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
|
||||
@ -75,7 +73,6 @@ import org.springframework.security.oauth2.server.resource.authentication.Opaque
|
||||
import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
|
||||
import org.springframework.security.web.server.MatcherSecurityWebFilterChain;
|
||||
import org.springframework.security.web.server.SecurityWebFilterChain;
|
||||
import org.springframework.security.web.server.WebFilterChainProxy;
|
||||
import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
|
||||
import org.springframework.test.util.ReflectionTestUtils;
|
||||
import org.springframework.web.server.WebFilter;
|
||||
@ -119,16 +116,10 @@ class ReactiveOAuth2ResourceServerAutoConfigurationTests {
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
void autoConfigurationDoesNotEnableWebSecurityWithoutJwtDecoderOrTokenIntrospector() {
|
||||
this.contextRunner.run((context) -> assertThat(context).doesNotHaveBean(WebFilterChainProxy.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
void autoConfigurationShouldConfigureResourceServer() {
|
||||
this.contextRunner
|
||||
.withPropertyValues("spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com")
|
||||
.withInitializer(ConditionEvaluationReportLoggingListener.forLogLevel(LogLevel.INFO))
|
||||
.run((context) -> {
|
||||
assertThat(context).hasSingleBean(NimbusReactiveJwtDecoder.class);
|
||||
assertFilterConfiguredWithJwtAuthenticationManager(context);
|
||||
@ -394,7 +385,7 @@ class ReactiveOAuth2ResourceServerAutoConfigurationTests {
|
||||
|
||||
@Test
|
||||
void autoConfigurationWhenIntrospectionUriAvailableShouldConfigureIntrospectionClient() {
|
||||
this.contextRunner.withInitializer(ConditionEvaluationReportLoggingListener.forLogLevel(LogLevel.INFO))
|
||||
this.contextRunner
|
||||
.withPropertyValues(
|
||||
"spring.security.oauth2.resourceserver.opaquetoken.introspection-uri=https://check-token.com",
|
||||
"spring.security.oauth2.resourceserver.opaquetoken.client-id=my-client-id",
|
||||
|
Loading…
Reference in New Issue
Block a user