private void doValidate() throws BindException { BindingResult errors = new BeanPropertyBindingResult(this, "resourceServerProperties"); boolean jwtConfigPresent = StringUtils.hasText(this.jwt.getKeyUri()) || StringUtils.hasText(this.jwt.getKeyValue()); boolean jwkConfigPresent = StringUtils.hasText(this.jwk.getKeySetUri()); if (jwtConfigPresent && jwkConfigPresent) { errors.reject("ambiguous.keyUri", "Only one of jwt.keyUri (or jwt.keyValue) and jwk.keySetUri should" + " be configured."); } if (!jwtConfigPresent && !jwkConfigPresent) { if (!StringUtils.hasText(this.userInfoUri) && !StringUtils.hasText(this.tokenInfoUri)) { errors.rejectValue("tokenInfoUri", "missing.tokenInfoUri", "Missing tokenInfoUri and userInfoUri and there is no " + "JWT verifier key"); } if (StringUtils.hasText(this.tokenInfoUri) && isPreferTokenInfo()) { if (!StringUtils.hasText(this.clientSecret)) { errors.rejectValue("clientSecret", "missing.clientSecret", "Missing client secret"); } } } if (errors.hasErrors()) { throw new BindException(errors); } }
private void doValidate() throws BindException { BindingResult errors = new BeanPropertyBindingResult(this, "resourceServerProperties"); boolean jwtConfigPresent = StringUtils.hasText(this.jwt.getKeyUri()) || StringUtils.hasText(this.jwt.getKeyValue()); boolean jwkConfigPresent = StringUtils.hasText(this.jwk.getKeySetUri()); if (jwtConfigPresent && jwkConfigPresent) { errors.reject("ambiguous.keyUri", "Only one of jwt.keyUri (or jwt.keyValue) and jwk.keySetUri should" + " be configured."); } if (!jwtConfigPresent && !jwkConfigPresent) { if (!StringUtils.hasText(this.userInfoUri) && !StringUtils.hasText(this.tokenInfoUri)) { errors.rejectValue("tokenInfoUri", "missing.tokenInfoUri", "Missing tokenInfoUri and userInfoUri and there is no " + "JWT verifier key"); } if (StringUtils.hasText(this.tokenInfoUri) && isPreferTokenInfo()) { if (!StringUtils.hasText(this.clientSecret)) { errors.rejectValue("clientSecret", "missing.clientSecret", "Missing client secret"); } } } if (errors.hasErrors()) { throw new BindException(errors); } }
@Test public void validateWhenKeysUriOrValuePresentAndUserInfoAbsentShouldNotFail() throws Exception { this.properties = new ResourceServerProperties("client", ""); this.properties.getJwk().setKeySetUri("http://my-auth-server/token_keys"); setListableBeanFactory(); this.properties.validate(); verifyZeroInteractions(this.errors); }
@Test public void validateWhenJwkKeySetUriProvidedShouldSucceed() throws Exception { this.properties.getJwk().setKeySetUri("http://my-auth-server/token_keys"); setListableBeanFactory(); this.properties.validate(); verifyZeroInteractions(this.errors); }
@Test public void validateWhenBothJwtAndJwkKeyUrisPresentShouldFail() throws Exception { this.properties.getJwk().setKeySetUri("http://my-auth-server/token_keys"); this.properties.getJwt().setKeyUri("http://my-auth-server/token_key"); setListableBeanFactory(); this.thrown.expect(IllegalStateException.class); this.thrown.expect(getMatcher("Only one of jwt.keyUri (or jwt.keyValue) " + "and jwk.keySetUri should be configured.", null)); this.properties.validate(); }
@Bean @ConditionalOnMissingBean(TokenStore.class) public TokenStore jwkTokenStore() { return new JwkTokenStore(this.resource.getJwk().getKeySetUri()); }
@Bean @ConditionalOnMissingBean(TokenStore.class) public TokenStore jwkTokenStore() { return new JwkTokenStore(this.resource.getJwk().getKeySetUri()); } }
@Test public void validateWhenBothJwtKeyValueAndJwkKeyUriPresentShouldFail() throws Exception { this.properties.getJwk().setKeySetUri("http://my-auth-server/token_keys"); this.properties.getJwt().setKeyValue("my-key"); setListableBeanFactory(); this.thrown.expect(IllegalStateException.class); this.thrown.expect(getMatcher("Only one of jwt.keyUri (or jwt.keyValue) " + "and jwk.keySetUri should be configured.", null)); this.properties.validate(); }