Streamline OAuth2 resource server auto-config class conditions

Fixes gh-22233
spring-projects · Jul 7, 2020 · 1b85ce0 · 1b85ce0
1 parent b8bc219
commit 1b85ce0
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 12 deletions.
diff --git a/...autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfiguration.java b/...autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfiguration.java
@@ -17,13 +17,15 @@
 
 import org.springframework.boot.autoconfigure.AutoConfigureBefore;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
 import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
 import org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
+import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
 
 /**
  * {@link EnableAutoConfiguration Auto-configuration} for OAuth2 resource server support.
@@ -34,6 +36,7 @@
 @Configuration(proxyBeanMethods = false)
 @AutoConfigureBefore({ SecurityAutoConfiguration.class, UserDetailsServiceAutoConfiguration.class })
 @EnableConfigurationProperties(OAuth2ResourceServerProperties.class)
+@ConditionalOnClass(BearerTokenAuthenticationToken.class)
 @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
 @Import({ Oauth2ResourceServerConfiguration.JwtConfiguration.class,
 		Oauth2ResourceServerConfiguration.OpaqueTokenConfiguration.class })

diff --git a/...oot/autoconfigure/security/oauth2/resource/servlet/Oauth2ResourceServerConfiguration.java b/...oot/autoconfigure/security/oauth2/resource/servlet/Oauth2ResourceServerConfiguration.java
@@ -20,9 +20,6 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
-import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
-import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
-import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
 
 /**
  * Configuration classes for OAuth2 Resource Server These should be {@code @Import} in a
@@ -33,15 +30,14 @@
 class Oauth2ResourceServerConfiguration {
 
 	@Configuration(proxyBeanMethods = false)
-	@ConditionalOnClass({ JwtAuthenticationToken.class, JwtDecoder.class })
+	@ConditionalOnClass(JwtDecoder.class)
 	@Import({ OAuth2ResourceServerJwtConfiguration.JwtDecoderConfiguration.class,
 			OAuth2ResourceServerJwtConfiguration.OAuth2WebSecurityConfigurerAdapter.class })
 	static class JwtConfiguration {
 
 	}
 
 	@Configuration(proxyBeanMethods = false)
-	@ConditionalOnClass({ BearerTokenAuthenticationToken.class, OpaqueTokenIntrospector.class })
 	@Import({ OAuth2ResourceServerOpaqueTokenConfiguration.OpaqueTokenIntrospectionClientConfiguration.class,
 			OAuth2ResourceServerOpaqueTokenConfiguration.OAuth2WebSecurityConfigurerAdapter.class })
 	static class OpaqueTokenConfiguration {

diff --git a/...onfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java b/...onfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java
@@ -50,7 +50,6 @@
 import org.springframework.security.oauth2.jwt.JwtIssuerValidator;
 import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider;
-import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
 import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter;
 import org.springframework.security.web.FilterChainProxy;
@@ -262,21 +261,25 @@ void jwtDecoderByOidcIssuerUriIsConditionalOnMissingBean() {
 	}
 
 	@Test
-	void autoConfigurationShouldBeConditionalOnJwtAuthenticationTokenClass() {
+	void autoConfigurationShouldBeConditionalOnResourceServerClass() {
 		this.contextRunner
 				.withPropertyValues("spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com")
 				.withUserConfiguration(JwtDecoderConfig.class)
-				.withClassLoader(new FilteredClassLoader(JwtAuthenticationToken.class))
-				.run((context) -> assertThat(getBearerTokenFilter(context)).isNull());
+				.withClassLoader(new FilteredClassLoader(BearerTokenAuthenticationToken.class)).run((context) -> {
+					assertThat(context).doesNotHaveBean(OAuth2ResourceServerAutoConfiguration.class);
+					assertThat(getBearerTokenFilter(context)).isNull();
+				});
 	}
 
 	@Test
-	void autoConfigurationShouldBeConditionalOnJwtDecoderClass() {
+	void autoConfigurationForJwtShouldBeConditionalOnJwtDecoderClass() {
 		this.contextRunner
 				.withPropertyValues("spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com")
 				.withUserConfiguration(JwtDecoderConfig.class)
-				.withClassLoader(new FilteredClassLoader(JwtDecoder.class))
-				.run((context) -> assertThat(getBearerTokenFilter(context)).isNull());
+				.withClassLoader(new FilteredClassLoader(JwtDecoder.class)).run((context) -> {
+					assertThat(context).hasSingleBean(OAuth2ResourceServerAutoConfiguration.class);
+					assertThat(getBearerTokenFilter(context)).isNull();
+				});
 	}
 
 	@Test