From 844e8675be098a334f85fb7cb10424e242175327 Mon Sep 17 00:00:00 2001 From: Barry Pitman Date: Fri, 25 Jun 2021 10:39:53 +0200 Subject: [PATCH] Accept predicate in constructor for JwtIssuerAuthenticationManagerResolver Add a constructor to JwtIssuerAuthenticationManagerResolver to allow it to accept a Predicate to determine whether an issuer should be trusted or not. This allows for cases where the trusted issuers are not necessarily known at application startup. Since JwtIssuerAuthenticationManagerResolver is final and internal classes are private, this is not possible to extend it to support this use case without duplicating the whole class. --- .../JwtIssuerAuthenticationManagerResolver.java | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java index 56b8df7bc31..e7c39f34d69 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java @@ -86,6 +86,16 @@ public JwtIssuerAuthenticationManagerResolver(Collection trustedIssuers) new TrustedIssuerJwtAuthenticationManagerResolver( Collections.unmodifiableCollection(trustedIssuers)::contains)); } + + /** + * Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided + * parameters + * @param trustedIssuer a predicate to determine whether the issuer should be trusted or not + */ + public JwtIssuerAuthenticationManagerResolver(Predicate trustedIssuer) { + this.authenticationManager = new ResolvingAuthenticationManager( + new TrustedIssuerJwtAuthenticationManagerResolver(trustedIssuer)); + } /** * Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided