Enable customization of BearerTokenResolver by adding a setter for JwtClaimIssuerConverter on JwtIssuerAuthenticationManagerResolver #9168
Conversation
… BearerTokenResolver in the JwtIssuerAuthenticationManagerResolver class (spring-projectsgh-8535)
spring-projects-issues
added
the
status: waiting-for-triage
| * | ||
| * @since 5.5 | ||
| */ | ||
| public void setIssuerConverter(Converter<HttpServletRequest, String> issuerConverter) { |
There was a problem hiding this comment.
Instead of setIssuerConverter, could you do:
public void setBearerTokenResolver(BearerTokenResolver bearerTokenResolver) {
this.issuerConverter = new JwtClaimIssuerConverter(bearerTokenResolver);
}That way, the API uses a familiar interface that they most likely already configured in their app.
There was a problem hiding this comment.
Okay :) Then I would also need to add another constructor to the JwtClaimIssuerConverter to pass the resolver / converter correct?
There was a problem hiding this comment.
@jzheaux I hope this is the way your feedback was meant.
…JwtIssuerReactiveAuthenticationManagerResolver
| @@ -130,9 +130,28 @@ public AuthenticationManager resolve(HttpServletRequest request) { | |||
| return authenticationManager; | |||
| } | |||
|
|
|||
| /** | |||
| * Set a custom issuer converter | |||
There was a problem hiding this comment.
Will you please update the JavaDoc so that it talks about BearerTokenResolver instead?
...k/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
Show resolved
Hide resolved
| private BearerTokenResolver resolver; | ||
|
|
||
| JwtClaimIssuerConverter() { | ||
| this.resolver = new DefaultBearerTokenResolver(); |
There was a problem hiding this comment.
It might be more efficient to do:
this(new DefaulBearerTokenResolver());…icationManagerResolver; reuse contructors of JwtAuthenticationManagerResolvers
|
@jzheaux I adapted the PR according to your feedback. Will write some test cases for the setter method next 🧪 |
…olver, JwtIssuerReactiveAuthenticationManagerResolver
|
Added unit tests for the new feature. |
jzheaux
added
in: oauth2
|
@jzheaux thank you for your support! |
Description
When using the
JwtIssuerAuthenticationManagerResolverthere should be a way to replace theDefaultBearerTokenResolver(or here the entireJwtClaimIssuerConverter) by a custom implementation which is requested in #8535.I decided to set the entire
JwtClaimIssuerConverterbecause it is declared as typeConverter<HttpServletRequest,String>and implementing a setter or new constructor on it would required to change the type of the attribute directly toJwtClaimIssuerConverterclass.Context
I use the JwtIssuerAuthenticationManagerResolver in a web socket backend which receives the JWT not in the Authorization Header but in a custom X-Authorization Cookie Header. Therefore, I need to use my own BearerTokenResolver implementation which gets the JWT from there. This seems not to be possible at the moment.