Resource Server Finds JwtAuthenticationConverter Beans

Fixes gh-8185

Author: evgeniycheban

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java

@@ -123,6 +123,7 @@
  * </ul>
  *
  * @author Josh Cummings
+ * @author Evgeniy Cheban
  * @since 5.1
  * @see BearerTokenAuthenticationFilter
  * @see JwtAuthenticationProvider
@@ -280,8 +281,7 @@ public class JwtConfigurer {
 		private AuthenticationManager authenticationManager;
 		private JwtDecoder decoder;
 
-		private Converter<Jwt, ? extends AbstractAuthenticationToken> jwtAuthenticationConverter =
-				new JwtAuthenticationConverter();
+		private Converter<Jwt, ? extends AbstractAuthenticationToken> jwtAuthenticationConverter;
 
 		JwtConfigurer(ApplicationContext context) {
 			this.context = context;
@@ -315,6 +315,14 @@ public OAuth2ResourceServerConfigurer<H> and() {
 		}
 
 		Converter<Jwt, ? extends AbstractAuthenticationToken> getJwtAuthenticationConverter() {
+			if (this.jwtAuthenticationConverter == null) {
+				if (this.context.getBeanNamesForType(JwtAuthenticationConverter.class).length > 0) {
+					this.jwtAuthenticationConverter = this.context.getBean(JwtAuthenticationConverter.class);
+				} else {
+					this.jwtAuthenticationConverter = new JwtAuthenticationConverter();
+				}
+			}
+
 			return this.jwtAuthenticationConverter;
 		}
 

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java

@@ -160,6 +160,7 @@
  * Tests for {@link OAuth2ResourceServerConfigurer}
  *
  * @author Josh Cummings
+ * @author Evgeniy Cheban
  */
 public class OAuth2ResourceServerConfigurerTests {
 	private static final String JWT_TOKEN = "token";
@@ -1452,6 +1453,80 @@ public void configureWhenUsingBothAuthenticationManagerResolverAndOpaqueThenWiri
 				.hasMessageContaining("authenticationManagerResolver");
 	}
 
+	@Test
+	public void getJwtAuthenticationConverterWhenNoConverterSpecifiedThenTheDefaultIsUsed() {
+		ApplicationContext context =
+				this.spring.context(new GenericWebApplicationContext()).getContext();
+
+		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer =
+				new OAuth2ResourceServerConfigurer(context).jwt();
+
+		assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isInstanceOf(JwtAuthenticationConverter.class);
+	}
+
+	@Test
+	public void getJwtAuthenticationConverterWhenConverterBeanSpecified() {
+		JwtAuthenticationConverter converterBean = new JwtAuthenticationConverter();
+
+		GenericWebApplicationContext context = new GenericWebApplicationContext();
+		context.registerBean(JwtAuthenticationConverter.class, () -> converterBean);
+		this.spring.context(context).autowire();
+
+		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer =
+				new OAuth2ResourceServerConfigurer(context).jwt();
+
+		assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isEqualTo(converterBean);
+	}
+
+	@Test
+	public void getJwtAuthenticationConverterWhenConverterBeanAndAnotherOnTheDslThenTheDslOneIsUsed() {
+		JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
+		JwtAuthenticationConverter converterBean = new JwtAuthenticationConverter();
+
+		GenericWebApplicationContext context = new GenericWebApplicationContext();
+		context.registerBean(JwtAuthenticationConverter.class, () -> converterBean);
+		this.spring.context(context).autowire();
+
+		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer =
+				new OAuth2ResourceServerConfigurer(context).jwt();
+		jwtConfigurer.jwtAuthenticationConverter(converter);
+
+		assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isEqualTo(converter);
+	}
+
+	@Test
+	public void getJwtAuthenticationConverterWhenDuplicateConverterBeansAndAnotherOnTheDslThenTheDslOneIsUsed() {
+		JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
+		JwtAuthenticationConverter converterBean = new JwtAuthenticationConverter();
+
+		GenericWebApplicationContext context = new GenericWebApplicationContext();
+		context.registerBean("converterOne", JwtAuthenticationConverter.class, () -> converterBean);
+		context.registerBean("converterTwo", JwtAuthenticationConverter.class, () -> converterBean);
+		this.spring.context(context).autowire();
+
+		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer =
+				new OAuth2ResourceServerConfigurer(context).jwt();
+		jwtConfigurer.jwtAuthenticationConverter(converter);
+
+		assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isEqualTo(converter);
+	}
+
+	@Test
+	public void getJwtAuthenticationConverterWhenDuplicateConverterBeansThenThrowsException() {
+		JwtAuthenticationConverter converterBean = new JwtAuthenticationConverter();
+
+		GenericWebApplicationContext context = new GenericWebApplicationContext();
+		context.registerBean("converterOne", JwtAuthenticationConverter.class, () -> converterBean);
+		context.registerBean("converterTwo", JwtAuthenticationConverter.class, () -> converterBean);
+		this.spring.context(context).autowire();
+
+		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer =
+				new OAuth2ResourceServerConfigurer(context).jwt();
+
+		assertThatCode(jwtConfigurer::getJwtAuthenticationConverter)
+				.isInstanceOf(NoUniqueBeanDefinitionException.class);
+	}
+
 	// -- support
 
 	@EnableWebSecurity

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.