Skip to content

Commit 518ae27

Browse files
jgrandjajgrandja
committed
Fix JwtDecoderFactory ClassNotFoundException with DPoP authentication
Closes gh-17249
1 parent e2fc368 commit 518ae27

File tree

1 file changed

+13
-3
lines changed

1 file changed

+13
-3
lines changed

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,7 @@
6464
import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
6565
import org.springframework.security.web.util.matcher.RequestMatcher;
6666
import org.springframework.util.Assert;
67+
import org.springframework.util.ClassUtils;
6768
import org.springframework.web.accept.ContentNegotiationStrategy;
6869
import org.springframework.web.accept.HeaderContentNegotiationStrategy;
6970

@@ -147,13 +148,19 @@
147148
public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>>
148149
extends AbstractHttpConfigurer<OAuth2ResourceServerConfigurer<H>, H> {
149150

151+
private static final boolean dPoPAuthenticationAvailable;
152+
153+
static {
154+
ClassLoader classLoader = OAuth2ResourceServerConfigurer.class.getClassLoader();
155+
dPoPAuthenticationAvailable = ClassUtils
156+
.isPresent("org.springframework.security.oauth2.jwt.DPoPProofJwtDecoderFactory", classLoader);
157+
}
158+
150159
private static final RequestHeaderRequestMatcher X_REQUESTED_WITH = new RequestHeaderRequestMatcher(
151160
"X-Requested-With", "XMLHttpRequest");
152161

153162
private final ApplicationContext context;
154163

155-
private final DPoPAuthenticationConfigurer<H> dPoPAuthenticationConfigurer = new DPoPAuthenticationConfigurer<>();
156-
157164
private AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver;
158165

159166
private BearerTokenResolver bearerTokenResolver;
@@ -285,7 +292,10 @@ public void configure(H http) {
285292
filter.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy());
286293
filter = postProcess(filter);
287294
http.addFilter(filter);
288-
this.dPoPAuthenticationConfigurer.configure(http);
295+
if (dPoPAuthenticationAvailable) {
296+
DPoPAuthenticationConfigurer<H> dPoPAuthenticationConfigurer = new DPoPAuthenticationConfigurer<>();
297+
dPoPAuthenticationConfigurer.configure(http);
298+
}
289299
}
290300

291301
private void validateConfiguration() {

0 commit comments

Comments
 (0)