Skip to content

Commit bf78e43

Browse files
BoukeNijhuisjgrandja
BoukeNijhuis
authored and
jgrandja
committed
add media type jwk-set+json to accept header
Fixes gh-7290
1 parent 3599ad7 commit bf78e43

File tree

2 files changed

+26
-1
lines changed

2 files changed

+26
-1
lines changed

oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
import java.net.URL;
2121
import java.text.ParseException;
2222
import java.time.Instant;
23+
import java.util.Arrays;
2324
import java.util.Collections;
2425
import java.util.LinkedHashMap;
2526
import java.util.Map;
@@ -210,12 +211,13 @@ public final void setRestOperations(RestOperations restOperations) {
210211
}
211212

212213
private static class RestOperationsResourceRetriever implements ResourceRetriever {
214+
private static final MediaType APPLICATION_JWK_SET_JSON = new MediaType("application", "jwk-set+json");
213215
private RestOperations restOperations = new RestTemplate();
214216

215217
@Override
216218
public Resource retrieveResource(URL url) throws IOException {
217219
HttpHeaders headers = new HttpHeaders();
218-
headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON_UTF8));
220+
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON, APPLICATION_JWK_SET_JSON));
219221

220222
ResponseEntity<String> response;
221223
try {

oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@
1717

1818
import java.util.Arrays;
1919
import java.util.Collections;
20+
import java.util.List;
2021
import java.util.Map;
2122

2223
import com.nimbusds.jose.JWSAlgorithm;
@@ -31,16 +32,21 @@
3132
import org.assertj.core.api.Assertions;
3233
import org.junit.Test;
3334
import org.junit.runner.RunWith;
35+
import org.mockito.ArgumentCaptor;
3436
import org.powermock.core.classloader.annotations.PowerMockIgnore;
3537
import org.powermock.core.classloader.annotations.PrepareForTest;
3638
import org.powermock.modules.junit4.PowerMockRunner;
3739

3840
import org.springframework.core.convert.converter.Converter;
41+
import org.springframework.http.HttpStatus;
42+
import org.springframework.http.MediaType;
3943
import org.springframework.http.RequestEntity;
44+
import org.springframework.http.ResponseEntity;
4045
import org.springframework.security.oauth2.core.OAuth2Error;
4146
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
4247
import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
4348
import org.springframework.security.oauth2.jose.jws.JwsAlgorithms;
49+
import org.springframework.web.client.RestOperations;
4450
import org.springframework.web.client.RestTemplate;
4551

4652
import static org.assertj.core.api.Assertions.assertThat;
@@ -76,6 +82,8 @@ public class NimbusJwtDecoderJwkSupportTests {
7682
private static final String MALFORMED_JWT = "eyJhbGciOiJSUzI1NiJ9.eyJuYmYiOnt9LCJleHAiOjQ2ODQyMjUwODd9.guoQvujdWvd3xw7FYQEn4D6-gzM_WqFvXdmvAUNSLbxG7fv2_LLCNujPdrBHJoYPbOwS1BGNxIKQWS1tylvqzmr1RohQ-RZ2iAM1HYQzboUlkoMkcd8ENM__ELqho8aNYBfqwkNdUOyBFoy7Syu_w2SoJADw2RTjnesKO6CVVa05bW118pDS4xWxqC4s7fnBjmZoTn4uQ-Kt9YSQZQk8YQxkJSiyanozzgyfgXULA6mPu1pTNU3FVFaK1i1av_xtH_zAPgb647ZeaNe4nahgqC5h8nhOlm8W2dndXbwAt29nd2ZWBsru_QwZz83XSKLhTPFz-mPBByZZDsyBbIHf9A";
7783
private static final String UNSIGNED_JWT = "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJleHAiOi0yMDMzMjI0OTcsImp0aSI6IjEyMyIsInR5cCI6IkpXVCJ9.";
7884

85+
private static final MediaType APPLICATION_JWK_SET_JSON = new MediaType("application", "jwk-set+json");
86+
7987
private NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(JWK_SET_URL, JWS_ALGORITHM);
8088

8189
@Test
@@ -256,4 +264,19 @@ public void setClaimSetConverterWhenIsNullThenThrowsIllegalArgumentException() {
256264
assertThatCode(() -> jwtDecoder.setClaimSetConverter(null))
257265
.isInstanceOf(IllegalArgumentException.class);
258266
}
267+
268+
// gh-7290
269+
@Test
270+
public void decodeWhenJwkSetRequestedThenAcceptHeaderJsonAndJwkSetJson() {
271+
RestOperations restOperations = mock(RestOperations.class);
272+
when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
273+
.thenReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK));
274+
NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(JWK_SET_URL);
275+
jwtDecoder.setRestOperations(restOperations);
276+
jwtDecoder.decode(SIGNED_JWT);
277+
ArgumentCaptor<RequestEntity> requestEntityCaptor = ArgumentCaptor.forClass(RequestEntity.class);
278+
verify(restOperations).exchange(requestEntityCaptor.capture(), eq(String.class));
279+
List<MediaType> acceptHeader = requestEntityCaptor.getValue().getHeaders().getAccept();
280+
assertThat(acceptHeader).contains(MediaType.APPLICATION_JSON, APPLICATION_JWK_SET_JSON);
281+
}
259282
}

0 commit comments

Comments
 (0)