From 7ce8092b157d5208df2eb470cf2105bceff3bd35 Mon Sep 17 00:00:00 2001 From: Arvind Krishnakumar Date: Thu, 27 Jun 2024 07:59:34 -0500 Subject: [PATCH 1/3] Bump java-parent from 31 to 32 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2391aacf8..2b0530fe9 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ com.okta okta-parent - 30 + 32 ../okta-java-parent From 7a34da3456f503a3da143ddf2106d3402a993c0b Mon Sep 17 00:00:00 2001 From: Arvind Krishnakumar Date: Thu, 27 Jun 2024 08:05:20 -0500 Subject: [PATCH 2/3] Fixed PMD errors --- ...erTokenServerAuthenticationEntryPoint.java | 2 -- .../java/com/okta/spring/boot/oauth/Okta.java | 4 +-- .../boot/oauth/OktaOAuth2Configurer.java | 28 +------------------ .../spring/boot/oauth/env/OIDCMetadata.java | 4 +-- ...nmentPostProcessorApplicationListener.java | 2 +- 5 files changed, 6 insertions(+), 34 deletions(-) diff --git a/oauth2/src/main/java/com/okta/spring/boot/oauth/BrowserFriendlyBearerTokenServerAuthenticationEntryPoint.java b/oauth2/src/main/java/com/okta/spring/boot/oauth/BrowserFriendlyBearerTokenServerAuthenticationEntryPoint.java index 27b16a04f..5f19a893d 100644 --- a/oauth2/src/main/java/com/okta/spring/boot/oauth/BrowserFriendlyBearerTokenServerAuthenticationEntryPoint.java +++ b/oauth2/src/main/java/com/okta/spring/boot/oauth/BrowserFriendlyBearerTokenServerAuthenticationEntryPoint.java @@ -38,8 +38,6 @@ import java.util.Map; import java.util.stream.Collectors; -import static com.okta.spring.boot.oauth.Okta.statusAsString; - /** * An {@link AuthenticationEntryPoint} implementation used to commence authentication of protected resource requests * using {@link BearerTokenAuthenticationFilter}. diff --git a/oauth2/src/main/java/com/okta/spring/boot/oauth/Okta.java b/oauth2/src/main/java/com/okta/spring/boot/oauth/Okta.java index f4eaa5859..00806a983 100644 --- a/oauth2/src/main/java/com/okta/spring/boot/oauth/Okta.java +++ b/oauth2/src/main/java/com/okta/spring/boot/oauth/Okta.java @@ -132,7 +132,7 @@ private static AuthenticationEntryPoint authenticationEntryPoint() { BearerTokenAuthenticationEntryPoint bearerTokenEntryPoint = new BearerTokenAuthenticationEntryPoint(); return (request, response, authException) -> { response.setContentType(MediaType.TEXT_PLAIN.toString()); - response.getWriter().print(statusAsString(Okta.getStatus(authException))); + response.getWriter().print(statusAsString(getStatus(authException))); bearerTokenEntryPoint.commence(request, response, authException); }; } @@ -151,4 +151,4 @@ static String statusAsString(HttpStatus status) { return status.value() + " " + status.getReasonPhrase(); } -} \ No newline at end of file +} diff --git a/oauth2/src/main/java/com/okta/spring/boot/oauth/OktaOAuth2Configurer.java b/oauth2/src/main/java/com/okta/spring/boot/oauth/OktaOAuth2Configurer.java index 597532c88..06dabffb1 100644 --- a/oauth2/src/main/java/com/okta/spring/boot/oauth/OktaOAuth2Configurer.java +++ b/oauth2/src/main/java/com/okta/spring/boot/oauth/OktaOAuth2Configurer.java @@ -136,32 +136,6 @@ private Optional getFieldValue(Object source, String fieldName) throws Il return Optional.ofNullable((T) field.get(source)); } - /** - * Method to "unset" Jwt Resource Server Configurer using Reflection API. - *

- * For Root/Org issuer cases, we automatically configure resource server to use Opaque Token validation mode, but Spring - * brings in the default Jwt configuration, therefore we are unable to set Opaque Token configuration - * programmatically (startup fails - Spring only supports Jwt or Opaque is supported, not both simultaneously). - * To address this, we need this helper method to unset Jwt configurer before attempting to set Opaque Token configuration - * for Root/Org issuer use case. - */ - private void unsetJwtConfigurer(OAuth2ResourceServerConfigurer oAuth2ResourceServerConfigurer) { - - AccessController.doPrivileged((PrivilegedAction) () -> { - Field result = null; - try { - result = OAuth2ResourceServerConfigurer.class.getDeclaredField("jwtConfigurer"); - result.setAccessible(true); - - result.set(oAuth2ResourceServerConfigurer, null); - } catch (NoSuchFieldException | IllegalAccessException e) { - log.warn("Could not access field '" + "jwtConfigurer" + "' of {} via reflection", - OAuth2ResourceServerConfigurer.class.getName(), e); - } - return result; - }); - } - private void configureLogin(HttpSecurity http, OktaOAuth2Properties oktaOAuth2Properties, Environment environment) throws Exception { RestTemplate restTemplate = OktaOAuth2ResourceServerAutoConfig.restTemplate(oktaOAuth2Properties); @@ -205,4 +179,4 @@ private OAuth2AccessTokenResponseClient acc return accessTokenResponseClient; } -} \ No newline at end of file +} diff --git a/oauth2/src/main/java/com/okta/spring/boot/oauth/env/OIDCMetadata.java b/oauth2/src/main/java/com/okta/spring/boot/oauth/env/OIDCMetadata.java index 8a7a09879..20c832246 100644 --- a/oauth2/src/main/java/com/okta/spring/boot/oauth/env/OIDCMetadata.java +++ b/oauth2/src/main/java/com/okta/spring/boot/oauth/env/OIDCMetadata.java @@ -23,8 +23,8 @@ public class OIDCMetadata { private boolean isAuth0; - private final String clientAuthenticationMethod = "none"; - private final String scope = "profile,email,openid"; + private static final String clientAuthenticationMethod = "none"; + private static final String scope = "profile,email,openid"; private final String jwkSetURI; private final String authorizationURI; private final String tokenURI; diff --git a/oauth2/src/main/java/com/okta/spring/boot/oauth/env/OktaEnvironmentPostProcessorApplicationListener.java b/oauth2/src/main/java/com/okta/spring/boot/oauth/env/OktaEnvironmentPostProcessorApplicationListener.java index a069622be..d723e32cb 100644 --- a/oauth2/src/main/java/com/okta/spring/boot/oauth/env/OktaEnvironmentPostProcessorApplicationListener.java +++ b/oauth2/src/main/java/com/okta/spring/boot/oauth/env/OktaEnvironmentPostProcessorApplicationListener.java @@ -48,6 +48,6 @@ public boolean supportsEventType(Class eventType) { @Override public int getOrder() { - return Ordered.LOWEST_PRECEDENCE; + return LOWEST_PRECEDENCE; } } From 5e36af59a5cf40b2aed64b2d41f14b4f05a8a202 Mon Sep 17 00:00:00 2001 From: Arvind Krishnakumar Date: Thu, 27 Jun 2024 08:16:06 -0500 Subject: [PATCH 3/3] Fixed more PMD errors --- ...erTokenServerAuthenticationEntryPoint.java | 2 +- .../boot/oauth/OktaOAuth2Configurer.java | 27 +++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/oauth2/src/main/java/com/okta/spring/boot/oauth/BrowserFriendlyBearerTokenServerAuthenticationEntryPoint.java b/oauth2/src/main/java/com/okta/spring/boot/oauth/BrowserFriendlyBearerTokenServerAuthenticationEntryPoint.java index 5f19a893d..3ef247894 100644 --- a/oauth2/src/main/java/com/okta/spring/boot/oauth/BrowserFriendlyBearerTokenServerAuthenticationEntryPoint.java +++ b/oauth2/src/main/java/com/okta/spring/boot/oauth/BrowserFriendlyBearerTokenServerAuthenticationEntryPoint.java @@ -72,7 +72,7 @@ public Mono commence(ServerWebExchange exchange, AuthenticationException a response.setStatusCode(status); response.getHeaders().setContentType(MediaType.TEXT_PLAIN); - DataBuffer buffer = response.bufferFactory().wrap(statusAsString(status).getBytes(StandardCharsets.UTF_8)); + DataBuffer buffer = response.bufferFactory().wrap(Okta.statusAsString(status).getBytes(StandardCharsets.UTF_8)); return response.writeWith(Mono.just(buffer)); }); } diff --git a/oauth2/src/main/java/com/okta/spring/boot/oauth/OktaOAuth2Configurer.java b/oauth2/src/main/java/com/okta/spring/boot/oauth/OktaOAuth2Configurer.java index 06dabffb1..8e1c49540 100644 --- a/oauth2/src/main/java/com/okta/spring/boot/oauth/OktaOAuth2Configurer.java +++ b/oauth2/src/main/java/com/okta/spring/boot/oauth/OktaOAuth2Configurer.java @@ -136,6 +136,33 @@ private Optional getFieldValue(Object source, String fieldName) throws Il return Optional.ofNullable((T) field.get(source)); } + /** + * Method to "unset" Jwt Resource Server Configurer using Reflection API. + *

+ * For Root/Org issuer cases, we automatically configure resource server to use Opaque Token validation mode, but Spring + * brings in the default Jwt configuration, therefore we are unable to set Opaque Token configuration + * programmatically (startup fails - Spring only supports Jwt or Opaque is supported, not both simultaneously). + * To address this, we need this helper method to unset Jwt configurer before attempting to set Opaque Token configuration + * for Root/Org issuer use case. + */ + @SuppressWarnings("PMD.UnusedPrivateMethod") + private void unsetJwtConfigurer(OAuth2ResourceServerConfigurer oAuth2ResourceServerConfigurer) { + + AccessController.doPrivileged((PrivilegedAction) () -> { + Field result = null; + try { + result = OAuth2ResourceServerConfigurer.class.getDeclaredField("jwtConfigurer"); + result.setAccessible(true); + + result.set(oAuth2ResourceServerConfigurer, null); + } catch (NoSuchFieldException | IllegalAccessException e) { + log.warn("Could not access field '" + "jwtConfigurer" + "' of {} via reflection", + OAuth2ResourceServerConfigurer.class.getName(), e); + } + return result; + }); + } + private void configureLogin(HttpSecurity http, OktaOAuth2Properties oktaOAuth2Properties, Environment environment) throws Exception { RestTemplate restTemplate = OktaOAuth2ResourceServerAutoConfig.restTemplate(oktaOAuth2Properties);