Skip to content

JwtIssuerReactiveAuthenticationManagerResolver eagerly creates Exceptions #7995

New issue
New issue
Closed
#7996
Closed
JwtIssuerReactiveAuthenticationManagerResolver eagerly creates Exceptions#7995
#7996
Assignees
jzheaux
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement
Milestone
 
5.3.0
@robotmrv

Description

@robotmrv
robotmrv
opened on Feb 19, 2020

Summary

JwtIssuerReactiveAuthenticationManagerResolver eagerly creates Exceptions which are not thrown always
see

spring-security/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java

Lines 122 to 125 in a90e579

.flatMap(issuer ->
this.issuerAuthenticationManagerResolver.resolve(issuer).switchIfEmpty(
Mono.error(new InvalidBearerTokenException("Invalid issuer " + issuer)))
);

and

spring-security/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java

Lines 143 to 146 in a90e579

String issuer = JWTParser.parse(token.getToken()).getJWTClaimsSet().getIssuer();
return Mono.justOrEmpty(issuer).switchIfEmpty(
Mono.error(new InvalidBearerTokenException("Missing issuer")));
} catch (Exception e) {

Actual Behavior

Exceptions are instantiated always

Expected Behavior

Exceptions should be instantiated lazily only when they are needed

Version

5.3.0.BUILD-SNAPSHOT

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions