Skip to content

JwtIssuerReactiveAuthenticationManagerResolver eagerly creates Exceptions #7995

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
robotmrv opened this issue Feb 19, 2020 · 0 comments · Fixed by #7996
Closed

JwtIssuerReactiveAuthenticationManagerResolver eagerly creates Exceptions #7995

robotmrv opened this issue Feb 19, 2020 · 0 comments · Fixed by #7996
Assignees
@jzheaux
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Milestone
5.3.0

Comments

@robotmrv
Copy link
Contributor

Summary

JwtIssuerReactiveAuthenticationManagerResolver eagerly creates Exceptions which are not thrown always
see

spring-security/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java

Lines 122 to 125 in a90e579

.flatMap(issuer ->
this.issuerAuthenticationManagerResolver.resolve(issuer).switchIfEmpty(
Mono.error(new InvalidBearerTokenException("Invalid issuer " + issuer)))
);

and

spring-security/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java

Lines 143 to 146 in a90e579

String issuer = JWTParser.parse(token.getToken()).getJWTClaimsSet().getIssuer();
return Mono.justOrEmpty(issuer).switchIfEmpty(
Mono.error(new InvalidBearerTokenException("Missing issuer")));
} catch (Exception e) {

Actual Behavior

Exceptions are instantiated always

Expected Behavior

Exceptions should be instantiated lazily only when they are needed

Version

5.3.0.BUILD-SNAPSHOT
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Feb 19, 2020
@robotmrv robotmrv mentioned this issue Feb 19, 2020
Merged
robotmrv added a commit to robotmrv/spring-security that referenced this issue Feb 20, 2020
@robotmrv
Instantiate exceptions lazily
18f62d7 
Add lazy Exception instantiation to reduce allocations

Fixes spring-projectsgh-7995
jzheaux pushed a commit that referenced this issue Feb 27, 2020
@robotmrv @jzheaux
Instantiate exceptions lazily
04e671f 
Add lazy Exception instantiation to reduce allocations

Fixes gh-7995
@jzheaux jzheaux self-assigned this Feb 27, 2020
@jzheaux jzheaux added in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Feb 27, 2020
@jzheaux jzheaux added this to the 5.3.0 milestone Feb 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Milestone
5.3.0
Development

Successfully merging a pull request may close this issue.

Instantiate exceptions lazily robotmrv/spring-security
3 participants
@jzheaux @robotmrv @spring-projects-issues