search

ch4mpy / spring-addons

Ease spring OAuth2 resource-servers configuration and testing
Apache License 2.0
521 stars 84 forks source link

Missing default authentication converter when using `@WithJwt` #159

Closed ch4mpy closed 8 months ago

ch4mpy commented 8 months ago

Describe the bug We can't use @WithJwt if the configuration does not expose an authentication converter bean

Code sample Considering an app with spring-boot-starter-web, spring-boot-starter-oauth2-resource-server, spring-addons-oauth2-test and this minimal configuration:

@Configuration
@EnableMethodSecurity
public class SecurityConfig {

    @Bean
    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.oauth2ResourceServer(resourceServer -> {
            resourceServer.jwt(Customizer.withDefaults());
        });

        http.authorizeHttpRequests(c -> c.anyRequest().permitAll());

        return http.build();
    }
}

Any test attempting to use @WithJwt will crash because no authentication converter bean can be found

Expected behavior Test framework should use the same default as Spring Boot and use a new JwtAuthenticationConverter() if no authentication converter could be found from the context.

Additional context This is a follow-up of https://github.com/ch4mpy/spring-addons/discussions/158

ch4mpy commented 8 months ago

Released as part of 7.2.0