From b0b97fb1d21af2fb4d052d0792c9e5eae71f1030 Mon Sep 17 00:00:00 2001 From: shenqicheng <1317225796@qq.com> Date: Tue, 9 Jul 2024 09:52:38 +0800 Subject: [PATCH] Add configuration property to allow multiple issuers See gh-41355 --- .../OAuth2AuthorizationServerProperties.java | 24 +++++++++++++++++++ ...h2AuthorizationServerPropertiesMapper.java | 3 ++- 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerProperties.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerProperties.java index 196afbdc75fe..fbce47a683b8 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerProperties.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerProperties.java @@ -42,6 +42,30 @@ public class OAuth2AuthorizationServerProperties implements InitializingBean { */ private String issuer; + /** + * Set to {@code true} if multiple issuers are allowed per host. Using path + * components in the URL of the issuer identifier enables supporting multiple + * issuers per host in a multi-tenant hosting configuration. + * + *

+ * For example: + *

+ * + *

+ * NOTE: Explicitly configuring the issuer identifier via + * {@link #issuer(String)} forces to a single-tenant configuration. Avoid + * configuring the issuer identifier when using a multi-tenant hosting + * configuration, allowing the issuer identifier to be resolved from the + * "current" request. + * @param multipleIssuersAllowed {@code true} if multiple issuers are allowed per + * host, {@code false} otherwise + * @return the {@link Builder} for further configuration + */ + private boolean multipleIssuersAllowed = false; + /** * Registered clients of the Authorization Server. */ diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesMapper.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesMapper.java index e53d587e192c..a4fe537dbfc9 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesMapper.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesMapper.java @@ -51,7 +51,8 @@ AuthorizationServerSettings asAuthorizationServerSettings() { OAuth2AuthorizationServerProperties.Endpoint endpoint = this.properties.getEndpoint(); OAuth2AuthorizationServerProperties.OidcEndpoint oidc = endpoint.getOidc(); AuthorizationServerSettings.Builder builder = AuthorizationServerSettings.builder(); - map.from(this.properties::getIssuer).to(builder::issuer); + map.from(this.properties::getIssuer).whenHasText().to(builder::issuer); + map.from(this.properties::isMultipleIssuersAllowed).to(builder::multipleIssuersAllowed); map.from(endpoint::getAuthorizationUri).to(builder::authorizationEndpoint); map.from(endpoint::getDeviceAuthorizationUri).to(builder::deviceAuthorizationEndpoint); map.from(endpoint::getDeviceVerificationUri).to(builder::deviceVerificationEndpoint);