micronaut-projects · sdelamo · Nov 16, 2022 · Dec 16, 2021 · Dec 21, 2021 · Dec 21, 2021
diff --git a/gradle.properties b/gradle.properties
@@ -3,7 +3,7 @@ projectGroup=io.micronaut.security
 micronautTestVersion=3.0.2
 groovyVersion=3.0.9
 micronautDocsVersion=2.0.0
-micronautVersion=3.1.0
+micronautVersion=3.2.0
 spockVersion=2.0-groovy-3.0
 
 gebVersion=4.1

diff --git a/security-aot/build.gradle b/security-aot/build.gradle
@@ -0,0 +1,28 @@
+plugins {
+    id("io.micronaut.build.internal.aot-module")
+}
+
+micronautBuild {
+    aot {
+        version = '1.0.0-M5'
+    }
+}
+
+dependencies {
+    compileOnly platform("io.micronaut:micronaut-bom:$micronautVersion")
+
+    testCompileOnly("io.micronaut:micronaut-inject-groovy:$micronautVersion")
+    testImplementation(platform("io.micronaut:micronaut-bom:$micronautVersion"))
+    testImplementation("org.spockframework:spock-core:${spockVersion}") {
+        exclude module:'groovy-all'
+    }
+    runtimeOnly("ch.qos.logback:logback-classic:1.2.8")
+    testImplementation "io.micronaut.test:micronaut-test-spock:$micronautTestVersion"
+    testImplementation "io.micronaut:micronaut-management"
+    testImplementation "io.micronaut:micronaut-http-server-netty"
+    testImplementation "io.micronaut:micronaut-http-client"
+
+    compileOnly(project(":security-oauth2"))
+    testImplementation(project(":security-oauth2"))
+
+}
diff --git a/...t/src/main/java/io/micronaut/security/aot/OpenIdProviderMetadataFetcherCodeGenerator.java b/...t/src/main/java/io/micronaut/security/aot/OpenIdProviderMetadataFetcherCodeGenerator.java
diff --git a/...es/META-INF/services/io.micronaut.security.aot.OpenIdProviderMetadataFetcherCodeGenerator b/...es/META-INF/services/io.micronaut.security.aot.OpenIdProviderMetadataFetcherCodeGenerator
diff --git a/...st/groovy/io/micronaut/security/aot/OpenIdProviderMetadataFetcherCodeGeneratorSpec.groovy b/...st/groovy/io/micronaut/security/aot/OpenIdProviderMetadataFetcherCodeGeneratorSpec.groovy
@@ -0,0 +1,106 @@
+//file:noinspection HardCodedStringLiteral
+package io.micronaut.security.aot
+
+import io.micronaut.aot.core.AOTCodeGenerator
+import io.micronaut.aot.core.codegen.AbstractSourceGeneratorSpec
+import io.micronaut.context.ApplicationContext
+import io.micronaut.context.ApplicationContextBuilder
+import io.micronaut.context.annotation.Requires
+import io.micronaut.context.env.Environment
+import io.micronaut.http.annotation.Controller
+import io.micronaut.http.annotation.Get
+import io.micronaut.runtime.server.EmbeddedServer
+import io.micronaut.security.annotation.Secured
+import io.micronaut.security.rules.SecurityRule
+import spock.lang.AutoCleanup
+import spock.lang.Shared
+
+class OpenIdProviderMetadataFetcherCodeGeneratorSpec extends AbstractSourceGeneratorSpec {
+
+    @AutoCleanup
+    @Shared
+    EmbeddedServer embeddedServer = ApplicationContext.run(EmbeddedServer,
+            ['spec.name': 'EmbeddedServerOpenIdProviderMetadataFetcherCodeGeneratorSpec'],
+            Environment.TEST)
+
+    @Override
+    protected void customizeContext(ApplicationContextBuilder builder) {
+        builder = builder.properties([
+                'micronaut.security.oauth2.clients.cognito.client-id': 'XXX',
+                'micronaut.security.oauth2.clients.cognito.client-secret': 'YYY',
+                'micronaut.security.oauth2.clients.cognito.openid.issuer': "http://localhost:$embeddedServer.port",
+        ])
+        builder.environments(Environment.TEST)
+        super.customizeContext(builder)
+    }
+
+    @Override
+    AOTCodeGenerator newGenerator() {
+        return new OpenIdProviderMetadataFetcherCodeGenerator()
+    }
+
+    void "verify OpenIdProviderMetadataFetcherCodeGenerator generates OpenIdProviderMetadataFetcher per openid client"() {
+        expect:
+        embeddedServer.applicationContext.containsBean(OpenIdConfigurationController)
+
+        when:
+        generate()
+
+        then:
+        assertThatGeneratedSources {
+            createsInitializer """private static void preloadOpenIdMetadata() {
+  java.util.Map<java.lang.String, java.util.function.Supplier<io.micronaut.security.oauth2.client.DefaultOpenIdProviderMetadata>> configs = new java.util.HashMap<java.lang.String, java.util.function.Supplier<io.micronaut.security.oauth2.client.DefaultOpenIdProviderMetadata>>();
+  context.put("cognito", AotOpenIdProviderMetadataFetcherCognito::create);
+  io.micronaut.core.optim.StaticOptimizations.set(io.micronaut.security.oauth2.client.DefaultOpenIdProviderMetadataFetcher.Optimizations, configs);
+}"""
+            hasClass("AotOpenIdProviderMetadataFetcherCognito") {
+                withSources """package io.micronaut.test;
+
+import io.micronaut.security.oauth2.client.DefaultOpenIdProviderMetadata;
+
+public class AotOpenIdProviderMetadataFetcherCognito {
+  public static DefaultOpenIdProviderMetadata create() {
+    DefaultOpenIdProviderMetadata metadata = new DefaultOpenIdProviderMetadata();
+    metadata.setUserinfoEndpoint("https://auth-groovycalamari.auth.us-east-1.amazoncognito.com/oauth2/userInfo");
+    metadata.setAuthorizationEndpoint("https://auth-groovycalamari.auth.us-east-1.amazoncognito.com/oauth2/authorize");
+    metadata.setIdTokenSigningAlgValuesSupported("https://auth-groovycalamari.auth.us-east-1.amazoncognito.com/oauth2/authorize");
+    metadata.setIssuer("https://cognito-idp.us-east-1.amazonaws.com/us-east-1_4OqDoWVrZ");
+    metadata.setJwksUri(""https://cognito-idp.us-east-1.amazonaws.com/us-east-1_4OqDoWVrZ/.well-known/jwks.json");
+    List<String> responseTypesSupported = new ArrayList<>();
+    responseTypesSupported.add("code");
+     responseTypesSupported.add("token");
+    metadata.setResponseTypesSupported(responseTypesSupported);
+    List<String> scopesSupported = new ArrayList<>();
+    scopesSupported.add("openid");
+    scopesSupported.add("email");
+    scopesSupported.add("phone");
+    scopesSupported.add("profile");
+    metadata.setScopesSupported(scopesSupported);
+    List<String> subjectTypesSupported = new ArrayList<>();
+    subjectTypesSupported.add("public");
+    metadata.setSubjectTypesSupported(subjectTypesSupported);
+    metadata.setTokenEndpoint("https://auth-groovycalamari.auth.us-east-1.amazoncognito.com/oauth2/token");
+    List<String> tokenEndpointAuthMethodsSupported = new ArrayList<>();
+    tokenEndpointAuthMethodsSupported.add("client_secret_basic");
+    tokenEndpointAuthMethodsSupported.add("client_secret_post");
+    metadata.setTokenEndpointAuthMethodsSupported(tokenEndpointAuthMethodsSupported);
+    metadata.setUserinfoEndpoint("https://auth-groovycalamari.auth.us-east-1.amazoncognito.com/oauth2/userInfo");
+    return metadata;
+  }
+}"""
+            }
+        }
+    }
+
+    @Requires(property = 'spec.name', value = 'EmbeddedServerOpenIdProviderMetadataFetcherCodeGeneratorSpec')
+    @Controller
+    static class OpenIdConfigurationController {
+
+        @Get("/.well-known/openid-configuration")
+        @Secured(SecurityRule.IS_ANONYMOUS)
+        String index() {
+            '{"authorization_endpoint":"https://auth-groovycalamari.auth.us-east-1.amazoncognito.com/oauth2/authorize","id_token_signing_alg_values_supported":["RS256"],"issuer":"https://cognito-idp.us-east-1.amazonaws.com/us-east-1_4OqDoWVrZ","jwks_uri":"https://cognito-idp.us-east-1.amazonaws.com/us-east-1_4OqDoWVrZ/.well-known/jwks.json","response_types_supported":["code","token"],"scopes_supported":["openid","email","phone","profile"],"subject_types_supported":["public"],"token_endpoint":"https://auth-groovycalamari.auth.us-east-1.amazoncognito.com/oauth2/token","token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post"],"userinfo_endpoint":"https://auth-groovycalamari.auth.us-east-1.amazoncognito.com/oauth2/userInfo"}'
+        }
+
+    }
+}
diff --git a/security-aot/src/test/resources/logback.xml b/security-aot/src/test/resources/logback.xml
@@ -0,0 +1,15 @@
+<configuration>
+
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <!-- encoders are assigned the type
+             ch.qos.logback.classic.encoder.PatternLayoutEncoder by default -->
+        <encoder>
+            <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <root level="info">
+        <appender-ref ref="STDOUT" />
+    </root>
+    <!--<logger name="io.micronaut.http" level="trace"/>-->
+</configuration>
diff --git a/...c/main/java/io/micronaut/security/oauth2/client/DefaultOpenIdProviderMetadataFetcher.java b/...c/main/java/io/micronaut/security/oauth2/client/DefaultOpenIdProviderMetadataFetcher.java
@@ -0,0 +1,107 @@
+/*
+ * Copyright 2017-2021 original authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.micronaut.security.oauth2.client;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import io.micronaut.context.exceptions.BeanInstantiationException;
+import io.micronaut.core.annotation.NonNull;
+import io.micronaut.core.optim.StaticOptimizations;
+import io.micronaut.core.util.StringUtils;
+import io.micronaut.http.client.HttpClient;
+import io.micronaut.http.client.annotation.Client;
+import io.micronaut.http.client.exceptions.HttpClientResponseException;
+import io.micronaut.security.oauth2.configuration.OpenIdClientConfiguration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Collections;
+import java.util.Map;
+import java.util.Optional;
+import java.util.function.Supplier;
+
+
+/**
+ * Default implementation of {@link OpenIdProviderMetadataFetcher}.
+ *
+ * @author Sergio del Amo
+ * @since 3.3.0
+ */
+public class DefaultOpenIdProviderMetadataFetcher implements OpenIdProviderMetadataFetcher {
+    private static final Logger LOG = LoggerFactory.getLogger(DefaultOpenIdProviderMetadataFetcher.class);
+    private final static Optimizations OPTIMIZATIONS = StaticOptimizations.get(Optimizations.class).orElse(new Optimizations(Collections.emptyMap()));
+
+    private final HttpClient client;
+    private final ObjectMapper objectMapper;
+    private final OpenIdClientConfiguration openIdClientConfiguration;
+
+    /**
+     * AOT Optimizations.
+     */
+    public static class Optimizations {
+        private final Map<String, Supplier<DefaultOpenIdProviderMetadata>> suppliers;
+
+        /**
+         *
+         * @param suppliers Map with key being the OpenID Name qualifier and
+         */
+        public Optimizations(Map<String, Supplier<DefaultOpenIdProviderMetadata>> suppliers) {
+            this.suppliers = suppliers;
+        }
+
+        public Optional<Supplier<DefaultOpenIdProviderMetadata>> findMetadata(String name) {
+            return Optional.ofNullable(suppliers.get(name));
+        }
+    }
+
+    public DefaultOpenIdProviderMetadataFetcher(OpenIdClientConfiguration openIdClientConfiguration,
+                                                ObjectMapper objectMapper,
+                                                @Client HttpClient client) {
+        this.openIdClientConfiguration = openIdClientConfiguration;
+        this.objectMapper = objectMapper;
+        this.client = client;
+    }
+
+    @Override
+    @NonNull
+    public DefaultOpenIdProviderMetadata fetch() {
+        return OPTIMIZATIONS.findMetadata(openIdClientConfiguration.getName())
+                .map(Supplier::get)
+                .orElseGet(() -> openIdClientConfiguration.getIssuer()
+                        .map(issuer -> {
+                            try {
+                                URL configurationUrl = new URL(issuer, StringUtils.prependUri(issuer.getPath(), openIdClientConfiguration.getConfigurationPath()));
+                                if (LOG.isDebugEnabled()) {
+                                    LOG.debug("Sending request for OpenID configuration for provider [{}] to URL [{}]", openIdClientConfiguration.getName(), configurationUrl);
+                                }
+                                //TODO this returns ReadTimeoutException - return issuerClient.toBlocking().retrieve(configurationUrl.toString(), DefaultOpenIdProviderMetadata.class);
+                                String json = client.toBlocking().retrieve(configurationUrl.toString(), String.class);
+                                return objectMapper.readValue(json, DefaultOpenIdProviderMetadata.class);
+
+                            } catch (MalformedURLException e) {
+                                throw new BeanInstantiationException("Failure parsing issuer URL " + issuer.toString(), e);
+                            } catch (HttpClientResponseException e) {
+                                throw new BeanInstantiationException("Failed to retrieve OpenID configuration for " + openIdClientConfiguration.getName(), e);
+
+                            } catch (JsonProcessingException e) {
+                                throw new BeanInstantiationException("JSON Processing Exception parsing issuer URL returned JSON " + issuer.toString(), e);
+                            }
+                        }).orElse(new DefaultOpenIdProviderMetadata())
+                );
+    }
+}
diff --git a/security-oauth2/src/main/java/io/micronaut/security/oauth2/client/OpenIdClientFactory.java b/security-oauth2/src/main/java/io/micronaut/security/oauth2/client/OpenIdClientFactory.java
@@ -15,21 +15,15 @@
  */
 package io.micronaut.security.oauth2.client;
 
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import io.micronaut.context.BeanContext;
 import io.micronaut.context.BeanProvider;
 import io.micronaut.context.annotation.EachBean;
 import io.micronaut.context.annotation.Factory;
 import io.micronaut.context.annotation.Parameter;
 import io.micronaut.context.annotation.Requires;
-import io.micronaut.context.exceptions.BeanInstantiationException;
 import io.micronaut.core.annotation.Internal;
-import io.micronaut.core.util.StringUtils;
+import io.micronaut.core.annotation.Nullable;
 import io.micronaut.core.util.SupplierUtil;
-import io.micronaut.http.client.HttpClient;
-import io.micronaut.http.client.annotation.Client;
-import io.micronaut.http.client.exceptions.HttpClientResponseException;
 import io.micronaut.security.oauth2.client.condition.OpenIdClientCondition;
 import io.micronaut.security.oauth2.configuration.OauthClientConfiguration;
 import io.micronaut.security.oauth2.configuration.OpenIdClientConfiguration;
@@ -44,9 +38,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import io.micronaut.core.annotation.Nullable;
-import java.net.MalformedURLException;
-import java.net.URL;
 import java.util.Collections;
 import java.util.function.Supplier;
 
@@ -66,48 +57,26 @@ class OpenIdClientFactory {
 
     private final BeanContext beanContext;
 
-    private final ObjectMapper objectMapper;
-
     /**
      * @param beanContext The bean context
-     * @param objectMapper Object Mapper
      */
-    OpenIdClientFactory(BeanContext beanContext, ObjectMapper objectMapper) {
+    OpenIdClientFactory(BeanContext beanContext) {
         this.beanContext = beanContext;
-        this.objectMapper = objectMapper;
     }
 
     /**
      * Retrieves OpenID configuration from the provided issuer.
      *
      * @param oauthClientConfiguration The client configuration
      * @param openIdClientConfiguration The openid client configuration
-     * @param issuerClient The client to request the metadata
+     * @param openIdProviderMetadataFetcher OpenID Provider metadata Fetcher
      * @return The OpenID configuration
      */
     @EachBean(OpenIdClientConfiguration.class)
     DefaultOpenIdProviderMetadata openIdConfiguration(@Parameter OauthClientConfiguration oauthClientConfiguration,
                                                       @Parameter OpenIdClientConfiguration openIdClientConfiguration,
-                                                      @Client HttpClient issuerClient) {
-        DefaultOpenIdProviderMetadata providerMetadata = openIdClientConfiguration.getIssuer()
-                .map(issuer -> {
-                    try {
-                        URL configurationUrl = new URL(issuer, StringUtils.prependUri(issuer.getPath(), openIdClientConfiguration.getConfigurationPath()));
-                        if (LOG.isDebugEnabled()) {
-                            LOG.debug("Sending request for OpenID configuration for provider [{}] to URL [{}]", openIdClientConfiguration.getName(), configurationUrl);
-                        }
-                        //TODO this returns ReadTimeoutException - return issuerClient.toBlocking().retrieve(configurationUrl.toString(), DefaultOpenIdProviderMetadata.class);
-                        String json = issuerClient.toBlocking().retrieve(configurationUrl.toString(), String.class);
-                        return objectMapper.readValue(json, DefaultOpenIdProviderMetadata.class);
-                    } catch (HttpClientResponseException e) {
-                        throw new BeanInstantiationException("Failed to retrieve OpenID configuration for " + openIdClientConfiguration.getName(), e);
-                    } catch (MalformedURLException e) {
-                        throw new BeanInstantiationException("Failure parsing issuer URL " + issuer.toString(), e);
-                    } catch (JsonProcessingException e) {
-                        throw new BeanInstantiationException("JSON Processing Exception parsing issuer URL returned JSON " + issuer.toString(), e);
-                    }
-                }).orElse(new DefaultOpenIdProviderMetadata());
-
+                                                      @Parameter OpenIdProviderMetadataFetcher openIdProviderMetadataFetcher) {
+        DefaultOpenIdProviderMetadata providerMetadata = openIdProviderMetadataFetcher.fetch();
         overrideFromConfig(providerMetadata, openIdClientConfiguration, oauthClientConfiguration);
         return providerMetadata;
     }

diff --git a/...uth2/src/main/java/io/micronaut/security/oauth2/client/OpenIdProviderMetadataFetcher.java b/...uth2/src/main/java/io/micronaut/security/oauth2/client/OpenIdProviderMetadataFetcher.java
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2017-2021 original authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.micronaut.security.oauth2.client;
+
+import io.micronaut.core.annotation.NonNull;
+
+/**
+ * Fetches OpenIdProviderMetadata for a {@link io.micronaut.security.oauth2.configuration.OpenIdClientConfiguration}.
+ * @author Sergio del Amo
+ * @since 3.3.0
+ */
+@FunctionalInterface
+public interface OpenIdProviderMetadataFetcher {
+    /**
+     *
+     * @return OpenID Provider Metadata
+     */
+    @NonNull
+    DefaultOpenIdProviderMetadata fetch();
+}