Skip to content

Make X509CertificateThumbprintValidator to be public and non-final class #17178

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
edmundham wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Make X509CertificateThumbprintValidator to be public and non-final class #17178

edmundham wants to merge 1 commit into from

Conversation

@edmundham
Copy link

@edmundham edmundham commented May 28, 2025

gh-17131

Make X509CertificateThumbprintValidator to be public and non-final class

With the current package visibility and final class, it is not usable with JwtValidators#createDefaultWithValidators. JwtValidators#createDefaultWithValidators is following, as of v6.4.6:

	public static OAuth2TokenValidator<Jwt> createDefaultWithValidators(List<OAuth2TokenValidator<Jwt>> validators) {
		Assert.notEmpty(validators, "validators cannot be null or empty");
		List<OAuth2TokenValidator<Jwt>> tokenValidators = new ArrayList<>(validators);
		X509CertificateThumbprintValidator x509CertificateThumbprintValidator = CollectionUtils
			.findValueOfType(tokenValidators, X509CertificateThumbprintValidator.class);
		if (x509CertificateThumbprintValidator == null) {
			tokenValidators.add(0, new X509CertificateThumbprintValidator(
					X509CertificateThumbprintValidator.DEFAULT_X509_CERTIFICATE_SUPPLIER));
		}
		JwtTimestampValidator jwtTimestampValidator = CollectionUtils.findValueOfType(tokenValidators,
				JwtTimestampValidator.class);
		if (jwtTimestampValidator == null) {
			tokenValidators.add(0, new JwtTimestampValidator());
		}
		return new DelegatingOAuth2TokenValidator<>(tokenValidators);
	}

By looking at this, I could understand the purpose is for consumer to have their own implementation of X509CertificateThumbprintValidator. However, currently that is not possible. This PR is to let consumers customize or build their own implementation of X509CertificateThumbprintValidator and keep using other default validators provided by Spring Security.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label May 28, 2025
@jzheaux jzheaux mentioned this pull request May 28, 2025
Closed
@jgrandja jgrandja added type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) and removed status: waiting-for-triage An issue we've not yet triaged labels Jun 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@edmundham @jgrandja @spring-projects-issues