Polish

- Added JavaDoc @SInCE attribute
- Added Predicate based test
- Adjusted test names

Issue gh-13427

Author: jzheaux

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java

@@ -91,6 +91,7 @@ public JwtIssuerAuthenticationManagerResolver(Collection<String> trustedIssuers)
 	 * Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided
 	 * parameters
 	 * @param trustedIssuers an array of trusted issuers
+	 * @since 6.2
 	 */
 	public static JwtIssuerAuthenticationManagerResolver fromTrustedIssuers(String... trustedIssuers) {
 		return fromTrustedIssuers(Set.of(trustedIssuers));
@@ -100,6 +101,7 @@ public static JwtIssuerAuthenticationManagerResolver fromTrustedIssuers(String..
 	 * Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided
 	 * parameters
 	 * @param trustedIssuers a collection of trusted issuers
+	 * @since 6.2
 	 */
 	public static JwtIssuerAuthenticationManagerResolver fromTrustedIssuers(Collection<String> trustedIssuers) {
 		Assert.notEmpty(trustedIssuers, "trustedIssuers cannot be empty");
@@ -110,6 +112,7 @@ public static JwtIssuerAuthenticationManagerResolver fromTrustedIssuers(Collecti
 	 * Construct a {@link JwtIssuerAuthenticationManagerResolver} using the provided
 	 * parameters
 	 * @param trustedIssuers a predicate to validate issuers
+	 * @since 6.2
 	 */
 	public static JwtIssuerAuthenticationManagerResolver fromTrustedIssuers(Predicate<String> trustedIssuers) {
 		Assert.notNull(trustedIssuers, "trustedIssuers cannot be null");
@@ -225,7 +228,7 @@ public AuthenticationManager resolve(String issuer) {
 			}
 			else {
 				this.logger.debug(LogMessage
-						.format("Did not resolve AuthenticationManager since issuer '%s' is not trusted", issuer));
+						.format("Did not resolve AuthenticationManager since issuer is not trusted", issuer));
 			}
 			return null;
 		}

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java

@@ -95,6 +95,7 @@ public JwtIssuerReactiveAuthenticationManagerResolver(Collection<String> trusted
 	 * Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the
 	 * provided parameters
 	 * @param trustedIssuers an array of trusted issuers
+	 * @since 6.2
 	 */
 	public static JwtIssuerReactiveAuthenticationManagerResolver fromTrustedIssuers(String... trustedIssuers) {
 		return fromTrustedIssuers(Set.of(trustedIssuers));
@@ -104,6 +105,7 @@ public static JwtIssuerReactiveAuthenticationManagerResolver fromTrustedIssuers(
 	 * Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the
 	 * provided parameters
 	 * @param trustedIssuers a collection of trusted issuers
+	 * @since 6.2
 	 */
 	public static JwtIssuerReactiveAuthenticationManagerResolver fromTrustedIssuers(Collection<String> trustedIssuers) {
 		Assert.notEmpty(trustedIssuers, "trustedIssuers cannot be empty");
@@ -114,6 +116,7 @@ public static JwtIssuerReactiveAuthenticationManagerResolver fromTrustedIssuers(
 	 * Construct a {@link JwtIssuerReactiveAuthenticationManagerResolver} using the
 	 * provided parameters
 	 * @param trustedIssuers a predicate to validate issuers
+	 * @since 6.2
 	 */
 	public static JwtIssuerReactiveAuthenticationManagerResolver fromTrustedIssuers(Predicate<String> trustedIssuers) {
 		Assert.notNull(trustedIssuers, "trustedIssuers cannot be null");
@@ -219,7 +222,7 @@ static class TrustedIssuerJwtAuthenticationManagerResolver
 		public Mono<ReactiveAuthenticationManager> resolve(String issuer) {
 			if (!this.trustedIssuer.test(issuer)) {
 				this.logger.debug(LogMessage
-						.format("Did not resolve AuthenticationManager since issuer '%s' is not trusted", issuer));
+						.format("Did not resolve AuthenticationManager since issuer is not trusted", issuer));
 				return Mono.empty();
 			}
 			// @formatter:off

oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java

@@ -65,15 +65,15 @@ public class JwtIssuerAuthenticationManagerResolverTests {
 	private String noIssuer = jwt("sub", "sub");
 
 	@Test
-	public void resolveWhenUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception {
+	public void resolveWhenUsingFromTrustedIssuersThenReturnsAuthenticationManager() throws Exception {
 		try (MockWebServer server = new MockWebServer()) {
 			server.start();
 			String issuer = server.url("").toString();
 			// @formatter:off
 			server.enqueue(new MockResponse().setResponseCode(200)
 					.setHeader("Content-Type", "application/json")
 					.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)
-			));
+					));
 			server.enqueue(new MockResponse().setResponseCode(200)
 					.setHeader("Content-Type", "application/json")
 					.setBody(JWK_SET)
@@ -96,6 +96,38 @@ public void resolveWhenUsingTrustedIssuerThenReturnsAuthenticationManager() thro
 		}
 	}
 
+	@Test
+	public void resolveWhenUsingFromTrustedIssuersPredicateThenReturnsAuthenticationManager() throws Exception {
+		try (MockWebServer server = new MockWebServer()) {
+			server.start();
+			String issuer = server.url("").toString();
+			// @formatter:off
+			server.enqueue(new MockResponse().setResponseCode(200)
+					.setHeader("Content-Type", "application/json")
+					.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)
+					));
+			server.enqueue(new MockResponse().setResponseCode(200)
+					.setHeader("Content-Type", "application/json")
+					.setBody(JWK_SET)
+			);
+			server.enqueue(new MockResponse().setResponseCode(200)
+					.setHeader("Content-Type", "application/json")
+					.setBody(JWK_SET)
+			);
+			// @formatter:on
+			JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256),
+					new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer))));
+			jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
+			JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = JwtIssuerAuthenticationManagerResolver
+					.fromTrustedIssuers(issuer::equals);
+			Authentication token = withBearerToken(jws.serialize());
+			AuthenticationManager authenticationManager = authenticationManagerResolver.resolve(null);
+			assertThat(authenticationManager).isNotNull();
+			Authentication authentication = authenticationManager.authenticate(token);
+			assertThat(authentication.isAuthenticated()).isTrue();
+		}
+	}
+
 	@Test
 	public void resolveWhednUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception {
 		try (MockWebServer server = new MockWebServer()) {
@@ -230,7 +262,7 @@ public void resolveWhenBearerTokenEvilThenGenericException() {
 	}
 
 	@Test
-	public void constructorWhenNullOrEmptyIssuersThenException() {
+	public void factoryWhenNullOrEmptyIssuersThenException() {
 		assertThatIllegalArgumentException()
 				.isThrownBy(() -> JwtIssuerAuthenticationManagerResolver.fromTrustedIssuers((Predicate<String>) null));
 		assertThatIllegalArgumentException()

oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java

@@ -72,7 +72,7 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests {
 	private String noIssuer = jwt("sub", "sub");
 
 	@Test
-	public void resolveWhenUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception {
+	public void resolveWhenUsingFromTrustedIssuersThenReturnsAuthenticationManager() throws Exception {
 		try (MockWebServer server = new MockWebServer()) {
 			String issuer = server.url("").toString();
 			server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
@@ -95,6 +95,30 @@ public void resolveWhenUsingTrustedIssuerThenReturnsAuthenticationManager() thro
 		}
 	}
 
+	@Test
+	public void resolveWhenUsingFromTrustedIssuersPredicateThenReturnsAuthenticationManager() throws Exception {
+		try (MockWebServer server = new MockWebServer()) {
+			String issuer = server.url("").toString();
+			server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
+					.setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)));
+			server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
+					.setBody(JWK_SET));
+			server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json")
+					.setBody(JWK_SET));
+			JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256),
+					new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer))));
+			jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
+			JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = JwtIssuerReactiveAuthenticationManagerResolver
+					.fromTrustedIssuers(issuer::equals);
+			ReactiveAuthenticationManager authenticationManager = authenticationManagerResolver.resolve(null).block();
+			assertThat(authenticationManager).isNotNull();
+			BearerTokenAuthenticationToken token = withBearerToken(jws.serialize());
+			Authentication authentication = authenticationManager.authenticate(token).block();
+			assertThat(authentication).isNotNull();
+			assertThat(authentication.isAuthenticated()).isTrue();
+		}
+	}
+
 	// gh-10444
 	@Test
 	public void resolveWhednUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception {
@@ -229,7 +253,7 @@ public void resolveWhenBearerTokenEvilThenGenericException() {
 	}
 
 	@Test
-	public void constructorWhenNullOrEmptyIssuersThenException() {
+	public void factoryWhenNullOrEmptyIssuersThenException() {
 		assertThatIllegalArgumentException().isThrownBy(
 				() -> JwtIssuerReactiveAuthenticationManagerResolver.fromTrustedIssuers((Predicate<String>) null));
 		assertThatIllegalArgumentException().isThrownBy(