Make JwtAccessTokenConverter conditional

With this change users can override the JwtAccessTokenConverter
used by the auto configured JwtTokenStore and their own enhancer.

Fixes #231

Author: tsachev

spring-security-oauth2-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/authserver/AuthorizationServerTokenServicesConfiguration.java

@@ -79,11 +79,12 @@ public DefaultTokenServices jwtTokenServices(TokenStore jwtTokenStore) {
 
 		@Bean
 		@ConditionalOnMissingBean(TokenStore.class)
-		public TokenStore jwtTokenStore() {
-			return new JwtTokenStore(jwtTokenEnhancer());
+		public TokenStore jwtTokenStore(JwtAccessTokenConverter jwtTokenEnhancer) {
+			return new JwtTokenStore(jwtTokenEnhancer);
 		}
 
 		@Bean
+		@ConditionalOnMissingBean(JwtAccessTokenConverter.class)
 		public JwtAccessTokenConverter jwtTokenEnhancer() {
 			String keyValue = this.authorization.getJwt().getKeyValue();
 			Assert.notNull(this.authorization.getJwt().getKeyValue(), "keyValue cannot be null");
@@ -137,11 +138,12 @@ public DefaultTokenServices jwtTokenServices(TokenStore jwtTokenStore) {
 
 		@Bean
 		@ConditionalOnMissingBean(TokenStore.class)
-		public TokenStore tokenStore() {
-			return new JwtTokenStore(accessTokenConverter());
+		public TokenStore tokenStore(JwtAccessTokenConverter accessTokenConverter) {
+			return new JwtTokenStore(accessTokenConverter);
 		}
 
 		@Bean
+		@ConditionalOnMissingBean(JwtAccessTokenConverter.class)
 		public JwtAccessTokenConverter accessTokenConverter() {
 			Assert.notNull(this.authorization.getJwt().getKeyStore(), "keyStore cannot be null");
 			Assert.notNull(this.authorization.getJwt().getKeyStorePassword(), "keyStorePassword cannot be null");

spring-security-oauth2-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/authserver/AuthorizationServerTokenServicesConfigurationTests.java

@@ -28,9 +28,11 @@
 import org.springframework.boot.autoconfigure.AutoConfigurations;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.boot.test.context.runner.ApplicationContextRunner;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.core.io.ClassPathResource;
+import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
 import org.springframework.security.oauth2.provider.token.TokenStore;
 import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
 import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
@@ -120,11 +122,54 @@ public void configureWhenKeyStoreIsProvidedButNoPasswordThenThrowsException() {
 				.run(context -> assertThat(context).getFailure().isInstanceOf(UnsatisfiedDependencyException.class));
 	}
 
+	@Test
+	public void configureWhenPrivateKeyIsProvidedWithCustomJwtAccessTokenConverterThenDefaultBackoff()
+			throws Exception {
+		Path privateKeyPath = new ClassPathResource("key.private", this.getClass()).getFile().toPath();
+		String privateKey = Files.readAllLines(privateKeyPath).stream().collect(Collectors.joining("\n"));
+
+		this.contextRunner.withUserConfiguration(JwtAccessTokenConverterConfiguration.class)
+				.withPropertyValues("security.oauth2.authorization.jwt.key-value=" + privateKey).run(context -> {
+					JwtAccessTokenConverter converter = context.getBean(JwtAccessTokenConverter.class);
+					assertThat(converter.getAccessTokenConverter()).isInstanceOf(CustomAccessTokenConverter.class);
+				});
+	}
+
+	@Test
+	public void configureWhenKeyStoreIsProvidedWithKeyPasswordAndCustomJwtAccessTokenConverterThenDefaultBackoff() {
+		this.contextRunner.withUserConfiguration(JwtAccessTokenConverterConfiguration.class)
+				.withPropertyValues("security.oauth2.authorization.jwt.key-store=classpath:"
+						+ "org/springframework/boot/autoconfigure/security/oauth2/authserver/keyhaspassword.jks",
+						"security.oauth2.authorization.jwt.key-store-password=changeme",
+						"security.oauth2.authorization.jwt.key-alias=jwt",
+						"security.oauth2.authorization.jwt.key-password=password")
+				.run(context -> {
+					JwtAccessTokenConverter converter = context.getBean(JwtAccessTokenConverter.class);
+					assertThat(converter.getAccessTokenConverter()).isInstanceOf(CustomAccessTokenConverter.class);
+				});
+	}
+
 	@Configuration
 	@Import({ AuthorizationServerTokenServicesConfiguration.class })
 	@EnableConfigurationProperties(AuthorizationServerProperties.class)
 	protected static class AuthorizationServerConfiguration {
 
 	}
 
+	@Configuration
+	protected static class JwtAccessTokenConverterConfiguration {
+
+		@Bean
+		JwtAccessTokenConverter accessTokenConverter() {
+			JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
+			converter.setAccessTokenConverter(new CustomAccessTokenConverter());
+			return converter;
+		}
+
+	}
+
+	protected static class CustomAccessTokenConverter extends DefaultAccessTokenConverter {
+
+	}
+
 }