Resource Server jwkSetUri takes precedence over jwtDecoder in Kotlin DSL

### Summary

When configuring both `jwkSetUri` and `jwtDecoder` in the Resource Server Kotlin DSL, the `jwkSetUri` always takes precedence.
Instead, whichever was declared last should take precedence.
Consider the following configuration
```
@EnableWebSecurity
class SecurityConfig : WebSecurityConfigurerAdapter() {

 override fun configure(http: HttpSecurity) {
     http {
         oauth2ResourceServer {
             jwt {
                 jwkSetUri = "https://example1.com/oauth2/jwk1"
                 jwtDecoder = NimbusJwtDecoder.withJwkSetUri("https://example2.com/oauth2/jwk2").build()
             }
         }
     }
 }
}
```

### Actual Behavior

The JWT decoder uses the JWK Set URI `"https://example1.com/oauth2/jwk1"`.

### Expected Behavior

The JWT decoder should use the JWK Set URI `"https://example2.com/oauth2/jwk2"`.

**Note**: This is a contrived example since it does not make sense to set both `jwkSetUri` and `jwtDecoder` in the same configuration.
A realistic situation where this may occur is when inheriting from a parent configuration.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Resource Server jwkSetUri takes precedence over jwtDecoder in Kotlin DSL #7877

Summary

Actual Behavior

Expected Behavior

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Resource Server jwkSetUri takes precedence over jwtDecoder in Kotlin DSL #7877

Description

Summary

Actual Behavior

Expected Behavior

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions