spring-security/samples/boot/oauth2login/src/main/java/sample/web/MainController.java

/*
 * Copyright 2012-2017 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package sample.web;

import org.springframework.http.HttpHeaders;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.oauth2.client.authentication.userinfo.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.reactive.function.client.ClientRequest;
import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;

import java.util.Collections;
import java.util.Map;

/**
 * @author Joe Grandja
 */
@Controller
public class MainController {

	@RequestMapping("/")
	public String index(Model model, @AuthenticationPrincipal OAuth2User user, OAuth2AuthenticationToken authentication) {
		model.addAttribute("userName", user.getName());
		model.addAttribute("clientName", authentication.getAuthorizedClient().getClientRegistration().getClientName());
		return "index";
	}

	@RequestMapping("/userinfo")
	public String userinfo(Model model, OAuth2AuthenticationToken authentication) {
		Map userAttributes = Collections.emptyMap();
		String userInfoEndpointUri = authentication.getAuthorizedClient().getClientRegistration()
			.getProviderDetails().getUserInfoEndpoint().getUri();
		if (!StringUtils.isEmpty(userInfoEndpointUri)) {	// userInfoEndpointUri is optional for OIDC Clients
			userAttributes = WebClient.builder()
				.filter(oauth2Credentials(authentication))
				.build()
				.get()
				.uri(userInfoEndpointUri)
				.retrieve()
				.bodyToMono(Map.class)
				.block();
		}
		model.addAttribute("userAttributes", userAttributes);
		return "userinfo";
	}

	private ExchangeFilterFunction oauth2Credentials(OAuth2AuthenticationToken authentication) {
		return ExchangeFilterFunction.ofRequestProcessor(
			clientRequest -> {
				ClientRequest authorizedRequest = ClientRequest.from(clientRequest)
					.header(HttpHeaders.AUTHORIZATION, "Bearer " + authentication.getAuthorizedClient().getAccessToken().getTokenValue())
					.build();
				return Mono.just(authorizedRequest);
			});
	}
}
Add support for OAuth 2.0 Login Fixes gh-3907 2017-03-20 16:18:08 -04:00			`/*`
			`* Copyright 2012-2017 the original author or authors.`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`
Update oauth2login README with GitHub/Facebook/Okta * Add instructions to the oauth2login sample README for setting up OAuth 2.0 Login for GitHub, Facebook, and Okta * Change base package for oauth2login sample Fixes gh-4287, Fixes gh-4288, Fixes gh-4289 2017-05-01 12:01:41 -04:00			`package sample.web;`
Add support for OAuth 2.0 Login Fixes gh-3907 2017-03-20 16:18:08 -04:00
Implement protected resource call flow in oauth2login sample Fixes gh-4362 2017-06-01 11:46:22 -04:00			`import org.springframework.http.HttpHeaders;`
Add support for OAuth 2.0 Login Fixes gh-3907 2017-03-20 16:18:08 -04:00			`import org.springframework.security.core.annotation.AuthenticationPrincipal;`
Refactor OAuth2 AuthenticationProvider's Fixes gh-4689 2017-10-24 15:11:35 -04:00			`import org.springframework.security.oauth2.client.authentication.userinfo.OAuth2AuthenticationToken;`
Add support for OAuth 2.0 Login Fixes gh-3907 2017-03-20 16:18:08 -04:00			`import org.springframework.security.oauth2.core.user.OAuth2User;`
			`import org.springframework.stereotype.Controller;`
			`import org.springframework.ui.Model;`
Retrieving the UserInfo is conditional Fixes gh-4451 2017-09-29 10:51:02 -04:00			`import org.springframework.util.StringUtils;`
Add support for OAuth 2.0 Login Fixes gh-3907 2017-03-20 16:18:08 -04:00			`import org.springframework.web.bind.annotation.RequestMapping;`
Implement protected resource call flow in oauth2login sample Fixes gh-4362 2017-06-01 11:46:22 -04:00			`import org.springframework.web.reactive.function.client.ClientRequest;`
			`import org.springframework.web.reactive.function.client.ExchangeFilterFunction;`
			`import org.springframework.web.reactive.function.client.WebClient;`
			`import reactor.core.publisher.Mono;`

Retrieving the UserInfo is conditional Fixes gh-4451 2017-09-29 10:51:02 -04:00			`import java.util.Collections;`
Implement protected resource call flow in oauth2login sample Fixes gh-4362 2017-06-01 11:46:22 -04:00			`import java.util.Map;`
Add support for OAuth 2.0 Login Fixes gh-3907 2017-03-20 16:18:08 -04:00
			`/**`
			`* @author Joe Grandja`
			`*/`
			`@Controller`
			`public class MainController {`

			`@RequestMapping("/")`
Refactor OAuth2 AuthenticationProvider's Fixes gh-4689 2017-10-24 15:11:35 -04:00			`public String index(Model model, @AuthenticationPrincipal OAuth2User user, OAuth2AuthenticationToken authentication) {`
Add support for OAuth 2.0 Login Fixes gh-3907 2017-03-20 16:18:08 -04:00			`model.addAttribute("userName", user.getName());`
Rename OAuth2/OIDC ClientAuthenticationToken -> AuthorizedClient Fixes gh-4695 2017-10-25 12:20:31 -04:00			`model.addAttribute("clientName", authentication.getAuthorizedClient().getClientRegistration().getClientName());`
Add support for OAuth 2.0 Login Fixes gh-3907 2017-03-20 16:18:08 -04:00			`return "index";`
			`}`
Implement protected resource call flow in oauth2login sample Fixes gh-4362 2017-06-01 11:46:22 -04:00
			`@RequestMapping("/userinfo")`
Refactor OAuth2 AuthenticationProvider's Fixes gh-4689 2017-10-24 15:11:35 -04:00			`public String userinfo(Model model, OAuth2AuthenticationToken authentication) {`
Retrieving the UserInfo is conditional Fixes gh-4451 2017-09-29 10:51:02 -04:00			`Map userAttributes = Collections.emptyMap();`
Rename OAuth2/OIDC ClientAuthenticationToken -> AuthorizedClient Fixes gh-4695 2017-10-25 12:20:31 -04:00			`String userInfoEndpointUri = authentication.getAuthorizedClient().getClientRegistration()`
Retrieving the UserInfo is conditional Fixes gh-4451 2017-09-29 10:51:02 -04:00			`.getProviderDetails().getUserInfoEndpoint().getUri();`
			`if (!StringUtils.isEmpty(userInfoEndpointUri)) { // userInfoEndpointUri is optional for OIDC Clients`
Fix bug in oauth2Login sample 2017-10-10 14:40:11 -04:00			`userAttributes = WebClient.builder()`
Retrieving the UserInfo is conditional Fixes gh-4451 2017-09-29 10:51:02 -04:00			`.filter(oauth2Credentials(authentication))`
Update to Boot 2.0.0.M4 Issue: gh-4608 2017-10-09 08:17:21 -05:00			`.build()`
Retrieving the UserInfo is conditional Fixes gh-4451 2017-09-29 10:51:02 -04:00			`.get()`
			`.uri(userInfoEndpointUri)`
			`.retrieve()`
			`.bodyToMono(Map.class)`
			`.block();`
			`}`
Implement protected resource call flow in oauth2login sample Fixes gh-4362 2017-06-01 11:46:22 -04:00			`model.addAttribute("userAttributes", userAttributes);`
			`return "userinfo";`
			`}`

Refactor OAuth2 AuthenticationProvider's Fixes gh-4689 2017-10-24 15:11:35 -04:00			`private ExchangeFilterFunction oauth2Credentials(OAuth2AuthenticationToken authentication) {`
Implement protected resource call flow in oauth2login sample Fixes gh-4362 2017-06-01 11:46:22 -04:00			`return ExchangeFilterFunction.ofRequestProcessor(`
			`clientRequest -> {`
			`ClientRequest authorizedRequest = ClientRequest.from(clientRequest)`
Rename OAuth2/OIDC ClientAuthenticationToken -> AuthorizedClient Fixes gh-4695 2017-10-25 12:20:31 -04:00			`.header(HttpHeaders.AUTHORIZATION, "Bearer " + authentication.getAuthorizedClient().getAccessToken().getTokenValue())`
Implement protected resource call flow in oauth2login sample Fixes gh-4362 2017-06-01 11:46:22 -04:00			`.build();`
			`return Mono.just(authorizedRequest);`
			`});`
			`}`
Add support for OAuth 2.0 Login Fixes gh-3907 2017-03-20 16:18:08 -04:00			`}`