diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/CustomUserTypesOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/CustomUserTypesOAuth2UserService.java index 78994d2f91..4acf97bc1a 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/CustomUserTypesOAuth2UserService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/CustomUserTypesOAuth2UserService.java @@ -60,21 +60,7 @@ public class CustomUserTypesOAuth2UserService implements OAuth2UserService { return null; } - OAuth2User customUser; - try { - customUser = customUserType.newInstance(); - } catch (ReflectiveOperationException ex) { - throw new IllegalArgumentException("An error occurred while attempting to instantiate the custom OAuth2User \"" + - customUserType.getName() + "\": " + ex.getMessage(), ex); - } - - Map userAttributes = this.userInfoRetriever.retrieve(clientAuthentication); - - BeanWrapper wrapper = PropertyAccessorFactory.forBeanPropertyAccess(customUser); - wrapper.setAutoGrowNestedPaths(true); - wrapper.setPropertyValues(userAttributes); - - return customUser; + return this.userInfoRetriever.retrieve(clientAuthentication, customUserType); } public final void setUserInfoRetriever(UserInfoRetriever userInfoRetriever) { diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/DefaultOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/DefaultOAuth2UserService.java index 26457ebdbf..5b25eb7b43 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/DefaultOAuth2UserService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/DefaultOAuth2UserService.java @@ -60,7 +60,7 @@ public class DefaultOAuth2UserService implements OAuth2UserService { clientAuthentication.getClientRegistration().getRegistrationId()); } - Map userAttributes = this.userInfoRetriever.retrieve(clientAuthentication); + Map userAttributes = this.userInfoRetriever.retrieve(clientAuthentication, Map.class); GrantedAuthority authority = new OAuth2UserAuthority(userAttributes); Set authorities = new HashSet<>(); authorities.add(authority); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/NimbusUserInfoRetriever.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/NimbusUserInfoRetriever.java index b8f4d41445..0a1ec337cf 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/NimbusUserInfoRetriever.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/NimbusUserInfoRetriever.java @@ -52,7 +52,7 @@ public class NimbusUserInfoRetriever implements UserInfoRetriever { private final HttpMessageConverter jackson2HttpMessageConverter = new MappingJackson2HttpMessageConverter(); @Override - public Map retrieve(OAuth2ClientAuthenticationToken clientAuthentication) throws OAuth2AuthenticationException { + public T retrieve(OAuth2ClientAuthenticationToken clientAuthentication, Class returnType) throws OAuth2AuthenticationException { URI userInfoUri = URI.create(clientAuthentication.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri()); BearerAccessToken accessToken = new BearerAccessToken(clientAuthentication.getAccessToken().getTokenValue()); @@ -98,7 +98,7 @@ public class NimbusUserInfoRetriever implements UserInfoRetriever { } try { - return (Map) this.jackson2HttpMessageConverter.read(Map.class, new NimbusClientHttpResponse(httpResponse)); + return (T) this.jackson2HttpMessageConverter.read(returnType, new NimbusClientHttpResponse(httpResponse)); } catch (IOException ex) { OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, "An error occurred reading the UserInfo Success response: " + ex.getMessage(), null); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/UserInfoRetriever.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/UserInfoRetriever.java index 045ee79113..cdfecaf452 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/UserInfoRetriever.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/UserInfoRetriever.java @@ -15,23 +15,23 @@ */ package org.springframework.security.oauth2.client.authentication.userinfo; +import org.springframework.core.ParameterizedTypeReference; import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException; import org.springframework.security.oauth2.client.authentication.OAuth2ClientAuthenticationToken; -import java.util.Map; - /** * A strategy for retrieving the user attributes * of the End-User (resource owner) from the UserInfo Endpoint * using the provided {@link OAuth2ClientAuthenticationToken#getAccessToken()}. * * @author Joe Grandja + * @author Rob Winch * @since 5.0 * @see OAuth2ClientAuthenticationToken * @see OAuth2UserService */ public interface UserInfoRetriever { - Map retrieve(OAuth2ClientAuthenticationToken clientAuthentication) throws OAuth2AuthenticationException; + T retrieve(OAuth2ClientAuthenticationToken clientAuthentication, Class responseType) throws OAuth2AuthenticationException; } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/oidc/client/authentication/userinfo/OidcUserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/oidc/client/authentication/userinfo/OidcUserService.java index 3400b5a61d..b054e92da7 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/oidc/client/authentication/userinfo/OidcUserService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/oidc/client/authentication/userinfo/OidcUserService.java @@ -64,7 +64,7 @@ public class OidcUserService implements OAuth2UserService { UserInfo userInfo = null; if (this.shouldRetrieveUserInfo(oidcClientAuthentication)) { - Map userAttributes = this.userInfoRetriever.retrieve(oidcClientAuthentication); + Map userAttributes = this.userInfoRetriever.retrieve(oidcClientAuthentication, Map.class); userInfo = new UserInfo(userAttributes); // http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse