UserInfoRetriever.retrieve accepts the type to convert

Fixes gh-4688
2025-03-09 06:50:05 +00:00 · 2017-10-24 15:11:18 -05:00 · 2017-10-24 15:11:18 -05:00 · 1bd826897f
commit 1bd826897f
parent 4dbbcabacf
5 changed files with 8 additions and 22 deletions
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/CustomUserTypesOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/CustomUserTypesOAuth2UserService.java
@ -60,21 +60,7 @@ public class CustomUserTypesOAuth2UserService implements OAuth2UserService {
 			return null;
 		}

-		OAuth2User customUser;
-		try {
-			customUser = customUserType.newInstance();
-		} catch (ReflectiveOperationException ex) {
-			throw new IllegalArgumentException("An error occurred while attempting to instantiate the custom OAuth2User \"" +
-				customUserType.getName() + "\": " + ex.getMessage(), ex);
-		}
-
-		Map<String, Object> userAttributes = this.userInfoRetriever.retrieve(clientAuthentication);
-
-		BeanWrapper wrapper = PropertyAccessorFactory.forBeanPropertyAccess(customUser);
-		wrapper.setAutoGrowNestedPaths(true);
-		wrapper.setPropertyValues(userAttributes);
-
-		return customUser;
+		return this.userInfoRetriever.retrieve(clientAuthentication, customUserType);
 	}

 	public final void setUserInfoRetriever(UserInfoRetriever userInfoRetriever) {
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/DefaultOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/DefaultOAuth2UserService.java
@ -60,7 +60,7 @@ public class DefaultOAuth2UserService implements OAuth2UserService {
 					clientAuthentication.getClientRegistration().getRegistrationId());
 		}

-		Map<String, Object> userAttributes = this.userInfoRetriever.retrieve(clientAuthentication);
+		Map<String, Object> userAttributes = this.userInfoRetriever.retrieve(clientAuthentication, Map.class);
 		GrantedAuthority authority = new OAuth2UserAuthority(userAttributes);
 		Set<GrantedAuthority> authorities = new HashSet<>();
 		authorities.add(authority);
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/NimbusUserInfoRetriever.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/NimbusUserInfoRetriever.java
@ -52,7 +52,7 @@ public class NimbusUserInfoRetriever implements UserInfoRetriever {
 	private final HttpMessageConverter jackson2HttpMessageConverter = new MappingJackson2HttpMessageConverter();

 	@Override
-	public Map<String, Object> retrieve(OAuth2ClientAuthenticationToken clientAuthentication) throws OAuth2AuthenticationException {
+	public <T> T retrieve(OAuth2ClientAuthenticationToken clientAuthentication, Class<T> returnType) throws OAuth2AuthenticationException {
 		URI userInfoUri = URI.create(clientAuthentication.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri());
 		BearerAccessToken accessToken = new BearerAccessToken(clientAuthentication.getAccessToken().getTokenValue());

@ -98,7 +98,7 @@ public class NimbusUserInfoRetriever implements UserInfoRetriever {
 		}

 		try {
-			return (Map<String, Object>) this.jackson2HttpMessageConverter.read(Map.class, new NimbusClientHttpResponse(httpResponse));
+			return (T) this.jackson2HttpMessageConverter.read(returnType, new NimbusClientHttpResponse(httpResponse));
 		} catch (IOException ex) {
 			OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE,
 				"An error occurred reading the UserInfo Success response: " + ex.getMessage(), null);
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/UserInfoRetriever.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/UserInfoRetriever.java
@ -15,23 +15,23 @@
 */
 package org.springframework.security.oauth2.client.authentication.userinfo;

+import org.springframework.core.ParameterizedTypeReference;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.client.authentication.OAuth2ClientAuthenticationToken;

-import java.util.Map;
-
 /**
 * A strategy for retrieving the user attributes
 * of the <i>End-User</i> (resource owner) from the <i>UserInfo Endpoint</i>
 * using the provided {@link OAuth2ClientAuthenticationToken#getAccessToken()}.
 *
 * @author Joe Grandja
+ * @author Rob Winch
 * @since 5.0
 * @see OAuth2ClientAuthenticationToken
 * @see OAuth2UserService
 */
 public interface UserInfoRetriever {

-	Map<String, Object> retrieve(OAuth2ClientAuthenticationToken clientAuthentication) throws OAuth2AuthenticationException;
+	<T> T retrieve(OAuth2ClientAuthenticationToken clientAuthentication, Class<T> responseType) throws OAuth2AuthenticationException;

 }
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/oidc/client/authentication/userinfo/OidcUserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/oidc/client/authentication/userinfo/OidcUserService.java
@ -64,7 +64,7 @@ public class OidcUserService implements OAuth2UserService {

 		UserInfo userInfo = null;
 		if (this.shouldRetrieveUserInfo(oidcClientAuthentication)) {
-			Map<String, Object> userAttributes = this.userInfoRetriever.retrieve(oidcClientAuthentication);
+			Map<String, Object> userAttributes = this.userInfoRetriever.retrieve(oidcClientAuthentication, Map.class);
 			userInfo = new UserInfo(userAttributes);

 			// http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse