From 38be35677d61f0224cc9ae0b6f70179a38fa2b0f Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Tue, 26 Sep 2017 21:55:19 -0400 Subject: [PATCH] Add userNameAttributeName to ClientRegistration Fixes gh-4580 --- ...ionCodeAuthenticationFilterConfigurer.java | 17 ++++++- .../registration/ClientRegistration.java | 47 ++++++++++++++++--- .../ClientRegistrationProperties.java | 9 ++++ .../CustomUserTypesOAuth2UserService.java | 2 +- .../client/user/DefaultOAuth2UserService.java | 2 +- .../user/nimbus/NimbusUserInfoRetriever.java | 2 +- .../client/OAuth2LoginAutoConfiguration.java | 32 ------------- .../main/java/sample/web/MainController.java | 2 +- 8 files changed, 69 insertions(+), 44 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java index 4299c86b96..a24973bf33 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java @@ -135,6 +135,7 @@ final class AuthorizationCodeAuthenticationFilterConfigurer { + if (StringUtils.hasText(registration.getProviderDetails().getUserInfoEndpoint().getUri()) && + StringUtils.hasText(registration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName())) { + + URI userInfoUri = URI.create(registration.getProviderDetails().getUserInfoEndpoint().getUri()); + if (!this.userNameAttributeNames.containsKey(userInfoUri)) { + this.userNameAttributeNames.put( + userInfoUri, registration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName()); + } + } + }); + } + private AuthorizationGrantTokenExchanger getAuthorizationCodeTokenExchanger() { if (this.authorizationCodeTokenExchanger == null) { this.authorizationCodeTokenExchanger = new NimbusAuthorizationCodeTokenExchanger(); @@ -192,7 +207,7 @@ final class AuthorizationCodeAuthenticationFilterConfigurer customUserType; if ((customUserType = this.getCustomUserTypes().get(userInfoUri)) == null) { return null; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/DefaultOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/DefaultOAuth2UserService.java index d1502356f8..f760928460 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/DefaultOAuth2UserService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/DefaultOAuth2UserService.java @@ -66,7 +66,7 @@ public class DefaultOAuth2UserService implements OAuth2UserService { return null; } - URI userInfoUri = URI.create(clientAuthentication.getClientRegistration().getProviderDetails().getUserInfoUri()); + URI userInfoUri = URI.create(clientAuthentication.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri()); if (!this.getUserNameAttributeNames().containsKey(userInfoUri)) { throw new IllegalArgumentException( "Missing required \"user name\" attribute name for UserInfo Endpoint: " + userInfoUri.toString()); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/nimbus/NimbusUserInfoRetriever.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/nimbus/NimbusUserInfoRetriever.java index 72387571f1..ebc55423d3 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/nimbus/NimbusUserInfoRetriever.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/nimbus/NimbusUserInfoRetriever.java @@ -48,7 +48,7 @@ public class NimbusUserInfoRetriever implements UserInfoRetriever { @Override public Map retrieve(OAuth2ClientAuthenticationToken clientAuthentication) throws OAuth2AuthenticationException { - URI userInfoUri = URI.create(clientAuthentication.getClientRegistration().getProviderDetails().getUserInfoUri()); + URI userInfoUri = URI.create(clientAuthentication.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri()); BearerAccessToken accessToken = new BearerAccessToken(clientAuthentication.getAccessToken().getTokenValue()); UserInfoRequest userInfoRequest = new UserInfoRequest(userInfoUri, accessToken); diff --git a/samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2LoginAutoConfiguration.java b/samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2LoginAutoConfiguration.java index c933de3c86..02d75cdc7e 100644 --- a/samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2LoginAutoConfiguration.java +++ b/samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2LoginAutoConfiguration.java @@ -23,19 +23,12 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication; import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration; import org.springframework.context.annotation.Configuration; -import org.springframework.core.env.Environment; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; -import java.net.URI; -import java.util.Set; - -import static org.springframework.boot.autoconfigure.security.oauth2.client.ClientRegistrationAutoConfiguration.*; - /** * @author Joe Grandja */ @@ -47,44 +40,19 @@ import static org.springframework.boot.autoconfigure.security.oauth2.client.Clie @AutoConfigureBefore(SecurityAutoConfiguration.class) @AutoConfigureAfter(ClientRegistrationAutoConfiguration.class) public class OAuth2LoginAutoConfiguration { - private static final String USER_INFO_URI_PROPERTY = "user-info-uri"; - private static final String USER_NAME_ATTR_NAME_PROPERTY = "user-name-attribute-name"; @EnableWebSecurity protected static class OAuth2LoginSecurityConfiguration extends WebSecurityConfigurerAdapter { - private final Environment environment; - - protected OAuth2LoginSecurityConfiguration(Environment environment) { - this.environment = environment; - } // @formatter:off @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() - .antMatchers("/favicon.ico").permitAll() .anyRequest().authenticated() .and() .oauth2Login(); - - this.registerUserNameAttributeNames(http.oauth2Login()); } // @formatter:on - - private void registerUserNameAttributeNames(OAuth2LoginConfigurer oauth2LoginConfigurer) throws Exception { - Set clientPropertyKeys = resolveClientPropertyKeys(this.environment); - for (String clientPropertyKey : clientPropertyKeys) { - String fullClientPropertyKey = CLIENT_PROPERTY_PREFIX + "." + clientPropertyKey; - if (!this.environment.containsProperty(fullClientPropertyKey + "." + CLIENT_ID_PROPERTY)) { - continue; - } - String userInfoUriValue = this.environment.getProperty(fullClientPropertyKey + "." + USER_INFO_URI_PROPERTY); - String userNameAttributeNameValue = this.environment.getProperty(fullClientPropertyKey + "." + USER_NAME_ATTR_NAME_PROPERTY); - if (userInfoUriValue != null && userNameAttributeNameValue != null) { - oauth2LoginConfigurer.userInfoEndpoint().userNameAttributeName(userNameAttributeNameValue, URI.create(userInfoUriValue)); - } - } - } } } diff --git a/samples/boot/oauth2login/src/main/java/sample/web/MainController.java b/samples/boot/oauth2login/src/main/java/sample/web/MainController.java index 79c8faac81..7495c1f6ce 100644 --- a/samples/boot/oauth2login/src/main/java/sample/web/MainController.java +++ b/samples/boot/oauth2login/src/main/java/sample/web/MainController.java @@ -49,7 +49,7 @@ public class MainController { Map userAttributes = this.webClient .filter(oauth2Credentials(authentication)) .get() - .uri(authentication.getClientAuthentication().getClientRegistration().getProviderDetails().getUserInfoUri()) + .uri(authentication.getClientAuthentication().getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri()) .retrieve() .bodyToMono(Map.class) .block();