parent
3d319f7592
commit
67bac28481
|
@ -20,16 +20,15 @@ import org.springframework.core.ResolvableType;
|
||||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||||
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
|
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
|
||||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
|
||||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken;
|
|
||||||
import org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger;
|
import org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger;
|
||||||
import org.springframework.security.oauth2.client.authentication.NimbusAuthorizationCodeTokenExchanger;
|
import org.springframework.security.oauth2.client.authentication.NimbusAuthorizationCodeTokenExchanger;
|
||||||
|
import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken;
|
||||||
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider;
|
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider;
|
||||||
import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder;
|
import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder;
|
||||||
import org.springframework.security.oauth2.client.jwt.JwtDecoderRegistry;
|
import org.springframework.security.oauth2.client.jwt.JwtDecoderRegistry;
|
||||||
import org.springframework.security.oauth2.client.jwt.NimbusJwtDecoderRegistry;
|
import org.springframework.security.oauth2.client.jwt.NimbusJwtDecoderRegistry;
|
||||||
import org.springframework.security.oauth2.client.oidc.OidcAuthorizedClient;
|
|
||||||
import org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider;
|
import org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider;
|
||||||
|
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
|
||||||
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
|
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
|
||||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||||
|
@ -38,9 +37,10 @@ import org.springframework.security.oauth2.client.token.OAuth2TokenRepository;
|
||||||
import org.springframework.security.oauth2.client.userinfo.CustomUserTypesOAuth2UserService;
|
import org.springframework.security.oauth2.client.userinfo.CustomUserTypesOAuth2UserService;
|
||||||
import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
|
import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
|
||||||
import org.springframework.security.oauth2.client.userinfo.DelegatingOAuth2UserService;
|
import org.springframework.security.oauth2.client.userinfo.DelegatingOAuth2UserService;
|
||||||
|
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
|
||||||
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
|
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
|
||||||
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
|
|
||||||
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
|
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
|
||||||
|
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
|
||||||
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
|
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
|
||||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||||
|
@ -192,14 +192,14 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
|
||||||
}
|
}
|
||||||
|
|
||||||
public class UserInfoEndpointConfig {
|
public class UserInfoEndpointConfig {
|
||||||
private OAuth2UserService<OAuth2AuthorizedClient, OAuth2User> userService;
|
private OAuth2UserService<OAuth2UserRequest, OAuth2User> userService;
|
||||||
private Map<String, Class<? extends OAuth2User>> customUserTypes = new HashMap<>();
|
private Map<String, Class<? extends OAuth2User>> customUserTypes = new HashMap<>();
|
||||||
private GrantedAuthoritiesMapper userAuthoritiesMapper;
|
private GrantedAuthoritiesMapper userAuthoritiesMapper;
|
||||||
|
|
||||||
private UserInfoEndpointConfig() {
|
private UserInfoEndpointConfig() {
|
||||||
}
|
}
|
||||||
|
|
||||||
public UserInfoEndpointConfig userService(OAuth2UserService<OAuth2AuthorizedClient, OAuth2User> userService) {
|
public UserInfoEndpointConfig userService(OAuth2UserService<OAuth2UserRequest, OAuth2User> userService) {
|
||||||
Assert.notNull(userService, "userService cannot be null");
|
Assert.notNull(userService, "userService cannot be null");
|
||||||
this.userService = userService;
|
this.userService = userService;
|
||||||
return this;
|
return this;
|
||||||
|
@ -233,10 +233,10 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
|
||||||
authorizationCodeTokenExchanger = new NimbusAuthorizationCodeTokenExchanger();
|
authorizationCodeTokenExchanger = new NimbusAuthorizationCodeTokenExchanger();
|
||||||
}
|
}
|
||||||
|
|
||||||
OAuth2UserService<OAuth2AuthorizedClient, OAuth2User> oauth2UserService = this.userInfoEndpointConfig.userService;
|
OAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService = this.userInfoEndpointConfig.userService;
|
||||||
if (oauth2UserService == null) {
|
if (oauth2UserService == null) {
|
||||||
if (!this.userInfoEndpointConfig.customUserTypes.isEmpty()) {
|
if (!this.userInfoEndpointConfig.customUserTypes.isEmpty()) {
|
||||||
List<OAuth2UserService<OAuth2AuthorizedClient, OAuth2User>> userServices = new ArrayList<>();
|
List<OAuth2UserService<OAuth2UserRequest, OAuth2User>> userServices = new ArrayList<>();
|
||||||
userServices.add(new CustomUserTypesOAuth2UserService(this.userInfoEndpointConfig.customUserTypes));
|
userServices.add(new CustomUserTypesOAuth2UserService(this.userInfoEndpointConfig.customUserTypes));
|
||||||
userServices.add(new DefaultOAuth2UserService());
|
userServices.add(new DefaultOAuth2UserService());
|
||||||
oauth2UserService = new DelegatingOAuth2UserService<>(userServices);
|
oauth2UserService = new DelegatingOAuth2UserService<>(userServices);
|
||||||
|
@ -258,7 +258,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
|
||||||
}
|
}
|
||||||
http.authenticationProvider(this.postProcess(oauth2LoginAuthenticationProvider));
|
http.authenticationProvider(this.postProcess(oauth2LoginAuthenticationProvider));
|
||||||
|
|
||||||
OAuth2UserService<OidcAuthorizedClient, OidcUser> oidcUserService = new OidcUserService();
|
OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService = new OidcUserService();
|
||||||
OidcAuthorizationCodeAuthenticationProvider oidcAuthorizationCodeAuthenticationProvider =
|
OidcAuthorizationCodeAuthenticationProvider oidcAuthorizationCodeAuthenticationProvider =
|
||||||
new OidcAuthorizationCodeAuthenticationProvider(
|
new OidcAuthorizationCodeAuthenticationProvider(
|
||||||
authorizationCodeTokenExchanger, oidcUserService, jwtDecoderRegistry);
|
authorizationCodeTokenExchanger, oidcUserService, jwtDecoderRegistry);
|
||||||
|
|
|
@ -21,13 +21,14 @@ import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||||
|
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
|
||||||
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
|
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
|
||||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||||
|
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
|
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
|
||||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
|
||||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
|
|
||||||
|
@ -60,12 +61,12 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
|
||||||
private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
|
private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
|
||||||
private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter";
|
private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter";
|
||||||
private final AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger;
|
private final AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger;
|
||||||
private final OAuth2UserService<OAuth2AuthorizedClient, OAuth2User> userService;
|
private final OAuth2UserService<OAuth2UserRequest, OAuth2User> userService;
|
||||||
private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
|
private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
|
||||||
|
|
||||||
public OAuth2LoginAuthenticationProvider(
|
public OAuth2LoginAuthenticationProvider(
|
||||||
AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger,
|
AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger,
|
||||||
OAuth2UserService<OAuth2AuthorizedClient, OAuth2User> userService) {
|
OAuth2UserService<OAuth2UserRequest, OAuth2User> userService) {
|
||||||
|
|
||||||
Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null");
|
Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null");
|
||||||
Assert.notNull(userService, "userService cannot be null");
|
Assert.notNull(userService, "userService cannot be null");
|
||||||
|
@ -115,13 +116,10 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
|
||||||
accessTokenResponse.getTokenValue(), accessTokenResponse.getIssuedAt(),
|
accessTokenResponse.getTokenValue(), accessTokenResponse.getIssuedAt(),
|
||||||
accessTokenResponse.getExpiresAt(), accessTokenResponse.getScopes());
|
accessTokenResponse.getExpiresAt(), accessTokenResponse.getScopes());
|
||||||
|
|
||||||
|
OAuth2User oauth2User = this.userService.loadUser(
|
||||||
|
new OAuth2UserRequest(authorizationCodeAuthentication.getClientRegistration(), accessToken));
|
||||||
|
|
||||||
OAuth2AuthorizedClient oauth2AuthorizedClient = new OAuth2AuthorizedClient(
|
OAuth2AuthorizedClient oauth2AuthorizedClient = new OAuth2AuthorizedClient(
|
||||||
authorizationCodeAuthentication.getClientRegistration(), "unknown", accessToken);
|
|
||||||
|
|
||||||
OAuth2User oauth2User = this.userService.loadUser(oauth2AuthorizedClient);
|
|
||||||
|
|
||||||
// Update OAuth2AuthorizedClient now that we know the 'principalName'
|
|
||||||
oauth2AuthorizedClient = new OAuth2AuthorizedClient(
|
|
||||||
authorizationCodeAuthentication.getClientRegistration(), oauth2User.getName(), accessToken);
|
authorizationCodeAuthentication.getClientRegistration(), oauth2User.getName(), accessToken);
|
||||||
|
|
||||||
Collection<? extends GrantedAuthority> mappedAuthorities =
|
Collection<? extends GrantedAuthority> mappedAuthorities =
|
||||||
|
|
|
@ -20,20 +20,21 @@ import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken;
|
|
||||||
import org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger;
|
import org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger;
|
||||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
|
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
|
||||||
|
import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken;
|
||||||
import org.springframework.security.oauth2.client.jwt.JwtDecoderRegistry;
|
import org.springframework.security.oauth2.client.jwt.JwtDecoderRegistry;
|
||||||
import org.springframework.security.oauth2.client.oidc.OidcAuthorizedClient;
|
import org.springframework.security.oauth2.client.oidc.OidcAuthorizedClient;
|
||||||
|
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
|
||||||
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
|
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
|
||||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||||
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
|
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
|
||||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||||
|
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
|
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
|
||||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
|
||||||
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
|
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
|
||||||
import org.springframework.security.oauth2.core.oidc.OidcScopes;
|
import org.springframework.security.oauth2.core.oidc.OidcScopes;
|
||||||
import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
|
import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
|
||||||
|
@ -76,13 +77,13 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
|
||||||
private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter";
|
private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter";
|
||||||
private static final String INVALID_ID_TOKEN_ERROR_CODE = "invalid_id_token";
|
private static final String INVALID_ID_TOKEN_ERROR_CODE = "invalid_id_token";
|
||||||
private final AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger;
|
private final AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger;
|
||||||
private final OAuth2UserService<OidcAuthorizedClient, OidcUser> userService;
|
private final OAuth2UserService<OidcUserRequest, OidcUser> userService;
|
||||||
private final JwtDecoderRegistry jwtDecoderRegistry;
|
private final JwtDecoderRegistry jwtDecoderRegistry;
|
||||||
private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
|
private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
|
||||||
|
|
||||||
public OidcAuthorizationCodeAuthenticationProvider(
|
public OidcAuthorizationCodeAuthenticationProvider(
|
||||||
AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger,
|
AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger,
|
||||||
OAuth2UserService<OidcAuthorizedClient, OidcUser> userService,
|
OAuth2UserService<OidcUserRequest, OidcUser> userService,
|
||||||
JwtDecoderRegistry jwtDecoderRegistry) {
|
JwtDecoderRegistry jwtDecoderRegistry) {
|
||||||
|
|
||||||
Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null");
|
Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null");
|
||||||
|
@ -152,14 +153,10 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
|
||||||
|
|
||||||
this.validateIdToken(idToken, clientRegistration);
|
this.validateIdToken(idToken, clientRegistration);
|
||||||
|
|
||||||
|
OidcUser oidcUser = this.userService.loadUser(
|
||||||
|
new OidcUserRequest(clientRegistration, accessToken, idToken));
|
||||||
|
|
||||||
OidcAuthorizedClient oidcAuthorizedClient = new OidcAuthorizedClient(
|
OidcAuthorizedClient oidcAuthorizedClient = new OidcAuthorizedClient(
|
||||||
clientRegistration, idToken.getSubject(), accessToken, idToken);
|
|
||||||
|
|
||||||
OidcUser oidcUser = this.userService.loadUser(oidcAuthorizedClient);
|
|
||||||
|
|
||||||
// Update OidcAuthorizedClient as the 'principalName' may have changed
|
|
||||||
// (the default IdToken.subject) from the result of userService.loadUser()
|
|
||||||
oidcAuthorizedClient = new OidcAuthorizedClient(
|
|
||||||
clientRegistration, oidcUser.getName(), accessToken, idToken);
|
clientRegistration, oidcUser.getName(), accessToken, idToken);
|
||||||
|
|
||||||
Collection<? extends GrantedAuthority> mappedAuthorities =
|
Collection<? extends GrantedAuthority> mappedAuthorities =
|
||||||
|
|
|
@ -0,0 +1,49 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2002-2017 the original author or authors.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.springframework.security.oauth2.client.oidc.userinfo;
|
||||||
|
|
||||||
|
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||||
|
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
|
||||||
|
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||||
|
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
|
||||||
|
import org.springframework.util.Assert;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Represents a request the {@link OidcUserService} uses
|
||||||
|
* when initiating a HTTP request to the <i>UserInfo Endpoint</i>.
|
||||||
|
*
|
||||||
|
* @author Joe Grandja
|
||||||
|
* @since 5.0
|
||||||
|
* @see ClientRegistration
|
||||||
|
* @see OAuth2AccessToken
|
||||||
|
* @see OidcIdToken
|
||||||
|
* @see OidcUserService
|
||||||
|
*/
|
||||||
|
public class OidcUserRequest extends OAuth2UserRequest {
|
||||||
|
private final OidcIdToken idToken;
|
||||||
|
|
||||||
|
public OidcUserRequest(ClientRegistration clientRegistration,
|
||||||
|
OAuth2AccessToken accessToken, OidcIdToken idToken) {
|
||||||
|
|
||||||
|
super(clientRegistration, accessToken);
|
||||||
|
Assert.notNull(idToken, "idToken cannot be null");
|
||||||
|
this.idToken = idToken;
|
||||||
|
}
|
||||||
|
|
||||||
|
public OidcIdToken getIdToken() {
|
||||||
|
return this.idToken;
|
||||||
|
}
|
||||||
|
}
|
|
@ -16,7 +16,6 @@
|
||||||
package org.springframework.security.oauth2.client.oidc.userinfo;
|
package org.springframework.security.oauth2.client.oidc.userinfo;
|
||||||
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.oauth2.client.oidc.OidcAuthorizedClient;
|
|
||||||
import org.springframework.security.oauth2.client.userinfo.NimbusUserInfoRetriever;
|
import org.springframework.security.oauth2.client.userinfo.NimbusUserInfoRetriever;
|
||||||
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
|
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
|
||||||
import org.springframework.security.oauth2.client.userinfo.UserInfoRetriever;
|
import org.springframework.security.oauth2.client.userinfo.UserInfoRetriever;
|
||||||
|
@ -46,23 +45,23 @@ import java.util.Set;
|
||||||
* @author Joe Grandja
|
* @author Joe Grandja
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
* @see OAuth2UserService
|
* @see OAuth2UserService
|
||||||
* @see OidcAuthorizedClient
|
* @see OidcUserRequest
|
||||||
* @see OidcUser
|
* @see OidcUser
|
||||||
* @see DefaultOidcUser
|
* @see DefaultOidcUser
|
||||||
* @see OidcUserInfo
|
* @see OidcUserInfo
|
||||||
* @see UserInfoRetriever
|
* @see UserInfoRetriever
|
||||||
*/
|
*/
|
||||||
public class OidcUserService implements OAuth2UserService<OidcAuthorizedClient, OidcUser> {
|
public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcUser> {
|
||||||
private static final String INVALID_USER_INFO_RESPONSE_ERROR_CODE = "invalid_user_info_response";
|
private static final String INVALID_USER_INFO_RESPONSE_ERROR_CODE = "invalid_user_info_response";
|
||||||
private UserInfoRetriever userInfoRetriever = new NimbusUserInfoRetriever();
|
private UserInfoRetriever userInfoRetriever = new NimbusUserInfoRetriever();
|
||||||
private final Set<String> userInfoScopes = new HashSet<>(
|
private final Set<String> userInfoScopes = new HashSet<>(
|
||||||
Arrays.asList(OidcScopes.PROFILE, OidcScopes.EMAIL, OidcScopes.ADDRESS, OidcScopes.PHONE));
|
Arrays.asList(OidcScopes.PROFILE, OidcScopes.EMAIL, OidcScopes.ADDRESS, OidcScopes.PHONE));
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public OidcUser loadUser(OidcAuthorizedClient authorizedClient) throws OAuth2AuthenticationException {
|
public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
|
||||||
OidcUserInfo userInfo = null;
|
OidcUserInfo userInfo = null;
|
||||||
if (this.shouldRetrieveUserInfo(authorizedClient)) {
|
if (this.shouldRetrieveUserInfo(userRequest)) {
|
||||||
Map<String, Object> userAttributes = this.userInfoRetriever.retrieve(authorizedClient, Map.class);
|
Map<String, Object> userAttributes = this.userInfoRetriever.retrieve(userRequest, Map.class);
|
||||||
userInfo = new OidcUserInfo(userAttributes);
|
userInfo = new OidcUserInfo(userAttributes);
|
||||||
|
|
||||||
// http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
|
// http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
|
||||||
|
@ -72,17 +71,17 @@ public class OidcUserService implements OAuth2UserService<OidcAuthorizedClient,
|
||||||
// The sub Claim in the UserInfo Response MUST be verified to exactly match
|
// The sub Claim in the UserInfo Response MUST be verified to exactly match
|
||||||
// the sub Claim in the ID Token; if they do not match,
|
// the sub Claim in the ID Token; if they do not match,
|
||||||
// the UserInfo Response values MUST NOT be used.
|
// the UserInfo Response values MUST NOT be used.
|
||||||
if (!userInfo.getSubject().equals(authorizedClient.getIdToken().getSubject())) {
|
if (!userInfo.getSubject().equals(userRequest.getIdToken().getSubject())) {
|
||||||
OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE);
|
OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE);
|
||||||
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
|
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
GrantedAuthority authority = new OidcUserAuthority(authorizedClient.getIdToken(), userInfo);
|
GrantedAuthority authority = new OidcUserAuthority(userRequest.getIdToken(), userInfo);
|
||||||
Set<GrantedAuthority> authorities = new HashSet<>();
|
Set<GrantedAuthority> authorities = new HashSet<>();
|
||||||
authorities.add(authority);
|
authorities.add(authority);
|
||||||
|
|
||||||
return new DefaultOidcUser(authorities, authorizedClient.getIdToken(), userInfo);
|
return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo);
|
||||||
}
|
}
|
||||||
|
|
||||||
public final void setUserInfoRetriever(UserInfoRetriever userInfoRetriever) {
|
public final void setUserInfoRetriever(UserInfoRetriever userInfoRetriever) {
|
||||||
|
@ -90,9 +89,9 @@ public class OidcUserService implements OAuth2UserService<OidcAuthorizedClient,
|
||||||
this.userInfoRetriever = userInfoRetriever;
|
this.userInfoRetriever = userInfoRetriever;
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean shouldRetrieveUserInfo(OidcAuthorizedClient authorizedClient) {
|
private boolean shouldRetrieveUserInfo(OidcUserRequest userRequest) {
|
||||||
// Auto-disabled if UserInfo Endpoint URI is not provided
|
// Auto-disabled if UserInfo Endpoint URI is not provided
|
||||||
if (StringUtils.isEmpty(authorizedClient.getClientRegistration().getProviderDetails()
|
if (StringUtils.isEmpty(userRequest.getClientRegistration().getProviderDetails()
|
||||||
.getUserInfoEndpoint().getUri())) {
|
.getUserInfoEndpoint().getUri())) {
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
|
@ -105,10 +104,10 @@ public class OidcUserService implements OAuth2UserService<OidcAuthorizedClient,
|
||||||
// the resulting Claims are returned in the ID Token.
|
// the resulting Claims are returned in the ID Token.
|
||||||
// The Authorization Code Grant Flow, which is response_type=code, results in an Access Token being issued.
|
// The Authorization Code Grant Flow, which is response_type=code, results in an Access Token being issued.
|
||||||
if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(
|
if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(
|
||||||
authorizedClient.getClientRegistration().getAuthorizationGrantType())) {
|
userRequest.getClientRegistration().getAuthorizationGrantType())) {
|
||||||
|
|
||||||
// Return true if there is at least one match between the authorized scope(s) and UserInfo scope(s)
|
// Return true if there is at least one match between the authorized scope(s) and UserInfo scope(s)
|
||||||
return authorizedClient.getAccessToken().getScopes().stream().anyMatch(userInfoScopes::contains);
|
return userRequest.getAccessToken().getScopes().stream().anyMatch(userInfoScopes::contains);
|
||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
|
|
|
@ -15,7 +15,6 @@
|
||||||
*/
|
*/
|
||||||
package org.springframework.security.oauth2.client.userinfo;
|
package org.springframework.security.oauth2.client.userinfo;
|
||||||
|
|
||||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
|
||||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
|
@ -37,11 +36,11 @@ import java.util.Map;
|
||||||
* @author Joe Grandja
|
* @author Joe Grandja
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
* @see OAuth2UserService
|
* @see OAuth2UserService
|
||||||
* @see OAuth2AuthorizedClient
|
* @see OAuth2UserRequest
|
||||||
* @see OAuth2User
|
* @see OAuth2User
|
||||||
* @see UserInfoRetriever
|
* @see UserInfoRetriever
|
||||||
*/
|
*/
|
||||||
public class CustomUserTypesOAuth2UserService implements OAuth2UserService<OAuth2AuthorizedClient, OAuth2User> {
|
public class CustomUserTypesOAuth2UserService implements OAuth2UserService<OAuth2UserRequest, OAuth2User> {
|
||||||
private final Map<String, Class<? extends OAuth2User>> customUserTypes;
|
private final Map<String, Class<? extends OAuth2User>> customUserTypes;
|
||||||
private UserInfoRetriever userInfoRetriever = new NimbusUserInfoRetriever();
|
private UserInfoRetriever userInfoRetriever = new NimbusUserInfoRetriever();
|
||||||
|
|
||||||
|
@ -51,14 +50,14 @@ public class CustomUserTypesOAuth2UserService implements OAuth2UserService<OAuth
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public OAuth2User loadUser(OAuth2AuthorizedClient authorizedClient) throws OAuth2AuthenticationException {
|
public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
|
||||||
String userInfoUri = authorizedClient.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri();
|
String userInfoUri = userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri();
|
||||||
Class<? extends OAuth2User> customUserType;
|
Class<? extends OAuth2User> customUserType;
|
||||||
if ((customUserType = this.customUserTypes.get(userInfoUri)) == null) {
|
if ((customUserType = this.customUserTypes.get(userInfoUri)) == null) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
return this.userInfoRetriever.retrieve(authorizedClient, customUserType);
|
return this.userInfoRetriever.retrieve(userRequest, customUserType);
|
||||||
}
|
}
|
||||||
|
|
||||||
public final void setUserInfoRetriever(UserInfoRetriever userInfoRetriever) {
|
public final void setUserInfoRetriever(UserInfoRetriever userInfoRetriever) {
|
||||||
|
|
|
@ -16,7 +16,6 @@
|
||||||
package org.springframework.security.oauth2.client.userinfo;
|
package org.springframework.security.oauth2.client.userinfo;
|
||||||
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
|
||||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||||
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
|
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
|
||||||
|
@ -45,24 +44,24 @@ import java.util.Set;
|
||||||
* @author Joe Grandja
|
* @author Joe Grandja
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
* @see OAuth2UserService
|
* @see OAuth2UserService
|
||||||
* @see OAuth2AuthorizedClient
|
* @see OAuth2UserRequest
|
||||||
* @see OAuth2User
|
* @see OAuth2User
|
||||||
* @see DefaultOAuth2User
|
* @see DefaultOAuth2User
|
||||||
* @see UserInfoRetriever
|
* @see UserInfoRetriever
|
||||||
*/
|
*/
|
||||||
public class DefaultOAuth2UserService implements OAuth2UserService<OAuth2AuthorizedClient, OAuth2User> {
|
public class DefaultOAuth2UserService implements OAuth2UserService<OAuth2UserRequest, OAuth2User> {
|
||||||
private UserInfoRetriever userInfoRetriever = new NimbusUserInfoRetriever();
|
private UserInfoRetriever userInfoRetriever = new NimbusUserInfoRetriever();
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public OAuth2User loadUser(OAuth2AuthorizedClient authorizedClient) throws OAuth2AuthenticationException {
|
public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
|
||||||
String userNameAttributeName = authorizedClient.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
|
String userNameAttributeName = userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
|
||||||
if (!StringUtils.hasText(userNameAttributeName)) {
|
if (!StringUtils.hasText(userNameAttributeName)) {
|
||||||
throw new IllegalArgumentException(
|
throw new IllegalArgumentException(
|
||||||
"Missing required \"user name\" attribute name in UserInfoEndpoint for Client Registration: " +
|
"Missing required \"user name\" attribute name in UserInfoEndpoint for Client Registration: " +
|
||||||
authorizedClient.getClientRegistration().getRegistrationId());
|
userRequest.getClientRegistration().getRegistrationId());
|
||||||
}
|
}
|
||||||
|
|
||||||
Map<String, Object> userAttributes = this.userInfoRetriever.retrieve(authorizedClient, Map.class);
|
Map<String, Object> userAttributes = this.userInfoRetriever.retrieve(userRequest, Map.class);
|
||||||
GrantedAuthority authority = new OAuth2UserAuthority(userAttributes);
|
GrantedAuthority authority = new OAuth2UserAuthority(userAttributes);
|
||||||
Set<GrantedAuthority> authorities = new HashSet<>();
|
Set<GrantedAuthority> authorities = new HashSet<>();
|
||||||
authorities.add(authority);
|
authorities.add(authority);
|
||||||
|
|
|
@ -15,7 +15,6 @@
|
||||||
*/
|
*/
|
||||||
package org.springframework.security.oauth2.client.userinfo;
|
package org.springframework.security.oauth2.client.userinfo;
|
||||||
|
|
||||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
|
||||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
|
@ -30,30 +29,30 @@ import java.util.Objects;
|
||||||
* to it's internal <code>List</code> of {@link OAuth2UserService}'s.
|
* to it's internal <code>List</code> of {@link OAuth2UserService}'s.
|
||||||
* <p>
|
* <p>
|
||||||
* Each {@link OAuth2UserService} is given a chance to
|
* Each {@link OAuth2UserService} is given a chance to
|
||||||
* {@link OAuth2UserService#loadUser(OAuth2AuthorizedClient) load} an {@link OAuth2User}
|
* {@link OAuth2UserService#loadUser(OAuth2UserRequest) load} an {@link OAuth2User}
|
||||||
* with the first <code>non-null</code> {@link OAuth2User} being returned.
|
* with the first <code>non-null</code> {@link OAuth2User} being returned.
|
||||||
*
|
*
|
||||||
* @author Joe Grandja
|
* @author Joe Grandja
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
* @see OAuth2UserService
|
* @see OAuth2UserService
|
||||||
* @see OAuth2AuthorizedClient
|
* @see OAuth2UserRequest
|
||||||
* @see OAuth2User
|
* @see OAuth2User
|
||||||
*
|
*
|
||||||
* @param <C> The type of <i>Authorized Client</i>
|
* @param <R> The type of <i>OAuth 2.0 User Request</i>
|
||||||
* @param <U> The type of <i>OAuth 2.0 User</i>
|
* @param <U> The type of <i>OAuth 2.0 User</i>
|
||||||
*/
|
*/
|
||||||
public class DelegatingOAuth2UserService<C extends OAuth2AuthorizedClient, U extends OAuth2User> implements OAuth2UserService<C, U> {
|
public class DelegatingOAuth2UserService<R extends OAuth2UserRequest, U extends OAuth2User> implements OAuth2UserService<R, U> {
|
||||||
private final List<OAuth2UserService<C, U>> userServices;
|
private final List<OAuth2UserService<R, U>> userServices;
|
||||||
|
|
||||||
public DelegatingOAuth2UserService(List<OAuth2UserService<C, U>> userServices) {
|
public DelegatingOAuth2UserService(List<OAuth2UserService<R, U>> userServices) {
|
||||||
Assert.notEmpty(userServices, "userServices cannot be empty");
|
Assert.notEmpty(userServices, "userServices cannot be empty");
|
||||||
this.userServices = Collections.unmodifiableList(new ArrayList<>(userServices));
|
this.userServices = Collections.unmodifiableList(new ArrayList<>(userServices));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public U loadUser(C authorizedClient) throws OAuth2AuthenticationException {
|
public U loadUser(R userRequest) throws OAuth2AuthenticationException {
|
||||||
return this.userServices.stream()
|
return this.userServices.stream()
|
||||||
.map(userService -> userService.loadUser(authorizedClient))
|
.map(userService -> userService.loadUser(userRequest))
|
||||||
.filter(Objects::nonNull)
|
.filter(Objects::nonNull)
|
||||||
.findFirst()
|
.findFirst()
|
||||||
.orElse(null);
|
.orElse(null);
|
||||||
|
|
|
@ -27,7 +27,6 @@ import org.springframework.http.client.AbstractClientHttpResponse;
|
||||||
import org.springframework.http.converter.HttpMessageConverter;
|
import org.springframework.http.converter.HttpMessageConverter;
|
||||||
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
|
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
|
||||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
|
||||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
|
@ -51,9 +50,9 @@ public class NimbusUserInfoRetriever implements UserInfoRetriever {
|
||||||
private final HttpMessageConverter jackson2HttpMessageConverter = new MappingJackson2HttpMessageConverter();
|
private final HttpMessageConverter jackson2HttpMessageConverter = new MappingJackson2HttpMessageConverter();
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public <T> T retrieve(OAuth2AuthorizedClient authorizedClient, Class<T> returnType) throws OAuth2AuthenticationException {
|
public <T> T retrieve(OAuth2UserRequest userRequest, Class<T> returnType) throws OAuth2AuthenticationException {
|
||||||
URI userInfoUri = URI.create(authorizedClient.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri());
|
URI userInfoUri = URI.create(userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri());
|
||||||
BearerAccessToken accessToken = new BearerAccessToken(authorizedClient.getAccessToken().getTokenValue());
|
BearerAccessToken accessToken = new BearerAccessToken(userRequest.getAccessToken().getTokenValue());
|
||||||
|
|
||||||
UserInfoRequest userInfoRequest = new UserInfoRequest(userInfoUri, accessToken);
|
UserInfoRequest userInfoRequest = new UserInfoRequest(userInfoUri, accessToken);
|
||||||
HTTPRequest httpRequest = userInfoRequest.toHTTPRequest();
|
HTTPRequest httpRequest = userInfoRequest.toHTTPRequest();
|
||||||
|
|
|
@ -0,0 +1,50 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2012-2017 the original author or authors.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.springframework.security.oauth2.client.userinfo;
|
||||||
|
|
||||||
|
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||||
|
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||||
|
import org.springframework.util.Assert;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Represents a request the {@link OAuth2UserService} uses
|
||||||
|
* when initiating a HTTP request to the <i>UserInfo Endpoint</i>.
|
||||||
|
*
|
||||||
|
* @author Joe Grandja
|
||||||
|
* @since 5.0
|
||||||
|
* @see ClientRegistration
|
||||||
|
* @see OAuth2AccessToken
|
||||||
|
* @see OAuth2UserService
|
||||||
|
*/
|
||||||
|
public class OAuth2UserRequest {
|
||||||
|
private final ClientRegistration clientRegistration;
|
||||||
|
private final OAuth2AccessToken accessToken;
|
||||||
|
|
||||||
|
public OAuth2UserRequest(ClientRegistration clientRegistration, OAuth2AccessToken accessToken) {
|
||||||
|
Assert.notNull(clientRegistration, "clientRegistration cannot be null");
|
||||||
|
Assert.notNull(accessToken, "accessToken cannot be null");
|
||||||
|
this.clientRegistration = clientRegistration;
|
||||||
|
this.accessToken = accessToken;
|
||||||
|
}
|
||||||
|
|
||||||
|
public ClientRegistration getClientRegistration() {
|
||||||
|
return this.clientRegistration;
|
||||||
|
}
|
||||||
|
|
||||||
|
public OAuth2AccessToken getAccessToken() {
|
||||||
|
return this.accessToken;
|
||||||
|
}
|
||||||
|
}
|
|
@ -16,28 +16,27 @@
|
||||||
package org.springframework.security.oauth2.client.userinfo;
|
package org.springframework.security.oauth2.client.userinfo;
|
||||||
|
|
||||||
import org.springframework.security.core.AuthenticatedPrincipal;
|
import org.springframework.security.core.AuthenticatedPrincipal;
|
||||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
|
||||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Implementations of this interface are responsible for obtaining the user attributes
|
* Implementations of this interface are responsible for obtaining the user attributes
|
||||||
* of the <i>End-User</i> (Resource Owner) from the <i>UserInfo Endpoint</i>
|
* of the <i>End-User</i> (Resource Owner) from the <i>UserInfo Endpoint</i>
|
||||||
* using the {@link OAuth2AuthorizedClient#getAccessToken() Access Token}
|
* using the {@link OAuth2UserRequest#getAccessToken() Access Token}
|
||||||
* granted to the {@link OAuth2AuthorizedClient Authorized Client}
|
* granted to the {@link OAuth2UserRequest#getClientRegistration() Client}
|
||||||
* and returning an {@link AuthenticatedPrincipal} in the form of an {@link OAuth2User}.
|
* and returning an {@link AuthenticatedPrincipal} in the form of an {@link OAuth2User}.
|
||||||
*
|
*
|
||||||
* @author Joe Grandja
|
* @author Joe Grandja
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
* @see OAuth2AuthorizedClient
|
* @see OAuth2UserRequest
|
||||||
* @see OAuth2User
|
* @see OAuth2User
|
||||||
* @see AuthenticatedPrincipal
|
* @see AuthenticatedPrincipal
|
||||||
*
|
*
|
||||||
* @param <C> The type of <i>Authorized Client</i>
|
* @param <R> The type of <i>OAuth 2.0 User Request</i>
|
||||||
* @param <U> The type of <i>OAuth 2.0 User</i>
|
* @param <U> The type of <i>OAuth 2.0 User</i>
|
||||||
*/
|
*/
|
||||||
public interface OAuth2UserService<C extends OAuth2AuthorizedClient, U extends OAuth2User> {
|
public interface OAuth2UserService<R extends OAuth2UserRequest, U extends OAuth2User> {
|
||||||
|
|
||||||
U loadUser(C authorizedClient) throws OAuth2AuthenticationException;
|
U loadUser(R userRequest) throws OAuth2AuthenticationException;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,22 +15,21 @@
|
||||||
*/
|
*/
|
||||||
package org.springframework.security.oauth2.client.userinfo;
|
package org.springframework.security.oauth2.client.userinfo;
|
||||||
|
|
||||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
|
||||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A strategy for retrieving the user attributes
|
* A strategy for retrieving the user attributes
|
||||||
* of the <i>End-User</i> (Resource Owner) from the <i>UserInfo Endpoint</i>
|
* of the <i>End-User</i> (Resource Owner) from the <i>UserInfo Endpoint</i>
|
||||||
* using the provided {@link OAuth2AuthorizedClient#getAccessToken() Access Token}.
|
* using the provided {@link OAuth2UserRequest#getAccessToken() Access Token}.
|
||||||
*
|
*
|
||||||
* @author Joe Grandja
|
* @author Joe Grandja
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
* @see OAuth2AuthorizedClient
|
* @see OAuth2UserRequest
|
||||||
* @see OAuth2UserService
|
* @see OAuth2UserService
|
||||||
*/
|
*/
|
||||||
public interface UserInfoRetriever {
|
public interface UserInfoRetriever {
|
||||||
|
|
||||||
<T> T retrieve(OAuth2AuthorizedClient authorizedClient, Class<T> responseType) throws OAuth2AuthenticationException;
|
<T> T retrieve(OAuth2UserRequest userRequest, Class<T> responseType) throws OAuth2AuthenticationException;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue