Deprecate CustomUserTypesOAuth2UserService

Closes gh-8908
This commit is contained in:
Joe Grandja 2020-08-04 12:55:31 -04:00
parent 73e550a867
commit 8146b1fdda
3 changed files with 10 additions and 103 deletions

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2019 the original author or authors. * Copyright 2002-2020 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -439,10 +439,13 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
* Sets a custom {@link OAuth2User} type and associates it to the provided * Sets a custom {@link OAuth2User} type and associates it to the provided
* client {@link ClientRegistration#getRegistrationId() registration identifier}. * client {@link ClientRegistration#getRegistrationId() registration identifier}.
* *
* @deprecated See {@link CustomUserTypesOAuth2UserService} for alternative usage.
*
* @param customUserType a custom {@link OAuth2User} type * @param customUserType a custom {@link OAuth2User} type
* @param clientRegistrationId the client registration identifier * @param clientRegistrationId the client registration identifier
* @return the {@link UserInfoEndpointConfig} for further configuration * @return the {@link UserInfoEndpointConfig} for further configuration
*/ */
@Deprecated
public UserInfoEndpointConfig customUserType(Class<? extends OAuth2User> customUserType, String clientRegistrationId) { public UserInfoEndpointConfig customUserType(Class<? extends OAuth2User> customUserType, String clientRegistrationId) {
Assert.notNull(customUserType, "customUserType cannot be null"); Assert.notNull(customUserType, "customUserType cannot be null");
Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty"); Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty");

View File

@ -616,7 +616,6 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
.userAuthoritiesMapper(this.userAuthoritiesMapper()) .userAuthoritiesMapper(this.userAuthoritiesMapper())
.userService(this.oauth2UserService()) .userService(this.oauth2UserService())
.oidcUserService(this.oidcUserService()) .oidcUserService(this.oidcUserService())
.customUserType(GitHubOAuth2User.class, "github")
) )
); );
} }
@ -651,7 +650,6 @@ class OAuth2LoginSecurityConfig : WebSecurityConfigurerAdapter() {
userAuthoritiesMapper = userAuthoritiesMapper() userAuthoritiesMapper = userAuthoritiesMapper()
userService = oauth2UserService() userService = oauth2UserService()
oidcUserService = oidcUserService() oidcUserService = oidcUserService()
customUserType(GitHubOAuth2User::class.java, "github")
} }
} }
} }
@ -875,7 +873,6 @@ return CommonOAuth2Provider.GOOGLE.getBuilder("google")
The UserInfo Endpoint includes a number of configuration options, as described in the following sub-sections: The UserInfo Endpoint includes a number of configuration options, as described in the following sub-sections:
* <<oauth2login-advanced-map-authorities, Mapping User Authorities>> * <<oauth2login-advanced-map-authorities, Mapping User Authorities>>
* <<oauth2login-advanced-custom-user, Configuring a Custom OAuth2User>>
* <<oauth2login-advanced-oauth2-user-service, OAuth 2.0 UserService>> * <<oauth2login-advanced-oauth2-user-service, OAuth 2.0 UserService>>
* <<oauth2login-advanced-oidc-user-service, OpenID Connect 1.0 UserService>> * <<oauth2login-advanced-oidc-user-service, OpenID Connect 1.0 UserService>>
@ -1142,104 +1139,6 @@ class OAuth2LoginSecurityConfig : WebSecurityConfigurerAdapter() {
==== ====
[[oauth2login-advanced-custom-user]]
===== Configuring a Custom OAuth2User
`CustomUserTypesOAuth2UserService` is an implementation of an `OAuth2UserService` that provides support for custom `OAuth2User` types.
If the default implementation (`DefaultOAuth2User`) does not suit your needs, you can define your own implementation of `OAuth2User`.
The following code demonstrates how you would register a custom `OAuth2User` type for GitHub:
[source,java]
----
@EnableWebSecurity
public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Login(oauth2 -> oauth2
.userInfoEndpoint(userInfo -> userInfo
.customUserType(GitHubOAuth2User.class, "github")
...
)
);
}
}
----
The following code shows an example of a custom `OAuth2User` type for GitHub:
[source,java]
----
public class GitHubOAuth2User implements OAuth2User {
private List<GrantedAuthority> authorities =
AuthorityUtils.createAuthorityList("ROLE_USER");
private Map<String, Object> attributes;
private String id;
private String name;
private String login;
private String email;
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return this.authorities;
}
@Override
public Map<String, Object> getAttributes() {
if (this.attributes == null) {
this.attributes = new HashMap<>();
this.attributes.put("id", this.getId());
this.attributes.put("name", this.getName());
this.attributes.put("login", this.getLogin());
this.attributes.put("email", this.getEmail());
}
return attributes;
}
public String getId() {
return this.id;
}
public void setId(String id) {
this.id = id;
}
@Override
public String getName() {
return this.name;
}
public void setName(String name) {
this.name = name;
}
public String getLogin() {
return this.login;
}
public void setLogin(String login) {
this.login = login;
}
public String getEmail() {
return this.email;
}
public void setEmail(String email) {
this.email = email;
}
}
----
[TIP]
`id`, `name`, `login`, and `email` are attributes returned in GitHub's UserInfo Response.
For detailed information returned from the UserInfo Endpoint, see the API documentation
for https://developer.github.com/v3/users/#get-the-authenticated-user["Get the authenticated user"].
[[oauth2login-advanced-oauth2-user-service]] [[oauth2login-advanced-oauth2-user-service]]
===== OAuth 2.0 UserService ===== OAuth 2.0 UserService

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2018 the original author or authors. * Copyright 2002-2020 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -40,6 +40,10 @@ import java.util.Map;
* using a {@code Map} of {@link OAuth2User} type(s) keyed by {@code String}, * using a {@code Map} of {@link OAuth2User} type(s) keyed by {@code String},
* which represents the {@link ClientRegistration#getRegistrationId() Registration Id} of the Client. * which represents the {@link ClientRegistration#getRegistrationId() Registration Id} of the Client.
* *
* @deprecated It is recommended to use a delegation-based strategy of an {@link OAuth2UserService} to support custom {@link OAuth2User} types,
* as it provides much greater flexibility compared to this implementation.
* See the <a target="_blank" href="https://docs.spring.io/spring-security/site/docs/current/reference/html5/#oauth2login-advanced-map-authorities-oauth2userservice">reference manual</a> for details on how to implement.
*
* @author Joe Grandja * @author Joe Grandja
* @since 5.0 * @since 5.0
* @see OAuth2UserService * @see OAuth2UserService
@ -47,6 +51,7 @@ import java.util.Map;
* @see OAuth2User * @see OAuth2User
* @see ClientRegistration * @see ClientRegistration
*/ */
@Deprecated
public class CustomUserTypesOAuth2UserService implements OAuth2UserService<OAuth2UserRequest, OAuth2User> { public class CustomUserTypesOAuth2UserService implements OAuth2UserService<OAuth2UserRequest, OAuth2User> {
private static final String INVALID_USER_INFO_RESPONSE_ERROR_CODE = "invalid_user_info_response"; private static final String INVALID_USER_INFO_RESPONSE_ERROR_CODE = "invalid_user_info_response";