Josh Cummings
parent
2df1099da5
commit
84ba3ddf26
|
|
@ -73,8 +73,7 @@ import static org.assertj.core.api.Assertions.assertThat;
|
|||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.SUB;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oidcLogin;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oauth2Login;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.model;
|
||||
|
||||
|
|
@ -261,12 +260,12 @@ public class OAuth2LoginApplicationTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenMockOidcLoginThenIndex() throws Exception {
|
||||
public void requestWhenMockOAuth2LoginThenIndex() throws Exception {
|
||||
ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("github");
|
||||
this.mvc.perform(get("/").with(oidcLogin().clientRegistration(clientRegistration)))
|
||||
this.mvc.perform(get("/").with(oauth2Login().clientRegistration(clientRegistration)))
|
||||
.andExpect(model().attribute("userName", "test-subject"))
|
||||
.andExpect(model().attribute("clientName", "GitHub"))
|
||||
.andExpect(model().attribute("userAttributes", Collections.singletonMap(SUB, "test-subject")));
|
||||
.andExpect(model().attribute("userAttributes", Collections.singletonMap("sub", "test-subject")));
|
||||
}
|
||||
|
||||
private void assertLoginPage(HtmlPage page) {
|
||||
|
|
|
|||
|
|
@ -34,8 +34,7 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
|||
import org.springframework.test.context.junit4.SpringRunner;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
|
||||
import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.SUB;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oidcLogin;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oauth2Login;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.model;
|
||||
|
||||
|
|
@ -64,10 +63,10 @@ public class OAuth2LoginControllerTests {
|
|||
|
||||
@Test
|
||||
public void rootWhenAuthenticatedReturnsUserAndClient() throws Exception {
|
||||
this.mvc.perform(get("/").with(oidcLogin()))
|
||||
this.mvc.perform(get("/").with(oauth2Login()))
|
||||
.andExpect(model().attribute("userName", "test-subject"))
|
||||
.andExpect(model().attribute("clientName", "test"))
|
||||
.andExpect(model().attribute("userAttributes", Collections.singletonMap(SUB, "test-subject")));
|
||||
.andExpect(model().attribute("userAttributes", Collections.singletonMap("sub", "test-subject")));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -79,11 +78,11 @@ public class OAuth2LoginControllerTests {
|
|||
.tokenUri("https://token-uri.example.org")
|
||||
.build();
|
||||
|
||||
this.mvc.perform(get("/").with(oidcLogin()
|
||||
this.mvc.perform(get("/").with(oauth2Login()
|
||||
.clientRegistration(clientRegistration)
|
||||
.idToken(i -> i.subject("spring-security"))))
|
||||
.attributes(a -> a.put("sub", "spring-security"))))
|
||||
.andExpect(model().attribute("userName", "spring-security"))
|
||||
.andExpect(model().attribute("clientName", "my-client-name"))
|
||||
.andExpect(model().attribute("userAttributes", Collections.singletonMap(SUB, "spring-security")));
|
||||
.andExpect(model().attribute("userAttributes", Collections.singletonMap("sub", "spring-security")));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ import java.util.List;
|
|||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.function.Consumer;
|
||||
import java.util.function.Supplier;
|
||||
import java.util.stream.Collectors;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
|
@ -70,6 +71,9 @@ import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
|
|||
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
|
||||
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
|
||||
import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
|
||||
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
|
||||
import org.springframework.security.oauth2.jwt.Jwt;
|
||||
import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
|
||||
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
|
||||
|
|
@ -371,8 +375,38 @@ public final class SecurityMockMvcRequestPostProcessors {
|
|||
/**
|
||||
* Establish a {@link SecurityContext} that has a
|
||||
* {@link OAuth2AuthenticationToken} for the
|
||||
* {@link Authentication} and a {@link OAuth2AuthorizedClient} in
|
||||
* the session. All details are
|
||||
* {@link Authentication}, a {@link OAuth2User} as the principal,
|
||||
* and a {@link OAuth2AuthorizedClient} in the session. All details are
|
||||
* declarative and do not require associated tokens to be valid.
|
||||
*
|
||||
* <p>
|
||||
* The support works by associating the authentication to the HttpServletRequest. To associate
|
||||
* the request to the SecurityContextHolder you need to ensure that the
|
||||
* SecurityContextPersistenceFilter is associated with the MockMvc instance. A few
|
||||
* ways to do this are:
|
||||
* </p>
|
||||
*
|
||||
* <ul>
|
||||
* <li>Invoking apply {@link SecurityMockMvcConfigurers#springSecurity()}</li>
|
||||
* <li>Adding Spring Security's FilterChainProxy to MockMvc</li>
|
||||
* <li>Manually adding {@link SecurityContextPersistenceFilter} to the MockMvc
|
||||
* instance may make sense when using MockMvcBuilders standaloneSetup</li>
|
||||
* </ul>
|
||||
*
|
||||
* @return the {@link OidcLoginRequestPostProcessor} for additional customization
|
||||
* @since 5.3
|
||||
*/
|
||||
public static OAuth2LoginRequestPostProcessor oauth2Login() {
|
||||
OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token",
|
||||
null, null, Collections.singleton("user"));
|
||||
return new OAuth2LoginRequestPostProcessor(accessToken);
|
||||
}
|
||||
|
||||
/**
|
||||
* Establish a {@link SecurityContext} that has a
|
||||
* {@link OAuth2AuthenticationToken} for the
|
||||
* {@link Authentication}, a {@link OidcUser} as the principal,
|
||||
* and a {@link OAuth2AuthorizedClient} in the session. All details are
|
||||
* declarative and do not require associated tokens to be valid.
|
||||
*
|
||||
* <p>
|
||||
|
|
@ -1248,6 +1282,147 @@ public final class SecurityMockMvcRequestPostProcessors {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @author Josh Cummings
|
||||
* @since 5.3
|
||||
*/
|
||||
public final static class OAuth2LoginRequestPostProcessor implements RequestPostProcessor {
|
||||
private ClientRegistration clientRegistration;
|
||||
private OAuth2AccessToken accessToken;
|
||||
|
||||
private Supplier<Collection<GrantedAuthority>> authorities = this::defaultAuthorities;
|
||||
private Supplier<Map<String, Object>> attributes = this::defaultAttributes;
|
||||
private String nameAttributeKey = "sub";
|
||||
private Supplier<OAuth2User> oauth2User = this::defaultPrincipal;
|
||||
|
||||
private OAuth2LoginRequestPostProcessor(OAuth2AccessToken accessToken) {
|
||||
this.accessToken = accessToken;
|
||||
this.clientRegistration = clientRegistrationBuilder().build();
|
||||
}
|
||||
|
||||
/**
|
||||
* Use the provided authorities in the {@link Authentication}
|
||||
*
|
||||
* @param authorities the authorities to use
|
||||
* @return the {@link OAuth2LoginRequestPostProcessor} for further configuration
|
||||
*/
|
||||
public OAuth2LoginRequestPostProcessor authorities(Collection<GrantedAuthority> authorities) {
|
||||
Assert.notNull(authorities, "authorities cannot be null");
|
||||
this.authorities = () -> authorities;
|
||||
this.oauth2User = this::defaultPrincipal;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Use the provided authorities in the {@link Authentication}
|
||||
*
|
||||
* @param authorities the authorities to use
|
||||
* @return the {@link OAuth2LoginRequestPostProcessor} for further configuration
|
||||
*/
|
||||
public OAuth2LoginRequestPostProcessor authorities(GrantedAuthority... authorities) {
|
||||
Assert.notNull(authorities, "authorities cannot be null");
|
||||
this.authorities = () -> Arrays.asList(authorities);
|
||||
this.oauth2User = this::defaultPrincipal;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Mutate the attributes using the given {@link Consumer}
|
||||
*
|
||||
* @param attributesConsumer The {@link Consumer} for mutating the {@Map} of attributes
|
||||
* @return the {@link OAuth2LoginRequestPostProcessor} for further configuration
|
||||
*/
|
||||
public OAuth2LoginRequestPostProcessor attributes(Consumer<Map<String, Object>> attributesConsumer) {
|
||||
Assert.notNull(attributesConsumer, "attributesConsumer cannot be null");
|
||||
this.attributes = () -> {
|
||||
Map<String, Object> attrs = new HashMap<>();
|
||||
attrs.put(this.nameAttributeKey, "test-subject");
|
||||
attributesConsumer.accept(attrs);
|
||||
return attrs;
|
||||
};
|
||||
this.oauth2User = this::defaultPrincipal;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Use the provided key for the attribute containing the principal's name
|
||||
*
|
||||
* @param nameAttributeKey The attribute key to use
|
||||
* @return the {@link OAuth2LoginRequestPostProcessor} for further configuration
|
||||
*/
|
||||
public OAuth2LoginRequestPostProcessor nameAttributeKey(String nameAttributeKey) {
|
||||
Assert.notNull(nameAttributeKey, "nameAttributeKey cannot be null");
|
||||
this.nameAttributeKey = nameAttributeKey;
|
||||
this.oauth2User = this::defaultPrincipal;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Use the provided {@link OAuth2User} as the authenticated user.
|
||||
*
|
||||
* @param oauth2User the {@link OAuth2User} to use
|
||||
* @return the {@link OAuth2LoginRequestPostProcessor} for further configuration
|
||||
*/
|
||||
public OAuth2LoginRequestPostProcessor oauth2User(OAuth2User oauth2User) {
|
||||
this.oauth2User = () -> oauth2User;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Use the provided {@link ClientRegistration} as the client to authorize.
|
||||
*
|
||||
* The supplied {@link ClientRegistration} will be registered into an
|
||||
* {@link HttpSessionOAuth2AuthorizedClientRepository}. Tests relying on
|
||||
* {@link org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient}
|
||||
* annotations should register an {@link HttpSessionOAuth2AuthorizedClientRepository} bean
|
||||
* to the application context.
|
||||
*
|
||||
* @param clientRegistration the {@link ClientRegistration} to use
|
||||
* @return the {@link OAuth2LoginRequestPostProcessor} for further configuration
|
||||
*/
|
||||
public OAuth2LoginRequestPostProcessor clientRegistration(ClientRegistration clientRegistration) {
|
||||
this.clientRegistration = clientRegistration;
|
||||
return this;
|
||||
}
|
||||
|
||||
@Override
|
||||
public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
|
||||
OAuth2User oauth2User = this.oauth2User.get();
|
||||
OAuth2AuthenticationToken token = new OAuth2AuthenticationToken
|
||||
(oauth2User, oauth2User.getAuthorities(), this.clientRegistration.getRegistrationId());
|
||||
OAuth2AuthorizedClient client = new OAuth2AuthorizedClient
|
||||
(this.clientRegistration, token.getName(), this.accessToken);
|
||||
OAuth2AuthorizedClientRepository authorizedClientRepository = new HttpSessionOAuth2AuthorizedClientRepository();
|
||||
authorizedClientRepository.saveAuthorizedClient(client, token, request, new MockHttpServletResponse());
|
||||
|
||||
return new AuthenticationRequestPostProcessor(token).postProcessRequest(request);
|
||||
}
|
||||
|
||||
private ClientRegistration.Builder clientRegistrationBuilder() {
|
||||
return ClientRegistration.withRegistrationId("test")
|
||||
.authorizationGrantType(AuthorizationGrantType.PASSWORD)
|
||||
.clientId("test-client")
|
||||
.tokenUri("https://token-uri.example.org");
|
||||
}
|
||||
|
||||
private Collection<GrantedAuthority> defaultAuthorities() {
|
||||
Set<GrantedAuthority> authorities = new LinkedHashSet<>();
|
||||
authorities.add(new OAuth2UserAuthority(this.attributes.get()));
|
||||
for (String authority : this.accessToken.getScopes()) {
|
||||
authorities.add(new SimpleGrantedAuthority("SCOPE_" + authority));
|
||||
}
|
||||
return authorities;
|
||||
}
|
||||
|
||||
private Map<String, Object> defaultAttributes() {
|
||||
return Collections.singletonMap(this.nameAttributeKey, "test-subject");
|
||||
}
|
||||
|
||||
private OAuth2User defaultPrincipal() {
|
||||
return new DefaultOAuth2User(this.authorities.get(), this.attributes.get(), this.nameAttributeKey);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @author Josh Cummings
|
||||
* @since 5.3
|
||||
|
|
@ -1350,12 +1525,10 @@ public final class SecurityMockMvcRequestPostProcessors {
|
|||
@Override
|
||||
public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
|
||||
OidcUser oidcUser = getOidcUser();
|
||||
OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(oidcUser, oidcUser.getAuthorities(), this.clientRegistration.getRegistrationId());
|
||||
OAuth2AuthorizedClient client = new OAuth2AuthorizedClient(this.clientRegistration, token.getName(), this.accessToken);
|
||||
OAuth2AuthorizedClientRepository authorizedClientRepository = new HttpSessionOAuth2AuthorizedClientRepository();
|
||||
authorizedClientRepository.saveAuthorizedClient(client, token, request, new MockHttpServletResponse());
|
||||
|
||||
return new AuthenticationRequestPostProcessor(token).postProcessRequest(request);
|
||||
return new OAuth2LoginRequestPostProcessor(this.accessToken)
|
||||
.oauth2User(oidcUser)
|
||||
.clientRegistration(this.clientRegistration)
|
||||
.postProcessRequest(request);
|
||||
}
|
||||
|
||||
private ClientRegistration.Builder clientRegistrationBuilder() {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,208 @@
|
|||
/*
|
||||
* Copyright 2002-2019 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.test.web.servlet.request;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.annotation.AuthenticationPrincipal;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizedClientRepository;
|
||||
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
|
||||
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
import org.springframework.test.context.web.WebAppConfiguration;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
|
||||
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oauth2Login;
|
||||
import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
/**
|
||||
* Tests for {@link SecurityMockMvcRequestPostProcessors#oauth2Login()}
|
||||
*
|
||||
* @author Josh Cummings
|
||||
* @since 5.3
|
||||
*/
|
||||
@RunWith(SpringJUnit4ClassRunner.class)
|
||||
@ContextConfiguration
|
||||
@WebAppConfiguration
|
||||
public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
|
||||
@Autowired
|
||||
WebApplicationContext context;
|
||||
|
||||
MockMvc mvc;
|
||||
|
||||
@Before
|
||||
public void setup() {
|
||||
// @formatter:off
|
||||
this.mvc = MockMvcBuilders
|
||||
.webAppContextSetup(this.context)
|
||||
.apply(springSecurity())
|
||||
.build();
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@Test
|
||||
public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthentication()
|
||||
throws Exception {
|
||||
|
||||
this.mvc.perform(get("/name").with(oauth2Login()))
|
||||
.andExpect(content().string("test-subject"));
|
||||
this.mvc.perform(get("/admin/id-token/name").with(oauth2Login()))
|
||||
.andExpect(status().isForbidden());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void oauth2LoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient()
|
||||
throws Exception {
|
||||
|
||||
this.mvc.perform(get("/client-id").with(oauth2Login()))
|
||||
.andExpect(content().string("test-client"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void oauth2LoginWhenAuthoritiesSpecifiedThenGrantsAccess() throws Exception {
|
||||
this.mvc.perform(get("/admin/scopes")
|
||||
.with(oauth2Login().authorities(new SimpleGrantedAuthority("SCOPE_admin"))))
|
||||
.andExpect(content().string("[\"SCOPE_admin\"]"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void oauth2LoginWhenAttributeSpecifiedThenUserHasAttribute() throws Exception {
|
||||
this.mvc.perform(get("/attributes/iss")
|
||||
.with(oauth2Login().attributes(a -> a.put("iss", "https://idp.example.org"))))
|
||||
.andExpect(content().string("https://idp.example.org"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void oauth2LoginWhenNameSpecifiedThenUserHasName() throws Exception {
|
||||
this.mvc.perform(get("/attributes/custom-attribute")
|
||||
.with(oauth2Login().nameAttributeKey("custom-attribute")))
|
||||
.andExpect(content().string("test-subject"));
|
||||
|
||||
this.mvc.perform(get("/name")
|
||||
.with(oauth2Login().nameAttributeKey("custom-attribute")))
|
||||
.andExpect(content().string("test-subject"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void oauth2LoginWhenClientRegistrationSpecifiedThenUses() throws Exception {
|
||||
this.mvc.perform(get("/client-id")
|
||||
.with(oauth2Login().clientRegistration(clientRegistration().build())))
|
||||
.andExpect(content().string("client-id"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void oauth2LoginWhenOAuth2UserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
|
||||
OAuth2User oauth2User = new DefaultOAuth2User(
|
||||
AuthorityUtils.createAuthorityList("SCOPE_user"),
|
||||
Collections.singletonMap("username", "user"),
|
||||
"username");
|
||||
|
||||
this.mvc.perform(get("/attributes/sub")
|
||||
.with(oauth2Login()
|
||||
.attributes(a -> a.put("sub", "bar"))
|
||||
.oauth2User(oauth2User)))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(content().string("no-attribute"));
|
||||
this.mvc.perform(get("/attributes/sub")
|
||||
.with(oauth2Login()
|
||||
.oauth2User(oauth2User)
|
||||
.attributes(a -> a.put("sub", "bar"))))
|
||||
.andExpect(content().string("bar"));
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
@EnableWebMvc
|
||||
static class OAuth2LoginConfig extends WebSecurityConfigurerAdapter {
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.mvcMatchers("/admin/**").hasAuthority("SCOPE_admin")
|
||||
.anyRequest().hasAuthority("SCOPE_user")
|
||||
).oauth2Login();
|
||||
}
|
||||
|
||||
@Bean
|
||||
ClientRegistrationRepository clientRegistrationRepository() {
|
||||
return mock(ClientRegistrationRepository.class);
|
||||
}
|
||||
|
||||
@Bean
|
||||
OAuth2AuthorizedClientRepository oAuth2AuthorizedClientRepository() {
|
||||
return new HttpSessionOAuth2AuthorizedClientRepository();
|
||||
}
|
||||
|
||||
@RestController
|
||||
static class PrincipalController {
|
||||
@GetMapping("/name")
|
||||
String name(@AuthenticationPrincipal OAuth2User oauth2User) {
|
||||
return oauth2User.getName();
|
||||
}
|
||||
|
||||
@GetMapping("/client-id")
|
||||
String authorizedClient(@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient) {
|
||||
return authorizedClient.getClientRegistration().getClientId();
|
||||
}
|
||||
|
||||
@GetMapping("/attributes/{attribute}")
|
||||
String attributes(
|
||||
@AuthenticationPrincipal OAuth2User oauth2User, @PathVariable("attribute") String attribute) {
|
||||
|
||||
return Optional.ofNullable((String) oauth2User.getAttribute(attribute)).orElse("no-attribute");
|
||||
}
|
||||
|
||||
@GetMapping("/admin/scopes")
|
||||
List<String> scopes(
|
||||
@AuthenticationPrincipal(expression = "authorities") Collection<GrantedAuthority> authorities) {
|
||||
|
||||
return authorities.stream().map(GrantedAuthority::getAuthority)
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue