Remove httpSecurity.oauth2Login().userInfoEndpoint().userNameAttributeName()
Related gh-4580
This commit is contained in:
parent
814742fef6
commit
b463f8e6b5
|
@ -65,7 +65,6 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
|
||||||
private SecurityTokenRepository<AccessToken> accessTokenRepository;
|
private SecurityTokenRepository<AccessToken> accessTokenRepository;
|
||||||
private OAuth2UserService userInfoService;
|
private OAuth2UserService userInfoService;
|
||||||
private Map<URI, Class<? extends OAuth2User>> customUserTypes = new HashMap<>();
|
private Map<URI, Class<? extends OAuth2User>> customUserTypes = new HashMap<>();
|
||||||
private Map<URI, String> userNameAttributeNames = new HashMap<>();
|
|
||||||
private GrantedAuthoritiesMapper userAuthoritiesMapper;
|
private GrantedAuthoritiesMapper userAuthoritiesMapper;
|
||||||
|
|
||||||
AuthorizationCodeAuthenticationFilterConfigurer() {
|
AuthorizationCodeAuthenticationFilterConfigurer() {
|
||||||
|
@ -105,13 +104,6 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
AuthorizationCodeAuthenticationFilterConfigurer<H, R> userNameAttributeName(String userNameAttributeName, URI userInfoUri) {
|
|
||||||
Assert.hasText(userNameAttributeName, "userNameAttributeName cannot be empty");
|
|
||||||
Assert.notNull(userInfoUri, "userInfoUri cannot be null");
|
|
||||||
this.userNameAttributeNames.put(userInfoUri, userNameAttributeName);
|
|
||||||
return this;
|
|
||||||
}
|
|
||||||
|
|
||||||
AuthorizationCodeAuthenticationFilterConfigurer<H, R> userAuthoritiesMapper(GrantedAuthoritiesMapper userAuthoritiesMapper) {
|
AuthorizationCodeAuthenticationFilterConfigurer<H, R> userAuthoritiesMapper(GrantedAuthoritiesMapper userAuthoritiesMapper) {
|
||||||
Assert.notNull(userAuthoritiesMapper, "userAuthoritiesMapper cannot be null");
|
Assert.notNull(userAuthoritiesMapper, "userAuthoritiesMapper cannot be null");
|
||||||
this.userAuthoritiesMapper = userAuthoritiesMapper;
|
this.userAuthoritiesMapper = userAuthoritiesMapper;
|
||||||
|
@ -135,7 +127,6 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void init(H http) throws Exception {
|
public void init(H http) throws Exception {
|
||||||
this.initUserNameAttributeNames();
|
|
||||||
AuthorizationCodeAuthenticationProvider authenticationProvider = new AuthorizationCodeAuthenticationProvider(
|
AuthorizationCodeAuthenticationProvider authenticationProvider = new AuthorizationCodeAuthenticationProvider(
|
||||||
this.getAuthorizationCodeTokenExchanger(), this.getAccessTokenRepository(),
|
this.getAuthorizationCodeTokenExchanger(), this.getAccessTokenRepository(),
|
||||||
this.getProviderJwtDecoderRegistry(), this.getUserInfoService());
|
this.getProviderJwtDecoderRegistry(), this.getUserInfoService());
|
||||||
|
@ -163,20 +154,6 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
|
||||||
this.authorizationResponseMatcher : this.getAuthenticationFilter().getAuthorizationResponseMatcher());
|
this.authorizationResponseMatcher : this.getAuthenticationFilter().getAuthorizationResponseMatcher());
|
||||||
}
|
}
|
||||||
|
|
||||||
private void initUserNameAttributeNames() {
|
|
||||||
OAuth2LoginConfigurer.getClientRegistrationRepository(this.getBuilder()).getRegistrations().forEach(registration -> {
|
|
||||||
if (StringUtils.hasText(registration.getProviderDetails().getUserInfoEndpoint().getUri()) &&
|
|
||||||
StringUtils.hasText(registration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName())) {
|
|
||||||
|
|
||||||
URI userInfoUri = URI.create(registration.getProviderDetails().getUserInfoEndpoint().getUri());
|
|
||||||
if (!this.userNameAttributeNames.containsKey(userInfoUri)) {
|
|
||||||
this.userNameAttributeNames.put(
|
|
||||||
userInfoUri, registration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
private AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> getAuthorizationCodeTokenExchanger() {
|
private AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> getAuthorizationCodeTokenExchanger() {
|
||||||
if (this.authorizationCodeTokenExchanger == null) {
|
if (this.authorizationCodeTokenExchanger == null) {
|
||||||
this.authorizationCodeTokenExchanger = new NimbusAuthorizationCodeTokenExchanger();
|
this.authorizationCodeTokenExchanger = new NimbusAuthorizationCodeTokenExchanger();
|
||||||
|
@ -229,9 +206,7 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
|
||||||
private OAuth2UserService getUserInfoService() {
|
private OAuth2UserService getUserInfoService() {
|
||||||
if (this.userInfoService == null) {
|
if (this.userInfoService == null) {
|
||||||
List<OAuth2UserService> oauth2UserServices = new ArrayList<>();
|
List<OAuth2UserService> oauth2UserServices = new ArrayList<>();
|
||||||
if (!this.userNameAttributeNames.isEmpty()) {
|
oauth2UserServices.add(new DefaultOAuth2UserService());
|
||||||
oauth2UserServices.add(new DefaultOAuth2UserService(this.userNameAttributeNames));
|
|
||||||
}
|
|
||||||
if (this.isOidcClientRegistered()) {
|
if (this.isOidcClientRegistered()) {
|
||||||
oauth2UserServices.add(new OidcUserService());
|
oauth2UserServices.add(new OidcUserService());
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,14 +20,14 @@ import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||||
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
|
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
|
||||||
import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter;
|
|
||||||
import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
|
|
||||||
import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder;
|
|
||||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||||
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
|
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
|
||||||
import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
|
import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
|
||||||
import org.springframework.security.oauth2.client.user.OAuth2UserService;
|
import org.springframework.security.oauth2.client.user.OAuth2UserService;
|
||||||
|
import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter;
|
||||||
|
import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
|
||||||
|
import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder;
|
||||||
import org.springframework.security.oauth2.core.AccessToken;
|
import org.springframework.security.oauth2.core.AccessToken;
|
||||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||||
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
|
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
|
||||||
|
@ -194,13 +194,6 @@ public final class OAuth2LoginConfigurer<H extends HttpSecurityBuilder<H>> exten
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
public UserInfoEndpointConfig userNameAttributeName(String userNameAttributeName, URI userInfoUri) {
|
|
||||||
Assert.hasText(userNameAttributeName, "userNameAttributeName cannot be empty");
|
|
||||||
Assert.notNull(userInfoUri, "userInfoUri cannot be null");
|
|
||||||
OAuth2LoginConfigurer.this.authorizationCodeAuthenticationFilterConfigurer.userNameAttributeName(userNameAttributeName, userInfoUri);
|
|
||||||
return this;
|
|
||||||
}
|
|
||||||
|
|
||||||
public OAuth2LoginConfigurer<H> and() {
|
public OAuth2LoginConfigurer<H> and() {
|
||||||
return OAuth2LoginConfigurer.this;
|
return OAuth2LoginConfigurer.this;
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,17 +18,16 @@ package org.springframework.security.oauth2.client.user;
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
|
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
|
||||||
import org.springframework.security.oauth2.client.authentication.OAuth2ClientAuthenticationToken;
|
import org.springframework.security.oauth2.client.authentication.OAuth2ClientAuthenticationToken;
|
||||||
|
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||||
import org.springframework.security.oauth2.client.user.nimbus.NimbusUserInfoRetriever;
|
import org.springframework.security.oauth2.client.user.nimbus.NimbusUserInfoRetriever;
|
||||||
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
|
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
|
||||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||||
import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
|
import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
|
||||||
import org.springframework.security.oauth2.oidc.client.authentication.OidcClientAuthenticationToken;
|
import org.springframework.security.oauth2.oidc.client.authentication.OidcClientAuthenticationToken;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
|
import org.springframework.util.StringUtils;
|
||||||
|
|
||||||
import java.net.URI;
|
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.LinkedHashMap;
|
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
|
@ -36,8 +35,8 @@ import java.util.Set;
|
||||||
* An implementation of an {@link OAuth2UserService} that supports standard <i>OAuth 2.0 Provider's</i>.
|
* An implementation of an {@link OAuth2UserService} that supports standard <i>OAuth 2.0 Provider's</i>.
|
||||||
* <p>
|
* <p>
|
||||||
* For standard <i>OAuth 2.0 Provider's</i>, the attribute name (from the <i>UserInfo Response</i>)
|
* For standard <i>OAuth 2.0 Provider's</i>, the attribute name (from the <i>UserInfo Response</i>)
|
||||||
* for the <i>"user's name"</i> is required. This is supplied via the constructor,
|
* for the <i>"user's name"</i> is required and therefore must be supplied via
|
||||||
* mapped by <code>URI</code>, which represents the <i>UserInfo Endpoint</i> address.
|
* {@link ClientRegistration.ProviderDetails.UserInfoEndpoint#getUserNameAttributeName()}.
|
||||||
* <p>
|
* <p>
|
||||||
* <b>NOTE:</b> Attribute names are <b><i>not</i></b> standardized between providers and therefore will vary.
|
* <b>NOTE:</b> Attribute names are <b><i>not</i></b> standardized between providers and therefore will vary.
|
||||||
* Please consult the provider's API documentation for the set of supported user attribute names.
|
* Please consult the provider's API documentation for the set of supported user attribute names.
|
||||||
|
@ -52,12 +51,9 @@ import java.util.Set;
|
||||||
* @see UserInfoRetriever
|
* @see UserInfoRetriever
|
||||||
*/
|
*/
|
||||||
public class DefaultOAuth2UserService implements OAuth2UserService {
|
public class DefaultOAuth2UserService implements OAuth2UserService {
|
||||||
private final Map<URI, String> userNameAttributeNames;
|
|
||||||
private UserInfoRetriever userInfoRetriever = new NimbusUserInfoRetriever();
|
private UserInfoRetriever userInfoRetriever = new NimbusUserInfoRetriever();
|
||||||
|
|
||||||
public DefaultOAuth2UserService(Map<URI, String> userNameAttributeNames) {
|
public DefaultOAuth2UserService() {
|
||||||
Assert.notEmpty(userNameAttributeNames, "userNameAttributeNames cannot be empty");
|
|
||||||
this.userNameAttributeNames = Collections.unmodifiableMap(new LinkedHashMap<>(userNameAttributeNames));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -66,12 +62,12 @@ public class DefaultOAuth2UserService implements OAuth2UserService {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
URI userInfoUri = URI.create(clientAuthentication.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri());
|
String userNameAttributeName = clientAuthentication.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
|
||||||
if (!this.getUserNameAttributeNames().containsKey(userInfoUri)) {
|
if (!StringUtils.hasText(userNameAttributeName)) {
|
||||||
throw new IllegalArgumentException(
|
throw new IllegalArgumentException(
|
||||||
"Missing required \"user name\" attribute name for UserInfo Endpoint: " + userInfoUri.toString());
|
"Missing required \"user name\" attribute name in UserInfoEndpoint for Client Registration: " +
|
||||||
|
clientAuthentication.getClientRegistration().getRegistrationId());
|
||||||
}
|
}
|
||||||
String userNameAttributeName = this.getUserNameAttributeNames().get(userInfoUri);
|
|
||||||
|
|
||||||
Map<String, Object> userAttributes = this.getUserInfoRetriever().retrieve(clientAuthentication);
|
Map<String, Object> userAttributes = this.getUserInfoRetriever().retrieve(clientAuthentication);
|
||||||
GrantedAuthority authority = new OAuth2UserAuthority(userAttributes);
|
GrantedAuthority authority = new OAuth2UserAuthority(userAttributes);
|
||||||
|
@ -81,10 +77,6 @@ public class DefaultOAuth2UserService implements OAuth2UserService {
|
||||||
return new DefaultOAuth2User(authorities, userAttributes, userNameAttributeName);
|
return new DefaultOAuth2User(authorities, userAttributes, userNameAttributeName);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected Map<URI, String> getUserNameAttributeNames() {
|
|
||||||
return this.userNameAttributeNames;
|
|
||||||
}
|
|
||||||
|
|
||||||
protected UserInfoRetriever getUserInfoRetriever() {
|
protected UserInfoRetriever getUserInfoRetriever() {
|
||||||
return this.userInfoRetriever;
|
return this.userInfoRetriever;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue