diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationToken.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationToken.java index a67d8726bd..2766a3fa18 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationToken.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationToken.java @@ -69,7 +69,7 @@ public class OAuth2IntrospectionAuthenticationToken public OAuth2IntrospectionAuthenticationToken(OAuth2AccessToken token, OAuth2TokenAttributes attributes, Collection authorities, String name) { - super(token, attributes(attributes), token, authorities); + super(token, attributes, token, authorities); this.attributes = attributes(attributes); this.name = name == null ? (String) this.attributes.get(SUBJECT) : name; setAuthenticated(true); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationProviderTests.java index f97bf77287..74c18972e8 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationProviderTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationProviderTests.java @@ -24,6 +24,7 @@ import org.junit.Test; import org.springframework.security.core.Authentication; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; +import org.springframework.security.oauth2.core.OAuth2TokenAttributes; import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames; import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException; import org.springframework.security.oauth2.server.resource.introspection.OAuth2TokenIntrospectionClient; @@ -63,9 +64,9 @@ public class OAuth2IntrospectionAuthenticationProviderTests { Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")); - assertThat(result.getPrincipal()).isInstanceOf(Map.class); + assertThat(result.getPrincipal()).isInstanceOf(OAuth2TokenAttributes.class); - Map attributes = (Map) result.getPrincipal(); + Map attributes = ((OAuth2TokenAttributes) result.getPrincipal()).getAttributes(); assertThat(attributes) .isNotNull() .containsEntry(ACTIVE, true) @@ -94,9 +95,9 @@ public class OAuth2IntrospectionAuthenticationProviderTests { Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")); - assertThat(result.getPrincipal()).isInstanceOf(Map.class); + assertThat(result.getPrincipal()).isInstanceOf(OAuth2TokenAttributes.class); - Map attributes = (Map) result.getPrincipal(); + Map attributes = ((OAuth2TokenAttributes) result.getPrincipal()).getAttributes(); assertThat(attributes) .isNotNull() .doesNotContainKey(SCOPE); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationTokenTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationTokenTests.java index 65da34279e..8b4079528f 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationTokenTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationTokenTests.java @@ -93,7 +93,7 @@ public class OAuth2IntrospectionAuthenticationTokenTests { public void constructorWhenAttributesAreNullOrEmptyThenThrowsException() { assertThatCode(() -> new OAuth2IntrospectionAuthenticationToken(this.token, null, null)) .isInstanceOf(IllegalArgumentException.class) - .hasMessageContaining("attributes cannot be empty"); + .hasMessageContaining("principal cannot be null"); assertThatCode(() -> new OAuth2IntrospectionAuthenticationToken(this.token, new OAuth2TokenAttributes(Collections.emptyMap()), null)) diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionReactiveAuthenticationManagerTests.java index 0b4cd69f5a..5a8083085b 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionReactiveAuthenticationManagerTests.java @@ -22,6 +22,7 @@ import java.util.Arrays; import java.util.Map; import org.junit.Test; +import org.springframework.security.oauth2.core.OAuth2TokenAttributes; import reactor.core.publisher.Mono; import org.springframework.security.core.Authentication; @@ -62,9 +63,9 @@ public class OAuth2IntrospectionReactiveAuthenticationManagerTests { Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")).block(); - assertThat(result.getPrincipal()).isInstanceOf(Map.class); + assertThat(result.getPrincipal()).isInstanceOf(OAuth2TokenAttributes.class); - Map attributes = (Map) result.getPrincipal(); + Map attributes = ((OAuth2TokenAttributes) result.getPrincipal()).getAttributes(); assertThat(attributes) .isNotNull() .containsEntry(ACTIVE, true) @@ -93,9 +94,9 @@ public class OAuth2IntrospectionReactiveAuthenticationManagerTests { Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")).block(); - assertThat(result.getPrincipal()).isInstanceOf(Map.class); + assertThat(result.getPrincipal()).isInstanceOf(OAuth2TokenAttributes.class); - Map attributes = (Map) result.getPrincipal(); + Map attributes = ((OAuth2TokenAttributes) result.getPrincipal()).getAttributes(); assertThat(attributes) .isNotNull() .doesNotContainKey(SCOPE); diff --git a/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerController.java b/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerController.java index 5a369422ca..93f6019870 100644 --- a/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerController.java +++ b/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerController.java @@ -16,6 +16,7 @@ package sample; import org.springframework.security.core.annotation.AuthenticationPrincipal; +import org.springframework.security.oauth2.core.OAuth2TokenAttributes; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; @@ -26,8 +27,8 @@ import org.springframework.web.bind.annotation.RestController; public class OAuth2ResourceServerController { @GetMapping("/") - public String index(@AuthenticationPrincipal(expression="['sub']") String subject) { - return String.format("Hello, %s!", subject); + public String index(@AuthenticationPrincipal OAuth2TokenAttributes attributes) { + return String.format("Hello, %s!", (String) attributes.getAttribute("sub")); } @GetMapping("/message")