PrincipalExtractor and AuthoritiesExtractor example
This commit is contained in:
parent
2c102c845a
commit
2a773d637c
@ -19,6 +19,7 @@
|
||||
<module>spring-security-sso-auth-server</module>
|
||||
<module>spring-security-sso-ui</module>
|
||||
<module>spring-security-sso-ui-2</module>
|
||||
<module>spring-security-principal-authorities-extractor</module>
|
||||
</modules>
|
||||
|
||||
<properties>
|
||||
|
@ -0,0 +1,53 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<parent>
|
||||
<artifactId>spring-security-sso</artifactId>
|
||||
<groupId>org.baeldung</groupId>
|
||||
<version>1.0.0-SNAPSHOT</version>
|
||||
</parent>
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<artifactId>spring-security-principal-authorities-extractor</artifactId>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-security</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.security.oauth.boot</groupId>
|
||||
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
|
||||
<version>${oauth-auto.version}</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-web</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-thymeleaf</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.thymeleaf.extras</groupId>
|
||||
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-test</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-test</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</project>
|
@ -0,0 +1,18 @@
|
||||
package org.baeldung;
|
||||
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.ui.Model;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
|
||||
@SpringBootApplication
|
||||
public class Application {
|
||||
public static void main(String[] args) {
|
||||
SpringApplication.run(Application.class, args);
|
||||
}
|
||||
|
||||
@GetMapping("/")
|
||||
public String homePage(Model model) {
|
||||
return "index";
|
||||
}
|
||||
}
|
@ -0,0 +1,38 @@
|
||||
package org.baeldung.configuration;
|
||||
|
||||
import org.baeldung.extractor.CustomAuthoritiesExtractor;
|
||||
import org.baeldung.extractor.CustomPrincipalExtractor;
|
||||
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
|
||||
import org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor;
|
||||
import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
|
||||
@Configuration
|
||||
@EnableOAuth2Sso
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.antMatcher("/**")
|
||||
.authorizeRequests()
|
||||
.antMatchers("/login**")
|
||||
.permitAll()
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.formLogin().disable();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public PrincipalExtractor principalExtractor() {
|
||||
return new CustomPrincipalExtractor();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public AuthoritiesExtractor authoritiesExtractor() {
|
||||
return new CustomAuthoritiesExtractor();
|
||||
}
|
||||
}
|
@ -0,0 +1,27 @@
|
||||
package org.baeldung.extractor;
|
||||
|
||||
import org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Objects;
|
||||
|
||||
public class CustomAuthoritiesExtractor implements AuthoritiesExtractor {
|
||||
private static final List<GrantedAuthority> GITHUB_FREE_AUTHORITIES = AuthorityUtils.commaSeparatedStringToAuthorityList("GITHUB_USER,GITHUB_USER_FREE");
|
||||
private static final List<GrantedAuthority> GITHUB_SUBSCRIBED_AUTHORITIES = AuthorityUtils.commaSeparatedStringToAuthorityList("GITHUB_USER,GITHUB_USER_SUBSCRIBED");
|
||||
|
||||
@Override
|
||||
public List<GrantedAuthority> extractAuthorities(Map<String, Object> map) {
|
||||
if (Objects.nonNull(map.get("plan"))) {
|
||||
if (!((LinkedHashMap) map.get("plan"))
|
||||
.get("name")
|
||||
.equals("free")) {
|
||||
return GITHUB_SUBSCRIBED_AUTHORITIES;
|
||||
}
|
||||
}
|
||||
return GITHUB_FREE_AUTHORITIES;
|
||||
}
|
||||
}
|
@ -0,0 +1,13 @@
|
||||
package org.baeldung.extractor;
|
||||
|
||||
import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
public class CustomPrincipalExtractor implements PrincipalExtractor {
|
||||
|
||||
@Override
|
||||
public Object extractPrincipal(Map<String, Object> map) {
|
||||
return map.get("login");
|
||||
}
|
||||
}
|
@ -0,0 +1,14 @@
|
||||
security:
|
||||
oauth2:
|
||||
client:
|
||||
clientId: 89a7c4facbb3434d599d
|
||||
clientSecret: 9b3b08e4a340bd20e866787e4645b54f73d74b6a
|
||||
accessTokenUri: https://github.com/login/oauth/access_token
|
||||
userAuthorizationUri: https://github.com/login/oauth/authorize
|
||||
clientAuthenticationScheme: form
|
||||
scope: read:user,user:email
|
||||
resource:
|
||||
userInfoUri: https://api.github.com/user
|
||||
spring:
|
||||
thymeleaf:
|
||||
cache: false
|
@ -0,0 +1,21 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
|
||||
<title>Spring Security Principal and Authorities extractor</title>
|
||||
<link rel="stylesheet"
|
||||
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap.min.css"/>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="container">
|
||||
<div class="col-sm-12">
|
||||
<h1>Secured Page</h1>
|
||||
Authenticated username:
|
||||
<div th:text="${#authentication.name}"></div>
|
||||
Authorities:
|
||||
<div th:text="${#authentication.authorities}"></div>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
@ -0,0 +1,53 @@
|
||||
import org.baeldung.Application;
|
||||
import org.baeldung.configuration.SecurityConfig;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringRunner;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
|
||||
@RunWith(SpringRunner.class)
|
||||
@SpringBootTest(classes = Application.class, webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
|
||||
@ContextConfiguration(classes = {SecurityConfig.class})
|
||||
public class ApplicationUnitTest {
|
||||
|
||||
@Autowired
|
||||
private WebApplicationContext context;
|
||||
|
||||
@Autowired
|
||||
private Filter springSecurityFilterChain;
|
||||
|
||||
private MockMvc mvc;
|
||||
|
||||
@Before
|
||||
public void setup() {
|
||||
mvc = MockMvcBuilders
|
||||
.webAppContextSetup(context)
|
||||
.addFilters(springSecurityFilterChain)
|
||||
.build();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void contextLoads() throws Exception {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenValidRequestWithoutAuthentication_shouldFailWith302() throws Exception {
|
||||
mvc
|
||||
.perform(get("/"))
|
||||
.andExpect(status().isFound())
|
||||
.andReturn();
|
||||
}
|
||||
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user