OAuth2 Principal and Authorities example - refactor and added example using custom authorization server

spring-5-security/src/main/java/com/baeldung/oauth2extractors/ExtractorsApplication.java

@@ -1,7 +1,9 @@
 package com.baeldung.oauth2extractors;
 
+import org.apache.logging.log4j.util.Strings;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.core.env.AbstractEnvironment;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 
@@ -9,6 +11,13 @@ import org.springframework.web.bind.annotation.RequestMapping;
 @Controller
 public class ExtractorsApplication {
     public static void main(String[] args) {
+        if (Strings.isEmpty(System.getProperty(AbstractEnvironment.ACTIVE_PROFILES_PROPERTY_NAME))) {
+            /*System.setProperty(AbstractEnvironment.ACTIVE_PROFILES_PROPERTY_NAME,
+                    "oauth2-extractors-baeldung");*/
+            System.setProperty(AbstractEnvironment.ACTIVE_PROFILES_PROPERTY_NAME,
+                    "oauth2-extractors-github");
+        }
+
         SpringApplication.run(ExtractorsApplication.class, args);
     }
 

spring-5-security/src/main/java/com/baeldung/oauth2extractors/configuration/SecurityConfig.java

@@ -1,18 +1,19 @@
 package com.baeldung.oauth2extractors.configuration;
 
-import com.baeldung.oauth2extractors.extractor.CustomAuthoritiesExtractor;
+import com.baeldung.oauth2extractors.extractor.custom.BaeldungAuthoritiesExtractor;
-import com.baeldung.oauth2extractors.extractor.CustomPrincipalExtractor;
+import com.baeldung.oauth2extractors.extractor.custom.BaeldungPrincipalExtractor;
+import com.baeldung.oauth2extractors.extractor.github.GithubAuthoritiesExtractor;
+import com.baeldung.oauth2extractors.extractor.github.GithubPrincipalExtractor;
 import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.PropertySource;
+import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
 @Configuration
-@PropertySource("application-oauth2-extractors.properties")
 @EnableOAuth2Sso
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
@@ -29,12 +30,26 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     }
 
     @Bean
-    public PrincipalExtractor principalExtractor() {
+    @Profile("oauth2-extractors-baeldung")
-        return new CustomPrincipalExtractor();
+    public PrincipalExtractor baeldungPrincipalExtractor() {
+        return new BaeldungPrincipalExtractor();
     }
 
     @Bean
-    public AuthoritiesExtractor authoritiesExtractor() {
+    @Profile("oauth2-extractors-baeldung")
-        return new CustomAuthoritiesExtractor();
+    public AuthoritiesExtractor baeldungAuthoritiesExtractor() {
+        return new BaeldungAuthoritiesExtractor();
+    }
+
+    @Bean
+    @Profile("oauth2-extractors-github")
+    public PrincipalExtractor githubPrincipalExtractor() {
+        return new GithubPrincipalExtractor();
+    }
+
+    @Bean
+    @Profile("oauth2-extractors-github")
+    public AuthoritiesExtractor githubAuthoritiesExtractor() {
+        return new GithubAuthoritiesExtractor();
     }
 }

spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/custom/BaeldungAuthoritiesExtractor.java

@@ -0,0 +1,29 @@
+package com.baeldung.oauth2extractors.extractor.custom;
+
+import org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
+
+import java.util.ArrayList;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+
+public class BaeldungAuthoritiesExtractor implements AuthoritiesExtractor {
+
+    @Override
+    public List<GrantedAuthority> extractAuthorities(Map<String, Object> map) {
+        return AuthorityUtils
+                .commaSeparatedStringToAuthorityList(asAuthorities(map));
+    }
+
+    private String asAuthorities(Map<String, Object> map) {
+        List<String> authorities = new ArrayList<>();
+        authorities.add("BAELDUNG_USER");
+        List<LinkedHashMap<String, String>> authz = (List<LinkedHashMap<String, String>>) map.get("authorities");
+        for (LinkedHashMap<String, String> entry : authz) {
+            authorities.add(entry.get("authority"));
+        }
+        return String.join(",", authorities);
+    }
+}

spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/custom/BaeldungPrincipalExtractor.java

@@ -0,0 +1,13 @@
+package com.baeldung.oauth2extractors.extractor.custom;
+
+import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor;
+
+import java.util.Map;
+
+public class BaeldungPrincipalExtractor implements PrincipalExtractor {
+
+    @Override
+    public Object extractPrincipal(Map<String, Object> map) {
+        return map.get("name");
+    }
+}

spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/github/GithubAuthoritiesExtractor.java

@@ -1,4 +1,4 @@
-package com.baeldung.oauth2extractors.extractor;
+package com.baeldung.oauth2extractors.extractor.github;
 
 import org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor;
 import org.springframework.security.core.GrantedAuthority;
@@ -9,7 +9,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 
-public class CustomAuthoritiesExtractor implements AuthoritiesExtractor {
+public class GithubAuthoritiesExtractor implements AuthoritiesExtractor {
     private List<GrantedAuthority> GITHUB_FREE_AUTHORITIES = AuthorityUtils
             .commaSeparatedStringToAuthorityList("GITHUB_USER,GITHUB_USER_FREE");
     private List<GrantedAuthority> GITHUB_SUBSCRIBED_AUTHORITIES = AuthorityUtils

spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/github/GithubPrincipalExtractor.java

@@ -1,10 +1,10 @@
-package com.baeldung.oauth2extractors.extractor;
+package com.baeldung.oauth2extractors.extractor.github;
 
 import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor;
 
 import java.util.Map;
 
-public class CustomPrincipalExtractor implements PrincipalExtractor {
+public class GithubPrincipalExtractor implements PrincipalExtractor {
 
     @Override
     public Object extractPrincipal(Map<String, Object> map) {

spring-5-security/src/main/resources/application-oauth2-extractors-baeldung.properties

@@ -0,0 +1,6 @@
+server.port=8082
+security.oauth2.client.client-id=SampleClientId
+security.oauth2.client.client-secret=secret
+security.oauth2.client.access-token-uri=http://localhost:8081/auth/oauth/token
+security.oauth2.client.user-authorization-uri=http://localhost:8081/auth/oauth/authorize
+security.oauth2.resource.user-info-uri=http://localhost:8081/auth/user/me

spring-5-security/src/main/resources/application-oauth2-extractors-github.properties

@@ -1,3 +1,4 @@
+server.port=8082
 security.oauth2.client.client-id=89a7c4facbb3434d599d
 security.oauth2.client.client-secret=9b3b08e4a340bd20e866787e4645b54f73d74b6a
 security.oauth2.client.access-token-uri=https://github.com/login/oauth/access_token

spring-5-security/src/test/java/com/baeldung/oauth2extractors/ExtractorsUnitTest.java

@@ -6,6 +6,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
@@ -21,6 +22,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @RunWith(SpringRunner.class)
 @SpringBootTest(classes = ExtractorsApplication.class, webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
 @ContextConfiguration(classes = {SecurityConfig.class})
+@ActiveProfiles("oauth2-extractors-github")
 public class ExtractorsUnitTest {
 
     @Autowired

spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/AuthServerConfig.java

@@ -30,7 +30,7 @@ public class AuthServerConfig extends AuthorizationServerConfigurerAdapter {
             .authorizedGrantTypes("authorization_code")
             .scopes("user_info")
             .autoApprove(true)
-            .redirectUris("http://localhost:8082/ui/login","http://localhost:8083/ui2/login")
+            .redirectUris("http://localhost:8082/ui/login","http://localhost:8083/ui2/login","http://localhost:8082/login")
         // .accessTokenValiditySeconds(3600)
         ; // 1 hour
     }