Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
github
/
spring-security
mirror de https://github.com/spring-projects/spring-security
2
0
Fork 0
Ficheiros Problemas 0 Wiki
Ver Fonte

Add userNameAttributeName to ClientRegistration

Fixes gh-4580
Joe Grandja há 8 anos atrás
pai
7fb3093617
commit
38be35677d
8 ficheiros alterados com 69 adições e 44 exclusões
Visão Dividida Mostrar Estatísticas Diff
  1. 16 1
      config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java
  2. 40 7
      oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
  3. 9 0
      oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrationProperties.java
  4. 1 1
      oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/CustomUserTypesOAuth2UserService.java
  5. 1 1
      oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/DefaultOAuth2UserService.java
  6. 1 1
      oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/nimbus/NimbusUserInfoRetriever.java
  7. 0 32
      samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2LoginAutoConfiguration.java
  8. 1 1
      samples/boot/oauth2login/src/main/java/sample/web/MainController.java

+ 16 - 1
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java
Ver Ficheiro 

@@ -135,6 +135,7 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
 
 
 	@Override
 
 	public void init(H http) throws Exception {
 
+		this.initUserNameAttributeNames();
 
 		AuthorizationCodeAuthenticationProvider authenticationProvider = new AuthorizationCodeAuthenticationProvider(
 
 			this.getAuthorizationCodeTokenExchanger(), this.getAccessTokenRepository(),
 
 			this.getProviderJwtDecoderRegistry(), this.getUserInfoService());
 
@@ -162,6 +163,20 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
 
 			this.authorizationResponseMatcher : this.getAuthenticationFilter().getAuthorizationResponseMatcher());
 
 	}
 
 
+	private void initUserNameAttributeNames() {
 
+		OAuth2LoginConfigurer.getClientRegistrationRepository(this.getBuilder()).getRegistrations().forEach(registration -> {
 
+			if (StringUtils.hasText(registration.getProviderDetails().getUserInfoEndpoint().getUri()) &&
 
+				StringUtils.hasText(registration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName())) {
 
+
 
+				URI userInfoUri = URI.create(registration.getProviderDetails().getUserInfoEndpoint().getUri());
 
+				if (!this.userNameAttributeNames.containsKey(userInfoUri)) {
 
+					this.userNameAttributeNames.put(
 
+						userInfoUri, registration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName());
 
+				}
 
+			}
 
+		});
 
+	}
 
+
 
 	private AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> getAuthorizationCodeTokenExchanger() {
 
 		if (this.authorizationCodeTokenExchanger == null) {
 
 			this.authorizationCodeTokenExchanger = new NimbusAuthorizationCodeTokenExchanger();
 
@@ -192,7 +207,7 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
 
 				));
 
 				providerMetadata.setAuthorizationEndpoint(this.toURL(providerDetails.getAuthorizationUri()));
 
 				providerMetadata.setTokenEndpoint(this.toURL(providerDetails.getTokenUri()));
 
-				providerMetadata.setUserInfoEndpoint(this.toURL(providerDetails.getUserInfoUri()));
 
+				providerMetadata.setUserInfoEndpoint(this.toURL(providerDetails.getUserInfoEndpoint().getUri()));
 
 				providerMetadata.setJwkSetUri(this.toURL(providerDetails.getJwkSetUri()));
 
 				NimbusJwtDecoderJwkSupport nimbusJwtDecoderJwkSupport =
 
 					new NimbusJwtDecoderJwkSupport(providerDetails.getJwkSetUri());

+ 40 - 7
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
Ver Ficheiro 

@@ -121,7 +121,7 @@ public class ClientRegistration {
 
 	public class ProviderDetails {
 
 		private String authorizationUri;
 
 		private String tokenUri;
 
-		private String userInfoUri;
 
+		private UserInfoEndpoint userInfoEndpoint = new UserInfoEndpoint();
 
 		private String jwkSetUri;
 
 
 		protected ProviderDetails() {
 
@@ -143,12 +143,12 @@ public class ClientRegistration {
 
 			this.tokenUri = tokenUri;
 
 		}
 
 
-		public String getUserInfoUri() {
 
-			return this.userInfoUri;
 
+		public UserInfoEndpoint getUserInfoEndpoint() {
 
+			return this.userInfoEndpoint;
 
 		}
 
 
-		protected void setUserInfoUri(String userInfoUri) {
 
-			this.userInfoUri = userInfoUri;
 
+		protected void setUserInfoEndpoint(UserInfoEndpoint userInfoEndpoint) {
 
+			this.userInfoEndpoint = userInfoEndpoint;
 
 		}
 
 
 		public String getJwkSetUri() {
 
@@ -158,6 +158,30 @@ public class ClientRegistration {
 
 		protected void setJwkSetUri(String jwkSetUri) {
 
 			this.jwkSetUri = jwkSetUri;
 
 		}
 
+
 
+		public class UserInfoEndpoint {
 
+			private String uri;
 
+			private String userNameAttributeName;
 
+
 
+			protected UserInfoEndpoint() {
 
+			}
 
+
 
+			public String getUri() {
 
+				return this.uri;
 
+			}
 
+
 
+			protected void setUri(String uri) {
 
+				this.uri = uri;
 
+			}
 
+
 
+			public String getUserNameAttributeName() {
 
+				return this.userNameAttributeName;
 
+			}
 
+
 
+			protected void setUserNameAttributeName(String userNameAttributeName) {
 
+				this.userNameAttributeName = userNameAttributeName;
 
+			}
 
+		}
 
 	}
 
 
 	public static class Builder {
 
@@ -170,6 +194,7 @@ public class ClientRegistration {
 
 		protected String authorizationUri;
 
 		protected String tokenUri;
 
 		protected String userInfoUri;
 
+		protected String userNameAttributeName;
 
 		protected String jwkSetUri;
 
 		protected String clientName;
 
 		protected String clientAlias;
 
@@ -190,6 +215,7 @@ public class ClientRegistration {
 
 			this.authorizationUri(clientRegistrationProperties.getAuthorizationUri());
 
 			this.tokenUri(clientRegistrationProperties.getTokenUri());
 
 			this.userInfoUri(clientRegistrationProperties.getUserInfoUri());
 
+			this.userNameAttributeName(clientRegistrationProperties.getUserNameAttributeName());
 
 			this.jwkSetUri(clientRegistrationProperties.getJwkSetUri());
 
 			this.clientName(clientRegistrationProperties.getClientName());
 
 			this.clientAlias(clientRegistrationProperties.getClientAlias());
 
@@ -206,7 +232,8 @@ public class ClientRegistration {
 
 			}
 
 			this.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri());
 
 			this.tokenUri(clientRegistration.getProviderDetails().getTokenUri());
 
-			this.userInfoUri(clientRegistration.getProviderDetails().getUserInfoUri());
 
+			this.userInfoUri(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri());
 
+			this.userNameAttributeName(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName());
 
 			this.jwkSetUri(clientRegistration.getProviderDetails().getJwkSetUri());
 
 			this.clientName(clientRegistration.getClientName());
 
 			this.clientAlias(clientRegistration.getClientAlias());
 
@@ -255,6 +282,11 @@ public class ClientRegistration {
 
 			return this;
 
 		}
 
 
+		public Builder userNameAttributeName(String userNameAttributeName) {
 
+			this.userNameAttributeName = userNameAttributeName;
 
+			return this;
 
+		}
 
+
 
 		public Builder jwkSetUri(String jwkSetUri) {
 
 			this.jwkSetUri = jwkSetUri;
 
 			return this;
 
@@ -288,7 +320,8 @@ public class ClientRegistration {
 
 			ProviderDetails providerDetails = clientRegistration.new ProviderDetails();
 
 			providerDetails.setAuthorizationUri(this.authorizationUri);
 
 			providerDetails.setTokenUri(this.tokenUri);
 
-			providerDetails.setUserInfoUri(this.userInfoUri);
 
+			providerDetails.getUserInfoEndpoint().setUri(this.userInfoUri);
 
+			providerDetails.getUserInfoEndpoint().setUserNameAttributeName(this.userNameAttributeName);
 
 			providerDetails.setJwkSetUri(this.jwkSetUri);
 
 			clientRegistration.setProviderDetails(providerDetails);

+ 9 - 0
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrationProperties.java
Ver Ficheiro 

@@ -42,6 +42,7 @@ public class ClientRegistrationProperties {
 
 	private String authorizationUri;
 
 	private String tokenUri;
 
 	private String userInfoUri;
 
+	private String userNameAttributeName;
 
 	private String jwkSetUri;
 
 	private String clientName;
 
 	private String clientAlias;
 
@@ -119,6 +120,14 @@ public class ClientRegistrationProperties {
 
 		this.userInfoUri = userInfoUri;
 
 	}
 
 
+	public String getUserNameAttributeName() {
 
+		return this.userNameAttributeName;
 
+	}
 
+
 
+	public void setUserNameAttributeName(String userNameAttributeName) {
 
+		this.userNameAttributeName = userNameAttributeName;
 
+	}
 
+
 
 	public String getJwkSetUri() {
 
 		return this.jwkSetUri;
 
 	}

+ 1 - 1
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/CustomUserTypesOAuth2UserService.java
Ver Ficheiro 

@@ -56,7 +56,7 @@ public class CustomUserTypesOAuth2UserService implements OAuth2UserService {
 
 
 	@Override
 
 	public OAuth2User loadUser(OAuth2ClientAuthenticationToken clientAuthentication) throws OAuth2AuthenticationException {
 
-		URI userInfoUri = URI.create(clientAuthentication.getClientRegistration().getProviderDetails().getUserInfoUri());
 
+		URI userInfoUri = URI.create(clientAuthentication.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri());
 
 		Class<? extends OAuth2User> customUserType;
 
 		if ((customUserType = this.getCustomUserTypes().get(userInfoUri)) == null) {
 
 			return null;

+ 1 - 1
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/DefaultOAuth2UserService.java
Ver Ficheiro 

@@ -66,7 +66,7 @@ public class DefaultOAuth2UserService implements OAuth2UserService {
 
 			return null;
 
 		}
 
 
-		URI userInfoUri = URI.create(clientAuthentication.getClientRegistration().getProviderDetails().getUserInfoUri());
 
+		URI userInfoUri = URI.create(clientAuthentication.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri());
 
 		if (!this.getUserNameAttributeNames().containsKey(userInfoUri)) {
 
 			throw new IllegalArgumentException(
 
 				"Missing required \"user name\" attribute name for UserInfo Endpoint: " + userInfoUri.toString());

+ 1 - 1
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/nimbus/NimbusUserInfoRetriever.java
Ver Ficheiro 

@@ -48,7 +48,7 @@ public class NimbusUserInfoRetriever implements UserInfoRetriever {
 
 
 	@Override
 
 	public Map<String, Object> retrieve(OAuth2ClientAuthenticationToken clientAuthentication) throws OAuth2AuthenticationException {
 
-		URI userInfoUri = URI.create(clientAuthentication.getClientRegistration().getProviderDetails().getUserInfoUri());
 
+		URI userInfoUri = URI.create(clientAuthentication.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri());
 
 		BearerAccessToken accessToken = new BearerAccessToken(clientAuthentication.getAccessToken().getTokenValue());
 
 
 		UserInfoRequest userInfoRequest = new UserInfoRequest(userInfoUri, accessToken);

+ 0 - 32
samples/boot/oauth2login/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2LoginAutoConfiguration.java
Ver Ficheiro 

@@ -23,19 +23,12 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean
 
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
 
 import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
 
 import org.springframework.context.annotation.Configuration;
 
-import org.springframework.core.env.Environment;
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
 
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
-import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer;
 
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 
 
-import java.net.URI;
 
-import java.util.Set;
 
-
 
-import static org.springframework.boot.autoconfigure.security.oauth2.client.ClientRegistrationAutoConfiguration.*;
 
-
 
 /**
 
  * @author Joe Grandja
 
  */
 
@@ -47,44 +40,19 @@ import static org.springframework.boot.autoconfigure.security.oauth2.client.Clie
 
 @AutoConfigureBefore(SecurityAutoConfiguration.class)
 
 @AutoConfigureAfter(ClientRegistrationAutoConfiguration.class)
 
 public class OAuth2LoginAutoConfiguration {
 
-	private static final String USER_INFO_URI_PROPERTY = "user-info-uri";
 
-	private static final String USER_NAME_ATTR_NAME_PROPERTY = "user-name-attribute-name";
 
 
 	@EnableWebSecurity
 
 	protected static class OAuth2LoginSecurityConfiguration extends WebSecurityConfigurerAdapter {
 
-		private final Environment environment;
 
-
 
-		protected OAuth2LoginSecurityConfiguration(Environment environment) {
 
-			this.environment = environment;
 
-		}
 
 
 		// @formatter:off
 
 		@Override
 
 		protected void configure(HttpSecurity http) throws Exception {
 
 			http
 
 				.authorizeRequests()
 
-					.antMatchers("/favicon.ico").permitAll()
 
 					.anyRequest().authenticated()
 
 					.and()
 
 				.oauth2Login();
 
-
 
-			this.registerUserNameAttributeNames(http.oauth2Login());
 
 		}
 
 		// @formatter:on
 
-
 
-		private void registerUserNameAttributeNames(OAuth2LoginConfigurer<HttpSecurity> oauth2LoginConfigurer) throws Exception {
 
-			Set<String> clientPropertyKeys = resolveClientPropertyKeys(this.environment);
 
-			for (String clientPropertyKey : clientPropertyKeys) {
 
-				String fullClientPropertyKey = CLIENT_PROPERTY_PREFIX + "." + clientPropertyKey;
 
-				if (!this.environment.containsProperty(fullClientPropertyKey + "." + CLIENT_ID_PROPERTY)) {
 
-					continue;
 
-				}
 
-				String userInfoUriValue = this.environment.getProperty(fullClientPropertyKey + "." + USER_INFO_URI_PROPERTY);
 
-				String userNameAttributeNameValue = this.environment.getProperty(fullClientPropertyKey + "." + USER_NAME_ATTR_NAME_PROPERTY);
 
-				if (userInfoUriValue != null && userNameAttributeNameValue != null) {
 
-					oauth2LoginConfigurer.userInfoEndpoint().userNameAttributeName(userNameAttributeNameValue, URI.create(userInfoUriValue));
 
-				}
 
-			}
 
-		}
 
 	}
 
 }

+ 1 - 1
samples/boot/oauth2login/src/main/java/sample/web/MainController.java
Ver Ficheiro 

@@ -49,7 +49,7 @@ public class MainController {
 
 		Map userAttributes = this.webClient
 
 			.filter(oauth2Credentials(authentication))
 
 			.get()
 
-			.uri(authentication.getClientAuthentication().getClientRegistration().getProviderDetails().getUserInfoUri())
 
+			.uri(authentication.getClientAuthentication().getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri())
 
 			.retrieve()
 
 			.bodyToMono(Map.class)
 
 			.block();