Halaman utama Jelajahi Bantuan
Daftar Masuk
github
/
spring-security
cermin dari https://github.com/spring-projects/spring-security
2
0
Fork 0
Berkas Masalah 0 Wiki
Jelajahi Sumber

Allow null or empty authorities for DefaultOAuth2User

Make DefaultOAuth2User more inline with other part of
spring-security.
For example,
- DefaultOAuth2AuthenticatedPrincipal
- AbstractAuthenticationToken

Closes gh-9366
Mayur Patel 4 tahun lalu
induk
041e4aa22f
melakukan
75706f118c
3 mengubah file dengan 44 tambahan dan 22 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 5 3
      oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
  2. 22 6
      oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java
  3. 17 13
      oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java

+ 5 - 3
oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
Tampilan Berkas 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright 2002-2019 the original author or authors.
 
+ * Copyright 2002-2021 the original author or authors.
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -29,6 +29,7 @@ import java.util.TreeSet;
 
 
 import org.springframework.security.core.GrantedAuthority;
 
 import org.springframework.security.core.SpringSecurityCoreVersion;
 
+import org.springframework.security.core.authority.AuthorityUtils;
 
 import org.springframework.util.Assert;
 
 
 /**
 
@@ -65,13 +66,14 @@ public class DefaultOAuth2User implements OAuth2User, Serializable {
 
 	 */
 
 	public DefaultOAuth2User(Collection<? extends GrantedAuthority> authorities, Map<String, Object> attributes,
 
 			String nameAttributeKey) {
 
-		Assert.notEmpty(authorities, "authorities cannot be empty");
 
 		Assert.notEmpty(attributes, "attributes cannot be empty");
 
 		Assert.hasText(nameAttributeKey, "nameAttributeKey cannot be empty");
 
 		if (!attributes.containsKey(nameAttributeKey)) {
 
 			throw new IllegalArgumentException("Missing attribute '" + nameAttributeKey + "' in attributes");
 
 		}
 
-		this.authorities = Collections.unmodifiableSet(new LinkedHashSet<>(this.sortAuthorities(authorities)));
 
+		this.authorities = (authorities != null)
 
+				? Collections.unmodifiableSet(new LinkedHashSet<>(this.sortAuthorities(authorities)))
 
+				: Collections.unmodifiableSet(new LinkedHashSet<>(AuthorityUtils.NO_AUTHORITIES));
 
 		this.attributes = Collections.unmodifiableMap(new LinkedHashMap<>(attributes));
 
 		this.nameAttributeKey = nameAttributeKey;
 
 	}

+ 22 - 6
oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java
Tampilan Berkas 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright 2002-2017 the original author or authors.
 
+ * Copyright 2002-2021 the original author or authors.
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -25,6 +25,7 @@ import java.util.Set;
 
 import org.junit.Test;
 
 
 import org.springframework.security.core.GrantedAuthority;
 
+import org.springframework.security.core.authority.AuthorityUtils;
 
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
 import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
 
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 
@@ -66,11 +67,6 @@ public class DefaultOidcUserTests {
 
 
 	private static final OidcUserInfo USER_INFO = new OidcUserInfo(USER_INFO_CLAIMS);
 
 
-	@Test
 
-	public void constructorWhenAuthoritiesIsNullThenThrowIllegalArgumentException() {
 
-		assertThatIllegalArgumentException().isThrownBy(() -> new DefaultOidcUser(null, ID_TOKEN));
 
-	}
 
-
 
 	@Test
 
 	public void constructorWhenIdTokenIsNullThenThrowIllegalArgumentException() {
 
 		assertThatIllegalArgumentException().isThrownBy(() -> new DefaultOidcUser(AUTHORITIES, null));
 
@@ -81,6 +77,26 @@ public class DefaultOidcUserTests {
 
 		assertThatIllegalArgumentException().isThrownBy(() -> new DefaultOidcUser(AUTHORITIES, ID_TOKEN, "invalid"));
 
 	}
 
 
+	@Test
 
+	public void constructorWhenAuthoritiesIsNullThenCreatedWithEmptyAuthorities() {
 
+		DefaultOidcUser user = new DefaultOidcUser(null, ID_TOKEN);
 
+		assertThat(user.getClaims()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB);
 
+		assertThat(user.getIdToken()).isEqualTo(ID_TOKEN);
 
+		assertThat(user.getName()).isEqualTo(SUBJECT);
 
+		assertThat(user.getAuthorities()).isEmpty();
 
+		assertThat(user.getAttributes()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB);
 
+	}
 
+
 
+	@Test
 
+	public void constructorWhenAuthoritiesIsEmptyThenCreated() {
 
+		DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.NO_AUTHORITIES, ID_TOKEN);
 
+		assertThat(user.getClaims()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB);
 
+		assertThat(user.getIdToken()).isEqualTo(ID_TOKEN);
 
+		assertThat(user.getName()).isEqualTo(SUBJECT);
 
+		assertThat(user.getAuthorities()).isEmpty();
 
+		assertThat(user.getAttributes()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB);
 
+	}
 
+
 
 	@Test
 
 	public void constructorWhenAuthoritiesIdTokenProvidedThenCreated() {
 
 		DefaultOidcUser user = new DefaultOidcUser(AUTHORITIES, ID_TOKEN);

+ 17 - 13
oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java
Tampilan Berkas 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright 2002-2017 the original author or authors.
 
+ * Copyright 2002-2021 the original author or authors.
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -47,18 +47,6 @@ public class DefaultOAuth2UserTests {
 
 
 	private static final Map<String, Object> ATTRIBUTES = Collections.singletonMap(ATTRIBUTE_NAME_KEY, USERNAME);
 
 
-	@Test
 
-	public void constructorWhenAuthoritiesIsNullThenThrowIllegalArgumentException() {
 
-		assertThatIllegalArgumentException()
 
-				.isThrownBy(() -> new DefaultOAuth2User(null, ATTRIBUTES, ATTRIBUTE_NAME_KEY));
 
-	}
 
-
 
-	@Test
 
-	public void constructorWhenAuthoritiesIsEmptyThenThrowIllegalArgumentException() {
 
-		assertThatIllegalArgumentException()
 
-				.isThrownBy(() -> new DefaultOAuth2User(Collections.emptySet(), ATTRIBUTES, ATTRIBUTE_NAME_KEY));
 
-	}
 
-
 
 	@Test
 
 	public void constructorWhenAttributesIsNullThenThrowIllegalArgumentException() {
 
 		assertThatIllegalArgumentException()
 
@@ -82,6 +70,22 @@ public class DefaultOAuth2UserTests {
 
 				.isThrownBy(() -> new DefaultOAuth2User(AUTHORITIES, ATTRIBUTES, "invalid"));
 
 	}
 
 
+	@Test
 
+	public void constructorWhenAuthoritiesIsNullThenCreatedWithEmptyAuthorities() {
 
+		DefaultOAuth2User user = new DefaultOAuth2User(null, ATTRIBUTES, ATTRIBUTE_NAME_KEY);
 
+		assertThat(user.getName()).isEqualTo(USERNAME);
 
+		assertThat(user.getAuthorities()).isEmpty();
 
+		assertThat(user.getAttributes()).containsOnlyKeys(ATTRIBUTE_NAME_KEY);
 
+	}
 
+
 
+	@Test
 
+	public void constructorWhenAuthoritiesIsEmptyThenCreated() {
 
+		DefaultOAuth2User user = new DefaultOAuth2User(Collections.emptySet(), ATTRIBUTES, ATTRIBUTE_NAME_KEY);
 
+		assertThat(user.getName()).isEqualTo(USERNAME);
 
+		assertThat(user.getAuthorities()).isEmpty();
 
+		assertThat(user.getAttributes()).containsOnlyKeys(ATTRIBUTE_NAME_KEY);
 
+	}
 
+
 
 	@Test
 
 	public void constructorWhenAllParametersProvidedAndValidThenCreated() {
 
 		DefaultOAuth2User user = new DefaultOAuth2User(AUTHORITIES, ATTRIBUTES, ATTRIBUTE_NAME_KEY);