首页 发现 帮助
注册 登录
github
/
spring-security
镜像自地址 https://github.com/spring-projects/spring-security
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

DefaultOAuth2UserService -> assert UserInfo Uri is set

Fixes gh-4992
Joe Grandja 7 年之前
父节点
48a5aad4a8
当前提交
7eb58ee7d9
共有 2 个文件被更改,包括 22 次插入1 次删除
分列视图 显示文件统计
  1. 12 1
      oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java
  2. 10 0
      oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java

+ 12 - 1
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java
查看文件 

@@ -47,18 +47,29 @@ import java.util.Set;
 
  * @see DefaultOAuth2User
 
  */
 
 public class DefaultOAuth2UserService implements OAuth2UserService<OAuth2UserRequest, OAuth2User> {
 
+	private static final String MISSING_USER_INFO_URI_ERROR_CODE = "missing_user_info_uri";
 
 	private static final String MISSING_USER_NAME_ATTRIBUTE_ERROR_CODE = "missing_user_name_attribute";
 
 	private NimbusUserInfoResponseClient userInfoResponseClient = new NimbusUserInfoResponseClient();
 
 
 	@Override
 
 	public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
 
 		Assert.notNull(userRequest, "userRequest cannot be null");
 
+
 
+		if (!StringUtils.hasText(userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri())) {
 
+			OAuth2Error oauth2Error = new OAuth2Error(
 
+				MISSING_USER_INFO_URI_ERROR_CODE,
 
+				"Missing required UserInfo Uri in UserInfoEndpoint for Client Registration: " +
 
+					userRequest.getClientRegistration().getRegistrationId(),
 
+				null
 
+			);
 
+			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 
+		}
 
 		String userNameAttributeName = userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
 
 		if (!StringUtils.hasText(userNameAttributeName)) {
 
 			OAuth2Error oauth2Error = new OAuth2Error(
 
 				MISSING_USER_NAME_ATTRIBUTE_ERROR_CODE,
 
 				"Missing required \"user name\" attribute name in UserInfoEndpoint for Client Registration: " +
 
-				userRequest.getClientRegistration().getRegistrationId(),
 
+					userRequest.getClientRegistration().getRegistrationId(),
 
 				null
 
 			);
 
 			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());

+ 10 - 0
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
查看文件 

@@ -73,11 +73,21 @@ public class DefaultOAuth2UserServiceTests {
 
 		this.userService.loadUser(null);
 
 	}
 
 
+	@Test
 
+	public void loadUserWhenUserInfoUriIsNullThenThrowOAuth2AuthenticationException() {
 
+		this.exception.expect(OAuth2AuthenticationException.class);
 
+		this.exception.expectMessage(containsString("missing_user_info_uri"));
 
+
 
+		when(this.userInfoEndpoint.getUri()).thenReturn(null);
 
+		this.userService.loadUser(new OAuth2UserRequest(this.clientRegistration, this.accessToken));
 
+	}
 
+
 
 	@Test
 
 	public void loadUserWhenUserNameAttributeNameIsNullThenThrowOAuth2AuthenticationException() {
 
 		this.exception.expect(OAuth2AuthenticationException.class);
 
 		this.exception.expectMessage(containsString("missing_user_name_attribute"));
 
 
+		when(this.userInfoEndpoint.getUri()).thenReturn("http://provider.com/user");
 
 		when(this.userInfoEndpoint.getUserNameAttributeName()).thenReturn(null);
 
 		this.userService.loadUser(new OAuth2UserRequest(this.clientRegistration, this.accessToken));
 
 	}