Search in sources :

Example 1 with OidcUserService

use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService in project spring-security by spring-projects.

the class OAuth2LoginConfigurer method getOidcUserService.

private OAuth2UserService<OidcUserRequest, OidcUser> getOidcUserService() {
    if (this.userInfoEndpointConfig.oidcUserService != null) {
        return this.userInfoEndpointConfig.oidcUserService;
    }
    ResolvableType type = ResolvableType.forClassWithGenerics(OAuth2UserService.class, OidcUserRequest.class, OidcUser.class);
    OAuth2UserService<OidcUserRequest, OidcUser> bean = getBeanOrNull(type);
    return (bean != null) ? bean : new OidcUserService();
}
Also used : OidcUserRequest(org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest) ResolvableType(org.springframework.core.ResolvableType) OidcUser(org.springframework.security.oauth2.core.oidc.user.OidcUser) OidcUserService(org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService)

Example 2 with OidcUserService

use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService in project spring-security by spring-projects.

the class OidcUserServiceTests method loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities.

@Test
public void loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities() {
    OidcUserService userService = new OidcUserService();
    OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.scopes("message:read", "message:write"), TestOidcIdTokens.idToken().build());
    OidcUser user = userService.loadUser(request);
    assertThat(user.getAuthorities()).hasSize(3);
    Iterator<? extends GrantedAuthority> authorities = user.getAuthorities().iterator();
    assertThat(authorities.next()).isInstanceOf(OidcUserAuthority.class);
    assertThat(authorities.next()).isEqualTo(new SimpleGrantedAuthority("SCOPE_message:read"));
    assertThat(authorities.next()).isEqualTo(new SimpleGrantedAuthority("SCOPE_message:write"));
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) OidcUser(org.springframework.security.oauth2.core.oidc.user.OidcUser) Test(org.junit.jupiter.api.Test)

Example 3 with OidcUserService

use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService in project spring-security by spring-projects.

the class OAuth2LoginConfigurer method init.

@Override
public void init(B http) throws Exception {
    OAuth2LoginAuthenticationFilter authenticationFilter = new OAuth2LoginAuthenticationFilter(OAuth2ClientConfigurerUtils.getClientRegistrationRepository(this.getBuilder()), OAuth2ClientConfigurerUtils.getAuthorizedClientRepository(this.getBuilder()), this.loginProcessingUrl);
    this.setAuthenticationFilter(authenticationFilter);
    super.loginProcessingUrl(this.loginProcessingUrl);
    if (this.loginPage != null) {
        // Set custom login page
        super.loginPage(this.loginPage);
        super.init(http);
    } else {
        Map<String, String> loginUrlToClientName = this.getLoginLinks();
        if (loginUrlToClientName.size() == 1) {
            // Setup auto-redirect to provider login page
            // when only 1 client is configured
            this.updateAuthenticationDefaults();
            this.updateAccessDefaults(http);
            String providerLoginPage = loginUrlToClientName.keySet().iterator().next();
            this.registerAuthenticationEntryPoint(http, this.getLoginEntryPoint(http, providerLoginPage));
        } else {
            super.init(http);
        }
    }
    OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient = this.tokenEndpointConfig.accessTokenResponseClient;
    if (accessTokenResponseClient == null) {
        accessTokenResponseClient = new DefaultAuthorizationCodeTokenResponseClient();
    }
    OAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService = getOAuth2UserService();
    OAuth2LoginAuthenticationProvider oauth2LoginAuthenticationProvider = new OAuth2LoginAuthenticationProvider(accessTokenResponseClient, oauth2UserService);
    GrantedAuthoritiesMapper userAuthoritiesMapper = this.getGrantedAuthoritiesMapper();
    if (userAuthoritiesMapper != null) {
        oauth2LoginAuthenticationProvider.setAuthoritiesMapper(userAuthoritiesMapper);
    }
    http.authenticationProvider(this.postProcess(oauth2LoginAuthenticationProvider));
    boolean oidcAuthenticationProviderEnabled = ClassUtils.isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
    if (oidcAuthenticationProviderEnabled) {
        OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService = getOidcUserService();
        OidcAuthorizationCodeAuthenticationProvider oidcAuthorizationCodeAuthenticationProvider = new OidcAuthorizationCodeAuthenticationProvider(accessTokenResponseClient, oidcUserService);
        JwtDecoderFactory<ClientRegistration> jwtDecoderFactory = this.getJwtDecoderFactoryBean();
        if (jwtDecoderFactory != null) {
            oidcAuthorizationCodeAuthenticationProvider.setJwtDecoderFactory(jwtDecoderFactory);
        }
        if (userAuthoritiesMapper != null) {
            oidcAuthorizationCodeAuthenticationProvider.setAuthoritiesMapper(userAuthoritiesMapper);
        }
        http.authenticationProvider(this.postProcess(oidcAuthorizationCodeAuthenticationProvider));
    } else {
        http.authenticationProvider(new OidcAuthenticationRequestChecker());
    }
    this.initDefaultLoginFilter(http);
}
Also used : OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User) OidcUserRequest(org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest) OAuth2AuthorizationCodeGrantRequest(org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest) OAuth2UserRequest(org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest) OidcAuthorizationCodeAuthenticationProvider(org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider) GrantedAuthoritiesMapper(org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper) OidcUser(org.springframework.security.oauth2.core.oidc.user.OidcUser) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) OAuth2LoginAuthenticationFilter(org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter) DefaultAuthorizationCodeTokenResponseClient(org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient) OAuth2LoginAuthenticationProvider(org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider)

Example 4 with OidcUserService

use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService in project spring-security by spring-projects.

the class OidcUserServiceTests method loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities.

@Test
public void loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities() {
    OidcUserService userService = new OidcUserService();
    OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.noScopes(), TestOidcIdTokens.idToken().build());
    OidcUser user = userService.loadUser(request);
    assertThat(user.getAuthorities()).hasSize(1);
    Iterator<? extends GrantedAuthority> authorities = user.getAuthorities().iterator();
    assertThat(authorities.next()).isInstanceOf(OidcUserAuthority.class);
}
Also used : OidcUser(org.springframework.security.oauth2.core.oidc.user.OidcUser) Test(org.junit.jupiter.api.Test)

Aggregations

OidcUser (org.springframework.security.oauth2.core.oidc.user.OidcUser)4 Test (org.junit.jupiter.api.Test)2 OidcUserRequest (org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest)2 ResolvableType (org.springframework.core.ResolvableType)1 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)1 GrantedAuthoritiesMapper (org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper)1 OAuth2LoginAuthenticationProvider (org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider)1 DefaultAuthorizationCodeTokenResponseClient (org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient)1 OAuth2AuthorizationCodeGrantRequest (org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest)1 OidcAuthorizationCodeAuthenticationProvider (org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider)1 OidcUserService (org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService)1 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)1 OAuth2UserRequest (org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest)1 OAuth2LoginAuthenticationFilter (org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter)1 OAuth2User (org.springframework.security.oauth2.core.user.OAuth2User)1