Search in sources :

Example 16 with OAuth2UserRequest

use of org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest in project spring-security by spring-projects.

the class DefaultReactiveOAuth2UserServiceTests method loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities.

@Test
public void loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities() {
    Map<String, Object> body = new HashMap<>();
    body.put("id", "id");
    DefaultReactiveOAuth2UserService userService = withMockResponse(body);
    OAuth2UserRequest request = new OAuth2UserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.noScopes());
    OAuth2User user = userService.loadUser(request).block();
    assertThat(user.getAuthorities()).hasSize(1);
    Iterator<? extends GrantedAuthority> authorities = user.getAuthorities().iterator();
    assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class);
}
Also used : OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User) HashMap(java.util.HashMap) Test(org.junit.jupiter.api.Test)

Example 17 with OAuth2UserRequest

use of org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest in project spring-security by spring-projects.

the class CustomUserTypesOAuth2UserServiceTests method loadUserWhenCustomUserTypeNotFoundThenReturnNull.

@Test
public void loadUserWhenCustomUserTypeNotFoundThenReturnNull() {
    // @formatter:off
    ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().registrationId("other-client-registration-id-1").build();
    // @formatter:on
    OAuth2User user = this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
    assertThat(user).isNull();
}
Also used : OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) Test(org.junit.jupiter.api.Test)

Example 18 with OAuth2UserRequest

use of org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest in project spring-security by spring-projects.

the class DefaultReactiveOAuth2UserServiceTests method loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities.

@Test
public void loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities() {
    Map<String, Object> body = new HashMap<>();
    body.put("id", "id");
    DefaultReactiveOAuth2UserService userService = withMockResponse(body);
    OAuth2UserRequest request = new OAuth2UserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.scopes("message:read", "message:write"));
    OAuth2User user = userService.loadUser(request).block();
    assertThat(user.getAuthorities()).hasSize(3);
    Iterator<? extends GrantedAuthority> authorities = user.getAuthorities().iterator();
    assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class);
    assertThat(authorities.next()).isEqualTo(new SimpleGrantedAuthority("SCOPE_message:read"));
    assertThat(authorities.next()).isEqualTo(new SimpleGrantedAuthority("SCOPE_message:write"));
}
Also used : OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) HashMap(java.util.HashMap) Test(org.junit.jupiter.api.Test)

Example 19 with OAuth2UserRequest

use of org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest in project spring-security by spring-projects.

the class OAuth2LoginConfigurer method init.

@Override
public void init(B http) throws Exception {
    OAuth2LoginAuthenticationFilter authenticationFilter = new OAuth2LoginAuthenticationFilter(OAuth2ClientConfigurerUtils.getClientRegistrationRepository(this.getBuilder()), OAuth2ClientConfigurerUtils.getAuthorizedClientRepository(this.getBuilder()), this.loginProcessingUrl);
    this.setAuthenticationFilter(authenticationFilter);
    super.loginProcessingUrl(this.loginProcessingUrl);
    if (this.loginPage != null) {
        // Set custom login page
        super.loginPage(this.loginPage);
        super.init(http);
    } else {
        Map<String, String> loginUrlToClientName = this.getLoginLinks();
        if (loginUrlToClientName.size() == 1) {
            // Setup auto-redirect to provider login page
            // when only 1 client is configured
            this.updateAuthenticationDefaults();
            this.updateAccessDefaults(http);
            String providerLoginPage = loginUrlToClientName.keySet().iterator().next();
            this.registerAuthenticationEntryPoint(http, this.getLoginEntryPoint(http, providerLoginPage));
        } else {
            super.init(http);
        }
    }
    OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient = this.tokenEndpointConfig.accessTokenResponseClient;
    if (accessTokenResponseClient == null) {
        accessTokenResponseClient = new DefaultAuthorizationCodeTokenResponseClient();
    }
    OAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService = getOAuth2UserService();
    OAuth2LoginAuthenticationProvider oauth2LoginAuthenticationProvider = new OAuth2LoginAuthenticationProvider(accessTokenResponseClient, oauth2UserService);
    GrantedAuthoritiesMapper userAuthoritiesMapper = this.getGrantedAuthoritiesMapper();
    if (userAuthoritiesMapper != null) {
        oauth2LoginAuthenticationProvider.setAuthoritiesMapper(userAuthoritiesMapper);
    }
    http.authenticationProvider(this.postProcess(oauth2LoginAuthenticationProvider));
    boolean oidcAuthenticationProviderEnabled = ClassUtils.isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
    if (oidcAuthenticationProviderEnabled) {
        OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService = getOidcUserService();
        OidcAuthorizationCodeAuthenticationProvider oidcAuthorizationCodeAuthenticationProvider = new OidcAuthorizationCodeAuthenticationProvider(accessTokenResponseClient, oidcUserService);
        JwtDecoderFactory<ClientRegistration> jwtDecoderFactory = this.getJwtDecoderFactoryBean();
        if (jwtDecoderFactory != null) {
            oidcAuthorizationCodeAuthenticationProvider.setJwtDecoderFactory(jwtDecoderFactory);
        }
        if (userAuthoritiesMapper != null) {
            oidcAuthorizationCodeAuthenticationProvider.setAuthoritiesMapper(userAuthoritiesMapper);
        }
        http.authenticationProvider(this.postProcess(oidcAuthorizationCodeAuthenticationProvider));
    } else {
        http.authenticationProvider(new OidcAuthenticationRequestChecker());
    }
    this.initDefaultLoginFilter(http);
}
Also used : OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User) OidcUserRequest(org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest) OAuth2AuthorizationCodeGrantRequest(org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest) OAuth2UserRequest(org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest) OidcAuthorizationCodeAuthenticationProvider(org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider) GrantedAuthoritiesMapper(org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper) OidcUser(org.springframework.security.oauth2.core.oidc.user.OidcUser) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) OAuth2LoginAuthenticationFilter(org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter) DefaultAuthorizationCodeTokenResponseClient(org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient) OAuth2LoginAuthenticationProvider(org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider)

Example 20 with OAuth2UserRequest

use of org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest in project spring-security by spring-projects.

the class OAuth2LoginConfigurer method getOAuth2UserService.

private OAuth2UserService<OAuth2UserRequest, OAuth2User> getOAuth2UserService() {
    if (this.userInfoEndpointConfig.userService != null) {
        return this.userInfoEndpointConfig.userService;
    }
    ResolvableType type = ResolvableType.forClassWithGenerics(OAuth2UserService.class, OAuth2UserRequest.class, OAuth2User.class);
    OAuth2UserService<OAuth2UserRequest, OAuth2User> bean = getBeanOrNull(type);
    if (bean != null) {
        return bean;
    }
    if (this.userInfoEndpointConfig.customUserTypes.isEmpty()) {
        return new DefaultOAuth2UserService();
    }
    List<OAuth2UserService<OAuth2UserRequest, OAuth2User>> userServices = new ArrayList<>();
    userServices.add(new CustomUserTypesOAuth2UserService(this.userInfoEndpointConfig.customUserTypes));
    userServices.add(new DefaultOAuth2UserService());
    return new DelegatingOAuth2UserService<>(userServices);
}
Also used : CustomUserTypesOAuth2UserService(org.springframework.security.oauth2.client.userinfo.CustomUserTypesOAuth2UserService) OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User) DelegatingOAuth2UserService(org.springframework.security.oauth2.client.userinfo.DelegatingOAuth2UserService) DefaultOAuth2UserService(org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService) CustomUserTypesOAuth2UserService(org.springframework.security.oauth2.client.userinfo.CustomUserTypesOAuth2UserService) OAuth2UserService(org.springframework.security.oauth2.client.userinfo.OAuth2UserService) ArrayList(java.util.ArrayList) DelegatingOAuth2UserService(org.springframework.security.oauth2.client.userinfo.DelegatingOAuth2UserService) OAuth2UserRequest(org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest) ResolvableType(org.springframework.core.ResolvableType) DefaultOAuth2UserService(org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService)

Aggregations

Test (org.junit.jupiter.api.Test)28 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)22 OAuth2User (org.springframework.security.oauth2.core.user.OAuth2User)16 HashMap (java.util.HashMap)6 OAuth2UserRequest (org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest)6 OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)6 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)5 MockResponse (okhttp3.mockwebserver.MockResponse)4 HttpHeaders (org.springframework.http.HttpHeaders)4 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)4 OAuth2UserAuthority (org.springframework.security.oauth2.core.user.OAuth2UserAuthority)4 Map (java.util.Map)3 GrantedAuthority (org.springframework.security.core.GrantedAuthority)3 OAuth2Error (org.springframework.security.oauth2.core.OAuth2Error)3 DefaultOAuth2User (org.springframework.security.oauth2.core.user.DefaultOAuth2User)3 LinkedHashSet (java.util.LinkedHashSet)2 Set (java.util.Set)2 RecordedRequest (okhttp3.mockwebserver.RecordedRequest)2 GrantedAuthoritiesMapper (org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper)2 OAuth2AuthorizationCodeGrantRequest (org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest)2