Search in sources :

Example 16 with DefaultOAuth2User

use of org.springframework.security.oauth2.core.user.DefaultOAuth2User in project spring-security by spring-projects.

the class DefaultOAuth2UserService method loadUser.

@Override
public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
    Assert.notNull(userRequest, "userRequest cannot be null");
    if (!StringUtils.hasText(userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri())) {
        OAuth2Error oauth2Error = new OAuth2Error(MISSING_USER_INFO_URI_ERROR_CODE, "Missing required UserInfo Uri in UserInfoEndpoint for Client Registration: " + userRequest.getClientRegistration().getRegistrationId(), null);
        throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
    }
    String userNameAttributeName = userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
    if (!StringUtils.hasText(userNameAttributeName)) {
        OAuth2Error oauth2Error = new OAuth2Error(MISSING_USER_NAME_ATTRIBUTE_ERROR_CODE, "Missing required \"user name\" attribute name in UserInfoEndpoint for Client Registration: " + userRequest.getClientRegistration().getRegistrationId(), null);
        throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
    }
    RequestEntity<?> request = this.requestEntityConverter.convert(userRequest);
    ResponseEntity<Map<String, Object>> response = getResponse(userRequest, request);
    Map<String, Object> userAttributes = response.getBody();
    Set<GrantedAuthority> authorities = new LinkedHashSet<>();
    authorities.add(new OAuth2UserAuthority(userAttributes));
    OAuth2AccessToken token = userRequest.getAccessToken();
    for (String authority : token.getScopes()) {
        authorities.add(new SimpleGrantedAuthority("SCOPE_" + authority));
    }
    return new DefaultOAuth2User(authorities, userAttributes, userNameAttributeName);
}
Also used : LinkedHashSet(java.util.LinkedHashSet) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) OAuth2UserAuthority(org.springframework.security.oauth2.core.user.OAuth2UserAuthority) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) DefaultOAuth2User(org.springframework.security.oauth2.core.user.DefaultOAuth2User) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) Map(java.util.Map)

Example 17 with DefaultOAuth2User

use of org.springframework.security.oauth2.core.user.DefaultOAuth2User in project spring-security by spring-projects.

the class OAuth2AuthenticationTokenMixinTests method deserializeWhenMixinRegisteredThenDeserializes.

@Test
public void deserializeWhenMixinRegisteredThenDeserializes() throws Exception {
    // OidcUser
    OAuth2AuthenticationToken expectedAuthentication = TestOAuth2AuthenticationTokens.oidcAuthenticated();
    String json = asJson(expectedAuthentication);
    OAuth2AuthenticationToken authentication = this.mapper.readValue(json, OAuth2AuthenticationToken.class);
    assertThat(authentication.getAuthorities()).containsExactlyElementsOf(expectedAuthentication.getAuthorities());
    assertThat(authentication.getDetails()).isEqualTo(expectedAuthentication.getDetails());
    assertThat(authentication.isAuthenticated()).isEqualTo(expectedAuthentication.isAuthenticated());
    assertThat(authentication.getAuthorizedClientRegistrationId()).isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId());
    DefaultOidcUser expectedOidcUser = (DefaultOidcUser) expectedAuthentication.getPrincipal();
    DefaultOidcUser oidcUser = (DefaultOidcUser) authentication.getPrincipal();
    assertThat(oidcUser.getAuthorities().containsAll(expectedOidcUser.getAuthorities())).isTrue();
    assertThat(oidcUser.getAttributes()).containsExactlyEntriesOf(expectedOidcUser.getAttributes());
    assertThat(oidcUser.getName()).isEqualTo(expectedOidcUser.getName());
    OidcIdToken expectedIdToken = expectedOidcUser.getIdToken();
    OidcIdToken idToken = oidcUser.getIdToken();
    assertThat(idToken.getTokenValue()).isEqualTo(expectedIdToken.getTokenValue());
    assertThat(idToken.getIssuedAt()).isEqualTo(expectedIdToken.getIssuedAt());
    assertThat(idToken.getExpiresAt()).isEqualTo(expectedIdToken.getExpiresAt());
    assertThat(idToken.getClaims()).containsExactlyEntriesOf(expectedIdToken.getClaims());
    OidcUserInfo expectedUserInfo = expectedOidcUser.getUserInfo();
    OidcUserInfo userInfo = oidcUser.getUserInfo();
    assertThat(userInfo.getClaims()).containsExactlyEntriesOf(expectedUserInfo.getClaims());
    // OAuth2User
    expectedAuthentication = TestOAuth2AuthenticationTokens.authenticated();
    json = asJson(expectedAuthentication);
    authentication = this.mapper.readValue(json, OAuth2AuthenticationToken.class);
    assertThat(authentication.getAuthorities()).containsExactlyElementsOf(expectedAuthentication.getAuthorities());
    assertThat(authentication.getDetails()).isEqualTo(expectedAuthentication.getDetails());
    assertThat(authentication.isAuthenticated()).isEqualTo(expectedAuthentication.isAuthenticated());
    assertThat(authentication.getAuthorizedClientRegistrationId()).isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId());
    DefaultOAuth2User expectedOauth2User = (DefaultOAuth2User) expectedAuthentication.getPrincipal();
    DefaultOAuth2User oauth2User = (DefaultOAuth2User) authentication.getPrincipal();
    assertThat(oauth2User.getAuthorities().containsAll(expectedOauth2User.getAuthorities())).isTrue();
    assertThat(oauth2User.getAttributes()).containsExactlyEntriesOf(expectedOauth2User.getAttributes());
    assertThat(oauth2User.getName()).isEqualTo(expectedOauth2User.getName());
}
Also used : OAuth2AuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken) OidcIdToken(org.springframework.security.oauth2.core.oidc.OidcIdToken) DefaultOAuth2User(org.springframework.security.oauth2.core.user.DefaultOAuth2User) OidcUserInfo(org.springframework.security.oauth2.core.oidc.OidcUserInfo) DefaultOidcUser(org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser) Test(org.junit.jupiter.api.Test)

Example 18 with DefaultOAuth2User

use of org.springframework.security.oauth2.core.user.DefaultOAuth2User in project spring-security by spring-projects.

the class OidcReactiveOAuth2UserServiceTests method loadUserWhenCustomClaimTypeConverterFactorySetThenApplied.

@Test
public void loadUserWhenCustomClaimTypeConverterFactorySetThenApplied() {
    Map<String, Object> attributes = new HashMap<>();
    attributes.put(StandardClaimNames.SUB, "subject");
    attributes.put("user", "rob");
    OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes, "user");
    given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User));
    OidcUserRequest userRequest = userRequest();
    Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> customClaimTypeConverterFactory = mock(Function.class);
    this.userService.setClaimTypeConverterFactory(customClaimTypeConverterFactory);
    given(customClaimTypeConverterFactory.apply(same(userRequest.getClientRegistration()))).willReturn(new ClaimTypeConverter(OidcReactiveOAuth2UserService.createDefaultClaimTypeConverters()));
    this.userService.loadUser(userRequest).block().getUserInfo();
    verify(customClaimTypeConverterFactory).apply(same(userRequest.getClientRegistration()));
}
Also used : DefaultOAuth2User(org.springframework.security.oauth2.core.user.DefaultOAuth2User) OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) HashMap(java.util.HashMap) ClaimTypeConverter(org.springframework.security.oauth2.core.converter.ClaimTypeConverter) Converter(org.springframework.core.convert.converter.Converter) DefaultOAuth2User(org.springframework.security.oauth2.core.user.DefaultOAuth2User) ClaimTypeConverter(org.springframework.security.oauth2.core.converter.ClaimTypeConverter) Test(org.junit.jupiter.api.Test)

Example 19 with DefaultOAuth2User

use of org.springframework.security.oauth2.core.user.DefaultOAuth2User in project spring-security by spring-projects.

the class OidcReactiveOAuth2UserServiceTests method loadUserWhenOAuth2UserSubjectNotEqualThenOAuth2AuthenticationException.

@Test
public void loadUserWhenOAuth2UserSubjectNotEqualThenOAuth2AuthenticationException() {
    Map<String, Object> attributes = new HashMap<>();
    attributes.put(StandardClaimNames.SUB, "not-equal");
    attributes.put("user", "rob");
    OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes, "user");
    given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User));
    assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.userService.loadUser(userRequest()).block());
}
Also used : DefaultOAuth2User(org.springframework.security.oauth2.core.user.DefaultOAuth2User) OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User) HashMap(java.util.HashMap) DefaultOAuth2User(org.springframework.security.oauth2.core.user.DefaultOAuth2User) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) Test(org.junit.jupiter.api.Test)

Example 20 with DefaultOAuth2User

use of org.springframework.security.oauth2.core.user.DefaultOAuth2User in project spring-security by spring-projects.

the class OidcReactiveOAuth2UserServiceTests method loadUserWhenOAuth2UserThenUserInfoNotNull.

@Test
public void loadUserWhenOAuth2UserThenUserInfoNotNull() {
    Map<String, Object> attributes = new HashMap<>();
    attributes.put(StandardClaimNames.SUB, "subject");
    attributes.put("user", "rob");
    OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes, "user");
    given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User));
    assertThat(this.userService.loadUser(userRequest()).block().getUserInfo()).isNotNull();
}
Also used : DefaultOAuth2User(org.springframework.security.oauth2.core.user.DefaultOAuth2User) OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User) HashMap(java.util.HashMap) DefaultOAuth2User(org.springframework.security.oauth2.core.user.DefaultOAuth2User) Test(org.junit.jupiter.api.Test)

Aggregations

DefaultOAuth2User (org.springframework.security.oauth2.core.user.DefaultOAuth2User)20 Test (org.junit.jupiter.api.Test)15 OAuth2User (org.springframework.security.oauth2.core.user.OAuth2User)14 HashMap (java.util.HashMap)6 GrantedAuthority (org.springframework.security.core.GrantedAuthority)6 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)5 OAuth2AuthorizedClient (org.springframework.security.oauth2.client.OAuth2AuthorizedClient)5 OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)5 OAuth2AuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken)4 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)4 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)4 Collections (java.util.Collections)3 Map (java.util.Map)3 BeforeEach (org.junit.jupiter.api.BeforeEach)3 ExtendWith (org.junit.jupiter.api.extension.ExtendWith)3 RegisteredOAuth2AuthorizedClient (org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient)3 OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)3 Collection (java.util.Collection)2 HashSet (java.util.HashSet)2 List (java.util.List)2