diff --git a/docs/modules/ROOT/pages/reactive/oauth2/login/advanced.adoc b/docs/modules/ROOT/pages/reactive/oauth2/login/advanced.adoc index 9a8398713a7..7bbf7153dc3 100644 --- a/docs/modules/ROOT/pages/reactive/oauth2/login/advanced.adoc +++ b/docs/modules/ROOT/pages/reactive/oauth2/login/advanced.adoc @@ -439,24 +439,21 @@ public class OAuth2LoginSecurityConfig { @Bean public ReactiveOAuth2UserService oidcUserService() { - final OidcReactiveOAuth2UserService delegate = new OidcReactiveOAuth2UserService(); + return new OidcReactiveOAuth2UserService() { + @Override + protected OidcUser getUser(OidcUserRequest userRequest, OidcUserInfo userInfo, Set authorities) { + OAuth2AccessToken accessToken = userRequest.getAccessToken(); + Set mappedAuthorities = new HashSet<>(); - return (userRequest) -> { - // Delegate to the default implementation for loading a user - return delegate.loadUser(userRequest) - .flatMap((oidcUser) -> { - OAuth2AccessToken accessToken = userRequest.getAccessToken(); - Set mappedAuthorities = new HashSet<>(); + // TODO + // 1) Fetch the authority information from the protected resource using accessToken + // 2) Map the authority information to one or more GrantedAuthority's and add it to mappedAuthorities - // TODO - // 1) Fetch the authority information from the protected resource using accessToken - // 2) Map the authority information to one or more GrantedAuthority's and add it to mappedAuthorities + // Delegate to the default implementation for getting a user + OidcUser oidcUser = super.loadUser(userRequest, userInfo, mappedAuthorities); - // 3) Create a copy of oidcUser but use the mappedAuthorities instead - oidcUser = new DefaultOidcUser(mappedAuthorities, oidcUser.getIdToken(), oidcUser.getUserInfo()); - - return Mono.just(oidcUser); - }); + return oidcUser; + } }; } } @@ -479,24 +476,19 @@ class OAuth2LoginSecurityConfig { } @Bean - fun oidcUserService(): ReactiveOAuth2UserService { - val delegate = OidcReactiveOAuth2UserService() - - return ReactiveOAuth2UserService { userRequest -> - // Delegate to the default implementation for loading a user - delegate.loadUser(userRequest) - .flatMap { oidcUser -> - val accessToken = userRequest.accessToken - val mappedAuthorities = mutableSetOf() - - // TODO - // 1) Fetch the authority information from the protected resource using accessToken - // 2) Map the authority information to one or more GrantedAuthority's and add it to mappedAuthorities - // 3) Create a copy of oidcUser but use the mappedAuthorities instead - val mappedOidcUser = DefaultOidcUser(mappedAuthorities, oidcUser.idToken, oidcUser.userInfo) - - Mono.just(mappedOidcUser) - } + fun oidcUserService(): ReactiveOAuth2UserService = object : OidcReactiveOAuth2UserService() { + override fun getUser(userRequest: OidcUserRequest, userInfo: OidcUserInfo, authorities: Set): OidcUser { + val accessToken = userRequest.accessToken + val mappedAuthorities = mutableSetOf() + + // TODO + // 1) Fetch the authority information from the protected resource using accessToken + // 2) Map the authority information to one or more GrantedAuthority's and add it to mappedAuthorities + + // Delegate to the default implementation for getting a user + val mappedOidcUser = super.getUser(userRequest, userInfo, mappedAuthorities) + + mappedOidcUser } } } diff --git a/docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc b/docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc index 91147e8bd8a..1a3cd9ba27a 100644 --- a/docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc +++ b/docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc @@ -626,23 +626,21 @@ public class OAuth2LoginSecurityConfig { } private OAuth2UserService oidcUserService() { - final OidcUserService delegate = new OidcUserService(); + return new OidcUserService() { + @Override + protected OidcUser getUser(OidcUserRequest userRequest, OidcUserInfo userInfo, Set authorities) { + OAuth2AccessToken accessToken = userRequest.getAccessToken(); + Set mappedAuthorities = new HashSet<>(); - return (userRequest) -> { - // Delegate to the default implementation for loading a user - OidcUser oidcUser = delegate.loadUser(userRequest); + // TODO + // 1) Fetch the authority information from the protected resource using accessToken + // 2) Map the authority information to one or more GrantedAuthority's and add it to mappedAuthorities - OAuth2AccessToken accessToken = userRequest.getAccessToken(); - Set mappedAuthorities = new HashSet<>(); - - // TODO - // 1) Fetch the authority information from the protected resource using accessToken - // 2) Map the authority information to one or more GrantedAuthority's and add it to mappedAuthorities - - // 3) Create a copy of oidcUser but use the mappedAuthorities instead - oidcUser = new DefaultOidcUser(mappedAuthorities, oidcUser.getIdToken(), oidcUser.getUserInfo()); + // Delegate to the default implementation for getting a user + OidcUser oidcUser = super.getUser(userRequest, userInfo, mappedAuthorities); - return oidcUser; + return oidcUser; + } }; } } @@ -668,21 +666,17 @@ class OAuth2LoginSecurityConfig { } @Bean - fun oidcUserService(): OAuth2UserService { - val delegate = OidcUserService() - - return OAuth2UserService { userRequest -> - // Delegate to the default implementation for loading a user - var oidcUser = delegate.loadUser(userRequest) - + fun oidcUserService(): OAuth2UserService = object : OidcUserService() { + override fun getUser(userRequest: OidcUserRequest, userInfo: OidcUserInfo, authorities: Set): OidcUser { val accessToken = userRequest.accessToken val mappedAuthorities = HashSet() // TODO // 1) Fetch the authority information from the protected resource using accessToken // 2) Map the authority information to one or more GrantedAuthority's and add it to mappedAuthorities - // 3) Create a copy of oidcUser but use the mappedAuthorities instead - oidcUser = DefaultOidcUser(mappedAuthorities, oidcUser.idToken, oidcUser.userInfo) + + // Delegate to the default implementation for getting a user + val oidcUser = super.getUser(userRequest, userInfo, mappedAuthorities) oidcUser } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java index 1845ff0d11b..b168ec63d68 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java @@ -111,17 +111,21 @@ public Mono loadUser(OidcUserRequest userRequest) throws OAuth2Authent for (String scope : token.getScopes()) { authorities.add(new SimpleGrantedAuthority("SCOPE_" + scope)); } - String userNameAttributeName = userRequest.getClientRegistration().getProviderDetails() - .getUserInfoEndpoint().getUserNameAttributeName(); - if (StringUtils.hasText(userNameAttributeName)) { - return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo, - userNameAttributeName); - } - return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo); + return getUser(userRequest, userInfo, authorities); }); // @formatter:on } + protected OidcUser getUser(OidcUserRequest userRequest, OidcUserInfo userInfo, Set authorities) { + String userNameAttributeName = userRequest.getClientRegistration().getProviderDetails() + .getUserInfoEndpoint().getUserNameAttributeName(); + if (StringUtils.hasText(userNameAttributeName)) { + return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo, + userNameAttributeName); + } + return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo); + } + private Mono getUserInfo(OidcUserRequest userRequest) { if (!OidcUserRequestUtils.shouldRetrieveUserInfo(userRequest)) { return Mono.empty(); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java index 0f543f69a7a..43468622991 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java @@ -145,7 +145,7 @@ private Map getClaims(OidcUserRequest userRequest, OAuth2User oa return DEFAULT_CLAIM_TYPE_CONVERTER.convert(oauth2User.getAttributes()); } - private OidcUser getUser(OidcUserRequest userRequest, OidcUserInfo userInfo, Set authorities) { + protected OidcUser getUser(OidcUserRequest userRequest, OidcUserInfo userInfo, Set authorities) { ProviderDetails providerDetails = userRequest.getClientRegistration().getProviderDetails(); String userNameAttributeName = providerDetails.getUserInfoEndpoint().getUserNameAttributeName(); if (StringUtils.hasText(userNameAttributeName)) {