diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java index a24973bf33..b563f992f8 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java @@ -65,7 +65,6 @@ final class AuthorizationCodeAuthenticationFilterConfigurer accessTokenRepository; private OAuth2UserService userInfoService; private Map> customUserTypes = new HashMap<>(); - private Map userNameAttributeNames = new HashMap<>(); private GrantedAuthoritiesMapper userAuthoritiesMapper; AuthorizationCodeAuthenticationFilterConfigurer() { @@ -105,13 +104,6 @@ final class AuthorizationCodeAuthenticationFilterConfigurer userNameAttributeName(String userNameAttributeName, URI userInfoUri) { - Assert.hasText(userNameAttributeName, "userNameAttributeName cannot be empty"); - Assert.notNull(userInfoUri, "userInfoUri cannot be null"); - this.userNameAttributeNames.put(userInfoUri, userNameAttributeName); - return this; - } - AuthorizationCodeAuthenticationFilterConfigurer userAuthoritiesMapper(GrantedAuthoritiesMapper userAuthoritiesMapper) { Assert.notNull(userAuthoritiesMapper, "userAuthoritiesMapper cannot be null"); this.userAuthoritiesMapper = userAuthoritiesMapper; @@ -135,7 +127,6 @@ final class AuthorizationCodeAuthenticationFilterConfigurer { - if (StringUtils.hasText(registration.getProviderDetails().getUserInfoEndpoint().getUri()) && - StringUtils.hasText(registration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName())) { - - URI userInfoUri = URI.create(registration.getProviderDetails().getUserInfoEndpoint().getUri()); - if (!this.userNameAttributeNames.containsKey(userInfoUri)) { - this.userNameAttributeNames.put( - userInfoUri, registration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName()); - } - } - }); - } - private AuthorizationGrantTokenExchanger getAuthorizationCodeTokenExchanger() { if (this.authorizationCodeTokenExchanger == null) { this.authorizationCodeTokenExchanger = new NimbusAuthorizationCodeTokenExchanger(); @@ -229,9 +206,7 @@ final class AuthorizationCodeAuthenticationFilterConfigurer oauth2UserServices = new ArrayList<>(); - if (!this.userNameAttributeNames.isEmpty()) { - oauth2UserServices.add(new DefaultOAuth2UserService(this.userNameAttributeNames)); - } + oauth2UserServices.add(new DefaultOAuth2UserService()); if (this.isOidcClientRegistered()) { oauth2UserServices.add(new OidcUserService()); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java index 0e901dcae4..b5027fc8b0 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java @@ -20,14 +20,14 @@ import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken; -import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter; -import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger; -import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository; import org.springframework.security.oauth2.client.token.SecurityTokenRepository; import org.springframework.security.oauth2.client.user.OAuth2UserService; +import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter; +import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger; +import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder; import org.springframework.security.oauth2.core.AccessToken; import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.security.web.authentication.AuthenticationFailureHandler; @@ -194,13 +194,6 @@ public final class OAuth2LoginConfigurer> exten return this; } - public UserInfoEndpointConfig userNameAttributeName(String userNameAttributeName, URI userInfoUri) { - Assert.hasText(userNameAttributeName, "userNameAttributeName cannot be empty"); - Assert.notNull(userInfoUri, "userInfoUri cannot be null"); - OAuth2LoginConfigurer.this.authorizationCodeAuthenticationFilterConfigurer.userNameAttributeName(userNameAttributeName, userInfoUri); - return this; - } - public OAuth2LoginConfigurer and() { return OAuth2LoginConfigurer.this; } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/DefaultOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/DefaultOAuth2UserService.java index f760928460..a8df30ca62 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/DefaultOAuth2UserService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/DefaultOAuth2UserService.java @@ -18,17 +18,16 @@ package org.springframework.security.oauth2.client.user; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException; import org.springframework.security.oauth2.client.authentication.OAuth2ClientAuthenticationToken; +import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.user.nimbus.NimbusUserInfoRetriever; import org.springframework.security.oauth2.core.user.DefaultOAuth2User; import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.security.oauth2.core.user.OAuth2UserAuthority; import org.springframework.security.oauth2.oidc.client.authentication.OidcClientAuthenticationToken; import org.springframework.util.Assert; +import org.springframework.util.StringUtils; -import java.net.URI; -import java.util.Collections; import java.util.HashSet; -import java.util.LinkedHashMap; import java.util.Map; import java.util.Set; @@ -36,8 +35,8 @@ import java.util.Set; * An implementation of an {@link OAuth2UserService} that supports standard OAuth 2.0 Provider's. *

* For standard OAuth 2.0 Provider's, the attribute name (from the UserInfo Response) - * for the "user's name" is required. This is supplied via the constructor, - * mapped by URI, which represents the UserInfo Endpoint address. + * for the "user's name" is required and therefore must be supplied via + * {@link ClientRegistration.ProviderDetails.UserInfoEndpoint#getUserNameAttributeName()}. *

* NOTE: Attribute names are not standardized between providers and therefore will vary. * Please consult the provider's API documentation for the set of supported user attribute names. @@ -52,12 +51,9 @@ import java.util.Set; * @see UserInfoRetriever */ public class DefaultOAuth2UserService implements OAuth2UserService { - private final Map userNameAttributeNames; private UserInfoRetriever userInfoRetriever = new NimbusUserInfoRetriever(); - public DefaultOAuth2UserService(Map userNameAttributeNames) { - Assert.notEmpty(userNameAttributeNames, "userNameAttributeNames cannot be empty"); - this.userNameAttributeNames = Collections.unmodifiableMap(new LinkedHashMap<>(userNameAttributeNames)); + public DefaultOAuth2UserService() { } @Override @@ -66,12 +62,12 @@ public class DefaultOAuth2UserService implements OAuth2UserService { return null; } - URI userInfoUri = URI.create(clientAuthentication.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri()); - if (!this.getUserNameAttributeNames().containsKey(userInfoUri)) { + String userNameAttributeName = clientAuthentication.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName(); + if (!StringUtils.hasText(userNameAttributeName)) { throw new IllegalArgumentException( - "Missing required \"user name\" attribute name for UserInfo Endpoint: " + userInfoUri.toString()); + "Missing required \"user name\" attribute name in UserInfoEndpoint for Client Registration: " + + clientAuthentication.getClientRegistration().getRegistrationId()); } - String userNameAttributeName = this.getUserNameAttributeNames().get(userInfoUri); Map userAttributes = this.getUserInfoRetriever().retrieve(clientAuthentication); GrantedAuthority authority = new OAuth2UserAuthority(userAttributes); @@ -81,10 +77,6 @@ public class DefaultOAuth2UserService implements OAuth2UserService { return new DefaultOAuth2User(authorities, userAttributes, userNameAttributeName); } - protected Map getUserNameAttributeNames() { - return this.userNameAttributeNames; - } - protected UserInfoRetriever getUserInfoRetriever() { return this.userInfoRetriever; }