Update javaxval/src/test/java/org/baeldung/javaxval/messageinterpolator/ParameterMessageInterpolaterIntegrationTest.java

update to use the givenX_whenY_thenZ naming convention for tests

Co-Authored-By: KevinGilmore <kpg102@gmail.com>

spring-5-security-oauth/README.md

@@ -0,0 +1,9 @@
+## Spring 5 Security OAuth
+
+This module contains articles about Spring 5 OAuth Security
+
+## Relevant articles:
+
+- [Spring Security 5 – OAuth2 Login](https://www.baeldung.com/spring-security-5-oauth2-login)
+- [Extracting Principal and Authorities using Spring Security OAuth](https://www.baeldung.com/spring-security-oauth-principal-authorities-extractor)
+- [Customizing Authorization and Token Requests with Spring Security 5.1 Client](https://www.baeldung.com/spring-security-custom-oauth-requests)

spring-5-security-oauth/pom.xml

@@ -0,0 +1,74 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>com.baeldung</groupId>
+    <artifactId>spring-5-security-oauth</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+    <name>spring-5-security-oauth</name>
+    <packaging>jar</packaging>
+    <description>spring 5 security oauth sample project</description>
+
+    <parent>
+        <groupId>com.baeldung</groupId>
+        <artifactId>parent-boot-2</artifactId>
+        <version>0.0.1-SNAPSHOT</version>
+        <relativePath>../parent-boot-2</relativePath>
+    </parent>
+
+    <dependencies>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-thymeleaf</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.thymeleaf.extras</groupId>
+            <artifactId>thymeleaf-extras-springsecurity5</artifactId>
+        </dependency>
+
+        <!-- oauth2 -->
+        <dependency>
+            <groupId>org.springframework.security.oauth.boot</groupId>
+            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
+            <version>${oauth-auto.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-client</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-jose</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-test</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+	
+    <properties>
+        <spring-boot.version>2.1.0.RELEASE</spring-boot.version>
+        <oauth-auto.version>2.1.0.RELEASE</oauth-auto.version>
+        <start-class>com.baeldung.oauth2.SpringOAuthApplication</start-class>
+    </properties>
+
+</project>

spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomRequestSecurityConfig.java

@@ -0,0 +1,118 @@
+package com.baeldung.oauth2;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.PropertySource;
+import org.springframework.core.env.Environment;
+import org.springframework.http.converter.FormHttpMessageConverter;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.oauth2.client.CommonOAuth2Provider;
+import org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient;
+import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
+import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
+import org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
+import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
+import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository;
+import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
+import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
+import org.springframework.web.client.RestTemplate;
+
+import com.baeldung.oauth2request.CustomAuthorizationRequestResolver;
+import com.baeldung.oauth2request.CustomRequestEntityConverter;
+import com.baeldung.oauth2request.CustomTokenResponseConverter;
+
+//@Configuration
+@PropertySource("application-oauth2.properties")
+public class CustomRequestSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+            .antMatchers("/oauth_login", "/loginFailure", "/")
+            .permitAll()
+            .anyRequest()
+            .authenticated()
+            .and()
+            .oauth2Login()
+            .loginPage("/oauth_login")
+            .authorizationEndpoint()
+                        .authorizationRequestResolver( new CustomAuthorizationRequestResolver(clientRegistrationRepository(),"/oauth2/authorize-client"))
+
+            .baseUri("/oauth2/authorize-client")
+            .authorizationRequestRepository(authorizationRequestRepository())
+            .and()
+            .tokenEndpoint()
+            .accessTokenResponseClient(accessTokenResponseClient())
+            .and()
+            .defaultSuccessUrl("/loginSuccess")
+            .failureUrl("/loginFailure");
+    }
+
+    @Bean
+    public AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository() {
+        return new HttpSessionOAuth2AuthorizationRequestRepository();
+    }
+
+    @Bean
+    public OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient() {
+        DefaultAuthorizationCodeTokenResponseClient accessTokenResponseClient = new DefaultAuthorizationCodeTokenResponseClient();
+        accessTokenResponseClient.setRequestEntityConverter(new CustomRequestEntityConverter());
+        
+        OAuth2AccessTokenResponseHttpMessageConverter tokenResponseHttpMessageConverter = new OAuth2AccessTokenResponseHttpMessageConverter();
+        tokenResponseHttpMessageConverter.setTokenResponseConverter(new CustomTokenResponseConverter());
+        RestTemplate restTemplate = new RestTemplate(Arrays.asList(new FormHttpMessageConverter(), tokenResponseHttpMessageConverter));
+        restTemplate.setErrorHandler(new OAuth2ErrorResponseErrorHandler());
+        accessTokenResponseClient.setRestOperations(restTemplate);
+        return accessTokenResponseClient;
+    }
+
+    
+    // additional configuration for non-Spring Boot projects
+    private static List<String> clients = Arrays.asList("google", "facebook");
+
+    //@Bean
+    public ClientRegistrationRepository clientRegistrationRepository() {
+        List<ClientRegistration> registrations = clients.stream()
+            .map(c -> getRegistration(c))
+            .filter(registration -> registration != null)
+            .collect(Collectors.toList());
+
+        return new InMemoryClientRegistrationRepository(registrations);
+    }
+
+    private static String CLIENT_PROPERTY_KEY = "spring.security.oauth2.client.registration.";
+
+    @Autowired
+    private Environment env;
+
+    private ClientRegistration getRegistration(String client) {
+        String clientId = env.getProperty(CLIENT_PROPERTY_KEY + client + ".client-id");
+
+        if (clientId == null) {
+            return null;
+        }
+
+        String clientSecret = env.getProperty(CLIENT_PROPERTY_KEY + client + ".client-secret");
+        if (client.equals("google")) {
+            return CommonOAuth2Provider.GOOGLE.getBuilder(client)
+                .clientId(clientId)
+                .clientSecret(clientSecret)
+                .build();
+        }
+        if (client.equals("facebook")) {
+            return CommonOAuth2Provider.FACEBOOK.getBuilder(client)
+                .clientId(clientId)
+                .clientSecret(clientSecret)
+                .build();
+        }
+        return null;
+    }
+}

spring-5-security-oauth/src/main/java/com/baeldung/oauth2/LoginController.java

@@ -0,0 +1,75 @@
+package com.baeldung.oauth2;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.ResolvableType;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
+import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.client.RestTemplate;
+
+@Controller
+public class LoginController {
+
+    private static final String authorizationRequestBaseUri = "oauth2/authorize-client";
+    Map<String, String> oauth2AuthenticationUrls = new HashMap<>();
+
+    @Autowired
+    private ClientRegistrationRepository clientRegistrationRepository;
+    @Autowired
+    private OAuth2AuthorizedClientService authorizedClientService;
+
+    @GetMapping("/oauth_login")
+    public String getLoginPage(Model model) {
+        Iterable<ClientRegistration> clientRegistrations = null;
+        ResolvableType type = ResolvableType.forInstance(clientRegistrationRepository)
+            .as(Iterable.class);
+        if (type != ResolvableType.NONE && ClientRegistration.class.isAssignableFrom(type.resolveGenerics()[0])) {
+            clientRegistrations = (Iterable<ClientRegistration>) clientRegistrationRepository;
+        }
+
+        clientRegistrations.forEach(registration -> oauth2AuthenticationUrls.put(registration.getClientName(), authorizationRequestBaseUri + "/" + registration.getRegistrationId()));
+        model.addAttribute("urls", oauth2AuthenticationUrls);
+
+        return "oauth_login";
+    }
+
+    @GetMapping("/loginSuccess")
+    public String getLoginInfo(Model model, OAuth2AuthenticationToken authentication) {
+
+        OAuth2AuthorizedClient client = authorizedClientService.loadAuthorizedClient(authentication.getAuthorizedClientRegistrationId(), authentication.getName());
+
+        String userInfoEndpointUri = client.getClientRegistration()
+            .getProviderDetails()
+            .getUserInfoEndpoint()
+            .getUri();
+
+        if (!StringUtils.isEmpty(userInfoEndpointUri)) {
+            RestTemplate restTemplate = new RestTemplate();
+            HttpHeaders headers = new HttpHeaders();
+            headers.add(HttpHeaders.AUTHORIZATION, "Bearer " + client.getAccessToken()
+                .getTokenValue());
+
+            HttpEntity<String> entity = new HttpEntity<String>("", headers);
+
+            ResponseEntity<Map> response = restTemplate.exchange(userInfoEndpointUri, HttpMethod.GET, entity, Map.class);
+            Map userAttributes = response.getBody();
+            model.addAttribute("name", userAttributes.get("name"));
+        }
+
+        return "loginSuccess";
+    }
+
+}

spring-5-security-oauth/src/main/java/com/baeldung/oauth2/MvcConfig.java

@@ -0,0 +1,15 @@
+package com.baeldung.oauth2;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class MvcConfig implements WebMvcConfigurer {
+
+    @Override
+    public void addViewControllers(ViewControllerRegistry registry) {
+        registry.addViewController("securedPage");
+        registry.addViewController("loginFailure");
+    }
+}

spring-5-security-oauth/src/main/java/com/baeldung/oauth2/SecurityConfig.java

@@ -0,0 +1,103 @@
+package com.baeldung.oauth2;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.PropertySource;
+import org.springframework.core.env.Environment;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.oauth2.client.CommonOAuth2Provider;
+import org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient;
+import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
+import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
+import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
+import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository;
+import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
+
+@Configuration
+@PropertySource("application-oauth2.properties")
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+            .antMatchers("/oauth_login", "/loginFailure", "/")
+            .permitAll()
+            .anyRequest()
+            .authenticated()
+            .and()
+            .oauth2Login()
+            .loginPage("/oauth_login")
+            .authorizationEndpoint()
+            .baseUri("/oauth2/authorize-client")
+            .authorizationRequestRepository(authorizationRequestRepository())
+            .and()
+            .tokenEndpoint()
+            .accessTokenResponseClient(accessTokenResponseClient())
+            .and()
+            .defaultSuccessUrl("/loginSuccess")
+            .failureUrl("/loginFailure");
+    }
+
+    @Bean
+    public AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository() {
+        return new HttpSessionOAuth2AuthorizationRequestRepository();
+    }
+
+    @Bean
+    public OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient() {
+        DefaultAuthorizationCodeTokenResponseClient accessTokenResponseClient = new DefaultAuthorizationCodeTokenResponseClient();
+        return accessTokenResponseClient;
+    }
+
+    
+    // additional configuration for non-Spring Boot projects
+    private static List<String> clients = Arrays.asList("google", "facebook");
+
+    //@Bean
+    public ClientRegistrationRepository clientRegistrationRepository() {
+        List<ClientRegistration> registrations = clients.stream()
+            .map(c -> getRegistration(c))
+            .filter(registration -> registration != null)
+            .collect(Collectors.toList());
+
+        return new InMemoryClientRegistrationRepository(registrations);
+    }
+
+    private static String CLIENT_PROPERTY_KEY = "spring.security.oauth2.client.registration.";
+
+    @Autowired
+    private Environment env;
+
+    private ClientRegistration getRegistration(String client) {
+        String clientId = env.getProperty(CLIENT_PROPERTY_KEY + client + ".client-id");
+
+        if (clientId == null) {
+            return null;
+        }
+
+        String clientSecret = env.getProperty(CLIENT_PROPERTY_KEY + client + ".client-secret");
+        if (client.equals("google")) {
+            return CommonOAuth2Provider.GOOGLE.getBuilder(client)
+                .clientId(clientId)
+                .clientSecret(clientSecret)
+                .build();
+        }
+        if (client.equals("facebook")) {
+            return CommonOAuth2Provider.FACEBOOK.getBuilder(client)
+                .clientId(clientId)
+                .clientSecret(clientSecret)
+                .build();
+        }
+        return null;
+    }
+
+}

spring-5-security-oauth/src/main/java/com/baeldung/oauth2/SpringOAuthApplication.java

@@ -0,0 +1,15 @@
+package com.baeldung.oauth2;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.PropertySource;
+
+@PropertySource("classpath:default-application.properties")
+@SpringBootApplication
+public class SpringOAuthApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(SpringOAuthApplication.class, args);
+    }
+
+}

spring-5-security-oauth/src/main/java/com/baeldung/oauth2extractors/ExtractorsApplication.java

@@ -0,0 +1,31 @@
+package com.baeldung.oauth2extractors;
+
+import org.apache.logging.log4j.util.Strings;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.PropertySource;
+import org.springframework.core.env.AbstractEnvironment;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@PropertySource("classpath:default-application.properties")
+@SpringBootApplication
+@Controller
+public class ExtractorsApplication {
+    public static void main(String[] args) {
+        if (Strings.isEmpty(System.getProperty(AbstractEnvironment.ACTIVE_PROFILES_PROPERTY_NAME))) {
+            /*System.setProperty(AbstractEnvironment.ACTIVE_PROFILES_PROPERTY_NAME,
+                    "oauth2-extractors-baeldung");*/
+            System.setProperty(AbstractEnvironment.ACTIVE_PROFILES_PROPERTY_NAME,
+                    "oauth2-extractors-github");
+        }
+
+        SpringApplication.run(ExtractorsApplication.class, args);
+    }
+
+    @RequestMapping("/")
+    public String index() {
+        return "oauth2_extractors";
+    }
+
+}

spring-5-security-oauth/src/main/java/com/baeldung/oauth2extractors/configuration/SecurityConfig.java

@@ -0,0 +1,55 @@
+package com.baeldung.oauth2extractors.configuration;
+
+import com.baeldung.oauth2extractors.extractor.custom.BaeldungAuthoritiesExtractor;
+import com.baeldung.oauth2extractors.extractor.custom.BaeldungPrincipalExtractor;
+import com.baeldung.oauth2extractors.extractor.github.GithubAuthoritiesExtractor;
+import com.baeldung.oauth2extractors.extractor.github.GithubPrincipalExtractor;
+import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@EnableOAuth2Sso
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.antMatcher("/**")
+                .authorizeRequests()
+                .antMatchers("/login**")
+                .permitAll()
+                .anyRequest()
+                .authenticated()
+                .and()
+                .formLogin().disable();
+    }
+
+    @Bean
+    @Profile("oauth2-extractors-baeldung")
+    public PrincipalExtractor baeldungPrincipalExtractor() {
+        return new BaeldungPrincipalExtractor();
+    }
+
+    @Bean
+    @Profile("oauth2-extractors-baeldung")
+    public AuthoritiesExtractor baeldungAuthoritiesExtractor() {
+        return new BaeldungAuthoritiesExtractor();
+    }
+
+    @Bean
+    @Profile("oauth2-extractors-github")
+    public PrincipalExtractor githubPrincipalExtractor() {
+        return new GithubPrincipalExtractor();
+    }
+
+    @Bean
+    @Profile("oauth2-extractors-github")
+    public AuthoritiesExtractor githubAuthoritiesExtractor() {
+        return new GithubAuthoritiesExtractor();
+    }
+}

spring-5-security-oauth/src/main/java/com/baeldung/oauth2extractors/extractor/custom/BaeldungAuthoritiesExtractor.java

@@ -0,0 +1,29 @@
+package com.baeldung.oauth2extractors.extractor.custom;
+
+import org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
+
+import java.util.ArrayList;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+
+public class BaeldungAuthoritiesExtractor implements AuthoritiesExtractor {
+
+    @Override
+    public List<GrantedAuthority> extractAuthorities(Map<String, Object> map) {
+        return AuthorityUtils
+                .commaSeparatedStringToAuthorityList(asAuthorities(map));
+    }
+
+    private String asAuthorities(Map<String, Object> map) {
+        List<String> authorities = new ArrayList<>();
+        authorities.add("BAELDUNG_USER");
+        List<LinkedHashMap<String, String>> authz = (List<LinkedHashMap<String, String>>) map.get("authorities");
+        for (LinkedHashMap<String, String> entry : authz) {
+            authorities.add(entry.get("authority"));
+        }
+        return String.join(",", authorities);
+    }
+}

spring-5-security-oauth/src/main/java/com/baeldung/oauth2extractors/extractor/custom/BaeldungPrincipalExtractor.java

@@ -0,0 +1,13 @@
+package com.baeldung.oauth2extractors.extractor.custom;
+
+import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor;
+
+import java.util.Map;
+
+public class BaeldungPrincipalExtractor implements PrincipalExtractor {
+
+    @Override
+    public Object extractPrincipal(Map<String, Object> map) {
+        return map.get("name");
+    }
+}

spring-5-security-oauth/src/main/java/com/baeldung/oauth2extractors/extractor/github/GithubAuthoritiesExtractor.java

@@ -0,0 +1,29 @@
+package com.baeldung.oauth2extractors.extractor.github;
+
+import org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
+
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+
+public class GithubAuthoritiesExtractor implements AuthoritiesExtractor {
+    private List<GrantedAuthority> GITHUB_FREE_AUTHORITIES = AuthorityUtils
+            .commaSeparatedStringToAuthorityList("GITHUB_USER,GITHUB_USER_FREE");
+    private List<GrantedAuthority> GITHUB_SUBSCRIBED_AUTHORITIES = AuthorityUtils
+            .commaSeparatedStringToAuthorityList("GITHUB_USER,GITHUB_USER_SUBSCRIBED");
+
+    @Override
+    public List<GrantedAuthority> extractAuthorities(Map<String, Object> map) {
+        if (Objects.nonNull(map.get("plan"))) {
+            if (!((LinkedHashMap) map.get("plan"))
+                    .get("name")
+                    .equals("free")) {
+                return GITHUB_SUBSCRIBED_AUTHORITIES;
+            }
+        }
+        return GITHUB_FREE_AUTHORITIES;
+    }
+}

spring-5-security-oauth/src/main/java/com/baeldung/oauth2extractors/extractor/github/GithubPrincipalExtractor.java

@@ -0,0 +1,13 @@
+package com.baeldung.oauth2extractors.extractor.github;
+
+import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor;
+
+import java.util.Map;
+
+public class GithubPrincipalExtractor implements PrincipalExtractor {
+
+    @Override
+    public Object extractPrincipal(Map<String, Object> map) {
+        return map.get("login");
+    }
+}

spring-5-security-oauth/src/main/java/com/baeldung/oauth2request/CustomAuthorizationRequestResolver.java

@@ -0,0 +1,57 @@
+package com.baeldung.oauth2request;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver;
+import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver;
+import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
+
+public class CustomAuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
+    
+    private OAuth2AuthorizationRequestResolver defaultResolver;
+
+    public CustomAuthorizationRequestResolver(ClientRegistrationRepository repo, String authorizationRequestBaseUri){
+        defaultResolver = new DefaultOAuth2AuthorizationRequestResolver(repo, authorizationRequestBaseUri);
+    }
+
+    @Override
+    public OAuth2AuthorizationRequest resolve(HttpServletRequest request) {
+        OAuth2AuthorizationRequest req = defaultResolver.resolve(request);
+        if(req != null){
+            req = customizeAuthorizationRequest(req);
+        }
+        return req;
+    }
+
+    @Override
+    public OAuth2AuthorizationRequest resolve(HttpServletRequest request, String clientRegistrationId) {
+        OAuth2AuthorizationRequest req = defaultResolver.resolve(request, clientRegistrationId);
+        if(req != null){
+            req = customizeAuthorizationRequest(req);
+        }
+        return req;
+    }
+
+    private OAuth2AuthorizationRequest customizeAuthorizationRequest(OAuth2AuthorizationRequest req) {
+        Map<String,Object> extraParams = new HashMap<String,Object>();
+        extraParams.putAll(req.getAdditionalParameters()); //VIP note
+        extraParams.put("test", "extra");
+        System.out.println("here =====================");
+        return OAuth2AuthorizationRequest.from(req).additionalParameters(extraParams).build();
+    }
+
+    private OAuth2AuthorizationRequest customizeAuthorizationRequest1(OAuth2AuthorizationRequest req) {
+        return OAuth2AuthorizationRequest.from(req).state("xyz").build();
+    }
+    
+    private OAuth2AuthorizationRequest customizeOktaReq(OAuth2AuthorizationRequest req) {
+        Map<String,Object> extraParams = new HashMap<String,Object>();
+        extraParams.putAll(req.getAdditionalParameters()); 
+        extraParams.put("idp", "https://idprovider.com");
+        return OAuth2AuthorizationRequest.from(req).additionalParameters(extraParams).build();
+    }
+}

spring-5-security-oauth/src/main/java/com/baeldung/oauth2request/CustomRequestEntityConverter.java

@@ -0,0 +1,26 @@
+package com.baeldung.oauth2request;
+
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.http.RequestEntity;
+import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
+import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequestEntityConverter;
+import org.springframework.util.MultiValueMap;
+
+public class CustomRequestEntityConverter implements Converter<OAuth2AuthorizationCodeGrantRequest, RequestEntity<?>> {
+
+    private OAuth2AuthorizationCodeGrantRequestEntityConverter defaultConverter;
+    
+    public CustomRequestEntityConverter() {
+        defaultConverter = new OAuth2AuthorizationCodeGrantRequestEntityConverter();
+    }
+    
+    @Override
+    public RequestEntity<?> convert(OAuth2AuthorizationCodeGrantRequest req) {
+        RequestEntity<?> entity = defaultConverter.convert(req);
+        MultiValueMap<String, String> params = (MultiValueMap<String,String>) entity.getBody();
+        params.add("test2", "extra2");
+        System.out.println(params.entrySet());
+        return new RequestEntity<>(params, entity.getHeaders(), entity.getMethod(), entity.getUrl());
+    }
+
+}

spring-5-security-oauth/src/main/java/com/baeldung/oauth2request/CustomTokenResponseConverter.java

@@ -0,0 +1,67 @@
+package com.baeldung.oauth2request;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.util.StringUtils;
+
+public class CustomTokenResponseConverter implements Converter<Map<String, String>, OAuth2AccessTokenResponse> {
+    private static final Set<String> TOKEN_RESPONSE_PARAMETER_NAMES = Stream.of(
+        OAuth2ParameterNames.ACCESS_TOKEN, 
+        OAuth2ParameterNames.TOKEN_TYPE, 
+        OAuth2ParameterNames.EXPIRES_IN, 
+        OAuth2ParameterNames.REFRESH_TOKEN, 
+        OAuth2ParameterNames.SCOPE) .collect(Collectors.toSet());
+
+    @Override
+    public OAuth2AccessTokenResponse convert(Map<String, String> tokenResponseParameters) {
+        String accessToken = tokenResponseParameters.get(OAuth2ParameterNames.ACCESS_TOKEN);
+
+        OAuth2AccessToken.TokenType accessTokenType = null;
+        if (OAuth2AccessToken.TokenType.BEARER.getValue()
+            .equalsIgnoreCase(tokenResponseParameters.get(OAuth2ParameterNames.TOKEN_TYPE))) {
+            accessTokenType = OAuth2AccessToken.TokenType.BEARER;
+        }
+
+        long expiresIn = 0;
+        if (tokenResponseParameters.containsKey(OAuth2ParameterNames.EXPIRES_IN)) {
+            try {
+                expiresIn = Long.valueOf(tokenResponseParameters.get(OAuth2ParameterNames.EXPIRES_IN));
+            } catch (NumberFormatException ex) {
+            }
+        }
+
+        Set<String> scopes = Collections.emptySet();
+        if (tokenResponseParameters.containsKey(OAuth2ParameterNames.SCOPE)) {
+            String scope = tokenResponseParameters.get(OAuth2ParameterNames.SCOPE);
+            scopes = Arrays.stream(StringUtils.delimitedListToStringArray(scope, " "))
+                .collect(Collectors.toSet());
+        }
+
+        String refreshToken = tokenResponseParameters.get(OAuth2ParameterNames.REFRESH_TOKEN);
+
+        Map<String, Object> additionalParameters = new LinkedHashMap<>();
+        tokenResponseParameters.entrySet()
+            .stream()
+            .filter(e -> !TOKEN_RESPONSE_PARAMETER_NAMES.contains(e.getKey()))
+            .forEach(e -> additionalParameters.put(e.getKey(), e.getValue()));
+
+        return OAuth2AccessTokenResponse.withToken(accessToken)
+            .tokenType(accessTokenType)
+            .expiresIn(expiresIn)
+            .scopes(scopes)
+            .refreshToken(refreshToken)
+            .additionalParameters(additionalParameters)
+            .build();
+    }
+
+}

spring-5-security-oauth/src/main/java/com/baeldung/oauth2request/LinkedinTokenResponseConverter.java

@@ -0,0 +1,24 @@
+package com.baeldung.oauth2request;
+
+import java.util.Map;
+
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+
+public class LinkedinTokenResponseConverter implements Converter<Map<String, String>, OAuth2AccessTokenResponse> {
+
+    @Override
+    public OAuth2AccessTokenResponse convert(Map<String, String> tokenResponseParameters) {
+        String accessToken = tokenResponseParameters.get(OAuth2ParameterNames.ACCESS_TOKEN);
+        long expiresIn = Long.valueOf(tokenResponseParameters.get(OAuth2ParameterNames.EXPIRES_IN));
+        
+        OAuth2AccessToken.TokenType accessTokenType = OAuth2AccessToken.TokenType.BEARER;
+
+        return OAuth2AccessTokenResponse.withToken(accessToken)
+            .tokenType(accessTokenType)
+            .expiresIn(expiresIn)
+            .build();
+    }
+}

spring-5-security-oauth/src/main/resources/application-oauth2-extractors-baeldung.properties

@@ -0,0 +1,6 @@
+server.port=8082
+security.oauth2.client.client-id=SampleClientId
+security.oauth2.client.client-secret=secret
+security.oauth2.client.access-token-uri=http://localhost:8081/auth/oauth/token
+security.oauth2.client.user-authorization-uri=http://localhost:8081/auth/oauth/authorize
+security.oauth2.resource.user-info-uri=http://localhost:8081/auth/user/me

spring-5-security-oauth/src/main/resources/application-oauth2-extractors-github.properties

@@ -0,0 +1,7 @@
+server.port=8082
+security.oauth2.client.client-id=89a7c4facbb3434d599d
+security.oauth2.client.client-secret=9b3b08e4a340bd20e866787e4645b54f73d74b6a
+security.oauth2.client.access-token-uri=https://github.com/login/oauth/access_token
+security.oauth2.client.user-authorization-uri=https://github.com/login/oauth/authorize
+security.oauth2.client.scope=read:user,user:email
+security.oauth2.resource.user-info-uri=https://api.github.com/user

spring-5-security-oauth/src/main/resources/application-oauth2.properties

@@ -0,0 +1,5 @@
+spring.security.oauth2.client.registration.google.client-id=368238083842-3d4gc7p54rs6bponn0qhn4nmf6apf24a.apps.googleusercontent.com
+spring.security.oauth2.client.registration.google.client-secret=2RM2QkEaf3A8-iCNqSfdG8wP
+
+spring.security.oauth2.client.registration.facebook.client-id=151640435578187
+spring.security.oauth2.client.registration.facebook.client-secret=3724fb293d401245b1ce7b2d70e97571

spring-5-security-oauth/src/main/resources/application.properties

@@ -0,0 +1,3 @@
+logging.level.root=INFO
+
+logging.level.com.baeldung.dsl.ClientErrorLoggingFilter=DEBUG

spring-5-security-oauth/src/main/resources/default-application.properties

@@ -0,0 +1 @@
+server.port=8081

spring-5-security-oauth/src/main/resources/logback.xml

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n
+            </pattern>
+        </encoder>
+    </appender>
+
+    <root level="INFO">
+        <appender-ref ref="STDOUT" />
+    </root>
+</configuration>

spring-5-security-oauth/src/main/resources/static/css/main.css

@@ -0,0 +1,8 @@
+p.error {
+    font-weight: bold;
+    color: red;
+}
+
+div.logout {
+    margin-right: 2em;;
+}

spring-5-security-oauth/src/main/resources/templates/index.html

@@ -0,0 +1,11 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+    <title>Home</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+</head>
+<body>
+   Home
+   Welcome!
+</body>
+</html>

spring-5-security-oauth/src/main/resources/templates/loginFailure.html

@@ -0,0 +1,10 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+    <title>Login Failure</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+</head>
+<body>
+   Login Failure
+</body>
+</html>

spring-5-security-oauth/src/main/resources/templates/loginSuccess.html

@@ -0,0 +1,16 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+    <title>Login Success</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <link rel="stylesheet"
+	href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap.min.css" />
+</head>
+<body>
+<h3>
+<div class="label label-info">
+   Welcome, <span th:text="${name}">user</span>!
+   </div>
+   </h3>
+</body>
+</html>

spring-5-security-oauth/src/main/resources/templates/oauth2_extractors.html

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+    <title>Spring Security Principal and Authorities extractor</title>
+    <link rel="stylesheet"
+          href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap.min.css"/>
+</head>
+
+<body>
+<div class="container">
+    <div class="col-sm-12">
+        <h1>Secured Page</h1>
+        Authenticated username:
+        <div th:text="${#authentication.name}"></div>
+        Authorities:
+        <div th:text="${#authentication.authorities}"></div>
+    </div>
+</div>
+</body>
+</html>

spring-5-security-oauth/src/main/resources/templates/oauth_login.html

@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title>Oauth2 Login</title>
+<link rel="stylesheet"
+	href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap.min.css" />
+</head>
+
+<body>
+<div class="container">
+	<div class="col-sm-3 well">
+		<h3>Login with:</h3>
+		<div class="list-group">
+			<p th:each="url : ${urls}">
+				<a th:text="${url.key}" th:href="${url.value}" class="list-group-item active">Client</a>
+			</p>
+		</div>
+	</div>
+</div>
+</body>
+</html>

spring-5-security-oauth/src/main/resources/templates/securedPage.html

@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="ISO-8859-1">
+<title>Secured Page</title>
+</head>
+<body>
+Secured Page - Welcome
+</body>
+</html>

spring-5-security-oauth/src/test/java/com/baeldung/oauth2extractors/ExtractorsUnitTest.java

@@ -0,0 +1,56 @@
+package com.baeldung.oauth2extractors;
+
+import com.baeldung.oauth2extractors.configuration.SecurityConfig;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+import javax.servlet.Filter;
+
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(classes = ExtractorsApplication.class, webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@ContextConfiguration(classes = {SecurityConfig.class})
+@ActiveProfiles("oauth2-extractors-github")
+public class ExtractorsUnitTest {
+
+    @Autowired
+    private WebApplicationContext context;
+
+    @Autowired
+    private Filter springSecurityFilterChain;
+
+    private MockMvc mvc;
+
+    @Before
+    public void setup() {
+        mvc = MockMvcBuilders
+                .webAppContextSetup(context)
+                .addFilters(springSecurityFilterChain)
+                .build();
+    }
+
+    @Test
+    public void contextLoads() throws Exception {
+    }
+
+    @Test
+    public void givenValidRequestWithoutAuthentication_shouldFailWith302() throws Exception {
+        mvc
+                .perform(get("/"))
+                .andExpect(status().isFound())
+                .andReturn();
+    }
+
+}