org.springframework.security.oauth2.core.user.DefaultOAuth2User Java Examples

@Test
void getOAuth2User_shouldReturnANewOAuthUser() {
    // given
    var attributes = new HashMap<String, Object>();
    var user = mock(DefaultOAuth2User.class);
    var client = mock(OAuth2AuthorizedClient.class);
    var registration = ClientRegistration
            .withRegistrationId("test_registration_id")
            .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
            .clientId("test_client_id")
            .redirectUriTemplate("test_uri_template")
            .authorizationUri("test_authorization_uri")
            .tokenUri("test_token_uri")
            .build();
    var accessToken = mock(OAuth2AccessToken.class);

    // when
    when(user.getAttributes()).thenReturn(attributes);
    when(client.getClientRegistration()).thenReturn(registration);
    when(client.getAccessToken()).thenReturn(accessToken);
    when(accessToken.getTokenValue()).thenReturn("test_token");
    var result = gitLabOAuth2Provider.getOAuth2User(user, client);

    // then
    assertThat(result).isNotNull()
            .hasFieldOrPropertyWithValue("provider", "test_registration_id")
            .hasFieldOrPropertyWithValue("token", "test_token")
            .hasFieldOrPropertyWithValue("attributes", attributes);
}
 

private OAuth2UserService<OAuth2UserRequest, OAuth2User> mockUserService() {
	Map<String, Object> attributes = new HashMap<>();
	attributes.put("id", "joeg");
	attributes.put("first-name", "Joe");
	attributes.put("last-name", "Grandja");
	attributes.put("email", "[email protected]");

	GrantedAuthority authority = new OAuth2UserAuthority(attributes);
	Set<GrantedAuthority> authorities = new HashSet<>();
	authorities.add(authority);

	DefaultOAuth2User user = new DefaultOAuth2User(authorities, attributes, "email");

	OAuth2UserService userService = mock(OAuth2UserService.class);
	when(userService.loadUser(any())).thenReturn(user);
	return userService;
}
 

@Test
@Transactional
public void testGetExistingAccount() throws Exception {
    // create security-aware mockMvc
    restUserMockMvc = MockMvcBuilders
        .webAppContextSetup(context)
        .apply(springSecurity())
        .build();

    Map<String, Object> userDetails = new HashMap<>();
    userDetails.put("sub", "test");
    userDetails.put("email", "[email protected]");
    Collection<GrantedAuthority> authorities = Collections.singletonList(new SimpleGrantedAuthority(AuthoritiesConstants.ADMIN));
    OAuth2User user = new DefaultOAuth2User(authorities, userDetails, "sub");
    OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(user, authorities, "oidc");
    TestSecurityContextHolder.getContext().setAuthentication(authentication);

    restUserMockMvc.perform(get("/api/account")
        .accept(MediaType.APPLICATION_JSON))
        .andExpect(status().isOk())
        .andExpect(content().contentType(MediaType.APPLICATION_JSON_UTF8_VALUE))
        .andExpect(jsonPath("$.login").value("test"))
        .andExpect(jsonPath("$.email").value("[email protected]"))
        .andExpect(jsonPath("$.authorities").value(AuthoritiesConstants.ADMIN));
}
 

@Override
public AccessToken loadSecurityToken(OAuth2AuthenticationToken authentication) {
    DefaultOAuth2User user = (DefaultOAuth2User) authentication.getPrincipal();
    String id = (String) user.getAttributes().get("id");

    Optional<FacebookAuth> facebookAuth = repository.findById(id);

    if (facebookAuth.isPresent()) {
        FacebookAuth auth = facebookAuth.get();
        return new AccessToken(AccessToken.TokenType.BEARER, id,
            Instant.ofEpochSecond(auth.getIssuedAt()),
            Instant.ofEpochSecond(auth.getExpirationTime()));
    }

    return null;
}
 

/**
 * Returns the data from the authorized client
 */
default OAuth2User getOAuth2User(DefaultOAuth2User user, OAuth2AuthorizedClient client) {
    return new OAuth2User(
            client.getClientRegistration().getRegistrationId(),
            client.getAccessToken().getTokenValue(),
            user.getAttributes());
}
 

@Test
void getOAuth2User_shouldReturnANewOAuthUser() {
    // given
    var attributes = new HashMap<String, Object>();
    var user = mock(DefaultOAuth2User.class);
    var client = mock(OAuth2AuthorizedClient.class);
    var registration = ClientRegistration
            .withRegistrationId("test_registration_id")
            .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
            .clientId("test_client_id")
            .redirectUriTemplate("test_uri_template")
            .authorizationUri("test_authorization_uri")
            .tokenUri("test_token_uri")
            .build();
    var accessToken = mock(OAuth2AccessToken.class);

    // when
    when(user.getAttributes()).thenReturn(attributes);
    when(client.getClientRegistration()).thenReturn(registration);
    when(client.getAccessToken()).thenReturn(accessToken);
    when(accessToken.getTokenValue()).thenReturn("test_token");
    var result = gitHubOAuth2Provider.getOAuth2User(user, client);

    // then
    assertThat(result).isNotNull()
            .hasFieldOrPropertyWithValue("provider", "test_registration_id")
            .hasFieldOrPropertyWithValue("token", "test_token")
            .hasFieldOrPropertyWithValue("attributes", attributes);
}
 

private OAuth2AuthenticationToken createMockOAuth2AuthenticationToken(Map<String, Object> userDetails) {
    Collection<GrantedAuthority> authorities = Collections.singletonList(new SimpleGrantedAuthority(AuthoritiesConstants.ANONYMOUS));
    UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(Constants.ANONYMOUS_USER, Constants.ANONYMOUS_USER, authorities);
    usernamePasswordAuthenticationToken.setDetails(userDetails);
    OAuth2User user = new DefaultOAuth2User(authorities, userDetails, "sub");

    return new OAuth2AuthenticationToken(user, authorities, "oidc");
}
 

private OAuth2AuthenticationToken createMockOAuth2AuthenticationToken(Map<String, Object> userDetails) {
    Collection<GrantedAuthority> authorities = Collections.singletonList(new SimpleGrantedAuthority(AuthoritiesConstants.ANONYMOUS));
    UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(Constants.ANONYMOUS_USER, Constants.ANONYMOUS_USER, authorities);
    usernamePasswordAuthenticationToken.setDetails(userDetails);
    OAuth2User user = new DefaultOAuth2User(authorities, userDetails, "sub");

    return new OAuth2AuthenticationToken(user, authorities, "oidc");
}
 

private OAuth2AuthenticationToken createMockOAuth2AuthenticationToken(Map<String, Object> userDetails) {
    Collection<GrantedAuthority> authorities = Collections.singletonList(new SimpleGrantedAuthority(AuthoritiesConstants.ANONYMOUS));
    UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(Constants.ANONYMOUS_USER, Constants.ANONYMOUS_USER, authorities);
    usernamePasswordAuthenticationToken.setDetails(userDetails);
    OAuth2User user = new DefaultOAuth2User(authorities, userDetails, "sub");

    return new OAuth2AuthenticationToken(user, authorities, "oidc");
}
 

@GetMapping("/form")
public ModelAndView form() {
    DefaultOAuth2User user = (DefaultOAuth2User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    Optional<FacebookAuth> facebookAuth = facebookAccountRepository.findById((String) user.getAttributes().get("id"));
    Optional<Profile> profile = profileRepository.findByUser(facebookAuth.get().getUser());

    ModelAndView mv = new ModelAndView("form");
    if (profile.isPresent()) {
        mv.addObject("profile", profile.get());
    } else {
        mv.addObject("profile", new Profile());
    }

    return mv;
}
 

@PostMapping
public ModelAndView save(Profile profile) {
    DefaultOAuth2User user = (DefaultOAuth2User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    Optional<FacebookAuth> facebookAuth = facebookAccountRepository.findById((String) user.getAttributes().get("id"));
    profile.setUser(facebookAuth.get().getUser());

    Profile newProfile = profileRepository.save(profile);
    ModelAndView mv = new ModelAndView("redirect:/profile");
    mv.addObject("profile", newProfile);
    return mv;
}
 

@Override
public void saveSecurityToken(AccessToken securityToken, OAuth2AuthenticationToken authentication) {
    DefaultOAuth2User oAuth2User = (DefaultOAuth2User) authentication.getPrincipal();
    FacebookAuth facebookAuth = new FacebookAuth();
    facebookAuth.setUser(new User());
    facebookAuth.setId((String) oAuth2User.getAttributes().get("id"));
    facebookAuth.setExpirationTime(securityToken.getExpiresAt().getEpochSecond());
    facebookAuth.setIssuedAt(securityToken.getIssuedAt().getEpochSecond());

    repository.save(facebookAuth);
}
 

@Override
public void removeSecurityToken(OAuth2AuthenticationToken authentication) {
    DefaultOAuth2User oAuth2User = (DefaultOAuth2User) authentication.getPrincipal();
    String id = (String) oAuth2User.getAttributes().get("id");
    Optional<FacebookAuth> facebookAuth = repository.findById(id);
    if (facebookAuth.isPresent()) {
        repository.delete(facebookAuth.get());
    }
}
 

/**
 * 从access_token中直接抽取角色等信息
 * https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#oauth2login-advanced-map-authorities-oauth2userservice
 *
 * @return
 */
@SuppressWarnings("unchecked")
@Bean
public OAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService() {

    return (userRequest) -> {
        String userNameAttributeName = userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
        if (!StringUtils.hasText(userNameAttributeName)) {
            userNameAttributeName = "sub";
        }
        OAuth2AccessToken accessToken = userRequest.getAccessToken();
        Collection<GrantedAuthority> grantedAuthorities = new ArrayList<>();
        try {
            SignedJWT jwt = SignedJWT.parse(accessToken.getTokenValue());
            String claimJsonString = jwt.getJWTClaimsSet().toJSONObject().toJSONString();
            Object document = com.jayway.jsonpath.Configuration.defaultConfiguration().jsonProvider().parse(claimJsonString);

            List<Object> authorities = JsonPath.using(conf).parse(document).read("$..roles");

            if (authorities == null || authorities.size() == 0) {
                authorities = JsonPath.using(conf).parse(document).read("$..authorities");
            }
            Collection<String> roles = new ArrayList<>();
            authorities.forEach(authorityItem -> {
                if (authorityItem instanceof String) {
                    roles.add((String) authorityItem);
                } else if (authorityItem instanceof JSONArray) {
                    roles.addAll((Collection<String>) authorityItem);
                } else if (authorityItem instanceof Collection) {
                    roles.addAll((Collection<String>) authorityItem);
                }
            });

            for (String authority : roles) {
                grantedAuthorities.add(new SimpleGrantedAuthority(authority));
            }
            Map<String, Object> userAttributes = new HashMap<>(16);
            userAttributes.put(userNameAttributeName, JsonPath.using(conf).parse(document).read("$." + userNameAttributeName));
            userAttributes.put("preferred_username", JsonPath.using(conf).parse(document).read("$.preferred_username"));
            userAttributes.put("email", JsonPath.using(conf).parse(document).read("$.email"));
            OAuth2User oAuth2User = new DefaultOAuth2User(grantedAuthorities, userAttributes, userNameAttributeName);

            return oAuth2User;
        } catch (Exception e) {
            log.error("oauth2UserService Exception", e);
        }
        return null;
    };
}