Skip to content

Commit

Permalink
Merge pull request #24400 from mshima/oauth2-principal-name
Browse files Browse the repository at this point in the history
configure principal claim name for oauth2
  • Loading branch information
DanielFran authored Nov 30, 2023
2 parents 36d5d4d + 5b5407f commit 4044f17
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ public interface <%= entityClass %>Repository extends <% if (containsBagRelation
<%_ for (const relationship of relationships) { _%>
<%_ if (relationship.relationshipManyToOne && relationship.otherEntityUser && databaseTypeSql) { _%>

@Query("select <%= entityInstanceDbSafe %> from <%= persistClass %> <%= entityInstanceDbSafe %> where <%= entityInstanceDbSafe %>.<%= relationship.relationshipFieldName %>.login = <% if (authenticationTypeOauth2) { %>?#{principal.preferredUsername}<% } else { %>?#{authentication.name}<% } %>")
@Query("select <%= entityInstanceDbSafe %> from <%= persistClass %> <%= entityInstanceDbSafe %> where <%= entityInstanceDbSafe %>.<%= relationship.relationshipFieldName %>.login = ?#{authentication.name}")
List<<%= persistClass %>> findBy<%= relationship.relationshipNameCapitalized %>IsCurrentUser();
<%_ } _%>
<%_ } _%>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,11 +62,18 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
<%_ } _%>
<%_ if (authenticationTypeOauth2) { _%>
import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.PREFERRED_USERNAME;

import <%= packageName %>.security.oauth2.AudienceValidator;
import <%= packageName %>.security.SecurityUtils;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.jwt.*;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.beans.factory.annotation.Value;
Expand Down Expand Up @@ -261,14 +268,14 @@ public class SecurityConfiguration {
.oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults()));
<%_ } else if (authenticationTypeOauth2) { _%>
<%_ if (applicationTypeMonolith) { _%>
.oauth2Login(withDefaults())
.oauth2Login(oauth2 -> oauth2.userInfoEndpoint(userInfo -> userInfo.oidcUserService(this.oidcUserService())))
<%_ } else if (applicationTypeMicroservice) { _%>
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
<%_ } _%>
.oauth2ResourceServer(oauth2 -> oauth2
.jwt(jwt -> jwt
.jwtAuthenticationConverter(authenticationConverter())))
.oauth2Client();
.oauth2Client(withDefaults());
<%_ } _%>
<%_ if (devDatabaseTypeH2Any) { _%>
if (env.acceptsProfiles(Profiles.of(JHipsterConstants.SPRING_PROFILE_DEVELOPMENT))) {
Expand All @@ -291,9 +298,20 @@ public class SecurityConfiguration {
Converter<Jwt, AbstractAuthenticationToken> authenticationConverter() {
JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(new JwtGrantedAuthorityConverter());
jwtAuthenticationConverter.setPrincipalClaimName(PREFERRED_USERNAME);
return jwtAuthenticationConverter;
}

OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService() {
final OidcUserService delegate = new OidcUserService();

return userRequest -> {
OidcUser oidcUser = delegate.loadUser(userRequest);
return new DefaultOidcUser(oidcUser.getAuthorities(), oidcUser.getIdToken(), oidcUser.getUserInfo(), PREFERRED_USERNAME);
};
}
<%_ if (!applicationTypeMicroservice) { _%>

/**
* Map authorities from "groups" or "roles" claim in ID Token.
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ package <%= packageName %>.config;

import <%= packageName %>.security.AuthoritiesConstants;
<%_ if (authenticationTypeOauth2) { _%>
import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.PREFERRED_USERNAME;

import <%= packageName %>.security.SecurityUtils;
import <%= packageName %>.security.oauth2.AudienceValidator;
import <%= packageName %>.security.oauth2.JwtGrantedAuthorityConverter;
Expand Down Expand Up @@ -339,6 +341,7 @@ public class SecurityConfiguration {
Converter<Jwt, Mono<AbstractAuthenticationToken>> jwtAuthenticationConverter() {
JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(new JwtGrantedAuthorityConverter());
jwtAuthenticationConverter.setPrincipalClaimName(PREFERRED_USERNAME);
return new ReactiveJwtAuthenticationConverterAdapter(jwtAuthenticationConverter);
}

Expand All @@ -363,7 +366,7 @@ public class SecurityConfiguration {
}
});

return new DefaultOidcUser(mappedAuthorities, user.getIdToken(), user.getUserInfo());
return new DefaultOidcUser(mappedAuthorities, user.getIdToken(), user.getUserInfo(), PREFERRED_USERNAME);
});
};
}
Expand Down

0 comments on commit 4044f17

Please sign in to comment.