Add Copy Method

Closes gh-16003

Author: jzheaux

docs/modules/ROOT/pages/reactive/test/web/oauth2.adoc

@@ -509,9 +509,9 @@ Java::
 [source,java,role="primary"]
 ----
 OAuth2User oauth2User = new DefaultOAuth2User(
-        "foo_user",
+        AuthorityUtils.createAuthorityList("SCOPE_message:read"),
         Collections.singletonMap("user_name", "foo_user"),
-        AuthorityUtils.createAuthorityList("SCOPE_message:read"));
+        "user_name");
 
 client
     .mutateWith(mockOAuth2Login().oauth2User(oauth2User))

docs/modules/ROOT/pages/servlet/test/mockmvc/oauth2.adoc

@@ -514,9 +514,9 @@ Java::
 [source,java,role="primary"]
 ----
 OAuth2User oauth2User = new DefaultOAuth2User(
-        "foo_user",
+        AuthorityUtils.createAuthorityList("SCOPE_message:read"),
         Collections.singletonMap("user_name", "foo_user"),
-        AuthorityUtils.createAuthorityList("SCOPE_message:read"));
+        "user_name");
 
 mvc
     .perform(get("/endpoint")

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -42,16 +42,10 @@
 @JsonIgnoreProperties(ignoreUnknown = true)
 abstract class DefaultOAuth2UserMixin {
 
-	@Deprecated
 	@JsonCreator
 	DefaultOAuth2UserMixin(@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities,
 			@JsonProperty("attributes") Map<String, Object> attributes,
 			@JsonProperty("nameAttributeKey") String nameAttributeKey) {
 	}
 
-	@JsonCreator
-	DefaultOAuth2UserMixin(@JsonProperty("name") String name,
-			@JsonProperty("attributes") Map<String, Object> attributes,
-			@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities) {
-	}
 }

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java

@@ -43,17 +43,10 @@
 @JsonIgnoreProperties(value = { "attributes" }, ignoreUnknown = true)
 abstract class DefaultOidcUserMixin {
 
-	@Deprecated
 	@JsonCreator
 	DefaultOidcUserMixin(@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities,
 			@JsonProperty("idToken") OidcIdToken idToken, @JsonProperty("userInfo") OidcUserInfo userInfo,
 			@JsonProperty("nameAttributeKey") String nameAttributeKey) {
 	}
 
-	@JsonCreator
-	DefaultOidcUserMixin(@JsonProperty("name") String name,
-			@JsonProperty("idToken") OidcIdToken idToken, @JsonProperty("userInfo") OidcUserInfo userInfo,
-			@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities) {
-	}
-
 }

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java

@@ -17,7 +17,6 @@
 package org.springframework.security.oauth2.client.oidc.userinfo;
 
 import java.util.LinkedHashSet;
-import java.util.Map;
 import java.util.Set;
 
 import org.springframework.security.core.GrantedAuthority;
@@ -29,7 +28,6 @@
 import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
-import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
@@ -92,15 +90,10 @@ static OidcUser getUser(OidcUserRequest userRequest, OidcUserInfo userInfo) {
 		for (String scope : token.getScopes()) {
 			authorities.add(new SimpleGrantedAuthority("SCOPE_" + scope));
 		}
-		DefaultOidcUser.Builder userBuilder = new DefaultOidcUser.Builder();
 		if (StringUtils.hasText(userNameAttributeName)) {
-			userBuilder.nameAttributeKey(userNameAttributeName);
+			return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo, userNameAttributeName);
 		}
-		return userBuilder
-			.idToken(userRequest.getIdToken())
-			.userInfo(userInfo)
-			.authorities(authorities)
-			.build();
+		return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo);
 	}
 
 	private OidcUserRequestUtils() {

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java

@@ -96,11 +96,7 @@ public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2Authentic
 		OAuth2AccessToken token = userRequest.getAccessToken();
 		Map<String, Object> attributes = this.attributesConverter.convert(userRequest).convert(response.getBody());
 		Collection<GrantedAuthority> authorities = getAuthorities(token, attributes, userNameAttributeName);
-		return new DefaultOAuth2User.Builder()
-			.nameAttributeKey(userNameAttributeName)
-			.attributes(attributes)
-			.authorities(authorities)
-			.build();
+		return new DefaultOAuth2User(authorities, attributes, userNameAttributeName);
 	}
 
 	/**

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java

@@ -138,11 +138,7 @@ public Mono<OAuth2User> loadUser(OAuth2UserRequest userRequest) throws OAuth2Aut
 					authorities.add(new SimpleGrantedAuthority("SCOPE_" + scope));
 				}
 
-				return new DefaultOAuth2User.Builder()
-					.nameAttributeKey(userNameAttributeName)
-					.attributes(attrs)
-					.authorities(authorities)
-					.build();
+				return new DefaultOAuth2User(authorities, attrs, userNameAttributeName);
 			})
 			.onErrorMap((ex) -> (ex instanceof UnsupportedMediaTypeException ||
 					ex.getCause() instanceof UnsupportedMediaTypeException), (ex) -> {

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -55,7 +55,6 @@ public class DefaultOidcUser extends DefaultOAuth2User implements OidcUser {
 	 * @param authorities the authorities granted to the user
 	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
 	 */
-	@Deprecated
 	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken) {
 		this(authorities, idToken, IdTokenClaimNames.SUB);
 	}
@@ -67,7 +66,6 @@ public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcI
 	 * @param nameAttributeKey the key used to access the user's &quot;name&quot; from
 	 * {@link #getAttributes()}
 	 */
-	@Deprecated
 	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken,
 			String nameAttributeKey) {
 		this(authorities, idToken, null, nameAttributeKey);
@@ -80,7 +78,6 @@ public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcI
 	 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user,
 	 * may be {@code null}
 	 */
-	@Deprecated
 	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken,
 			OidcUserInfo userInfo) {
 		this(authorities, idToken, userInfo, IdTokenClaimNames.SUB);
@@ -95,27 +92,28 @@ public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcI
 	 * @param nameAttributeKey the key used to access the user's &quot;name&quot; from
 	 * {@link #getAttributes()}
 	 */
-	@Deprecated
 	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken,
 			OidcUserInfo userInfo, String nameAttributeKey) {
 		super(authorities, OidcUserAuthority.collectClaims(idToken, userInfo), nameAttributeKey);
 		this.idToken = idToken;
 		this.userInfo = userInfo;
 	}
 
+	DefaultOidcUser(DefaultOidcUser user, Collection<GrantedAuthority> authorities) {
+		super(user, authorities);
+		this.idToken = user.idToken;
+		this.userInfo = user.userInfo;
+	}
+
 	/**
-	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
-	 * @param name the name of the user
-	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
-	 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user,
-	 * may be {@code null}
-	 * @param authorities the authorities granted to the user
+	 * Copy this {@code DefaultOAuth2User}, using the provided {@code authorities}
+	 * @param authorities the authorities to use
+	 * @return a new {@code DefaultOAuth2User}
+	 * @since 6.5
 	 */
-	public DefaultOidcUser(String name, OidcIdToken idToken, OidcUserInfo userInfo,
-			Collection<? extends GrantedAuthority> authorities) {
-		super(name, OidcUserAuthority.collectClaims(idToken, userInfo), authorities);
-		this.idToken = idToken;
-		this.userInfo = userInfo;
+	@Override
+	public DefaultOidcUser withAuthorities(Collection<GrantedAuthority> authorities) {
+		return new DefaultOidcUser(this, authorities);
 	}
 
 	@Override
@@ -133,82 +131,4 @@ public OidcUserInfo getUserInfo() {
 		return this.userInfo;
 	}
 
-	public static class Builder {
-
-		private String name;
-
-		private String nameAttributeKey;
-
-		private OidcIdToken idToken;
-
-		private OidcUserInfo userInfo;
-
-		private Collection<? extends GrantedAuthority> authorities;
-
-		/**
-		 * Sets the name of the user.
-		 * @param name the name of the user
-		 * @return the {@link Builder}
-		 */
-		public Builder name(String name) {
-			this.name = name;
-			return this;
-		}
-
-		/**
-		 * Sets the key used to access the user's &quot;name&quot; from the user attributes if no &quot;name&quot; is
-		 * provided.
-		 * @param nameAttributeKey the key used to access the user's &quot;name&quot; from the user attributes.
-		 * @return the {@link Builder}
-		 */
-		public Builder nameAttributeKey(String nameAttributeKey) {
-			this.nameAttributeKey = nameAttributeKey;
-			return this;
-		}
-
-		/**
-		 * Sets the {@link OidcIdToken ID Token} containing claims about the user.
-		 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user.
-		 * @return the {@link Builder}
-		 */
-		public Builder idToken(OidcIdToken idToken) {
-			this.idToken = idToken;
-			return this;
-		}
-
-		/**
-		 * Sets the {@link OidcUserInfo UserInfo} containing claims about the user.
-		 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user.
-		 * @return the {@link Builder}
-		 */
-		public Builder userInfo(OidcUserInfo userInfo) {
-			this.userInfo = userInfo;
-			return this;
-		}
-
-		/**
-		 * Sets the authorities granted to the user.
-		 * @param authorities the authorities granted to the user
-		 * @return the {@link Builder}
-		 */
-		public Builder authorities(Collection<? extends GrantedAuthority> authorities) {
-			this.authorities = authorities;
-			return this;
-		}
-
-		/**
-		 * Builds a new {@link DefaultOidcUser}.
-		 * @return a {@link DefaultOidcUser}
-		 */
-		public DefaultOidcUser build() {
-			String name = this.name;
-			if (name == null) {
-				Map<String, Object> attributes = OidcUserAuthority.collectClaims(this.idToken, userInfo);
-				name = getNameFromAttributes(attributes, this.nameAttributeKey);
-			}
-			return new DefaultOidcUser(name, idToken, userInfo, authorities);
-		}
-
-	}
-
 }