Skip to content

Add setter for authority prefix in JwtGrantedAuthoritiesConverter #7256

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 14, 2019
Merged

Add setter for authority prefix in JwtGrantedAuthoritiesConverter #7256

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 16 additions & 1 deletion ...mework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/**
Expand All @@ -40,6 +41,8 @@ public final class JwtGrantedAuthoritiesConverter implements Converter<Jwt, Coll
private static final Collection<String> WELL_KNOWN_AUTHORITIES_CLAIM_NAMES =
Arrays.asList("scope", "scp");

private String authorityPrefix = DEFAULT_AUTHORITY_PREFIX;

/**
* Extract {@link GrantedAuthority}s from the given {@link Jwt}.
*
Expand All @@ -50,11 +53,23 @@ public final class JwtGrantedAuthoritiesConverter implements Converter<Jwt, Coll
public Collection<GrantedAuthority> convert(Jwt jwt) {
Collection<GrantedAuthority> grantedAuthorities = new ArrayList<>();
for (String authority : getAuthorities(jwt)) {
grantedAuthorities.add(new SimpleGrantedAuthority(DEFAULT_AUTHORITY_PREFIX + authority));
grantedAuthorities.add(new SimpleGrantedAuthority(this.authorityPrefix + authority));
}
return grantedAuthorities;
}

/**
* Sets the prefix to use for {@link GrantedAuthority authorities} mapped by this converter.
* Defaults to {@link JwtGrantedAuthoritiesConverter#DEFAULT_AUTHORITY_PREFIX}.
*
* @param authorityPrefix The authority prefix
* @since 5.2
*/
public void setAuthorityPrefix(String authorityPrefix) {
Assert.hasText(authorityPrefix, "authorityPrefix cannot be empty");
this.authorityPrefix = authorityPrefix;
}

private String getAuthoritiesClaimName(Jwt jwt) {
for (String claimName : WELL_KNOWN_AUTHORITIES_CLAIM_NAMES) {
if (jwt.containsClaim(claimName)) {
Expand Down
53 changes: 42 additions & 11 deletions ...k/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,46 +40,75 @@
* @since 5.2
*/
public class JwtGrantedAuthoritiesConverterTests {
private JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();

@Test
public void convertWhenTokenHasScopeAttributeThenTranslatedToAuthorities() {
Jwt jwt = this.jwt(Collections.singletonMap("scope", "message:read message:write"));

Collection<GrantedAuthority> authorities = this.jwtGrantedAuthoritiesConverter.convert(jwt);
JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);

assertThat(authorities).containsExactly(
new SimpleGrantedAuthority("SCOPE_message:read"),
new SimpleGrantedAuthority("SCOPE_message:write"));
}

@Test
public void convertWithCustomAuthorityPrefixWhenTokenHasScopeAttributeThenTranslatedToAuthorities() {
Jwt jwt = this.jwt(Collections.singletonMap("scope", "message:read message:write"));

JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);

assertThat(authorities).containsExactly(
new SimpleGrantedAuthority("ROLE_message:read"),
new SimpleGrantedAuthority("ROLE_message:write"));
}

@Test
public void convertWhenTokenHasEmptyScopeAttributeThenTranslatedToNoAuthorities() {
Jwt jwt = this.jwt(Collections.singletonMap("scope", ""));

Collection<GrantedAuthority> authorities = this.jwtGrantedAuthoritiesConverter.convert(jwt);
JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);

assertThat(authorities).containsExactly();
assertThat(authorities).isEmpty();
}

@Test
public void convertWhenTokenHasScpAttributeThenTranslatedToAuthorities() {
Jwt jwt = this.jwt(Collections.singletonMap("scp", Arrays.asList("message:read", "message:write")));

Collection<GrantedAuthority> authorities = this.jwtGrantedAuthoritiesConverter.convert(jwt);
JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);

assertThat(authorities).containsExactly(
new SimpleGrantedAuthority("SCOPE_message:read"),
new SimpleGrantedAuthority("SCOPE_message:write"));
}

@Test
public void convertWithCustomAuthorityPrefixWhenTokenHasScpAttributeThenTranslatedToAuthorities() {
Jwt jwt = this.jwt(Collections.singletonMap("scp", Arrays.asList("message:read", "message:write")));

JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);

assertThat(authorities).containsExactly(
new SimpleGrantedAuthority("ROLE_message:read"),
new SimpleGrantedAuthority("ROLE_message:write"));
}

@Test
public void convertWhenTokenHasEmptyScpAttributeThenTranslatedToNoAuthorities() {
Jwt jwt = this.jwt(Maps.newHashMap("scp", Arrays.asList()));
Jwt jwt = this.jwt(Maps.newHashMap("scp", Collections.emptyList()));

Collection<GrantedAuthority> authorities = this.jwtGrantedAuthoritiesConverter.convert(jwt);
JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);

assertThat(authorities).containsExactly();
assertThat(authorities).isEmpty();
}

@Test
Expand All @@ -89,7 +118,8 @@ public void convertWhenTokenHasBothScopeAndScpThenScopeAttributeIsTranslatedToAu
claims.put("scope", "missive:read missive:write");
Jwt jwt = this.jwt(claims);

Collection<GrantedAuthority> authorities = this.jwtGrantedAuthoritiesConverter.convert(jwt);
JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);

assertThat(authorities).containsExactly(
new SimpleGrantedAuthority("SCOPE_missive:read"),
Expand All @@ -103,9 +133,10 @@ public void convertWhenTokenHasEmptyScopeAndNonEmptyScpThenScopeAttributeIsTrans
claims.put("scope", "");
Jwt jwt = this.jwt(claims);

Collection<GrantedAuthority> authorities = this.jwtGrantedAuthoritiesConverter.convert(jwt);
JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);

assertThat(authorities).containsExactly();
assertThat(authorities).isEmpty();
}

private Jwt jwt(Map<String, Object> claims) {
Expand Down