|
16 | 16 |
|
17 | 17 | package org.springframework.security.oauth2.server.resource.authentication; |
18 | 18 |
|
| 19 | +import java.util.ArrayList; |
19 | 20 | import java.util.Arrays; |
20 | 21 | import java.util.Collection; |
21 | 22 | import java.util.Collections; |
22 | | -import java.util.stream.Collectors; |
23 | 23 |
|
24 | 24 | import org.springframework.core.convert.converter.Converter; |
25 | 25 | import org.springframework.security.core.GrantedAuthority; |
|
35 | 35 | * @since 5.2 |
36 | 36 | */ |
37 | 37 | public final class JwtGrantedAuthoritiesConverter implements Converter<Jwt, Collection<GrantedAuthority>> { |
38 | | - private static final String SCOPE_AUTHORITY_PREFIX = "SCOPE_"; |
| 38 | + private static final String DEFAULT_AUTHORITY_PREFIX = "SCOPE_"; |
39 | 39 |
|
40 | | - private static final Collection<String> WELL_KNOWN_SCOPE_ATTRIBUTE_NAMES = |
| 40 | + private static final Collection<String> WELL_KNOWN_AUTHORITIES_CLAIM_NAMES = |
41 | 41 | Arrays.asList("scope", "scp"); |
42 | 42 |
|
43 | 43 | /** |
44 | | - * Extracts the authorities |
| 44 | + * Extract {@link GrantedAuthority}s from the given {@link Jwt}. |
| 45 | + * |
45 | 46 | * @param jwt The {@link Jwt} token |
46 | 47 | * @return The {@link GrantedAuthority authorities} read from the token scopes |
47 | 48 | */ |
48 | 49 | @Override |
49 | 50 | public Collection<GrantedAuthority> convert(Jwt jwt) { |
50 | | - return getScopes(jwt) |
51 | | - .stream() |
52 | | - .map(authority -> SCOPE_AUTHORITY_PREFIX + authority) |
53 | | - .map(SimpleGrantedAuthority::new) |
54 | | - .collect(Collectors.toList()); |
| 51 | + Collection<GrantedAuthority> grantedAuthorities = new ArrayList<>(); |
| 52 | + for (String authority : getAuthorities(jwt)) { |
| 53 | + grantedAuthorities.add(new SimpleGrantedAuthority(DEFAULT_AUTHORITY_PREFIX + authority)); |
| 54 | + } |
| 55 | + return grantedAuthorities; |
55 | 56 | } |
56 | 57 |
|
57 | | - /** |
58 | | - * Gets the scopes from a {@link Jwt} token |
59 | | - * @param jwt The {@link Jwt} token |
60 | | - * @return The scopes from the token |
61 | | - */ |
62 | | - private Collection<String> getScopes(Jwt jwt) { |
63 | | - for ( String attributeName : WELL_KNOWN_SCOPE_ATTRIBUTE_NAMES ) { |
64 | | - Object scopes = jwt.getClaims().get(attributeName); |
65 | | - if (scopes instanceof String) { |
66 | | - if (StringUtils.hasText((String) scopes)) { |
67 | | - return Arrays.asList(((String) scopes).split(" ")); |
68 | | - } else { |
69 | | - return Collections.emptyList(); |
70 | | - } |
71 | | - } else if (scopes instanceof Collection) { |
72 | | - return (Collection<String>) scopes; |
| 58 | + private String getAuthoritiesClaimName(Jwt jwt) { |
| 59 | + for (String claimName : WELL_KNOWN_AUTHORITIES_CLAIM_NAMES) { |
| 60 | + if (jwt.containsClaim(claimName)) { |
| 61 | + return claimName; |
| 62 | + } |
| 63 | + } |
| 64 | + return null; |
| 65 | + } |
| 66 | + |
| 67 | + private Collection<String> getAuthorities(Jwt jwt) { |
| 68 | + String claimName = getAuthoritiesClaimName(jwt); |
| 69 | + |
| 70 | + if (claimName == null) { |
| 71 | + return Collections.emptyList(); |
| 72 | + } |
| 73 | + |
| 74 | + Object authorities = jwt.getClaim(claimName); |
| 75 | + if (authorities instanceof String) { |
| 76 | + if (StringUtils.hasText((String) authorities)) { |
| 77 | + return Arrays.asList(((String) authorities).split(" ")); |
| 78 | + } else { |
| 79 | + return Collections.emptyList(); |
73 | 80 | } |
| 81 | + } else if (authorities instanceof Collection) { |
| 82 | + return (Collection<String>) authorities; |
74 | 83 | } |
75 | 84 |
|
76 | 85 | return Collections.emptyList(); |
|
0 commit comments