2

I am currently trying to get a custom UserInformation object to come back when I try to access the principal field from the Authentication object (Authentication.getPrincipal()) when using OAuth2. I am enabling OAuth2 in the WebSecurityConfingAdapter by adding the .oauth2Login() property:

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests().anyRequest().authenticated()
                .and()
                .oauth2Login();
    }
}

When I add this property and try to access the principal from the controller, it says that the type of the principal is DefaultOidcUser.

@RestController
public class OAuthController {

    @GetMapping("/getPrincipal")
    public String authenticate(Authentication authenticate) {
        return "PRINCIPAL CLASS: " + authenticate.getPrincipal().getClass().getName();
    }
}

Is there a way I can have the Authentication principal return a custom object (not an OidcUser)? I tried to write a custom OidcService, but it still needs to return an OidcUser.

Here are the dependencies I am pulling in:

  • spring-boot-starter-security: 2.2.4-RELEASE
  • spring-security-oauth2-client: 5.2.1-RELEASE
  • spring-security-oauth2-jose: 5.2.1-RELEASE

Below are the custom OidcServer and UserInformation object I have so far:

@Configuration
public class CustomOIDCUserService extends OidcUserService {

    @Override
    public OidcUser loadUser(OidcUserRequest oidcUserRequestst) throws OAuth2AuthenticationException {

        OidcUser oidcUser = super.loadUser(oidcUserRequestst);

        Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
        
        //Add roles to mappedAuthorities

        UserInformation userInfo = new UserInformation(new DefaultOidcUser(mappedAuthorities,
                                                             oidcUser.getIdToken(),
                                                             oidcUser.getUserInfo()));
        //Initialize other fields from oidcUser

        return userInfo;
    }
}


public class UserInformation implements OidcUser, UserDetails {

    private OidcUser oidcUser;

    String name;
    String email;

    public UserInformation(OidcUser oidcUser) {
        this.oidcUser = oidcUser;
    }

    //Setting constructors, getters, and setters

Thank you!

kakasingh
  • 21
  • 1

0 Answers0