Pass authorities through from claims in client credentials token

A client credentials token has authorities, but these were not being passed on from the claims to the OAuthAuthentication in the DefaultAccessTokenConverter. Fixes spring-atticgh-431
tangfeifei · Mar 17, 2015 · 9823898 · 9823898
1 parent 8a1fb13
commit 9823898
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/.../java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java b/.../java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java
@@ -22,6 +22,7 @@
 import java.util.Set;
 
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
@@ -131,7 +132,14 @@ public OAuth2Authentication extractAuthentication(Map<String, ?> map) {
 		@SuppressWarnings("unchecked")
 		Set<String> resourceIds = new LinkedHashSet<String>(map.containsKey(AUD) ? (Collection<String>) map.get(AUD)
 				: Collections.<String>emptySet());
-		OAuth2Request request = new OAuth2Request(parameters, clientId, null, true, scope, resourceIds, null, null,
+
+		Collection<? extends GrantedAuthority> authorities = null;
+		if (user==null && map.containsKey(AUTHORITIES)) {
+			@SuppressWarnings("unchecked")
+			String[] roles = ((Collection<String>)map.get(AUTHORITIES)).toArray(new String[0]);
+			authorities = AuthorityUtils.createAuthorityList(roles);
+		}
+		OAuth2Request request = new OAuth2Request(parameters, clientId, authorities, true, scope, resourceIds, null, null,
 				null);
 		return new OAuth2Authentication(request, user);
 	}

diff --git a/.../org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverterTests.java b/.../org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverterTests.java
@@ -63,6 +63,7 @@ public void extractAuthentication() {
 		assertEquals(singleton(ROLE_USER), map.get(AccessTokenConverter.AUTHORITIES));
 		OAuth2Authentication extracted = converter.extractAuthentication(map);
 		assertTrue(extracted.getOAuth2Request().getResourceIds().contains("resource"));
+		assertEquals("[ROLE_USER]", extracted.getAuthorities().toString());
 	}
 
 	@Test
@@ -77,6 +78,7 @@ public void extractAuthenticationFromClientToken() {
 		assertEquals(singleton(ROLE_CLIENT), map.get(AccessTokenConverter.AUTHORITIES));
 		OAuth2Authentication extracted = converter.extractAuthentication(map);
 		assertTrue(extracted.getOAuth2Request().getResourceIds().contains("resource"));
+		assertEquals("[ROLE_CLIENT]", extracted.getAuthorities().toString());
 	}
 
 }