Make FixedAuthoritiesExtractor more liberal in what it accepts

In particular it now accepts a list of maps containing "authority" keys (which is what you get from a standard JSON decoding of a Spring Security Authentication). Fixes gh-5482
spring-projects · Apr 4, 2016 · 416ce1a · 416ce1a
1 parent a6c1668
commit 416ce1a
Show file tree

Hide file tree

Showing 2 changed files with 68 additions and 2 deletions.
diff --git a/...pringframework/boot/autoconfigure/security/oauth2/resource/FixedAuthoritiesExtractor.java b/...pringframework/boot/autoconfigure/security/oauth2/resource/FixedAuthoritiesExtractor.java
@@ -16,6 +16,7 @@
 
 package org.springframework.boot.autoconfigure.security.oauth2.resource;
 
+import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
@@ -47,11 +48,40 @@ public List<GrantedAuthority> extractAuthorities(Map<String, Object> map) {
 	}
 
 	private String asAuthorities(Object object) {
+		List<Object> authorities = new ArrayList<>();
 		if (object instanceof Collection) {
-			return StringUtils.collectionToCommaDelimitedString((Collection<?>) object);
+			Collection<?> collection = (Collection<?>) object;
+			object = collection.toArray(new Object[0]);
 		}
 		if (ObjectUtils.isArray(object)) {
-			return StringUtils.arrayToCommaDelimitedString((Object[]) object);
+			Object[] array = (Object[]) object;
+			for (Object value : array) {
+				if (value instanceof String) {
+					authorities.add(value);
+				}
+				else if (value instanceof Map) {
+					Map<?, ?> map = (Map<?, ?>) value;
+					if (map.size() == 1) {
+						authorities.add(map.values().iterator().next());
+					}
+					else if (map.containsKey("authority")) {
+						authorities.add(map.get("authority"));
+					}
+					else if (map.containsKey("role")) {
+						authorities.add(map.get("role"));
+					}
+					else if (map.containsKey("value")) {
+						authorities.add(map.get("value"));
+					}
+					else {
+						authorities.add(map);
+					}
+				}
+				else {
+					authorities.add(value);
+				}
+			}
+			return StringUtils.collectionToCommaDelimitedString(authorities);
 		}
 		return object.toString();
 	}

diff --git a/...framework/boot/autoconfigure/security/oauth2/resource/FixedAuthoritiesExtractorTests.java b/...framework/boot/autoconfigure/security/oauth2/resource/FixedAuthoritiesExtractorTests.java
@@ -17,6 +17,8 @@
 package org.springframework.boot.autoconfigure.security.oauth2.resource;
 
 import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.Map;
 
@@ -63,4 +65,38 @@ public void authoritiesList() {
 				.isEqualTo("[ROLE_USER, ROLE_ADMIN]");
 	}
 
+	@Test
+	public void authoritiesAsListOfMaps() {
+		this.map.put("authorities",
+				Arrays.asList(Collections.singletonMap("authority", "ROLE_ADMIN")));
+		assertThat(this.extractor.extractAuthorities(this.map).toString())
+				.isEqualTo("[ROLE_ADMIN]");
+	}
+
+	@Test
+	public void authoritiesAsListOfMapsWithStandardKey() {
+		this.map.put("authorities",
+				Arrays.asList(Collections.singletonMap("role", "ROLE_ADMIN")));
+		assertThat(this.extractor.extractAuthorities(this.map).toString())
+				.isEqualTo("[ROLE_ADMIN]");
+	}
+
+	@Test
+	public void authoritiesAsListOfMapsWithNonStandardKey() {
+		this.map.put("authorities",
+				Arrays.asList(Collections.singletonMap("any", "ROLE_ADMIN")));
+		assertThat(this.extractor.extractAuthorities(this.map).toString())
+				.isEqualTo("[ROLE_ADMIN]");
+	}
+
+	@Test
+	public void authoritiesAsListOfMapsWithMultipleNonStandardKeys() {
+		Map<String, String> map = new HashMap<>();
+		map.put("any", "ROLE_ADMIN");
+		map.put("foo", "bar");
+		this.map.put("authorities", Arrays.asList(map));
+		assertThat(this.extractor.extractAuthorities(this.map).toString())
+				.isEqualTo("[{foo=bar, any=ROLE_ADMIN}]");
+	}
+
 }