From 416ce1a6f4c34932f116dab139ff6ae05ed5faf6 Mon Sep 17 00:00:00 2001
From: Dave Syer <dsyer@pivotal.io>
Date: Mon, 4 Apr 2016 12:20:39 +0100
Subject: [PATCH] Make FixedAuthoritiesExtractor more liberal in what it
 accepts

In particular it now accepts a list of maps containing
"authority" keys (which is what you get from a standard JSON
decoding of a Spring Security Authentication).

Fixes gh-5482
---
 .../resource/FixedAuthoritiesExtractor.java   | 34 ++++++++++++++++--
 .../FixedAuthoritiesExtractorTests.java       | 36 +++++++++++++++++++
 2 files changed, 68 insertions(+), 2 deletions(-)

diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/FixedAuthoritiesExtractor.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/FixedAuthoritiesExtractor.java
index ff6afb65973b..f6f5481e2cfa 100644
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/FixedAuthoritiesExtractor.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/FixedAuthoritiesExtractor.java
@@ -16,6 +16,7 @@
 
 package org.springframework.boot.autoconfigure.security.oauth2.resource;
 
+import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
@@ -47,11 +48,40 @@ public List<GrantedAuthority> extractAuthorities(Map<String, Object> map) {
 	}
 
 	private String asAuthorities(Object object) {
+		List<Object> authorities = new ArrayList<>();
 		if (object instanceof Collection) {
-			return StringUtils.collectionToCommaDelimitedString((Collection<?>) object);
+			Collection<?> collection = (Collection<?>) object;
+			object = collection.toArray(new Object[0]);
 		}
 		if (ObjectUtils.isArray(object)) {
-			return StringUtils.arrayToCommaDelimitedString((Object[]) object);
+			Object[] array = (Object[]) object;
+			for (Object value : array) {
+				if (value instanceof String) {
+					authorities.add(value);
+				}
+				else if (value instanceof Map) {
+					Map<?, ?> map = (Map<?, ?>) value;
+					if (map.size() == 1) {
+						authorities.add(map.values().iterator().next());
+					}
+					else if (map.containsKey("authority")) {
+						authorities.add(map.get("authority"));
+					}
+					else if (map.containsKey("role")) {
+						authorities.add(map.get("role"));
+					}
+					else if (map.containsKey("value")) {
+						authorities.add(map.get("value"));
+					}
+					else {
+						authorities.add(map);
+					}
+				}
+				else {
+					authorities.add(value);
+				}
+			}
+			return StringUtils.collectionToCommaDelimitedString(authorities);
 		}
 		return object.toString();
 	}
diff --git a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/FixedAuthoritiesExtractorTests.java b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/FixedAuthoritiesExtractorTests.java
index eee9f002d181..66a6d9a220cf 100644
--- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/FixedAuthoritiesExtractorTests.java
+++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/FixedAuthoritiesExtractorTests.java
@@ -17,6 +17,8 @@
 package org.springframework.boot.autoconfigure.security.oauth2.resource;
 
 import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.Map;
 
@@ -63,4 +65,38 @@ public void authoritiesList() {
 				.isEqualTo("[ROLE_USER, ROLE_ADMIN]");
 	}
 
+	@Test
+	public void authoritiesAsListOfMaps() {
+		this.map.put("authorities",
+				Arrays.asList(Collections.singletonMap("authority", "ROLE_ADMIN")));
+		assertThat(this.extractor.extractAuthorities(this.map).toString())
+				.isEqualTo("[ROLE_ADMIN]");
+	}
+
+	@Test
+	public void authoritiesAsListOfMapsWithStandardKey() {
+		this.map.put("authorities",
+				Arrays.asList(Collections.singletonMap("role", "ROLE_ADMIN")));
+		assertThat(this.extractor.extractAuthorities(this.map).toString())
+				.isEqualTo("[ROLE_ADMIN]");
+	}
+
+	@Test
+	public void authoritiesAsListOfMapsWithNonStandardKey() {
+		this.map.put("authorities",
+				Arrays.asList(Collections.singletonMap("any", "ROLE_ADMIN")));
+		assertThat(this.extractor.extractAuthorities(this.map).toString())
+				.isEqualTo("[ROLE_ADMIN]");
+	}
+
+	@Test
+	public void authoritiesAsListOfMapsWithMultipleNonStandardKeys() {
+		Map<String, String> map = new HashMap<>();
+		map.put("any", "ROLE_ADMIN");
+		map.put("foo", "bar");
+		this.map.put("authorities", Arrays.asList(map));
+		assertThat(this.extractor.extractAuthorities(this.map).toString())
+				.isEqualTo("[{foo=bar, any=ROLE_ADMIN}]");
+	}
+
 }