Skip to content

Spring OAuth2 Resource Server - user-name-attribute not reflected in SecurityContextHolder #7757

New issue
New issue
Closed
Closed
Spring OAuth2 Resource Server - user-name-attribute not reflected in SecurityContextHolder#7757
Assignees
jzheaux
Labels
for: stackoverflowA question that's better suited to stackoverflow.comin: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
@zerkowsm

Description

@zerkowsm
zerkowsm
opened on Dec 19, 2019

Summary

user-name-attribute not reflected in SecurityContextHolder. This is the follow up on https://stackoverflow.com/questions/59410641/spring-oauth2-resource-server-user-name-attribute-not-reflected-in-securitycon

Actual Behavior

JwtAuthenticationConverter has

	@Override
	public final AbstractAuthenticationToken convert(Jwt jwt) {
		Collection<GrantedAuthority> authorities = extractAuthorities(jwt);
		return new JwtAuthenticationToken(jwt, authorities);
	}

where:

	public JwtAuthenticationToken(Jwt jwt, Collection<? extends GrantedAuthority> authorities) {
		super(jwt, authorities);
		this.setAuthenticated(true);
		**this.name = jwt.getSubject();**
	}

Expected Behavior

JwtAuthenticationConverter convert method if there is userNameAttribute set should return new JwtAuthenticationToken(jwt, authorities, userNameAttribute)

where

	public JwtAuthenticationToken(Jwt jwt, Collection<? extends GrantedAuthority> authorities, String name) {
		super(jwt, authorities);
		this.setAuthenticated(true);
		**this.name = name;**
	}

Version

spring-security-oauth2-resource-server-5.2.1.RELEASE (Spring Boot 2.2.2.RELEASE)

Metadata

Metadata

Assignees

Labels

for: stackoverflowA question that's better suited to stackoverflow.comin: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions