Make UserInfoTokenServices.getPrincipal protected

Update UserInfoTokenServices.getPrincipal() so that it can be overridden by subclasses to allow a custom authenticated principal to be returned from the authorized request parameters. Fixes gh-5053
10 years ago · 8542f4f481
1 changed files with 7 additions and 1 deletions
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/UserInfoTokenServices.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/UserInfoTokenServices.java
@ -99,7 +99,13 @@ public class UserInfoTokenServices implements ResourceServerTokenServices {
				@@ -99,7 +99,13 @@ public class UserInfoTokenServices implements ResourceServerTokenServices {
 		return new OAuth2Authentication(request, token);
 	}

-	private Object getPrincipal(Map<String, Object> map) {
+	/**
+	 * Return the principal that should be used for the token. The default implementation
+	 * looks for well know {@code user*} keys in the map.
+	 * @param map the source map
+	 * @return the principal or {@literal "unknown"}
+	 */
+	protected Object getPrincipal(Map<String, Object> map) {
 		for (String key : PRINCIPAL_KEYS) {
 			if (map.containsKey(key)) {
 				return map.get(key);