Make UserInfoTokenServices.getPrincipal protected

Update UserInfoTokenServices.getPrincipal() so that it can be overridden by subclasses to allow a custom authenticated principal to be returned from the authorized request parameters. Fixes gh-5053

Make UserInfoTokenServices.getPrincipal protected
Update UserInfoTokenServices.getPrincipal() so that it can be overridden by subclasses to allow a custom authenticated principal to be returned from the authorized request parameters. Fixes gh-5053
8542f4f4 · Sergey Pauk · Phillip Webb · b1656be3 · 8542f4f4
Commit 8542f4f4 authored Jan 30, 2016 by Sergey Pauk Committed by Phillip Webb Apr 12, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 1 deletion

UserInfoTokenServices.java ...igure/security/oauth2/resource/UserInfoTokenServices.java +7 -1

No files found.
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/UserInfoTokenServices.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/UserInfoTokenServices.java
@@ -99,7 +99,13 @@ public class UserInfoTokenServices implements ResourceServerTokenServices {
 		return new OAuth2Authentication(request, token);
 	}
-	private Object getPrincipal(Map<String, Object> map) {
+	/**
+	 * Return the principal that should be used for the token. The default implementation
+	 * looks for well know {@code user*} keys in the map.
+	 * @param map the source map
+	 * @return the principal or {@literal "unknown"}
+	 */
+	protected Object getPrincipal(Map<String, Object> map) {
 		for (String key : PRINCIPAL_KEYS) {
 			if (map.containsKey(key)) {
 				return map.get(key);