Skip to content

Commit 8a71786

Browse files
author
Rujun Chen
authored
Deleted authorities created by scope. (Azure#17849)
1 parent f0d71af commit 8a71786

File tree

2 files changed

+15
-17
lines changed

2 files changed

+15
-17
lines changed

sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/implementation/AzureActiveDirectoryOAuth2UserService.java

Lines changed: 7 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@
2323
import java.util.Set;
2424
import java.util.stream.Collectors;
2525

26+
import static com.azure.spring.autoconfigure.aad.Constants.DEFAULT_AUTHORITY_SET;
2627
import static com.azure.spring.autoconfigure.aad.Constants.ROLE_PREFIX;
2728

2829
/**
@@ -56,14 +57,12 @@ public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2Authenticatio
5657
.filter(properties::isAllowedGroup)
5758
.map(group -> ROLE_PREFIX + group)
5859
.collect(Collectors.toSet());
59-
Set<String> allRoles = oidcUser.getAuthorities()
60-
.stream()
61-
.map(GrantedAuthority::getAuthority)
62-
.collect(Collectors.toSet());
63-
allRoles.addAll(groupRoles);
64-
Set<SimpleGrantedAuthority> authorities = allRoles.stream()
65-
.map(SimpleGrantedAuthority::new)
66-
.collect(Collectors.toSet());
60+
Set<SimpleGrantedAuthority> authorities = groupRoles.stream()
61+
.map(SimpleGrantedAuthority::new)
62+
.collect(Collectors.toSet());
63+
if (authorities.isEmpty()) {
64+
authorities = DEFAULT_AUTHORITY_SET;
65+
}
6766
String nameAttributeKey =
6867
Optional.of(userRequest)
6968
.map(OAuth2UserRequest::getClientRegistration)

sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/autoconfigure/aad/AADOAuth2UserService.java

Lines changed: 8 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@
2727
import static com.azure.spring.autoconfigure.aad.AADOAuth2ErrorCode.CONDITIONAL_ACCESS_POLICY;
2828
import static com.azure.spring.autoconfigure.aad.AADOAuth2ErrorCode.INVALID_REQUEST;
2929
import static com.azure.spring.autoconfigure.aad.AADOAuth2ErrorCode.SERVER_SERVER;
30+
import static com.azure.spring.autoconfigure.aad.Constants.DEFAULT_AUTHORITY_SET;
3031
import static com.azure.spring.autoconfigure.aad.Constants.ROLE_PREFIX;
3132

3233
/**
@@ -49,7 +50,7 @@ public AADOAuth2UserService(AADAuthenticationProperties aadAuthenticationPropert
4950
public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
5051
// Delegate to the default implementation for loading a user
5152
OidcUser oidcUser = oidcUserService.loadUser(userRequest);
52-
final Set<SimpleGrantedAuthority> authorities;
53+
Set<SimpleGrantedAuthority> authorities;
5354
try {
5455
// https://github.com/MicrosoftDocs/azure-docs/issues/8121#issuecomment-387090099
5556
// In AAD App Registration configure oauth2AllowImplicitFlow to true
@@ -71,14 +72,12 @@ public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2Authenticatio
7172
.filter(aadAuthenticationProperties::isAllowedGroup)
7273
.map(group -> ROLE_PREFIX + group)
7374
.collect(Collectors.toSet());
74-
Set<String> allRoles = oidcUser.getAuthorities()
75-
.stream()
76-
.map(GrantedAuthority::getAuthority)
77-
.collect(Collectors.toSet());
78-
allRoles.addAll(groupRoles);
79-
authorities = allRoles.stream()
80-
.map(SimpleGrantedAuthority::new)
81-
.collect(Collectors.toSet());
75+
authorities = groupRoles.stream()
76+
.map(SimpleGrantedAuthority::new)
77+
.collect(Collectors.toSet());
78+
if (authorities.isEmpty()) {
79+
authorities = DEFAULT_AUTHORITY_SET;
80+
}
8281
} catch (MalformedURLException e) {
8382
throw toOAuth2AuthenticationException(INVALID_REQUEST, "Failed to acquire token for Graph API.", e);
8483
} catch (ServiceUnavailableException e) {

0 commit comments

Comments
 (0)