jhipster · DanielFran · Nov 30, 2023 · Nov 29, 2023
diff --git a/...lates/src/main/java/_package_/_entityPackage_/repository/_entityClass_Repository.java.ejs b/...lates/src/main/java/_package_/_entityPackage_/repository/_entityClass_Repository.java.ejs
@@ -70,7 +70,7 @@ public interface <%= entityClass %>Repository extends <% if (containsBagRelation
 <%_ for (const relationship of relationships) { _%>
   <%_ if (relationship.relationshipManyToOne && relationship.otherEntityUser && databaseTypeSql) { _%>
 
-    @Query("select <%= entityInstanceDbSafe %> from <%= persistClass %> <%= entityInstanceDbSafe %> where <%= entityInstanceDbSafe %>.<%= relationship.relationshipFieldName %>.login = <% if (authenticationTypeOauth2) { %>?#{principal.preferredUsername}<% } else { %>?#{authentication.name}<% } %>")
+    @Query("select <%= entityInstanceDbSafe %> from <%= persistClass %> <%= entityInstanceDbSafe %> where <%= entityInstanceDbSafe %>.<%= relationship.relationshipFieldName %>.login = ?#{authentication.name}")
     List<<%= persistClass %>> findBy<%= relationship.relationshipNameCapitalized %>IsCurrentUser();
   <%_ } _%>
 <%_ } _%>

diff --git a/...server/templates/src/main/java/_package_/config/SecurityConfiguration_imperative.java.ejs b/...server/templates/src/main/java/_package_/config/SecurityConfiguration_imperative.java.ejs
@@ -62,11 +62,18 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 <%_ } _%>
 <%_ if (authenticationTypeOauth2) { _%>
+import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.PREFERRED_USERNAME;
+
 import <%= packageName %>.security.oauth2.AudienceValidator;
 import <%= packageName %>.security.SecurityUtils;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
+import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
+import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
 import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
 import org.springframework.security.oauth2.core.OAuth2TokenValidator;
+import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
+import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.security.oauth2.jwt.*;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
 import org.springframework.beans.factory.annotation.Value;
@@ -261,14 +268,14 @@ public class SecurityConfiguration {
             .oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults()));
 <%_ } else if (authenticationTypeOauth2) { _%>
   <%_ if (applicationTypeMonolith) { _%>
-            .oauth2Login(withDefaults())
+            .oauth2Login(oauth2 -> oauth2.userInfoEndpoint(userInfo -> userInfo.oidcUserService(this.oidcUserService())))
   <%_ } else if (applicationTypeMicroservice) { _%>
             .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
   <%_ } _%>
             .oauth2ResourceServer(oauth2 -> oauth2
                 .jwt(jwt -> jwt
                     .jwtAuthenticationConverter(authenticationConverter())))
-            .oauth2Client();
+            .oauth2Client(withDefaults());
 <%_ } _%>
 <%_ if (devDatabaseTypeH2Any) { _%>
         if (env.acceptsProfiles(Profiles.of(JHipsterConstants.SPRING_PROFILE_DEVELOPMENT))) {
@@ -291,9 +298,20 @@ public class SecurityConfiguration {
     Converter<Jwt, AbstractAuthenticationToken> authenticationConverter() {
         JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
         jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(new JwtGrantedAuthorityConverter());
+        jwtAuthenticationConverter.setPrincipalClaimName(PREFERRED_USERNAME);
         return jwtAuthenticationConverter;
     }
+
+    OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService() {
+        final OidcUserService delegate = new OidcUserService();
+
+        return userRequest -> {
+            OidcUser oidcUser = delegate.loadUser(userRequest);
+            return new DefaultOidcUser(oidcUser.getAuthorities(), oidcUser.getIdToken(), oidcUser.getUserInfo(), PREFERRED_USERNAME);
+        };
+    }
   <%_ if (!applicationTypeMicroservice) { _%>
+
     /**
      * Map authorities from "groups" or "roles" claim in ID Token.
      *

diff --git a/...s/server/templates/src/main/java/_package_/config/SecurityConfiguration_reactive.java.ejs b/...s/server/templates/src/main/java/_package_/config/SecurityConfiguration_reactive.java.ejs
@@ -20,6 +20,8 @@ package <%= packageName %>.config;
 
 import <%= packageName %>.security.AuthoritiesConstants;
 <%_ if (authenticationTypeOauth2) { _%>
+import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.PREFERRED_USERNAME;
+
 import <%= packageName %>.security.SecurityUtils;
 import <%= packageName %>.security.oauth2.AudienceValidator;
 import <%= packageName %>.security.oauth2.JwtGrantedAuthorityConverter;
@@ -339,6 +341,7 @@ public class SecurityConfiguration {
     Converter<Jwt, Mono<AbstractAuthenticationToken>> jwtAuthenticationConverter() {
         JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
         jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(new JwtGrantedAuthorityConverter());
+        jwtAuthenticationConverter.setPrincipalClaimName(PREFERRED_USERNAME);
         return new ReactiveJwtAuthenticationConverterAdapter(jwtAuthenticationConverter);
     }
 
@@ -363,7 +366,7 @@ public class SecurityConfiguration {
                     }
                 });
 
-                return new DefaultOidcUser(mappedAuthorities, user.getIdToken(), user.getUserInfo());
+                return new DefaultOidcUser(mappedAuthorities, user.getIdToken(), user.getUserInfo(), PREFERRED_USERNAME);
             });
         };
     }