org.springframework.security.oauth2.client.registration.ClientRegistrationRepository Java Examples

@Bean
public ClientRegistrationRepository clientRegistrationRepository() {
    ClientRegistration registration = new ClientRegistration.Builder(properties.getClientId())
        .authorizationUri(properties.getAuthorizationUri())
        .clientSecret(properties.getClientSecret())
        .tokenUri(properties.getTokenUri())
        .redirectUri(properties.getRedirectUri())
        .scope(properties.getScopes().split(","))
        .clientName(properties.getClientName())
        .clientAlias(properties.getClientAlias())
        .jwkSetUri(properties.getJwkSetUri())
        .authorizationGrantType(properties.getAuthorizedGrantType())
        .userInfoUri(properties.getUserInfoUri())
        .build();

    return new InMemoryClientRegistrationRepository(Arrays.asList(registration));
}
 

@Test
public void credHubTemplatesConfiguredWithOAuth2() {
	this.context.withPropertyValues("spring.credhub.url=https://localhost",
			"spring.credhub.oauth2.registration-id=credhub-client",

			"spring.security.oauth2.client.registration.credhub-client.provider=uaa",
			"spring.security.oauth2.client.registration.credhub-client.client-id=test-client",
			"spring.security.oauth2.client.registration.credhub-client.client-secret=test-secret",
			"spring.security.oauth2.client.registration.credhub-client.authorization-grant-type=client_credentials",
			"spring.security.oauth2.client.provider.uaa.token-uri=https://example.com/uaa/oauth/token")
			.run((context) -> {
				assertThat(context).hasSingleBean(CredHubTemplate.class);
				assertThat(context).hasSingleBean(ClientRegistrationRepository.class);
				assertThat(context).hasSingleBean(OAuth2AuthorizedClientRepository.class);
				assertThat(context).doesNotHaveBean(OAuth2AuthorizedClientManager.class);
				CredHubTemplate credHubTemplate = context.getBean(CredHubTemplate.class);
				assertThat(credHubTemplate.isUsingOAuth2()).isTrue();

				assertThat(context).hasSingleBean(ReactiveCredHubTemplate.class);
				assertThat(context).hasSingleBean(ReactiveClientRegistrationRepository.class);
				assertThat(context).hasSingleBean(ServerOAuth2AuthorizedClientRepository.class);
				assertThat(context).doesNotHaveBean(ReactiveOAuth2AuthorizedClientManager.class);
				ReactiveCredHubTemplate reactiveCredHubTemplate = context.getBean(ReactiveCredHubTemplate.class);
				assertThat(reactiveCredHubTemplate.isUsingOAuth2()).isTrue();
			});
}
 

private ClientHttpRequestInterceptor bearerTokenResolvingInterceptor(
		OAuth2ClientProperties properties, String username, String password, String clientRegistrationId) {
	ClientRegistrationRepository shellClientRegistrationRepository = shellClientRegistrationRepository(properties);
	OAuth2AuthorizedClientService shellAuthorizedClientService = shellAuthorizedClientService(shellClientRegistrationRepository);
	OAuth2AuthorizedClientManager authorizedClientManager = authorizedClientManager(
			shellClientRegistrationRepository, shellAuthorizedClientService);

	if (properties.getRegistration() != null && properties.getRegistration().size() == 1) {
		// if we have only one, use that
		clientRegistrationId = properties.getRegistration().entrySet().iterator().next().getKey();
	}

	OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(clientRegistrationId)
			.principal(DEFAULT_PRINCIPAL)
			.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, username)
			.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, password)
			.build();

	return (request, body, execution) -> {
		OAuth2AuthorizedClient authorizedClient = authorizedClientManager.authorize(authorizeRequest);
		request.getHeaders().setBearerAuth(authorizedClient.getAccessToken().getTokenValue());
		return execution.execute(request, body);
	};
}
 

private OAuth2AuthorizedClientManager authorizedClientManager(
		ClientRegistrationRepository shellClientRegistrationRepository,
		OAuth2AuthorizedClientService shellAuthorizedClientService) {
	AuthorizedClientServiceOAuth2AuthorizedClientManager manager = new AuthorizedClientServiceOAuth2AuthorizedClientManager(
		shellClientRegistrationRepository, shellAuthorizedClientService);
	OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
		.password()
		.refreshToken()
		.build();
	manager.setAuthorizedClientProvider(authorizedClientProvider);
	manager.setContextAttributesMapper(request -> {
		Map<String, Object> contextAttributes = new HashMap<>();
		request.getAttributes().forEach((k, v) -> {
			if (OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME.equals(k)
					|| OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME.equals(k)) {
				contextAttributes.put(k, v);
			}
		});
		return contextAttributes;
	});
	return manager;
}
 

private ClientHttpRequestInterceptor clientCredentialsTokenResolvingInterceptor(
		ClientRegistration clientRegistration, ClientRegistrationRepository clientRegistrationRepository,
		String clientId) {
	Authentication principal = createAuthentication(clientId);
	OAuth2AuthorizedClientService authorizedClientService = new InMemoryOAuth2AuthorizedClientService(
			clientRegistrationRepository);
	AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientManager = new AuthorizedClientServiceOAuth2AuthorizedClientManager(
			clientRegistrationRepository, authorizedClientService);
	OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
			.clientCredentials().build();
	authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);

	OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest
			.withClientRegistrationId(DEFAULT_REGISTRATION_ID).principal(principal).build();

	return (request, body, execution) -> {
		OAuth2AuthorizedClient authorizedClient = authorizedClientManager.authorize(authorizeRequest);
		request.getHeaders().setBearerAuth(authorizedClient.getAccessToken().getTokenValue());
		return execution.execute(request, body);
	};
}
 

private ClientHttpRequestInterceptor bearerTokenResolvingInterceptor(
		OAuth2ClientProperties properties, String username, String password, String clientRegistrationId) {
	ClientRegistrationRepository shellClientRegistrationRepository = shellClientRegistrationRepository(properties);
	OAuth2AuthorizedClientService shellAuthorizedClientService = shellAuthorizedClientService(shellClientRegistrationRepository);
	OAuth2AuthorizedClientManager authorizedClientManager = authorizedClientManager(
			shellClientRegistrationRepository, shellAuthorizedClientService);

	if (properties.getRegistration() != null && properties.getRegistration().size() == 1) {
		// if we have only one, use that
		clientRegistrationId = properties.getRegistration().entrySet().iterator().next().getKey();
	}

	OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(clientRegistrationId)
			.principal(DEFAULT_PRINCIPAL)
			.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, username)
			.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, password)
			.build();

	return (request, body, execution) -> {
		OAuth2AuthorizedClient authorizedClient = authorizedClientManager.authorize(authorizeRequest);
		request.getHeaders().setBearerAuth(authorizedClient.getAccessToken().getTokenValue());
		return execution.execute(request, body);
	};
}
 

private OAuth2AuthorizedClientManager authorizedClientManager(
		ClientRegistrationRepository shellClientRegistrationRepository,
		OAuth2AuthorizedClientService shellAuthorizedClientService) {
	AuthorizedClientServiceOAuth2AuthorizedClientManager manager = new AuthorizedClientServiceOAuth2AuthorizedClientManager(
		shellClientRegistrationRepository, shellAuthorizedClientService);
	OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
		.password()
		.refreshToken()
		.build();
	manager.setAuthorizedClientProvider(authorizedClientProvider);
	manager.setContextAttributesMapper(request -> {
		Map<String, Object> contextAttributes = new HashMap<>();
		request.getAttributes().forEach((k, v) -> {
			if (OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME.equals(k)
					|| OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME.equals(k)) {
				contextAttributes.put(k, v);
			}
		});
		return contextAttributes;
	});
	return manager;
}
 

private static OAuth2AuthorizedClientManager buildClientManager(
		ClientRegistrationRepository clientRegistrationRepository,
		OAuth2AuthorizedClientRepository authorizedClientRepository,
		ClientHttpRequestFactory clientHttpRequestFactory) {

	OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
			.authorizationCode().clientCredentials(
					(b) -> b.accessTokenResponseClient(buildTokenResponseClient(clientHttpRequestFactory)))
			.build();

	DefaultOAuth2AuthorizedClientManager authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(
			clientRegistrationRepository, authorizedClientRepository);
	authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);

	return authorizedClientManager;
}
 

@Bean
public ClientRegistrationRepository clientRegistrationRepository() {
    ClientRegistration registration = new ClientRegistration.Builder(properties.getClientId())
            .authorizationUri(properties.getAuthorizationUri())
            .clientSecret(properties.getClientSecret())
            .tokenUri(properties.getTokenUri())
            .redirectUri(properties.getRedirectUri())
            .scope(properties.getScopes().split(","))
            .clientName(properties.getClientName())
            .clientAlias(properties.getClientAlias())
            .authorizationGrantType(properties.getAuthorizedGrantType())
            .userInfoUri(properties.getUserInfoUri())
            .clientAuthenticationMethod(new ClientAuthenticationMethod("get"))
            .build();

    return new InMemoryClientRegistrationRepository(Arrays.asList(registration));
}
 

@Bean
WebClient webClient(ClientRegistrationRepository clientRegistrationRepository,
		OAuth2AuthorizedClientRepository authorizedClientRepository) {
	ServletOAuth2AuthorizedClientExchangeFilterFunction oauth2 = new ServletOAuth2AuthorizedClientExchangeFilterFunction(
			clientRegistrationRepository, authorizedClientRepository);
	oauth2.setDefaultOAuth2AuthorizedClient(true);
	return WebClient.builder().apply(oauth2.oauth2Configuration()).build();
}
 

@Test
public void credHubTemplatesConfiguredWithOAuth2AndCustomClientManager() {
	this.context.withPropertyValues("spring.credhub.url=https://localhost",
			"spring.credhub.oauth2.registration-id=credhub-client",

			"spring.security.oauth2.client.registration.credhub-client.provider=uaa",
			"spring.security.oauth2.client.registration.credhub-client.client-id=test-client",
			"spring.security.oauth2.client.registration.credhub-client.client-secret=test-secret",
			"spring.security.oauth2.client.registration.credhub-client.authorization-grant-type=client_credentials",
			"spring.security.oauth2.client.provider.uaa.token-uri=https://example.com/uaa/oauth/token")
			.withUserConfiguration(ClientManagerConfiguration.class).run((context) -> {
				assertThat(context).hasSingleBean(CredHubTemplate.class);
				assertThat(context).hasSingleBean(ClientRegistrationRepository.class);
				assertThat(context).hasSingleBean(OAuth2AuthorizedClientRepository.class);
				assertThat(context).hasSingleBean(AuthorizedClientServiceOAuth2AuthorizedClientManager.class);
				CredHubTemplate credHubTemplate = context.getBean(CredHubTemplate.class);
				assertThat(credHubTemplate.isUsingOAuth2()).isTrue();

				assertThat(context).hasSingleBean(ReactiveCredHubTemplate.class);
				assertThat(context).hasSingleBean(ReactiveClientRegistrationRepository.class);
				assertThat(context).hasSingleBean(ServerOAuth2AuthorizedClientRepository.class);
				assertThat(context)
						.hasSingleBean(AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.class);
				ReactiveCredHubTemplate reactiveCredHubTemplate = context.getBean(ReactiveCredHubTemplate.class);
				assertThat(reactiveCredHubTemplate.isUsingOAuth2()).isTrue();
			});
}
 

@Bean
AuthorizedClientServiceOAuth2AuthorizedClientManager clientManager(OAuth2ClientProperties properties) {
	List<ClientRegistration> registrations = new ArrayList<>(
			OAuth2ClientPropertiesRegistrationAdapter.getClientRegistrations(properties).values());
	ClientRegistrationRepository clientRegistrationRepository = new InMemoryClientRegistrationRepository(
			registrations);
	OAuth2AuthorizedClientService authorizedClientService = new InMemoryOAuth2AuthorizedClientService(
			clientRegistrationRepository);
	return new AuthorizedClientServiceOAuth2AuthorizedClientManager(clientRegistrationRepository,
			authorizedClientService);
}
 

/**
 * Create a new {@link CredHubTemplate} using the provided connection properties,
 * {@link ClientHttpRequestFactory}, and OAuth2 support.
 * @param properties the CredHub connection properties; must not be {@literal null}
 * @param clientHttpRequestFactory the {@link ClientHttpRequestFactory} to use when
 * creating new connections
 * @param clientRegistrationRepository a repository of OAuth2 client registrations
 * @param authorizedClientRepository a repository of authorized OAuth2 clients
 */
public CredHubTemplate(CredHubProperties properties, ClientHttpRequestFactory clientHttpRequestFactory,
		ClientRegistrationRepository clientRegistrationRepository,
		OAuth2AuthorizedClientRepository authorizedClientRepository) {
	Assert.notNull(properties, "properties must not be null");
	Assert.notNull(clientHttpRequestFactory, "clientHttpRequestFactory must not be null");
	Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository must not be null");

	this.restTemplate = CredHubRestTemplateFactory.createRestTemplate(properties, clientHttpRequestFactory,
			clientRegistrationRepository, authorizedClientRepository);
	this.usingOAuth2 = true;
}
 

/**
 * Create a new {@link CredHubTemplate} using the provided connection properties,
 * {@link ClientHttpRequestFactory}, and OAuth2 support.
 * @param properties the CredHub connection properties; must not be {@literal null}
 * @param clientHttpRequestFactory the {@link ClientHttpRequestFactory} to use when
 * creating new connections
 * @param clientRegistrationRepository a repository of OAuth2 client registrations
 * @param clientManager an OAuth2 authorization client manager
 */
public CredHubTemplate(CredHubProperties properties, ClientHttpRequestFactory clientHttpRequestFactory,
		ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientManager clientManager) {
	Assert.notNull(properties, "properties must not be null");
	Assert.notNull(clientHttpRequestFactory, "clientHttpRequestFactory must not be null");
	Assert.notNull(clientManager, "clientManager must not be null");

	this.restTemplate = CredHubRestTemplateFactory.createRestTemplate(properties, clientHttpRequestFactory,
			clientRegistrationRepository, clientManager);
	this.usingOAuth2 = true;
}
 

/**
 * Create a {@link RestTemplate} configured for communication with a CredHub server.
 * @param properties the CredHub connection properties
 * @param clientHttpRequestFactory the {@link ClientHttpRequestFactory} to use when
 * creating new connections
 * @param clientRegistrationRepository a repository of OAuth2 client registrations
 * @param clientManager an OAuth2 authorization client manager
 * @return a configured {@link RestTemplate}
 */
static RestTemplate createRestTemplate(CredHubProperties properties,
		ClientHttpRequestFactory clientHttpRequestFactory,
		ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientManager clientManager) {
	RestTemplate restTemplate = new RestTemplate();

	configureRestTemplate(restTemplate, properties.getUrl(), clientHttpRequestFactory);
	configureOAuth2(restTemplate, properties.getOauth2().getRegistrationId(), clientRegistrationRepository,
			clientManager);

	return restTemplate;
}
 

private static ClientRegistration getClientRegistration(ClientRegistrationRepository clientRegistrationRepository,
		String clientId) {
	ClientRegistration clientRegistration = clientRegistrationRepository.findByRegistrationId(clientId);

	if (clientRegistration == null) {
		throw new IllegalStateException("The CredHub OAuth2 client registration ID '" + clientId
				+ "' is not a valid Spring Security OAuth2 client registration");
	}

	return clientRegistration;
}
 

/**
 * Create a {@link RestTemplate} configured for communication with a CredHub server.
 * @param properties the CredHub connection properties
 * @param clientHttpRequestFactory the {@link ClientHttpRequestFactory} to use when
 * creating new connections
 * @param clientRegistrationRepository a repository of OAuth2 client registrations
 * @param authorizedClientRepository a repository of authorized OAuth2 clients
 * @return a configured {@link RestTemplate}
 */
static RestTemplate createRestTemplate(CredHubProperties properties,
		ClientHttpRequestFactory clientHttpRequestFactory,
		ClientRegistrationRepository clientRegistrationRepository,
		OAuth2AuthorizedClientRepository authorizedClientRepository) {
	RestTemplate restTemplate = new RestTemplate();

	configureRestTemplate(restTemplate, properties.getUrl(), clientHttpRequestFactory);
	configureOAuth2(restTemplate, properties.getOauth2().getRegistrationId(), clientRegistrationRepository,
			buildClientManager(clientRegistrationRepository, authorizedClientRepository, clientHttpRequestFactory));

	return restTemplate;
}
 

@Bean
WebClient webClient(ClientRegistrationRepository clientRegistrationRepository,
		OAuth2AuthorizedClientRepository authorizedClientRepository) {
	ServletOAuth2AuthorizedClientExchangeFilterFunction oauth2 = new ServletOAuth2AuthorizedClientExchangeFilterFunction(
			clientRegistrationRepository, authorizedClientRepository);
	oauth2.setDefaultOAuth2AuthorizedClient(true);
	return WebClient.builder().apply(oauth2.oauth2Configuration()).build();
}
 

public UaaAuthorizationHeaderUtil(ClientRegistrationRepository clientRegistrationRepository,
                                  OAuth2AuthorizedClientService clientRegistrationService,
                                  RestTemplate uaaRestTemplate) {
    this.uaaRestTemplate = uaaRestTemplate;
    this.clientRegistrationRepository = clientRegistrationRepository;
    this.clientRegistrationService = clientRegistrationService;
}
 

public ClientRegistrationRepository clientRegistrationRepository() {
    List<ClientRegistration> registrations = clients.stream()
        .map(c -> getRegistration(c))
        .filter(registration -> registration != null)
        .collect(Collectors.toList());

    return new InMemoryClientRegistrationRepository(registrations);
}
 

public ClientRegistrationRepository clientRegistrationRepository() {
    List<ClientRegistration> registrations = clients.stream()
        .map(c -> getRegistration(c))
        .filter(registration -> registration != null)
        .collect(Collectors.toList());

    return new InMemoryClientRegistrationRepository(registrations);
}
 

/**
 * Create a {@code ClientRegistrationRepository} bean for use with an OAuth2-enabled
 * {@code CredHubTemplate}.
 * @return the {@code ClientRegistrationRepository}
 */
@Bean
@ConditionalOnMissingBean
@ConditionalOnClass(name = "javax.servlet.http.HttpServletRequest")
public ClientRegistrationRepository credHubClientRegistrationRepository() {
	List<ClientRegistration> registrations = new ArrayList<>(
			OAuth2ClientPropertiesRegistrationAdapter.getClientRegistrations(this.properties).values());
	return new InMemoryClientRegistrationRepository(registrations);
}
 

/**
 * Create the {@link CredHubTemplate} that the application will use to interact
 * with CredHub.
 * @param credHubProperties {@link CredHubProperties} for CredHub
 * @param clientOptions client connection options
 * @param clientRegistrationRepository a repository of OAuth2 client registrations
 * @param clientManager an OAuth2 authorization client manager
 * @return the {@link CredHubTemplate} bean
 */
@Bean
@ConditionalOnMissingBean
CredHubOperations credHubTemplate(CredHubProperties credHubProperties, ClientOptions clientOptions,
		ClientRegistrationRepository clientRegistrationRepository,
		OAuth2AuthorizedClientManager clientManager) {

	return new CredHubTemplateFactory().credHubTemplate(credHubProperties, clientOptions,
			clientRegistrationRepository, clientManager);
}
 

/**
 * Create an {@code OAuth2AuthorizedClientRepository} bean for use with an
 * OAuth2-enabled {@code CredHubTemplate}.
 * @param clientRegistrationRepository a {@code ClientRegistrationRepository}
 * @return the {@code OAuth2AuthorizedClientRepository}
 */
@Bean
@ConditionalOnMissingBean
@ConditionalOnClass(name = "javax.servlet.http.HttpServletRequest")
public OAuth2AuthorizedClientRepository credHubAuthorizedClientRepository(
		ClientRegistrationRepository clientRegistrationRepository) {
	return new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(
			new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository));
}
 

/**
 * Create the {@link CredHubTemplate} that the application will use to interact
 * with CredHub.
 * @param credHubProperties {@link CredHubProperties} for CredHub
 * @param clientOptions client connection options
 * @param clientRegistrationRepository a repository of OAuth2 client registrations
 * @param authorizedClientRepository a repository of authorized OAuth2 clients
 * @return the {@link CredHubOperations} bean
 */
@Bean
@ConditionalOnMissingBean
CredHubOperations credHubTemplate(CredHubProperties credHubProperties, ClientOptions clientOptions,
		ClientRegistrationRepository clientRegistrationRepository,
		OAuth2AuthorizedClientRepository authorizedClientRepository) {

	return new CredHubTemplateFactory().credHubTemplate(credHubProperties, clientOptions,
			clientRegistrationRepository, authorizedClientRepository);
}
 

@Bean
public AuthorizedClientServiceOAuth2AuthorizedClientManager reactiveClientManager(
		ClientRegistrationRepository clientRegistrationRepository,
		OAuth2AuthorizedClientService authorizedClientService) {
	AuthorizedClientServiceOAuth2AuthorizedClientManager clientManager = new AuthorizedClientServiceOAuth2AuthorizedClientManager(
			clientRegistrationRepository, authorizedClientService);
	clientManager.setAuthorizedClientProvider(new ClientCredentialsOAuth2AuthorizedClientProvider());
	return clientManager;
}
 

@Bean
public WebClient webClient(ClientRegistrationRepository clientRegistrationRepository,
							OAuth2AuthorizedClientRepository authorizedClientRepository) {
	ServletOAuth2AuthorizedClientExchangeFilterFunction oauth2 = new ServletOAuth2AuthorizedClientExchangeFilterFunction(
			clientRegistrationRepository, authorizedClientRepository);
	return WebClient.builder()
			.apply(oauth2.oauth2Configuration())
			.build();
}
 

private ClientRegistrationRepository shellClientRegistrationRepository(OAuth2ClientProperties properties) {
	List<ClientRegistration> registrations = new ArrayList<>(
			OAuth2ClientPropertiesRegistrationAdapter.getClientRegistrations(properties).values());
	return new InMemoryClientRegistrationRepository(registrations);
}
 

@Bean
public OAuth2AuthorizedClientService authorizedClientService(ClientRegistrationRepository repository) {
    return new InMemoryOAuth2AuthorizedClientService(repository);
}
 

private OAuth2AuthorizedClientService shellAuthorizedClientService(ClientRegistrationRepository shellClientRegistrationRepository) {
	return new InMemoryOAuth2AuthorizedClientService(shellClientRegistrationRepository);
}