org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager Java Examples

@Test
public void credHubTemplatesConfiguredWithOAuth2() {
	this.context.withPropertyValues("spring.credhub.url=https://localhost",
			"spring.credhub.oauth2.registration-id=credhub-client",

			"spring.security.oauth2.client.registration.credhub-client.provider=uaa",
			"spring.security.oauth2.client.registration.credhub-client.client-id=test-client",
			"spring.security.oauth2.client.registration.credhub-client.client-secret=test-secret",
			"spring.security.oauth2.client.registration.credhub-client.authorization-grant-type=client_credentials",
			"spring.security.oauth2.client.provider.uaa.token-uri=https://example.com/uaa/oauth/token")
			.run((context) -> {
				assertThat(context).hasSingleBean(CredHubTemplate.class);
				assertThat(context).hasSingleBean(ClientRegistrationRepository.class);
				assertThat(context).hasSingleBean(OAuth2AuthorizedClientRepository.class);
				assertThat(context).doesNotHaveBean(OAuth2AuthorizedClientManager.class);
				CredHubTemplate credHubTemplate = context.getBean(CredHubTemplate.class);
				assertThat(credHubTemplate.isUsingOAuth2()).isTrue();

				assertThat(context).hasSingleBean(ReactiveCredHubTemplate.class);
				assertThat(context).hasSingleBean(ReactiveClientRegistrationRepository.class);
				assertThat(context).hasSingleBean(ServerOAuth2AuthorizedClientRepository.class);
				assertThat(context).doesNotHaveBean(ReactiveOAuth2AuthorizedClientManager.class);
				ReactiveCredHubTemplate reactiveCredHubTemplate = context.getBean(ReactiveCredHubTemplate.class);
				assertThat(reactiveCredHubTemplate.isUsingOAuth2()).isTrue();
			});
}
 

private static OAuth2AuthorizedClientManager buildClientManager(
		ClientRegistrationRepository clientRegistrationRepository,
		OAuth2AuthorizedClientRepository authorizedClientRepository,
		ClientHttpRequestFactory clientHttpRequestFactory) {

	OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
			.authorizationCode().clientCredentials(
					(b) -> b.accessTokenResponseClient(buildTokenResponseClient(clientHttpRequestFactory)))
			.build();

	DefaultOAuth2AuthorizedClientManager authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(
			clientRegistrationRepository, authorizedClientRepository);
	authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);

	return authorizedClientManager;
}
 

private OAuth2AuthorizedClientManager authorizedClientManager(
		ClientRegistrationRepository shellClientRegistrationRepository,
		OAuth2AuthorizedClientService shellAuthorizedClientService) {
	AuthorizedClientServiceOAuth2AuthorizedClientManager manager = new AuthorizedClientServiceOAuth2AuthorizedClientManager(
		shellClientRegistrationRepository, shellAuthorizedClientService);
	OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
		.password()
		.refreshToken()
		.build();
	manager.setAuthorizedClientProvider(authorizedClientProvider);
	manager.setContextAttributesMapper(request -> {
		Map<String, Object> contextAttributes = new HashMap<>();
		request.getAttributes().forEach((k, v) -> {
			if (OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME.equals(k)
					|| OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME.equals(k)) {
				contextAttributes.put(k, v);
			}
		});
		return contextAttributes;
	});
	return manager;
}
 

private ClientHttpRequestInterceptor bearerTokenResolvingInterceptor(
		OAuth2ClientProperties properties, String username, String password, String clientRegistrationId) {
	ClientRegistrationRepository shellClientRegistrationRepository = shellClientRegistrationRepository(properties);
	OAuth2AuthorizedClientService shellAuthorizedClientService = shellAuthorizedClientService(shellClientRegistrationRepository);
	OAuth2AuthorizedClientManager authorizedClientManager = authorizedClientManager(
			shellClientRegistrationRepository, shellAuthorizedClientService);

	if (properties.getRegistration() != null && properties.getRegistration().size() == 1) {
		// if we have only one, use that
		clientRegistrationId = properties.getRegistration().entrySet().iterator().next().getKey();
	}

	OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(clientRegistrationId)
			.principal(DEFAULT_PRINCIPAL)
			.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, username)
			.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, password)
			.build();

	return (request, body, execution) -> {
		OAuth2AuthorizedClient authorizedClient = authorizedClientManager.authorize(authorizeRequest);
		request.getHeaders().setBearerAuth(authorizedClient.getAccessToken().getTokenValue());
		return execution.execute(request, body);
	};
}
 

private OAuth2AuthorizedClientManager authorizedClientManager(
		ClientRegistrationRepository shellClientRegistrationRepository,
		OAuth2AuthorizedClientService shellAuthorizedClientService) {
	AuthorizedClientServiceOAuth2AuthorizedClientManager manager = new AuthorizedClientServiceOAuth2AuthorizedClientManager(
		shellClientRegistrationRepository, shellAuthorizedClientService);
	OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
		.password()
		.refreshToken()
		.build();
	manager.setAuthorizedClientProvider(authorizedClientProvider);
	manager.setContextAttributesMapper(request -> {
		Map<String, Object> contextAttributes = new HashMap<>();
		request.getAttributes().forEach((k, v) -> {
			if (OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME.equals(k)
					|| OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME.equals(k)) {
				contextAttributes.put(k, v);
			}
		});
		return contextAttributes;
	});
	return manager;
}
 

private ClientHttpRequestInterceptor bearerTokenResolvingInterceptor(
		OAuth2ClientProperties properties, String username, String password, String clientRegistrationId) {
	ClientRegistrationRepository shellClientRegistrationRepository = shellClientRegistrationRepository(properties);
	OAuth2AuthorizedClientService shellAuthorizedClientService = shellAuthorizedClientService(shellClientRegistrationRepository);
	OAuth2AuthorizedClientManager authorizedClientManager = authorizedClientManager(
			shellClientRegistrationRepository, shellAuthorizedClientService);

	if (properties.getRegistration() != null && properties.getRegistration().size() == 1) {
		// if we have only one, use that
		clientRegistrationId = properties.getRegistration().entrySet().iterator().next().getKey();
	}

	OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(clientRegistrationId)
			.principal(DEFAULT_PRINCIPAL)
			.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, username)
			.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, password)
			.build();

	return (request, body, execution) -> {
		OAuth2AuthorizedClient authorizedClient = authorizedClientManager.authorize(authorizeRequest);
		request.getHeaders().setBearerAuth(authorizedClient.getAccessToken().getTokenValue());
		return execution.execute(request, body);
	};
}
 

@Bean
WebClient webClient(OAuth2AuthorizedClientManager authorizedClientManager) {
	ServletOAuth2AuthorizedClientExchangeFilterFunction oauth2Client =
			new ServletOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
	return WebClient.builder()
			.apply(oauth2Client.oauth2Configuration())
			.build();
}
 

@Bean
WebClient webClient(OAuth2AuthorizedClientManager authorizedClientManager) {
	ServletOAuth2AuthorizedClientExchangeFilterFunction oauth2Client =
			new ServletOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
	return WebClient.builder()
			.apply(oauth2Client.oauth2Configuration())
			.build();
}
 

@Bean
public WebClient webClient(OAuth2AuthorizedClientManager authorizedClientManager) {
    ServletOAuth2AuthorizedClientExchangeFilterFunction oauth =
            new ServletOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
    return WebClient.builder()
            .filter(oauth)
            .build();
}
 

/**
 * Create the {@link CredHubTemplate} that the application will use to interact
 * with CredHub.
 * @param credHubProperties {@link CredHubProperties} for CredHub
 * @param clientOptions client connection options
 * @param clientRegistrationRepository a repository of OAuth2 client registrations
 * @param clientManager an OAuth2 authorization client manager
 * @return the {@link CredHubTemplate} bean
 */
@Bean
@ConditionalOnMissingBean
CredHubOperations credHubTemplate(CredHubProperties credHubProperties, ClientOptions clientOptions,
		ClientRegistrationRepository clientRegistrationRepository,
		OAuth2AuthorizedClientManager clientManager) {

	return new CredHubTemplateFactory().credHubTemplate(credHubProperties, clientOptions,
			clientRegistrationRepository, clientManager);
}
 

/**
 * Create a new {@link CredHubTemplate} using the provided connection properties,
 * {@link ClientHttpRequestFactory}, and OAuth2 support.
 * @param properties the CredHub connection properties; must not be {@literal null}
 * @param clientHttpRequestFactory the {@link ClientHttpRequestFactory} to use when
 * creating new connections
 * @param clientRegistrationRepository a repository of OAuth2 client registrations
 * @param clientManager an OAuth2 authorization client manager
 */
public CredHubTemplate(CredHubProperties properties, ClientHttpRequestFactory clientHttpRequestFactory,
		ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientManager clientManager) {
	Assert.notNull(properties, "properties must not be null");
	Assert.notNull(clientHttpRequestFactory, "clientHttpRequestFactory must not be null");
	Assert.notNull(clientManager, "clientManager must not be null");

	this.restTemplate = CredHubRestTemplateFactory.createRestTemplate(properties, clientHttpRequestFactory,
			clientRegistrationRepository, clientManager);
	this.usingOAuth2 = true;
}
 

/**
 * Create a {@link RestTemplate} configured for communication with a CredHub server.
 * @param properties the CredHub connection properties
 * @param clientHttpRequestFactory the {@link ClientHttpRequestFactory} to use when
 * creating new connections
 * @param clientRegistrationRepository a repository of OAuth2 client registrations
 * @param clientManager an OAuth2 authorization client manager
 * @return a configured {@link RestTemplate}
 */
static RestTemplate createRestTemplate(CredHubProperties properties,
		ClientHttpRequestFactory clientHttpRequestFactory,
		ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientManager clientManager) {
	RestTemplate restTemplate = new RestTemplate();

	configureRestTemplate(restTemplate, properties.getUrl(), clientHttpRequestFactory);
	configureOAuth2(restTemplate, properties.getOauth2().getRegistrationId(), clientRegistrationRepository,
			clientManager);

	return restTemplate;
}
 

CredHubOAuth2RequestInterceptor(ClientRegistration clientRegistration,
		OAuth2AuthorizedClientManager clientManager) {
	this.clientRegistration = clientRegistration;
	this.clientManager = clientManager;
}
 

/**
 * Configure OAuth2 features of a {@link RestTemplate}.
 * @param restTemplate an existing {@link RestTemplate} to configure
 * @param clientId the OAuth2 client ID for authentication
 * @param clientRegistrationRepository a repository of OAuth2 client registrations
 * @param clientManager an OAuth2 authorization client manager
 */
private static void configureOAuth2(RestTemplate restTemplate, String clientId,
		ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientManager clientManager) {
	ClientRegistration clientRegistration = getClientRegistration(clientRegistrationRepository, clientId);

	restTemplate.getInterceptors().add(new CredHubOAuth2RequestInterceptor(clientRegistration, clientManager));
}
 

/**
 * Create a {@link CredHubTemplate} for interaction with a CredHub server using OAuth2
 * for authentication.
 * @param credHubProperties connection properties
 * @param clientOptions connection options
 * @param clientRegistrationRepository a repository of OAuth2 client registrations
 * @param clientManager an OAuth2 authorization client manager
 * @return a {@code CredHubTemplate}
 */
public CredHubOperations credHubTemplate(CredHubProperties credHubProperties, ClientOptions clientOptions,
		ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientManager clientManager) {
	return new CredHubTemplate(credHubProperties, clientHttpRequestFactory(clientOptions),
			clientRegistrationRepository, clientManager);
}