org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository Java Examples

@Test
public void credHubTemplatesConfiguredWithOAuth2() {
	this.context.withPropertyValues("spring.credhub.url=https://localhost",
			"spring.credhub.oauth2.registration-id=credhub-client",

			"spring.security.oauth2.client.registration.credhub-client.provider=uaa",
			"spring.security.oauth2.client.registration.credhub-client.client-id=test-client",
			"spring.security.oauth2.client.registration.credhub-client.client-secret=test-secret",
			"spring.security.oauth2.client.registration.credhub-client.authorization-grant-type=client_credentials",
			"spring.security.oauth2.client.provider.uaa.token-uri=https://example.com/uaa/oauth/token")
			.run((context) -> {
				assertThat(context).hasSingleBean(CredHubTemplate.class);
				assertThat(context).hasSingleBean(ClientRegistrationRepository.class);
				assertThat(context).hasSingleBean(OAuth2AuthorizedClientRepository.class);
				assertThat(context).doesNotHaveBean(OAuth2AuthorizedClientManager.class);
				CredHubTemplate credHubTemplate = context.getBean(CredHubTemplate.class);
				assertThat(credHubTemplate.isUsingOAuth2()).isTrue();

				assertThat(context).hasSingleBean(ReactiveCredHubTemplate.class);
				assertThat(context).hasSingleBean(ReactiveClientRegistrationRepository.class);
				assertThat(context).hasSingleBean(ServerOAuth2AuthorizedClientRepository.class);
				assertThat(context).doesNotHaveBean(ReactiveOAuth2AuthorizedClientManager.class);
				ReactiveCredHubTemplate reactiveCredHubTemplate = context.getBean(ReactiveCredHubTemplate.class);
				assertThat(reactiveCredHubTemplate.isUsingOAuth2()).isTrue();
			});
}
 

private static DefaultReactiveOAuth2AuthorizedClientManager buildClientManager(
		ReactiveClientRegistrationRepository clientRegistrationRepository,
		ServerOAuth2AuthorizedClientRepository authorizedClientRepository,
		ReactiveOAuth2AuthorizedClientProvider clientProvider) {
	DefaultReactiveOAuth2AuthorizedClientManager clientManager = new DefaultReactiveOAuth2AuthorizedClientManager(
			clientRegistrationRepository, authorizedClientRepository);
	clientManager.setAuthorizedClientProvider(clientProvider);
	return clientManager;
}
 

@Bean
public WebClient webClient(ReactiveClientRegistrationRepository clientRegistrationRepo, ServerOAuth2AuthorizedClientRepository authorizedClientRepo) {
    ServerOAuth2AuthorizedClientExchangeFilterFunction filter = new ServerOAuth2AuthorizedClientExchangeFilterFunction(clientRegistrationRepo, authorizedClientRepo);
    return WebClient.builder()
        .filter(filter)
        .build();
}
 

@Bean
WebClient webClientForAuthorized(ReactiveClientRegistrationRepository clientRegistrations, ServerOAuth2AuthorizedClientRepository authorizedClients) {
    ServerOAuth2AuthorizedClientExchangeFilterFunction oauth = new ServerOAuth2AuthorizedClientExchangeFilterFunction(clientRegistrations, authorizedClients);
    return WebClient.builder()
        .filter(oauth)
        .build();
}
 

@Bean
WebClient otherWebClient(ReactiveClientRegistrationRepository clientRegistrations, ServerOAuth2AuthorizedClientRepository authorizedClients) {
    ServerOAuth2AuthorizedClientExchangeFilterFunction oauth = new ServerOAuth2AuthorizedClientExchangeFilterFunction(clientRegistrations, authorizedClients);
    return WebClient.builder()
        .filter(oauth)
        .build();
}
 

@Bean
@Primary
WebClient webClientForAuthorized(ReactiveClientRegistrationRepository clientRegistrations, ServerOAuth2AuthorizedClientRepository authorizedClients) {
    ServerOAuth2AuthorizedClientExchangeFilterFunction oauth = new ServerOAuth2AuthorizedClientExchangeFilterFunction(clientRegistrations, authorizedClients);
    oauth.setDefaultOAuth2AuthorizedClient(true);
    return WebClient.builder()
        .filter(oauth)
        .build();
}
 

public static void forLogin(
        final ServerHttpSecurity http,
        final AMType amType,
        final ApplicationContext ctx) {

    ReactiveClientRegistrationRepository clientRegistrationRepository =
            ctx.getBean(ReactiveClientRegistrationRepository.class);

    ReactiveOAuth2AuthorizedClientService authorizedClientService =
            new InMemoryReactiveOAuth2AuthorizedClientService(clientRegistrationRepository);
    ServerOAuth2AuthorizedClientRepository authorizedClientRepository =
            new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(authorizedClientService);

    OAuth2AuthorizationRequestRedirectWebFilter authRequestRedirectFilter =
            new OAuth2AuthorizationRequestRedirectWebFilter(clientRegistrationRepository);

    AuthenticationWebFilter authenticationFilter =
            new OAuth2LoginAuthenticationWebFilter(authenticationManager(amType), authorizedClientRepository);
    authenticationFilter.setRequiresAuthenticationMatcher(
            new PathPatternParserServerWebExchangeMatcher("/login/oauth2/code/{registrationId}"));
    authenticationFilter.setServerAuthenticationConverter(
            new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(clientRegistrationRepository));
    authenticationFilter.setAuthenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler());
    authenticationFilter.setAuthenticationFailureHandler((exchange, ex) -> Mono.error(ex));
    authenticationFilter.setSecurityContextRepository(new WebSessionServerSecurityContextRepository());

    MediaTypeServerWebExchangeMatcher htmlMatcher = new MediaTypeServerWebExchangeMatcher(MediaType.TEXT_HTML);
    htmlMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
    ServerAuthenticationEntryPoint entrypoint =
            new RedirectServerAuthenticationEntryPoint("/oauth2/authorization/" + amType.name());
    http.exceptionHandling().authenticationEntryPoint(new DelegateEntry(htmlMatcher, entrypoint).getEntryPoint());

    http.addFilterAt(authRequestRedirectFilter, SecurityWebFiltersOrder.HTTP_BASIC);
    http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.AUTHENTICATION);
}
 

@Before
public void init() {
	repository = mock(ServerOAuth2AuthorizedClientRepository.class);
	request = MockServerHttpRequest.get("/hello").build();
	mockExchange = MockServerWebExchange.from(request);
	filterChain = mock(GatewayFilterChain.class);
	when(filterChain.filter(any(ServerWebExchange.class))).thenReturn(Mono.empty());
	filter = new TokenRelayGatewayFilterFactory(repository).apply();
}
 

@Bean
WebClient tokenAugmentingWebClient(final ReactiveClientRegistrationRepository clientRegistrationRepository,
								   final ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
	return WebClient.builder()
		.filter(new ServerOAuth2AuthorizedClientExchangeFilterFunction(clientRegistrationRepository, authorizedClientRepository))
		.build();
}
 

/**
 * Create a {@link WebClient} configured for communication with a CredHub server.
 * @param properties the CredHub connection properties
 * @param clientHttpConnector the {@link ClientHttpConnector} to use when creating new
 * connections
 * @param clientRegistrationRepository a repository of OAuth2 client registrations
 * @param authorizedClientRepository a repository of OAuth2 authorized clients
 * @return a configured {@link WebClient}
 */
static WebClient createWebClient(CredHubProperties properties, ClientHttpConnector clientHttpConnector,
		ReactiveClientRegistrationRepository clientRegistrationRepository,
		ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
	ReactiveOAuth2AuthorizedClientProvider clientProvider = buildClientProvider(clientHttpConnector);

	DefaultReactiveOAuth2AuthorizedClientManager defaultClientManager = buildClientManager(
			clientRegistrationRepository, authorizedClientRepository, clientProvider);

	return createWebClient(properties, clientHttpConnector, defaultClientManager);
}
 

/**
 * Create a new {@link ReactiveCredHubTemplate} using the provided base URI and
 * {@link ClientHttpRequestFactory}.
 * @param credHubProperties connection properties for the CredHub server
 * @param clientHttpConnector the {@link ClientHttpConnector} to use when creating new
 * connections
 * @param clientRegistrationRepository a repository of OAuth2 client registrations
 * @param authorizedClientRepository a repository of authorized OAuth2 clients
 */
public ReactiveCredHubTemplate(CredHubProperties credHubProperties, ClientHttpConnector clientHttpConnector,
		ReactiveClientRegistrationRepository clientRegistrationRepository,
		ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
	Assert.notNull(credHubProperties, "credHubProperties must not be null");
	Assert.notNull(clientHttpConnector, "clientHttpConnector must not be null");
	Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository must not be null");
	Assert.notNull(authorizedClientRepository, "authorizedClientRepository must not be null");

	this.webClient = CredHubWebClientFactory.createWebClient(credHubProperties, clientHttpConnector,
			clientRegistrationRepository, authorizedClientRepository);
	this.usingOAuth2 = true;
}
 

@Test
public void credHubTemplatesConfiguredWithOAuth2AndCustomClientManager() {
	this.context.withPropertyValues("spring.credhub.url=https://localhost",
			"spring.credhub.oauth2.registration-id=credhub-client",

			"spring.security.oauth2.client.registration.credhub-client.provider=uaa",
			"spring.security.oauth2.client.registration.credhub-client.client-id=test-client",
			"spring.security.oauth2.client.registration.credhub-client.client-secret=test-secret",
			"spring.security.oauth2.client.registration.credhub-client.authorization-grant-type=client_credentials",
			"spring.security.oauth2.client.provider.uaa.token-uri=https://example.com/uaa/oauth/token")
			.withUserConfiguration(ClientManagerConfiguration.class).run((context) -> {
				assertThat(context).hasSingleBean(CredHubTemplate.class);
				assertThat(context).hasSingleBean(ClientRegistrationRepository.class);
				assertThat(context).hasSingleBean(OAuth2AuthorizedClientRepository.class);
				assertThat(context).hasSingleBean(AuthorizedClientServiceOAuth2AuthorizedClientManager.class);
				CredHubTemplate credHubTemplate = context.getBean(CredHubTemplate.class);
				assertThat(credHubTemplate.isUsingOAuth2()).isTrue();

				assertThat(context).hasSingleBean(ReactiveCredHubTemplate.class);
				assertThat(context).hasSingleBean(ReactiveClientRegistrationRepository.class);
				assertThat(context).hasSingleBean(ServerOAuth2AuthorizedClientRepository.class);
				assertThat(context)
						.hasSingleBean(AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.class);
				ReactiveCredHubTemplate reactiveCredHubTemplate = context.getBean(ReactiveCredHubTemplate.class);
				assertThat(reactiveCredHubTemplate.isUsingOAuth2()).isTrue();
			});
}
 

/**
 * Create the {@link ReactiveCredHubTemplate} that the application will use to
 * interact with CredHub.
 * @param credHubProperties {@link CredHubProperties} for CredHub
 * @param clientOptions client connection options
 * @param clientRegistrationRepository a repository of OAuth2 client registrations
 * @param authorizedClientRepository a repository of OAuth2 authorized clients
 * @return the {@link CredHubTemplate} bean
 */
@Bean
@ConditionalOnMissingBean
ReactiveCredHubOperations reactiveCredHubTemplate(CredHubProperties credHubProperties,
		ClientOptions clientOptions, ReactiveClientRegistrationRepository clientRegistrationRepository,
		ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {

	return new CredHubTemplateFactory().reactiveCredHubTemplate(credHubProperties, clientOptions,
			clientRegistrationRepository, authorizedClientRepository);
}
 

/**
 * Create a {@code ServerOAuth2AuthorizedClientRepository} bean for use with an
 * OAuth2-enabled {@code ReactiveCredHubTemplate}, to override the default provided by
 * {@link ReactiveOAuth2ClientAutoConfiguration}.
 * @return the {@code ServerOAuth2AuthorizedClientRepository}
 */
@Bean
@ConditionalOnMissingBean
@ConditionalOnClass(name = "org.springframework.web.reactive.function.client.WebClient")
public ServerOAuth2AuthorizedClientRepository credHubReactiveAuthorizedClientRepository() {
	return new UnAuthenticatedServerOAuth2AuthorizedClientRepository();
}
 

public TokenRelayGatewayFilterFactory(
		ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
	super(Object.class);
	this.authorizedClientRepository = authorizedClientRepository;
}
 

@Bean
public TokenRelayGatewayFilterFactory tokenRelayGatewayFilterFactory(
		ServerOAuth2AuthorizedClientRepository repository) {
	return new TokenRelayGatewayFilterFactory(repository);
}
 

/**
 * Create a {@link ReactiveCredHubTemplate} for interaction with a CredHub server
 * using OAuth2 for authentication.
 * @param credHubProperties connection properties
 * @param clientOptions connection options
 * @param clientRegistrationRepository a repository of OAuth2 client registrations
 * @param authorizedClientRepository a repository of OAuth2 client authorizations
 * @return a {@code ReactiveCredHubTemplate}
 */
public ReactiveCredHubOperations reactiveCredHubTemplate(CredHubProperties credHubProperties,
		ClientOptions clientOptions, ReactiveClientRegistrationRepository clientRegistrationRepository,
		ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
	return new ReactiveCredHubTemplate(credHubProperties, clientHttpConnector(clientOptions),
			clientRegistrationRepository, authorizedClientRepository);
}