From 14b6bd4f563d7a44532ed56fefaf94a01fdedb05 Mon Sep 17 00:00:00 2001 From: Steve Riesenberg <5248162+sjohnr@users.noreply.github.com> Date: Tue, 15 Oct 2024 15:02:10 -0500 Subject: [PATCH] Add PrincipalResolver to RestClient sample Closes gh-328 --- .../java/oauth2/restclient/README.adoc | 8 +++ ...ntRegistrationIdResolverConfiguration.java | 6 +- .../PrincipalResolverConfiguration.java | 72 +++++++++++++++++++ .../java/example/RestClientConfiguration.java | 20 +++++- 4 files changed, 101 insertions(+), 5 deletions(-) create mode 100644 servlet/spring-boot/java/oauth2/restclient/src/main/java/example/PrincipalResolverConfiguration.java diff --git a/servlet/spring-boot/java/oauth2/restclient/README.adoc b/servlet/spring-boot/java/oauth2/restclient/README.adoc index c8ad1c7..b98b0d5 100644 --- a/servlet/spring-boot/java/oauth2/restclient/README.adoc +++ b/servlet/spring-boot/java/oauth2/restclient/README.adoc @@ -60,6 +60,14 @@ Activate one of the following profiles to try them out: 4. `authentication-required` - Demonstrates a custom `ClientRegistrationIdResolver` that requires authentication using OAuth 2.0 or Open ID Connect 1.0. Uses `login-client-with-messaging` to log in. +This sample also demonstrates alternate strategies for resolving a `principal` (see https://github.com/spring-projects/spring-security-samples/tree/main/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/PrincipalResolverConfiguration.java[PrincipalResolverConfiguration] for more information). + +Activate one of the following profiles to try them out: + +1. `per-request` - Demonstrates an alternate setup with `RequestAttributePrincipalResolver` that resolves the principal using attributes. + +2. `anonymous-user` - Demonstrates a custom `PrincipalResolver` that statically resolves a `principal`. Requires specifying the `principal` via `RequestAttributePrincipalResolver.principal(Authentication)`. + [TIP] ==== You can activate a profile with the `./gradlew bootRun` command by adding the argument `--args='--spring.profiles.active=xyz'`. diff --git a/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/ClientRegistrationIdResolverConfiguration.java b/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/ClientRegistrationIdResolverConfiguration.java index 8c36551..9c3d894 100644 --- a/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/ClientRegistrationIdResolverConfiguration.java +++ b/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/ClientRegistrationIdResolverConfiguration.java @@ -116,7 +116,7 @@ public class ClientRegistrationIdResolverConfiguration { @Configuration @Profile("current-user") - public static class CurrentUserConfiguration { + public static class CurrentUserClientRegistrationIdResolverConfiguration { @Bean public ClientRegistrationIdResolver clientRegistrationIdResolver() { @@ -127,7 +127,7 @@ public class ClientRegistrationIdResolverConfiguration { @Configuration @Profile("composite") - public static class CompositeConfiguration { + public static class CompositeClientRegistrationIdResolverConfiguration { @Bean public ClientRegistrationIdResolver clientRegistrationIdResolver() { @@ -138,7 +138,7 @@ public class ClientRegistrationIdResolverConfiguration { @Configuration @Profile("authentication-required") - public static class AuthenticationRequiredConfiguration { + public static class AuthenticationRequiredClientRegistrationIdResolverConfiguration { @Bean public ClientRegistrationIdResolver clientRegistrationIdResolver() { diff --git a/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/PrincipalResolverConfiguration.java b/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/PrincipalResolverConfiguration.java new file mode 100644 index 0000000..46704c3 --- /dev/null +++ b/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/PrincipalResolverConfiguration.java @@ -0,0 +1,72 @@ +/* + * Copyright 2024 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package example; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.security.authentication.AnonymousAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor.PrincipalResolver; +import org.springframework.security.oauth2.client.web.client.RequestAttributePrincipalResolver; +import org.springframework.security.oauth2.client.web.client.SecurityContextHolderPrincipalResolver; + +/** + * Configuration for demonstrating additional strategies for resolving a {@code principal} + * via the {@link PrincipalResolver}. This sample uses the following profiles to + * demonstrate multiple configurations: + * + *
    + *
  1. {@code default} - Demonstrates the default setup with + * {@link SecurityContextHolderPrincipalResolver}.
  2. + *
  3. {@code per-request} - Demonstrates an alternate setup with + * {@link RequestAttributePrincipalResolver}. Requires specifying the {@code principal} + * via {@link RequestAttributePrincipalResolver#principal(Authentication)}.
  4. + *
  5. {@code anonymous-user} - Demonstrates a custom {@link PrincipalResolver} that + * statically resolves the {@code principal}.
  6. + *
+ * + * @author Steve Riesenberg + */ +public class PrincipalResolverConfiguration { + + @Configuration + @Profile("per-request") + public static class PerRequestPrincipalResolverConfiguration { + + @Bean + public PrincipalResolver principalResolver() { + return new RequestAttributePrincipalResolver(); + } + + } + + @Configuration + @Profile("anonymous-user") + public static class AnonymousUserPrincipalResolverConfiguration { + + @Bean + public PrincipalResolver principalResolver() { + AnonymousAuthenticationToken anonymousUser = new AnonymousAuthenticationToken("anonymous", "anonymousUser", + AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); + return (request) -> anonymousUser; + } + + } + +} diff --git a/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/RestClientConfiguration.java b/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/RestClientConfiguration.java index 5ab0e4d..d88ce6d 100644 --- a/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/RestClientConfiguration.java +++ b/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/RestClientConfiguration.java @@ -25,6 +25,7 @@ import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager; import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository; import org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor; import org.springframework.security.oauth2.client.web.client.RequestAttributeClientRegistrationIdResolver; +import org.springframework.security.oauth2.client.web.client.SecurityContextHolderPrincipalResolver; import org.springframework.web.client.RestClient; /** @@ -45,11 +46,12 @@ public class RestClientConfiguration { public RestClient restClient(OAuth2AuthorizedClientManager authorizedClientManager, OAuth2AuthorizedClientRepository authorizedClientRepository, OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver clientRegistrationIdResolver, - RestClient.Builder builder) { + OAuth2ClientHttpRequestInterceptor.PrincipalResolver principalResolver, RestClient.Builder builder) { OAuth2ClientHttpRequestInterceptor requestInterceptor = new OAuth2ClientHttpRequestInterceptor( authorizedClientManager); requestInterceptor.setClientRegistrationIdResolver(clientRegistrationIdResolver); + requestInterceptor.setPrincipalResolver(principalResolver); OAuth2AuthorizationFailureHandler authorizationFailureHandler = OAuth2ClientHttpRequestInterceptor .authorizationFailureHandler(authorizedClientRepository); @@ -62,7 +64,8 @@ public class RestClientConfiguration { * This sample uses profiles to demonstrate additional strategies for resolving the * {@code clientRegistrationId}. See {@link ClientRegistrationIdResolverConfiguration} * for alternate implementations. - * @return the default {@link ClientRegistrationIdResolverConfiguration} + * @return the default + * {@link OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver} * @see ClientRegistrationIdResolverConfiguration */ @Bean @@ -71,4 +74,17 @@ public class RestClientConfiguration { return new RequestAttributeClientRegistrationIdResolver(); } + /** + * This sample uses profiles to demonstrate additional strategies for resolving the + * {@code principal}. See {@link PrincipalResolverConfiguration} for alternate + * implementations. + * @return the default {@link OAuth2ClientHttpRequestInterceptor.PrincipalResolver} + * @see PrincipalResolverConfiguration + */ + @Bean + @ConditionalOnMissingBean + public OAuth2ClientHttpRequestInterceptor.PrincipalResolver principalResolver() { + return new SecurityContextHolderPrincipalResolver(); + } + }