From 14b6bd4f563d7a44532ed56fefaf94a01fdedb05 Mon Sep 17 00:00:00 2001 From: Steve Riesenberg <5248162+sjohnr@users.noreply.github.com> Date: Tue, 15 Oct 2024 15:02:10 -0500 Subject: [PATCH] Add PrincipalResolver to RestClient sample Closes gh-328 --- .../java/oauth2/restclient/README.adoc | 8 +++ ...ntRegistrationIdResolverConfiguration.java | 6 +- .../PrincipalResolverConfiguration.java | 72 +++++++++++++++++++ .../java/example/RestClientConfiguration.java | 20 +++++- 4 files changed, 101 insertions(+), 5 deletions(-) create mode 100644 servlet/spring-boot/java/oauth2/restclient/src/main/java/example/PrincipalResolverConfiguration.java diff --git a/servlet/spring-boot/java/oauth2/restclient/README.adoc b/servlet/spring-boot/java/oauth2/restclient/README.adoc index c8ad1c7..b98b0d5 100644 --- a/servlet/spring-boot/java/oauth2/restclient/README.adoc +++ b/servlet/spring-boot/java/oauth2/restclient/README.adoc @@ -60,6 +60,14 @@ Activate one of the following profiles to try them out: 4. `authentication-required` - Demonstrates a custom `ClientRegistrationIdResolver` that requires authentication using OAuth 2.0 or Open ID Connect 1.0. Uses `login-client-with-messaging` to log in. +This sample also demonstrates alternate strategies for resolving a `principal` (see https://github.com/spring-projects/spring-security-samples/tree/main/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/PrincipalResolverConfiguration.java[PrincipalResolverConfiguration] for more information). + +Activate one of the following profiles to try them out: + +1. `per-request` - Demonstrates an alternate setup with `RequestAttributePrincipalResolver` that resolves the principal using attributes. + +2. `anonymous-user` - Demonstrates a custom `PrincipalResolver` that statically resolves a `principal`. Requires specifying the `principal` via `RequestAttributePrincipalResolver.principal(Authentication)`. + [TIP] ==== You can activate a profile with the `./gradlew bootRun` command by adding the argument `--args='--spring.profiles.active=xyz'`. diff --git a/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/ClientRegistrationIdResolverConfiguration.java b/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/ClientRegistrationIdResolverConfiguration.java index 8c36551..9c3d894 100644 --- a/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/ClientRegistrationIdResolverConfiguration.java +++ b/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/ClientRegistrationIdResolverConfiguration.java @@ -116,7 +116,7 @@ public class ClientRegistrationIdResolverConfiguration { @Configuration @Profile("current-user") - public static class CurrentUserConfiguration { + public static class CurrentUserClientRegistrationIdResolverConfiguration { @Bean public ClientRegistrationIdResolver clientRegistrationIdResolver() { @@ -127,7 +127,7 @@ public class ClientRegistrationIdResolverConfiguration { @Configuration @Profile("composite") - public static class CompositeConfiguration { + public static class CompositeClientRegistrationIdResolverConfiguration { @Bean public ClientRegistrationIdResolver clientRegistrationIdResolver() { @@ -138,7 +138,7 @@ public class ClientRegistrationIdResolverConfiguration { @Configuration @Profile("authentication-required") - public static class AuthenticationRequiredConfiguration { + public static class AuthenticationRequiredClientRegistrationIdResolverConfiguration { @Bean public ClientRegistrationIdResolver clientRegistrationIdResolver() { diff --git a/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/PrincipalResolverConfiguration.java b/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/PrincipalResolverConfiguration.java new file mode 100644 index 0000000..46704c3 --- /dev/null +++ b/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/PrincipalResolverConfiguration.java @@ -0,0 +1,72 @@ +/* + * Copyright 2024 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package example; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.security.authentication.AnonymousAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor.PrincipalResolver; +import org.springframework.security.oauth2.client.web.client.RequestAttributePrincipalResolver; +import org.springframework.security.oauth2.client.web.client.SecurityContextHolderPrincipalResolver; + +/** + * Configuration for demonstrating additional strategies for resolving a {@code principal} + * via the {@link PrincipalResolver}. This sample uses the following profiles to + * demonstrate multiple configurations: + * + *