Add PrincipalResolver to RestClient sample

Closes gh-328
This commit is contained in:
Steve Riesenberg
2024-10-15 15:02:10 -05:00
parent ec4d7f9d2f
commit 14b6bd4f56
4 changed files with 101 additions and 5 deletions

View File

@@ -60,6 +60,14 @@ Activate one of the following profiles to try them out:
4. `authentication-required` - Demonstrates a custom `ClientRegistrationIdResolver` that requires authentication using OAuth 2.0 or Open ID Connect 1.0. Uses `login-client-with-messaging` to log in.
This sample also demonstrates alternate strategies for resolving a `principal` (see https://github.com/spring-projects/spring-security-samples/tree/main/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/PrincipalResolverConfiguration.java[PrincipalResolverConfiguration] for more information).
Activate one of the following profiles to try them out:
1. `per-request` - Demonstrates an alternate setup with `RequestAttributePrincipalResolver` that resolves the principal using attributes.
2. `anonymous-user` - Demonstrates a custom `PrincipalResolver` that statically resolves a `principal`. Requires specifying the `principal` via `RequestAttributePrincipalResolver.principal(Authentication)`.
[TIP]
====
You can activate a profile with the `./gradlew bootRun` command by adding the argument `--args='--spring.profiles.active=xyz'`.

View File

@@ -116,7 +116,7 @@ public class ClientRegistrationIdResolverConfiguration {
@Configuration
@Profile("current-user")
public static class CurrentUserConfiguration {
public static class CurrentUserClientRegistrationIdResolverConfiguration {
@Bean
public ClientRegistrationIdResolver clientRegistrationIdResolver() {
@@ -127,7 +127,7 @@ public class ClientRegistrationIdResolverConfiguration {
@Configuration
@Profile("composite")
public static class CompositeConfiguration {
public static class CompositeClientRegistrationIdResolverConfiguration {
@Bean
public ClientRegistrationIdResolver clientRegistrationIdResolver() {
@@ -138,7 +138,7 @@ public class ClientRegistrationIdResolverConfiguration {
@Configuration
@Profile("authentication-required")
public static class AuthenticationRequiredConfiguration {
public static class AuthenticationRequiredClientRegistrationIdResolverConfiguration {
@Bean
public ClientRegistrationIdResolver clientRegistrationIdResolver() {

View File

@@ -0,0 +1,72 @@
/*
* Copyright 2024 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package example;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor.PrincipalResolver;
import org.springframework.security.oauth2.client.web.client.RequestAttributePrincipalResolver;
import org.springframework.security.oauth2.client.web.client.SecurityContextHolderPrincipalResolver;
/**
* Configuration for demonstrating additional strategies for resolving a {@code principal}
* via the {@link PrincipalResolver}. This sample uses the following profiles to
* demonstrate multiple configurations:
*
* <ol>
* <li>{@code default} - Demonstrates the default setup with
* {@link SecurityContextHolderPrincipalResolver}.</li>
* <li>{@code per-request} - Demonstrates an alternate setup with
* {@link RequestAttributePrincipalResolver}. Requires specifying the {@code principal}
* via {@link RequestAttributePrincipalResolver#principal(Authentication)}.</li>
* <li>{@code anonymous-user} - Demonstrates a custom {@link PrincipalResolver} that
* statically resolves the {@code principal}.</li>
* </ol>
*
* @author Steve Riesenberg
*/
public class PrincipalResolverConfiguration {
@Configuration
@Profile("per-request")
public static class PerRequestPrincipalResolverConfiguration {
@Bean
public PrincipalResolver principalResolver() {
return new RequestAttributePrincipalResolver();
}
}
@Configuration
@Profile("anonymous-user")
public static class AnonymousUserPrincipalResolverConfiguration {
@Bean
public PrincipalResolver principalResolver() {
AnonymousAuthenticationToken anonymousUser = new AnonymousAuthenticationToken("anonymous", "anonymousUser",
AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
return (request) -> anonymousUser;
}
}
}

View File

@@ -25,6 +25,7 @@ import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor;
import org.springframework.security.oauth2.client.web.client.RequestAttributeClientRegistrationIdResolver;
import org.springframework.security.oauth2.client.web.client.SecurityContextHolderPrincipalResolver;
import org.springframework.web.client.RestClient;
/**
@@ -45,11 +46,12 @@ public class RestClientConfiguration {
public RestClient restClient(OAuth2AuthorizedClientManager authorizedClientManager,
OAuth2AuthorizedClientRepository authorizedClientRepository,
OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver clientRegistrationIdResolver,
RestClient.Builder builder) {
OAuth2ClientHttpRequestInterceptor.PrincipalResolver principalResolver, RestClient.Builder builder) {
OAuth2ClientHttpRequestInterceptor requestInterceptor = new OAuth2ClientHttpRequestInterceptor(
authorizedClientManager);
requestInterceptor.setClientRegistrationIdResolver(clientRegistrationIdResolver);
requestInterceptor.setPrincipalResolver(principalResolver);
OAuth2AuthorizationFailureHandler authorizationFailureHandler = OAuth2ClientHttpRequestInterceptor
.authorizationFailureHandler(authorizedClientRepository);
@@ -62,7 +64,8 @@ public class RestClientConfiguration {
* This sample uses profiles to demonstrate additional strategies for resolving the
* {@code clientRegistrationId}. See {@link ClientRegistrationIdResolverConfiguration}
* for alternate implementations.
* @return the default {@link ClientRegistrationIdResolverConfiguration}
* @return the default
* {@link OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver}
* @see ClientRegistrationIdResolverConfiguration
*/
@Bean
@@ -71,4 +74,17 @@ public class RestClientConfiguration {
return new RequestAttributeClientRegistrationIdResolver();
}
/**
* This sample uses profiles to demonstrate additional strategies for resolving the
* {@code principal}. See {@link PrincipalResolverConfiguration} for alternate
* implementations.
* @return the default {@link OAuth2ClientHttpRequestInterceptor.PrincipalResolver}
* @see PrincipalResolverConfiguration
*/
@Bean
@ConditionalOnMissingBean
public OAuth2ClientHttpRequestInterceptor.PrincipalResolver principalResolver() {
return new SecurityContextHolderPrincipalResolver();
}
}