Add PrincipalResolver to RestClient sample
Closes gh-328
This commit is contained in:
@@ -60,6 +60,14 @@ Activate one of the following profiles to try them out:
|
||||
|
||||
4. `authentication-required` - Demonstrates a custom `ClientRegistrationIdResolver` that requires authentication using OAuth 2.0 or Open ID Connect 1.0. Uses `login-client-with-messaging` to log in.
|
||||
|
||||
This sample also demonstrates alternate strategies for resolving a `principal` (see https://github.com/spring-projects/spring-security-samples/tree/main/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/PrincipalResolverConfiguration.java[PrincipalResolverConfiguration] for more information).
|
||||
|
||||
Activate one of the following profiles to try them out:
|
||||
|
||||
1. `per-request` - Demonstrates an alternate setup with `RequestAttributePrincipalResolver` that resolves the principal using attributes.
|
||||
|
||||
2. `anonymous-user` - Demonstrates a custom `PrincipalResolver` that statically resolves a `principal`. Requires specifying the `principal` via `RequestAttributePrincipalResolver.principal(Authentication)`.
|
||||
|
||||
[TIP]
|
||||
====
|
||||
You can activate a profile with the `./gradlew bootRun` command by adding the argument `--args='--spring.profiles.active=xyz'`.
|
||||
|
||||
@@ -116,7 +116,7 @@ public class ClientRegistrationIdResolverConfiguration {
|
||||
|
||||
@Configuration
|
||||
@Profile("current-user")
|
||||
public static class CurrentUserConfiguration {
|
||||
public static class CurrentUserClientRegistrationIdResolverConfiguration {
|
||||
|
||||
@Bean
|
||||
public ClientRegistrationIdResolver clientRegistrationIdResolver() {
|
||||
@@ -127,7 +127,7 @@ public class ClientRegistrationIdResolverConfiguration {
|
||||
|
||||
@Configuration
|
||||
@Profile("composite")
|
||||
public static class CompositeConfiguration {
|
||||
public static class CompositeClientRegistrationIdResolverConfiguration {
|
||||
|
||||
@Bean
|
||||
public ClientRegistrationIdResolver clientRegistrationIdResolver() {
|
||||
@@ -138,7 +138,7 @@ public class ClientRegistrationIdResolverConfiguration {
|
||||
|
||||
@Configuration
|
||||
@Profile("authentication-required")
|
||||
public static class AuthenticationRequiredConfiguration {
|
||||
public static class AuthenticationRequiredClientRegistrationIdResolverConfiguration {
|
||||
|
||||
@Bean
|
||||
public ClientRegistrationIdResolver clientRegistrationIdResolver() {
|
||||
|
||||
@@ -0,0 +1,72 @@
|
||||
/*
|
||||
* Copyright 2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package example;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.security.authentication.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor.PrincipalResolver;
|
||||
import org.springframework.security.oauth2.client.web.client.RequestAttributePrincipalResolver;
|
||||
import org.springframework.security.oauth2.client.web.client.SecurityContextHolderPrincipalResolver;
|
||||
|
||||
/**
|
||||
* Configuration for demonstrating additional strategies for resolving a {@code principal}
|
||||
* via the {@link PrincipalResolver}. This sample uses the following profiles to
|
||||
* demonstrate multiple configurations:
|
||||
*
|
||||
* <ol>
|
||||
* <li>{@code default} - Demonstrates the default setup with
|
||||
* {@link SecurityContextHolderPrincipalResolver}.</li>
|
||||
* <li>{@code per-request} - Demonstrates an alternate setup with
|
||||
* {@link RequestAttributePrincipalResolver}. Requires specifying the {@code principal}
|
||||
* via {@link RequestAttributePrincipalResolver#principal(Authentication)}.</li>
|
||||
* <li>{@code anonymous-user} - Demonstrates a custom {@link PrincipalResolver} that
|
||||
* statically resolves the {@code principal}.</li>
|
||||
* </ol>
|
||||
*
|
||||
* @author Steve Riesenberg
|
||||
*/
|
||||
public class PrincipalResolverConfiguration {
|
||||
|
||||
@Configuration
|
||||
@Profile("per-request")
|
||||
public static class PerRequestPrincipalResolverConfiguration {
|
||||
|
||||
@Bean
|
||||
public PrincipalResolver principalResolver() {
|
||||
return new RequestAttributePrincipalResolver();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@Configuration
|
||||
@Profile("anonymous-user")
|
||||
public static class AnonymousUserPrincipalResolverConfiguration {
|
||||
|
||||
@Bean
|
||||
public PrincipalResolver principalResolver() {
|
||||
AnonymousAuthenticationToken anonymousUser = new AnonymousAuthenticationToken("anonymous", "anonymousUser",
|
||||
AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
|
||||
return (request) -> anonymousUser;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@@ -25,6 +25,7 @@ import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
|
||||
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
|
||||
import org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor;
|
||||
import org.springframework.security.oauth2.client.web.client.RequestAttributeClientRegistrationIdResolver;
|
||||
import org.springframework.security.oauth2.client.web.client.SecurityContextHolderPrincipalResolver;
|
||||
import org.springframework.web.client.RestClient;
|
||||
|
||||
/**
|
||||
@@ -45,11 +46,12 @@ public class RestClientConfiguration {
|
||||
public RestClient restClient(OAuth2AuthorizedClientManager authorizedClientManager,
|
||||
OAuth2AuthorizedClientRepository authorizedClientRepository,
|
||||
OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver clientRegistrationIdResolver,
|
||||
RestClient.Builder builder) {
|
||||
OAuth2ClientHttpRequestInterceptor.PrincipalResolver principalResolver, RestClient.Builder builder) {
|
||||
|
||||
OAuth2ClientHttpRequestInterceptor requestInterceptor = new OAuth2ClientHttpRequestInterceptor(
|
||||
authorizedClientManager);
|
||||
requestInterceptor.setClientRegistrationIdResolver(clientRegistrationIdResolver);
|
||||
requestInterceptor.setPrincipalResolver(principalResolver);
|
||||
|
||||
OAuth2AuthorizationFailureHandler authorizationFailureHandler = OAuth2ClientHttpRequestInterceptor
|
||||
.authorizationFailureHandler(authorizedClientRepository);
|
||||
@@ -62,7 +64,8 @@ public class RestClientConfiguration {
|
||||
* This sample uses profiles to demonstrate additional strategies for resolving the
|
||||
* {@code clientRegistrationId}. See {@link ClientRegistrationIdResolverConfiguration}
|
||||
* for alternate implementations.
|
||||
* @return the default {@link ClientRegistrationIdResolverConfiguration}
|
||||
* @return the default
|
||||
* {@link OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver}
|
||||
* @see ClientRegistrationIdResolverConfiguration
|
||||
*/
|
||||
@Bean
|
||||
@@ -71,4 +74,17 @@ public class RestClientConfiguration {
|
||||
return new RequestAttributeClientRegistrationIdResolver();
|
||||
}
|
||||
|
||||
/**
|
||||
* This sample uses profiles to demonstrate additional strategies for resolving the
|
||||
* {@code principal}. See {@link PrincipalResolverConfiguration} for alternate
|
||||
* implementations.
|
||||
* @return the default {@link OAuth2ClientHttpRequestInterceptor.PrincipalResolver}
|
||||
* @see PrincipalResolverConfiguration
|
||||
*/
|
||||
@Bean
|
||||
@ConditionalOnMissingBean
|
||||
public OAuth2ClientHttpRequestInterceptor.PrincipalResolver principalResolver() {
|
||||
return new SecurityContextHolderPrincipalResolver();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user