Package org.springframework.security.oauth2.client.web.client

Class OAuth2ClientHttpRequestInterceptor

java.lang.Object

org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor

All Implemented Interfaces:

org.springframework.http.client.ClientHttpRequestInterceptor

public final class OAuth2ClientHttpRequestInterceptor
extends Object
implements org.springframework.http.client.ClientHttpRequestInterceptor

Provides an easy mechanism for using an OAuth2AuthorizedClient to make OAuth 2.0 requests by including the access token as a bearer token.

Example usage:

 OAuth2ClientHttpRequestInterceptor requestInterceptor =
     new OAuth2ClientHttpRequestInterceptor(authorizedClientManager);
 RestClient restClient = RestClient.builder()
     .requestInterceptor(requestInterceptor)
     .build();
 String response = restClient.get()
     .uri(uri)
     .retrieve()
     .body(String.class);
 

Authentication and Authorization Failures

This interceptor has the ability to forward authentication (HTTP 401 Unauthorized) and authorization (HTTP 403 Forbidden) failures from an OAuth 2.0 Resource Server to an OAuth2AuthorizationFailureHandler. A RemoveAuthorizedClientOAuth2AuthorizationFailureHandler can be used to remove the cached OAuth2AuthorizedClient, so that future requests will result in a new token being retrieved from an Authorization Server, and sent to the Resource Server.

Use either authorizationFailureHandler(OAuth2AuthorizedClientRepository) or authorizationFailureHandler(OAuth2AuthorizedClientService) to create a RemoveAuthorizedClientOAuth2AuthorizationFailureHandler which can be provided to setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler).

For example:

 OAuth2AuthorizationFailureHandler authorizationFailureHandler =
     OAuth2ClientHttpRequestInterceptor.authorizationFailureHandler(authorizedClientRepository);
 requestInterceptor.setAuthorizationFailureHandler(authorizationFailureHandler);
 

Since:

6.4

See Also:

• OAuth2AuthorizedClientManager
• OAuth2AuthorizedClientProvider
• OAuth2AuthorizedClient
• OAuth2AuthorizationFailureHandler

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static interface	OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver	A strategy for resolving a clientRegistrationId from an intercepted request.
static interface	OAuth2ClientHttpRequestInterceptor.PrincipalResolver	A strategy for resolving a principal from an intercepted request.

Constructor Summary

Constructors

Constructor	Description
OAuth2ClientHttpRequestInterceptor(OAuth2AuthorizedClientManager authorizedClientManager)	Constructs a OAuth2ClientHttpRequestInterceptor using the provided parameters.

Method Summary

Modifier and Type	Method	Description
static OAuth2AuthorizationFailureHandler	authorizationFailureHandler(OAuth2AuthorizedClientService authorizedClientService)	Provides an OAuth2AuthorizationFailureHandler that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server using a OAuth2AuthorizedClientService.
static OAuth2AuthorizationFailureHandler	authorizationFailureHandler(OAuth2AuthorizedClientRepository authorizedClientRepository)	Provides an OAuth2AuthorizationFailureHandler that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server using a OAuth2AuthorizedClientRepository.
org.springframework.http.client.ClientHttpResponse	intercept(org.springframework.http.HttpRequest request, byte[] body, org.springframework.http.client.ClientHttpRequestExecution execution)
void	setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler authorizationFailureHandler)	Sets the OAuth2AuthorizationFailureHandler that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server.
void	setClientRegistrationIdResolver(OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver clientRegistrationIdResolver)	Sets the strategy for resolving a clientRegistrationId from an intercepted request.
void	setPrincipalResolver(OAuth2ClientHttpRequestInterceptor.PrincipalResolver principalResolver)	Sets the strategy for resolving a principal from an intercepted request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

OAuth2ClientHttpRequestInterceptor

public OAuth2ClientHttpRequestInterceptor(OAuth2AuthorizedClientManager authorizedClientManager)

Constructs a OAuth2ClientHttpRequestInterceptor using the provided parameters.

Parameters:

authorizedClientManager - the OAuth2AuthorizedClientManager which manages the authorized client(s)

Method Details

setAuthorizationFailureHandler

public void setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler authorizationFailureHandler)

Sets the OAuth2AuthorizationFailureHandler that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server.

For example, a RemoveAuthorizedClientOAuth2AuthorizationFailureHandler is typically used to remove the cached OAuth2AuthorizedClient, so that the same token is no longer used in future requests to the Resource Server.

Parameters:

authorizationFailureHandler - the OAuth2AuthorizationFailureHandler that handles authentication and authorization failures

See Also:

• authorizationFailureHandler(OAuth2AuthorizedClientRepository)
• authorizationFailureHandler(OAuth2AuthorizedClientService)

authorizationFailureHandler

public static OAuth2AuthorizationFailureHandler authorizationFailureHandler(OAuth2AuthorizedClientRepository authorizedClientRepository)

Provides an OAuth2AuthorizationFailureHandler that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server using a OAuth2AuthorizedClientRepository.

When this method is used, authentication (HTTP 401) and authorization (HTTP 403) failures returned from an OAuth 2.0 Resource Server will be forwarded to a RemoveAuthorizedClientOAuth2AuthorizationFailureHandler, which will potentially remove the OAuth2AuthorizedClient from the given OAuth2AuthorizedClientRepository, depending on the OAuth 2.0 error code returned. Authentication failures returned from an OAuth 2.0 Resource Server typically indicate that the token is invalid, and should not be used in future requests. Removing the authorized client from the repository will ensure that the existing token will not be sent for future requests to the Resource Server, and a new token is retrieved from the Authorization Server and used for future requests to the Resource Server.

Parameters:

authorizedClientRepository - the repository of authorized clients

See Also:

• setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler)

authorizationFailureHandler

public static OAuth2AuthorizationFailureHandler authorizationFailureHandler(OAuth2AuthorizedClientService authorizedClientService)

Provides an OAuth2AuthorizationFailureHandler that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server using a OAuth2AuthorizedClientService.

When this method is used, authentication (HTTP 401) and authorization (HTTP 403) failures returned from an OAuth 2.0 Resource Server will be forwarded to a RemoveAuthorizedClientOAuth2AuthorizationFailureHandler, which will potentially remove the OAuth2AuthorizedClient from the given OAuth2AuthorizedClientService, depending on the OAuth 2.0 error code returned. Authentication failures returned from an OAuth 2.0 Resource Server typically indicate that the token is invalid, and should not be used in future requests. Removing the authorized client from the repository will ensure that the existing token will not be sent for future requests to the Resource Server, and a new token is retrieved from the Authorization Server and used for future requests to the Resource Server.

Parameters:

authorizedClientService - the service used to manage authorized clients

See Also:

• setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler)

setClientRegistrationIdResolver

public void setClientRegistrationIdResolver(OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver clientRegistrationIdResolver)

Sets the strategy for resolving a clientRegistrationId from an intercepted request.

Parameters:

clientRegistrationIdResolver - the strategy for resolving a clientRegistrationId from an intercepted request

setPrincipalResolver

public void setPrincipalResolver(OAuth2ClientHttpRequestInterceptor.PrincipalResolver principalResolver)

Sets the strategy for resolving a principal from an intercepted request.

Parameters:

principalResolver - the strategy for resolving a principal

intercept

public org.springframework.http.client.ClientHttpResponse intercept(org.springframework.http.HttpRequest request,
 byte[] body,
 org.springframework.http.client.ClientHttpRequestExecution execution)
                                                             throws IOException

Specified by:

intercept in interface org.springframework.http.client.ClientHttpRequestInterceptor

Throws:

IOException