Class ServerOAuth2AuthorizedClientExchangeFilterFunction
- java.lang.Object
-
- org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
-
- All Implemented Interfaces:
org.springframework.web.reactive.function.client.ExchangeFilterFunction
public final class ServerOAuth2AuthorizedClientExchangeFilterFunction extends java.lang.Object implements org.springframework.web.reactive.function.client.ExchangeFilterFunction
Provides an easy mechanism for using anOAuth2AuthorizedClient
to make OAuth2 requests by including the token as a Bearer Token.- Since:
- 5.1
-
-
Constructor Summary
Constructors Constructor Description ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager authorizedClientManager)
Constructs aServerOAuth2AuthorizedClientExchangeFilterFunction
using the provided parameters.ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveClientRegistrationRepository clientRegistrationRepository, ServerOAuth2AuthorizedClientRepository authorizedClientRepository)
Constructs aServerOAuth2AuthorizedClientExchangeFilterFunction
using the provided parameters.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>>
clientRegistrationId(java.lang.String clientRegistrationId)
Modifies theClientRequest.attributes()
to include theClientRegistration.getRegistrationId()
to be used to look up theOAuth2AuthorizedClient
.reactor.core.publisher.Mono<org.springframework.web.reactive.function.client.ClientResponse>
filter(org.springframework.web.reactive.function.client.ClientRequest request, org.springframework.web.reactive.function.client.ExchangeFunction next)
static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>>
oauth2AuthorizedClient(OAuth2AuthorizedClient authorizedClient)
Modifies theClientRequest.attributes()
to include theOAuth2AuthorizedClient
to be used for providing the Bearer Token.static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>>
serverWebExchange(org.springframework.web.server.ServerWebExchange serverWebExchange)
Modifies theClientRequest.attributes()
to include theServerWebExchange
to be used for providing the Bearer Token.void
setAccessTokenExpiresSkew(java.time.Duration accessTokenExpiresSkew)
Deprecated.TheaccessTokenExpiresSkew
should be configured with the specificReactiveOAuth2AuthorizedClientProvider
implementation, e.g.void
setClientCredentialsTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient)
Deprecated.void
setDefaultClientRegistrationId(java.lang.String clientRegistrationId)
If set, will be used as the defaultClientRegistration.getRegistrationId()
.void
setDefaultOAuth2AuthorizedClient(boolean defaultOAuth2AuthorizedClient)
If true, a defaultOAuth2AuthorizedClient
can be discovered from the current Authentication.
-
-
-
Constructor Detail
-
ServerOAuth2AuthorizedClientExchangeFilterFunction
public ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager authorizedClientManager)
Constructs aServerOAuth2AuthorizedClientExchangeFilterFunction
using the provided parameters.- Parameters:
authorizedClientManager
- theReactiveOAuth2AuthorizedClientManager
which manages the authorized client(s)- Since:
- 5.2
-
ServerOAuth2AuthorizedClientExchangeFilterFunction
public ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveClientRegistrationRepository clientRegistrationRepository, ServerOAuth2AuthorizedClientRepository authorizedClientRepository)
Constructs aServerOAuth2AuthorizedClientExchangeFilterFunction
using the provided parameters.- Parameters:
clientRegistrationRepository
- the repository of client registrationsauthorizedClientRepository
- the repository of authorized clients
-
-
Method Detail
-
oauth2AuthorizedClient
public static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>> oauth2AuthorizedClient(OAuth2AuthorizedClient authorizedClient)
Modifies theClientRequest.attributes()
to include theOAuth2AuthorizedClient
to be used for providing the Bearer Token. Example usage:WebClient webClient = WebClient.builder() .filter(new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager)) .build(); Mono
An attempt to automatically refresh the token will be made if all of the following are true:response = webClient .get() .uri(uri) .attributes(oauth2AuthorizedClient(authorizedClient)) // ... .retrieve() .bodyToMono(String.class); - A refresh token is present on the OAuth2AuthorizedClient
- The access token will be expired in
setAccessTokenExpiresSkew(Duration)
- The
ReactiveSecurityContextHolder
will be used to attempt to save the token. If it is empty, then the principal name on the OAuth2AuthorizedClient will be used to create an Authentication for saving.
- Parameters:
authorizedClient
- theOAuth2AuthorizedClient
to use.- Returns:
- the
Consumer
to populate the
-
serverWebExchange
public static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>> serverWebExchange(org.springframework.web.server.ServerWebExchange serverWebExchange)
Modifies theClientRequest.attributes()
to include theServerWebExchange
to be used for providing the Bearer Token. Example usage:WebClient webClient = WebClient.builder() .filter(new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager)) .build(); Mono
response = webClient .get() .uri(uri) .attributes(serverWebExchange(serverWebExchange)) // ... .retrieve() .bodyToMono(String.class); - Parameters:
serverWebExchange
- theServerWebExchange
to use- Returns:
- the
Consumer
to populate the client request attributes
-
clientRegistrationId
public static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>> clientRegistrationId(java.lang.String clientRegistrationId)
Modifies theClientRequest.attributes()
to include theClientRegistration.getRegistrationId()
to be used to look up theOAuth2AuthorizedClient
.- Parameters:
clientRegistrationId
- theClientRegistration.getRegistrationId()
to be used to look up theOAuth2AuthorizedClient
.- Returns:
- the
Consumer
to populate the attributes
-
setDefaultOAuth2AuthorizedClient
public void setDefaultOAuth2AuthorizedClient(boolean defaultOAuth2AuthorizedClient)
If true, a defaultOAuth2AuthorizedClient
can be discovered from the current Authentication. It is recommended to be cautious with this feature since all HTTP requests will receive the access token if it can be resolved from the current Authentication.- Parameters:
defaultOAuth2AuthorizedClient
- true if a defaultOAuth2AuthorizedClient
should be used, else false. Default is false.
-
setDefaultClientRegistrationId
public void setDefaultClientRegistrationId(java.lang.String clientRegistrationId)
If set, will be used as the defaultClientRegistration.getRegistrationId()
. It is recommended to be cautious with this feature since all HTTP requests will receive the access token.- Parameters:
clientRegistrationId
- the id to use
-
setClientCredentialsTokenResponseClient
@Deprecated public void setClientCredentialsTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient)
Deprecated.UseServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)
instead. Create an instance ofClientCredentialsReactiveOAuth2AuthorizedClientProvider
configured with aWebClientReactiveClientCredentialsTokenResponseClient
(or a custom one) and than supply it toDefaultReactiveOAuth2AuthorizedClientManager
.Sets theReactiveOAuth2AccessTokenResponseClient
used for getting anOAuth2AuthorizedClient
for the client_credentials grant.- Parameters:
clientCredentialsTokenResponseClient
- the client to use
-
setAccessTokenExpiresSkew
@Deprecated public void setAccessTokenExpiresSkew(java.time.Duration accessTokenExpiresSkew)
Deprecated.TheaccessTokenExpiresSkew
should be configured with the specificReactiveOAuth2AuthorizedClientProvider
implementation, e.g.ClientCredentialsReactiveOAuth2AuthorizedClientProvider
orRefreshTokenReactiveOAuth2AuthorizedClientProvider
.An access token will be considered expired by comparing its expiration to now + this skewed Duration. The default is 1 minute.- Parameters:
accessTokenExpiresSkew
- the Duration to use.
-
filter
public reactor.core.publisher.Mono<org.springframework.web.reactive.function.client.ClientResponse> filter(org.springframework.web.reactive.function.client.ClientRequest request, org.springframework.web.reactive.function.client.ExchangeFunction next)
- Specified by:
filter
in interfaceorg.springframework.web.reactive.function.client.ExchangeFilterFunction
-
-