Class ServletOAuth2AuthorizedClientExchangeFilterFunction
- java.lang.Object
-
- org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
-
- All Implemented Interfaces:
org.springframework.web.reactive.function.client.ExchangeFilterFunction
public final class ServletOAuth2AuthorizedClientExchangeFilterFunction extends java.lang.Object implements org.springframework.web.reactive.function.client.ExchangeFilterFunction
Provides an easy mechanism for using anOAuth2AuthorizedClient
to make OAuth2 requests by including the token as a Bearer Token. It also provides mechanisms for looking up theOAuth2AuthorizedClient
. This class is intended to be used in a servlet environment. Example usage:ServletOAuth2AuthorizedClientExchangeFilterFunction oauth2 = new ServletOAuth2AuthorizedClientExchangeFilterFunction(clientRegistrationRepository, authorizedClientRepository); WebClient webClient = WebClient.builder() .apply(oauth2.oauth2Configuration()) .build(); Mono
An attempt to automatically refresh the token will be made if all of the following are true:response = webClient .get() .uri(uri) .attributes(oauth2AuthorizedClient(authorizedClient)) // ... .retrieve() .bodyToMono(String.class); - The
OAuth2AuthorizedClientManager
is not null - A refresh token is present on the
OAuth2AuthorizedClient
- The access token is expired
- The
SecurityContextHolder
will be used to attempt to save the token. If it is empty, then the principal name on theOAuth2AuthorizedClient
will be used to create an Authentication for saving.
- Since:
- 5.1
- See Also:
OAuth2AuthorizedClientManager
-
-
Constructor Summary
Constructors Constructor Description ServletOAuth2AuthorizedClientExchangeFilterFunction()
ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager authorizedClientManager)
Constructs aServletOAuth2AuthorizedClientExchangeFilterFunction
using the provided parameters.ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository authorizedClientRepository)
Constructs aServletOAuth2AuthorizedClientExchangeFilterFunction
using the provided parameters.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>>
authentication(Authentication authentication)
Modifies theClientRequest.attributes()
to include theAuthentication
used to look up and save theOAuth2AuthorizedClient
.static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>>
clientRegistrationId(java.lang.String clientRegistrationId)
Modifies theClientRequest.attributes()
to include theClientRegistration.getRegistrationId()
to be used to look up theOAuth2AuthorizedClient
.java.util.function.Consumer<org.springframework.web.reactive.function.client.WebClient.RequestHeadersSpec<?>>
defaultRequest()
Provides defaults for theHttpServletRequest
and theHttpServletResponse
usingRequestContextHolder
.reactor.core.publisher.Mono<org.springframework.web.reactive.function.client.ClientResponse>
filter(org.springframework.web.reactive.function.client.ClientRequest request, org.springframework.web.reactive.function.client.ExchangeFunction next)
static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>>
httpServletRequest(javax.servlet.http.HttpServletRequest request)
Modifies theClientRequest.attributes()
to include theHttpServletRequest
used to look up and save theOAuth2AuthorizedClient
.static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>>
httpServletResponse(javax.servlet.http.HttpServletResponse response)
Modifies theClientRequest.attributes()
to include theHttpServletResponse
used to save theOAuth2AuthorizedClient
.static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>>
oauth2AuthorizedClient(OAuth2AuthorizedClient authorizedClient)
Modifies theClientRequest.attributes()
to include theOAuth2AuthorizedClient
to be used for providing the Bearer Token.java.util.function.Consumer<org.springframework.web.reactive.function.client.WebClient.Builder>
oauth2Configuration()
Configures the builder withdefaultRequest()
and adds this as aExchangeFilterFunction
void
setAccessTokenExpiresSkew(java.time.Duration accessTokenExpiresSkew)
Deprecated.TheaccessTokenExpiresSkew
should be configured with the specificOAuth2AuthorizedClientProvider
implementation, e.g.void
setClientCredentialsTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient)
Deprecated.void
setDefaultClientRegistrationId(java.lang.String clientRegistrationId)
If set, will be used as the defaultClientRegistration.getRegistrationId()
.void
setDefaultOAuth2AuthorizedClient(boolean defaultOAuth2AuthorizedClient)
If true, a defaultOAuth2AuthorizedClient
can be discovered from the current Authentication.
-
-
-
Constructor Detail
-
ServletOAuth2AuthorizedClientExchangeFilterFunction
public ServletOAuth2AuthorizedClientExchangeFilterFunction()
-
ServletOAuth2AuthorizedClientExchangeFilterFunction
public ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager authorizedClientManager)
Constructs aServletOAuth2AuthorizedClientExchangeFilterFunction
using the provided parameters.- Parameters:
authorizedClientManager
- theOAuth2AuthorizedClientManager
which manages the authorized client(s)- Since:
- 5.2
-
ServletOAuth2AuthorizedClientExchangeFilterFunction
public ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository authorizedClientRepository)
Constructs aServletOAuth2AuthorizedClientExchangeFilterFunction
using the provided parameters.- Parameters:
clientRegistrationRepository
- the repository of client registrationsauthorizedClientRepository
- the repository of authorized clients
-
-
Method Detail
-
setClientCredentialsTokenResponseClient
@Deprecated public void setClientCredentialsTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient)
Deprecated.UseServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)
instead. Create an instance ofClientCredentialsOAuth2AuthorizedClientProvider
configured with aDefaultClientCredentialsTokenResponseClient
(or a custom one) and than supply it toDefaultOAuth2AuthorizedClientManager
.Sets theOAuth2AccessTokenResponseClient
used for getting anOAuth2AuthorizedClient
for the client_credentials grant.- Parameters:
clientCredentialsTokenResponseClient
- the client to use
-
setDefaultOAuth2AuthorizedClient
public void setDefaultOAuth2AuthorizedClient(boolean defaultOAuth2AuthorizedClient)
If true, a defaultOAuth2AuthorizedClient
can be discovered from the current Authentication. It is recommended to be cautious with this feature since all HTTP requests will receive the access token if it can be resolved from the current Authentication.- Parameters:
defaultOAuth2AuthorizedClient
- true if a defaultOAuth2AuthorizedClient
should be used, else false. Default is false.
-
setDefaultClientRegistrationId
public void setDefaultClientRegistrationId(java.lang.String clientRegistrationId)
If set, will be used as the defaultClientRegistration.getRegistrationId()
. It is recommended to be cautious with this feature since all HTTP requests will receive the access token.- Parameters:
clientRegistrationId
- the id to use
-
oauth2Configuration
public java.util.function.Consumer<org.springframework.web.reactive.function.client.WebClient.Builder> oauth2Configuration()
Configures the builder withdefaultRequest()
and adds this as aExchangeFilterFunction
- Returns:
- the
Consumer
to configure the builder
-
defaultRequest
public java.util.function.Consumer<org.springframework.web.reactive.function.client.WebClient.RequestHeadersSpec<?>> defaultRequest()
Provides defaults for theHttpServletRequest
and theHttpServletResponse
usingRequestContextHolder
. It also provides defaults for theAuthentication
usingSecurityContextHolder
. It also can default theOAuth2AuthorizedClient
using theclientRegistrationId(String)
or theauthentication(Authentication)
.- Returns:
- the
Consumer
to populate the attributes
-
oauth2AuthorizedClient
public static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>> oauth2AuthorizedClient(OAuth2AuthorizedClient authorizedClient)
Modifies theClientRequest.attributes()
to include theOAuth2AuthorizedClient
to be used for providing the Bearer Token.- Parameters:
authorizedClient
- theOAuth2AuthorizedClient
to use.- Returns:
- the
Consumer
to populate the attributes
-
clientRegistrationId
public static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>> clientRegistrationId(java.lang.String clientRegistrationId)
Modifies theClientRequest.attributes()
to include theClientRegistration.getRegistrationId()
to be used to look up theOAuth2AuthorizedClient
.- Parameters:
clientRegistrationId
- theClientRegistration.getRegistrationId()
to be used to look up theOAuth2AuthorizedClient
.- Returns:
- the
Consumer
to populate the attributes
-
authentication
public static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>> authentication(Authentication authentication)
Modifies theClientRequest.attributes()
to include theAuthentication
used to look up and save theOAuth2AuthorizedClient
. The value is defaulted indefaultRequest()
- Parameters:
authentication
- theAuthentication
to use.- Returns:
- the
Consumer
to populate the attributes
-
httpServletRequest
public static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>> httpServletRequest(javax.servlet.http.HttpServletRequest request)
Modifies theClientRequest.attributes()
to include theHttpServletRequest
used to look up and save theOAuth2AuthorizedClient
. The value is defaulted indefaultRequest()
- Parameters:
request
- theHttpServletRequest
to use.- Returns:
- the
Consumer
to populate the attributes
-
httpServletResponse
public static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>> httpServletResponse(javax.servlet.http.HttpServletResponse response)
Modifies theClientRequest.attributes()
to include theHttpServletResponse
used to save theOAuth2AuthorizedClient
. The value is defaulted indefaultRequest()
- Parameters:
response
- theHttpServletResponse
to use.- Returns:
- the
Consumer
to populate the attributes
-
setAccessTokenExpiresSkew
@Deprecated public void setAccessTokenExpiresSkew(java.time.Duration accessTokenExpiresSkew)
Deprecated.TheaccessTokenExpiresSkew
should be configured with the specificOAuth2AuthorizedClientProvider
implementation, e.g.ClientCredentialsOAuth2AuthorizedClientProvider
orRefreshTokenOAuth2AuthorizedClientProvider
.An access token will be considered expired by comparing its expiration to now + this skewed Duration. The default is 1 minute.- Parameters:
accessTokenExpiresSkew
- the Duration to use.
-
filter
public reactor.core.publisher.Mono<org.springframework.web.reactive.function.client.ClientResponse> filter(org.springframework.web.reactive.function.client.ClientRequest request, org.springframework.web.reactive.function.client.ExchangeFunction next)
- Specified by:
filter
in interfaceorg.springframework.web.reactive.function.client.ExchangeFilterFunction
-
-