Package org.springframework.security.oauth2.client.web.reactive.function.client

Class ServletOAuth2AuthorizedClientExchangeFilterFunction

java.lang.Object

org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction

All Implemented Interfaces:

org.springframework.web.reactive.function.client.ExchangeFilterFunction

public final class ServletOAuth2AuthorizedClientExchangeFilterFunction
extends java.lang.Object
implements org.springframework.web.reactive.function.client.ExchangeFilterFunction

Provides an easy mechanism for using an OAuth2AuthorizedClient to make OAuth2 requests by including the token as a Bearer Token. It also provides mechanisms for looking up the OAuth2AuthorizedClient. This class is intended to be used in a servlet environment. Example usage:

 ServletOAuth2AuthorizedClientExchangeFilterFunction oauth2 = new ServletOAuth2AuthorizedClientExchangeFilterFunction(clientRegistrationRepository, authorizedClientRepository);
 WebClient webClient = WebClient.builder()
    .apply(oauth2.oauth2Configuration())
    .build();
 Mono response = webClient
    .get()
    .uri(uri)
    .attributes(oauth2AuthorizedClient(authorizedClient))
    // ...
    .retrieve()
    .bodyToMono(String.class);
 

An attempt to automatically refresh the token will be made if all of the following are true:

• The OAuth2AuthorizedClientManager is not null
• A refresh token is present on the OAuth2AuthorizedClient
• The access token is expired
• The SecurityContextHolder will be used to attempt to save the token. If it is empty, then the principal name on the OAuth2AuthorizedClient will be used to create an Authentication for saving.

Since:

5.1

See Also:

OAuth2AuthorizedClientManager

Constructor Summary

Constructors

Constructor	Description
ServletOAuth2AuthorizedClientExchangeFilterFunction()
ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager authorizedClientManager)	Constructs a ServletOAuth2AuthorizedClientExchangeFilterFunction using the provided parameters.
ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository authorizedClientRepository)	Constructs a ServletOAuth2AuthorizedClientExchangeFilterFunction using the provided parameters.

Method Summary

Modifier and Type	Method	Description
static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>>	authentication(Authentication authentication)	Modifies the ClientRequest.attributes() to include the Authentication used to look up and save the OAuth2AuthorizedClient.
static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>>	clientRegistrationId(java.lang.String clientRegistrationId)	Modifies the ClientRequest.attributes() to include the ClientRegistration.getRegistrationId() to be used to look up the OAuth2AuthorizedClient.
java.util.function.Consumer<org.springframework.web.reactive.function.client.WebClient.RequestHeadersSpec<?>>	defaultRequest()	Provides defaults for the HttpServletRequest and the HttpServletResponse using RequestContextHolder.
reactor.core.publisher.Mono<org.springframework.web.reactive.function.client.ClientResponse>	filter(org.springframework.web.reactive.function.client.ClientRequest request, org.springframework.web.reactive.function.client.ExchangeFunction next)
static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>>	httpServletRequest(javax.servlet.http.HttpServletRequest request)	Modifies the ClientRequest.attributes() to include the HttpServletRequest used to look up and save the OAuth2AuthorizedClient.
static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>>	httpServletResponse(javax.servlet.http.HttpServletResponse response)	Modifies the ClientRequest.attributes() to include the HttpServletResponse used to save the OAuth2AuthorizedClient.
static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>>	oauth2AuthorizedClient(OAuth2AuthorizedClient authorizedClient)	Modifies the ClientRequest.attributes() to include the OAuth2AuthorizedClient to be used for providing the Bearer Token.
java.util.function.Consumer<org.springframework.web.reactive.function.client.WebClient.Builder>	oauth2Configuration()	Configures the builder with defaultRequest() and adds this as a ExchangeFilterFunction
void	setAccessTokenExpiresSkew(java.time.Duration accessTokenExpiresSkew)	Deprecated. The accessTokenExpiresSkew should be configured with the specific OAuth2AuthorizedClientProvider implementation, e.g.
void	setClientCredentialsTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient)	Deprecated. Use ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager) instead.
void	setDefaultClientRegistrationId(java.lang.String clientRegistrationId)	If set, will be used as the default ClientRegistration.getRegistrationId().
void	setDefaultOAuth2AuthorizedClient(boolean defaultOAuth2AuthorizedClient)	If true, a default OAuth2AuthorizedClient can be discovered from the current Authentication.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.web.reactive.function.client.ExchangeFilterFunction

andThen, apply

Constructor Detail

ServletOAuth2AuthorizedClientExchangeFilterFunction

public ServletOAuth2AuthorizedClientExchangeFilterFunction()

ServletOAuth2AuthorizedClientExchangeFilterFunction

public ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager authorizedClientManager)

Constructs a ServletOAuth2AuthorizedClientExchangeFilterFunction using the provided parameters.

Parameters:

authorizedClientManager - the OAuth2AuthorizedClientManager which manages the authorized client(s)

Since:

5.2

ServletOAuth2AuthorizedClientExchangeFilterFunction

public ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository clientRegistrationRepository,
                                                           OAuth2AuthorizedClientRepository authorizedClientRepository)

Constructs a ServletOAuth2AuthorizedClientExchangeFilterFunction using the provided parameters.

Parameters:

clientRegistrationRepository - the repository of client registrations

authorizedClientRepository - the repository of authorized clients

Method Detail

setClientCredentialsTokenResponseClient

@Deprecated
public void setClientCredentialsTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient)

Deprecated.

Use ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager) instead. Create an instance of ClientCredentialsOAuth2AuthorizedClientProvider configured with a DefaultClientCredentialsTokenResponseClient (or a custom one) and than supply it to DefaultOAuth2AuthorizedClientManager.

Sets the OAuth2AccessTokenResponseClient used for getting an OAuth2AuthorizedClient for the client_credentials grant.

Parameters:

clientCredentialsTokenResponseClient - the client to use

setDefaultOAuth2AuthorizedClient

public void setDefaultOAuth2AuthorizedClient(boolean defaultOAuth2AuthorizedClient)

If true, a default OAuth2AuthorizedClient can be discovered from the current Authentication. It is recommended to be cautious with this feature since all HTTP requests will receive the access token if it can be resolved from the current Authentication.

Parameters:

defaultOAuth2AuthorizedClient - true if a default OAuth2AuthorizedClient should be used, else false. Default is false.

setDefaultClientRegistrationId

public void setDefaultClientRegistrationId(java.lang.String clientRegistrationId)

If set, will be used as the default ClientRegistration.getRegistrationId(). It is recommended to be cautious with this feature since all HTTP requests will receive the access token.

Parameters:

clientRegistrationId - the id to use

oauth2Configuration

public java.util.function.Consumer<org.springframework.web.reactive.function.client.WebClient.Builder> oauth2Configuration()

Configures the builder with defaultRequest() and adds this as a ExchangeFilterFunction

Returns:

the Consumer to configure the builder

defaultRequest

public java.util.function.Consumer<org.springframework.web.reactive.function.client.WebClient.RequestHeadersSpec<?>> defaultRequest()

Provides defaults for the HttpServletRequest and the HttpServletResponse using RequestContextHolder. It also provides defaults for the Authentication using SecurityContextHolder. It also can default the OAuth2AuthorizedClient using the clientRegistrationId(String) or the authentication(Authentication).

Returns:

the Consumer to populate the attributes

oauth2AuthorizedClient

public static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>> oauth2AuthorizedClient(OAuth2AuthorizedClient authorizedClient)

Modifies the ClientRequest.attributes() to include the OAuth2AuthorizedClient to be used for providing the Bearer Token.

Parameters:

authorizedClient - the OAuth2AuthorizedClient to use.

Returns:

the Consumer to populate the attributes

clientRegistrationId

public static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>> clientRegistrationId(java.lang.String clientRegistrationId)

Modifies the ClientRequest.attributes() to include the ClientRegistration.getRegistrationId() to be used to look up the OAuth2AuthorizedClient.

Parameters:

clientRegistrationId - the ClientRegistration.getRegistrationId() to be used to look up the OAuth2AuthorizedClient.

Returns:

the Consumer to populate the attributes

authentication

public static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>> authentication(Authentication authentication)

Modifies the ClientRequest.attributes() to include the Authentication used to look up and save the OAuth2AuthorizedClient. The value is defaulted in defaultRequest()

Parameters:

authentication - the Authentication to use.

Returns:

the Consumer to populate the attributes

httpServletRequest

public static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>> httpServletRequest(javax.servlet.http.HttpServletRequest request)

Modifies the ClientRequest.attributes() to include the HttpServletRequest used to look up and save the OAuth2AuthorizedClient. The value is defaulted in defaultRequest()

Parameters:

request - the HttpServletRequest to use.

Returns:

the Consumer to populate the attributes

httpServletResponse

public static java.util.function.Consumer<java.util.Map<java.lang.String,java.lang.Object>> httpServletResponse(javax.servlet.http.HttpServletResponse response)

Modifies the ClientRequest.attributes() to include the HttpServletResponse used to save the OAuth2AuthorizedClient. The value is defaulted in defaultRequest()

Parameters:

response - the HttpServletResponse to use.

Returns:

the Consumer to populate the attributes

setAccessTokenExpiresSkew

@Deprecated
public void setAccessTokenExpiresSkew(java.time.Duration accessTokenExpiresSkew)

Deprecated.

The accessTokenExpiresSkew should be configured with the specific OAuth2AuthorizedClientProvider implementation, e.g. ClientCredentialsOAuth2AuthorizedClientProvider or RefreshTokenOAuth2AuthorizedClientProvider.

An access token will be considered expired by comparing its expiration to now + this skewed Duration. The default is 1 minute.

Parameters:

accessTokenExpiresSkew - the Duration to use.

filter

public reactor.core.publisher.Mono<org.springframework.web.reactive.function.client.ClientResponse> filter(org.springframework.web.reactive.function.client.ClientRequest request,
                                                                                                           org.springframework.web.reactive.function.client.ExchangeFunction next)

Specified by:

filter in interface org.springframework.web.reactive.function.client.ExchangeFilterFunction