diff --git a/samples/boot/oauth2/authcodegrant/src/integration-test/java/org/springframework/security/samples/OAuth2AuthorizationCodeGrantApplicationTests.java b/samples/boot/oauth2/authcodegrant/src/integration-test/java/org/springframework/security/samples/OAuth2AuthorizationCodeGrantApplicationTests.java index 59df61ff53..36ee34e365 100644 --- a/samples/boot/oauth2/authcodegrant/src/integration-test/java/org/springframework/security/samples/OAuth2AuthorizationCodeGrantApplicationTests.java +++ b/samples/boot/oauth2/authcodegrant/src/integration-test/java/org/springframework/security/samples/OAuth2AuthorizationCodeGrantApplicationTests.java @@ -23,6 +23,7 @@ import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.context.annotation.ComponentScan; +import org.springframework.context.annotation.Import; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.mock.web.MockHttpSession; @@ -47,6 +48,7 @@ import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.context.junit4.SpringRunner; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; +import sample.config.WebClientConfig; import java.util.HashMap; import java.util.Map; @@ -160,6 +162,7 @@ public class OAuth2AuthorizationCodeGrantApplicationTests { @SpringBootConfiguration @EnableAutoConfiguration @ComponentScan(basePackages = "sample.web") + @Import(WebClientConfig.class) public static class SpringBootApplicationTestConfig { } } diff --git a/samples/boot/oauth2/authcodegrant/src/main/java/sample/config/WebClientConfig.java b/samples/boot/oauth2/authcodegrant/src/main/java/sample/config/WebClientConfig.java new file mode 100644 index 0000000000..e462a620b8 --- /dev/null +++ b/samples/boot/oauth2/authcodegrant/src/main/java/sample/config/WebClientConfig.java @@ -0,0 +1,35 @@ +/* + * Copyright 2002-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package sample.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.security.oauth2.client.web.reactive.function.client.OAuth2AuthorizedClientExchangeFilterFunction; +import org.springframework.web.reactive.function.client.WebClient; + +/** + * @author Rob Winch + * @since 5.1 + */ +public class WebClientConfig { + + @Bean + WebClient webClient() { + return WebClient.builder() + .filter(new OAuth2AuthorizedClientExchangeFilterFunction()) + .build(); + } +} diff --git a/samples/boot/oauth2/authcodegrant/src/main/java/sample/web/GitHubReposController.java b/samples/boot/oauth2/authcodegrant/src/main/java/sample/web/GitHubReposController.java index f32bdfe450..fb1893fb8d 100644 --- a/samples/boot/oauth2/authcodegrant/src/main/java/sample/web/GitHubReposController.java +++ b/samples/boot/oauth2/authcodegrant/src/main/java/sample/web/GitHubReposController.java @@ -15,24 +15,28 @@ */ package sample.web; -import org.springframework.http.HttpHeaders; import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; import org.springframework.security.oauth2.client.annotation.OAuth2Client; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.reactive.function.client.ClientRequest; -import org.springframework.web.reactive.function.client.ExchangeFilterFunction; import org.springframework.web.reactive.function.client.WebClient; -import reactor.core.publisher.Mono; import java.util.List; +import static org.springframework.security.oauth2.client.web.reactive.function.client.OAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient; + /** * @author Joe Grandja + * @author Rob Winch */ @Controller public class GitHubReposController { + private final WebClient webClient; + + public GitHubReposController(WebClient webClient) { + this.webClient = webClient; + } @GetMapping("/") public String index() { @@ -42,11 +46,10 @@ public class GitHubReposController { @GetMapping("/repos") public String gitHubRepos(Model model, @OAuth2Client("github") OAuth2AuthorizedClient authorizedClient) { String endpointUri = "https://api.github.com/user/repos"; - List repos = WebClient.builder() - .filter(oauth2Credentials(authorizedClient)) - .build() + List repos = this.webClient .get() .uri(endpointUri) + .attributes(oauth2AuthorizedClient(authorizedClient)) .retrieve() .bodyToMono(List.class) .block(); @@ -54,14 +57,4 @@ public class GitHubReposController { return "github-repos"; } - - private ExchangeFilterFunction oauth2Credentials(OAuth2AuthorizedClient authorizedClient) { - return ExchangeFilterFunction.ofRequestProcessor( - clientRequest -> { - ClientRequest authorizedRequest = ClientRequest.from(clientRequest) - .header(HttpHeaders.AUTHORIZATION, "Bearer " + authorizedClient.getAccessToken().getTokenValue()) - .build(); - return Mono.just(authorizedRequest); - }); - } } diff --git a/samples/boot/oauth2login-webflux/src/main/java/sample/WebClientConfig.java b/samples/boot/oauth2login-webflux/src/main/java/sample/WebClientConfig.java new file mode 100644 index 0000000000..1d0ed4a2b4 --- /dev/null +++ b/samples/boot/oauth2login-webflux/src/main/java/sample/WebClientConfig.java @@ -0,0 +1,35 @@ +/* + * Copyright 2002-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package sample; + +import org.springframework.context.annotation.Bean; +import org.springframework.security.oauth2.client.web.reactive.function.client.OAuth2AuthorizedClientExchangeFilterFunction; +import org.springframework.web.reactive.function.client.WebClient; + +/** + * @author Rob Winch + * @since 5.1 + */ +public class WebClientConfig { + + @Bean + WebClient webClient() { + return WebClient.builder() + .filter(new OAuth2AuthorizedClientExchangeFilterFunction()) + .build(); + } +} diff --git a/samples/boot/oauth2login-webflux/src/main/java/sample/web/OAuth2LoginController.java b/samples/boot/oauth2login-webflux/src/main/java/sample/web/OAuth2LoginController.java index d3bcaf342e..9c86d73bdc 100644 --- a/samples/boot/oauth2login-webflux/src/main/java/sample/web/OAuth2LoginController.java +++ b/samples/boot/oauth2login-webflux/src/main/java/sample/web/OAuth2LoginController.java @@ -16,17 +16,16 @@ package sample.web; +import static org.springframework.security.oauth2.client.web.reactive.function.client.OAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient; + import java.util.Map; -import org.springframework.http.HttpHeaders; import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; import org.springframework.security.oauth2.client.annotation.OAuth2Client; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.reactive.function.client.ClientRequest; -import org.springframework.web.reactive.function.client.ExchangeFilterFunction; import org.springframework.web.reactive.function.client.WebClient; import reactor.core.publisher.Mono; @@ -36,6 +35,11 @@ import reactor.core.publisher.Mono; */ @Controller public class OAuth2LoginController { + private final WebClient webClient; + + public OAuth2LoginController(WebClient webClient) { + this.webClient = webClient; + } @GetMapping("/") public String index(Model model, @OAuth2Client OAuth2AuthorizedClient authorizedClient) { @@ -50,25 +54,14 @@ public class OAuth2LoginController { String userInfoEndpointUri = authorizedClient.getClientRegistration() .getProviderDetails().getUserInfoEndpoint().getUri(); if (!StringUtils.isEmpty(userInfoEndpointUri)) { // userInfoEndpointUri is optional for OIDC Clients - userAttributes = WebClient.builder() - .filter(oauth2Credentials(authorizedClient)) - .build() + userAttributes = this.webClient .get() .uri(userInfoEndpointUri) + .attributes(oauth2AuthorizedClient(authorizedClient)) .retrieve() .bodyToMono(Map.class); } model.addAttribute("userAttributes", userAttributes); return "userinfo"; } - - private ExchangeFilterFunction oauth2Credentials(OAuth2AuthorizedClient authorizedClient) { - return ExchangeFilterFunction.ofRequestProcessor( - clientRequest -> { - ClientRequest authorizedRequest = ClientRequest.from(clientRequest) - .header(HttpHeaders.AUTHORIZATION, "Bearer " + authorizedClient.getAccessToken().getTokenValue()) - .build(); - return Mono.just(authorizedRequest); - }); - } } diff --git a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java index 1c722da290..612e3583c9 100644 --- a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java +++ b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java @@ -32,6 +32,7 @@ import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMock import org.springframework.boot.test.context.SpringBootTest; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; +import org.springframework.context.annotation.Import; import org.springframework.http.HttpStatus; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; @@ -57,6 +58,7 @@ import org.springframework.security.oauth2.core.user.OAuth2UserAuthority; import org.springframework.test.context.junit4.SpringRunner; import org.springframework.web.util.UriComponents; import org.springframework.web.util.UriComponentsBuilder; +import sample.WebClientConfig; import java.net.URI; import java.net.URL; @@ -401,6 +403,7 @@ public class OAuth2LoginApplicationTests { @SpringBootConfiguration @EnableAutoConfiguration @ComponentScan(basePackages = "sample.web") + @Import(WebClientConfig.class) public static class SpringBootApplicationTestConfig { @Autowired diff --git a/samples/boot/oauth2login/src/main/java/sample/WebClientConfig.java b/samples/boot/oauth2login/src/main/java/sample/WebClientConfig.java new file mode 100644 index 0000000000..1d0ed4a2b4 --- /dev/null +++ b/samples/boot/oauth2login/src/main/java/sample/WebClientConfig.java @@ -0,0 +1,35 @@ +/* + * Copyright 2002-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package sample; + +import org.springframework.context.annotation.Bean; +import org.springframework.security.oauth2.client.web.reactive.function.client.OAuth2AuthorizedClientExchangeFilterFunction; +import org.springframework.web.reactive.function.client.WebClient; + +/** + * @author Rob Winch + * @since 5.1 + */ +public class WebClientConfig { + + @Bean + WebClient webClient() { + return WebClient.builder() + .filter(new OAuth2AuthorizedClientExchangeFilterFunction()) + .build(); + } +} diff --git a/samples/boot/oauth2login/src/main/java/sample/web/OAuth2LoginController.java b/samples/boot/oauth2login/src/main/java/sample/web/OAuth2LoginController.java index 4f8fa14ca8..5c29e84dae 100644 --- a/samples/boot/oauth2login/src/main/java/sample/web/OAuth2LoginController.java +++ b/samples/boot/oauth2login/src/main/java/sample/web/OAuth2LoginController.java @@ -15,26 +15,30 @@ */ package sample.web; -import org.springframework.http.HttpHeaders; +import static org.springframework.security.oauth2.client.web.reactive.function.client.OAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient; + +import java.util.Collections; +import java.util.Map; + import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; import org.springframework.security.oauth2.client.annotation.OAuth2Client; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.reactive.function.client.ClientRequest; -import org.springframework.web.reactive.function.client.ExchangeFilterFunction; import org.springframework.web.reactive.function.client.WebClient; -import reactor.core.publisher.Mono; - -import java.util.Collections; -import java.util.Map; /** * @author Joe Grandja + * @author Rob Winch */ @Controller public class OAuth2LoginController { + private final WebClient webClient; + + public OAuth2LoginController(WebClient webClient) { + this.webClient = webClient; + } @GetMapping("/") public String index(Model model, @OAuth2Client OAuth2AuthorizedClient authorizedClient) { @@ -49,11 +53,10 @@ public class OAuth2LoginController { String userInfoEndpointUri = authorizedClient.getClientRegistration() .getProviderDetails().getUserInfoEndpoint().getUri(); if (!StringUtils.isEmpty(userInfoEndpointUri)) { // userInfoEndpointUri is optional for OIDC Clients - userAttributes = WebClient.builder() - .filter(oauth2Credentials(authorizedClient)) - .build() + userAttributes = this.webClient .get() .uri(userInfoEndpointUri) + .attributes(oauth2AuthorizedClient(authorizedClient)) .retrieve() .bodyToMono(Map.class) .block(); @@ -61,14 +64,4 @@ public class OAuth2LoginController { model.addAttribute("userAttributes", userAttributes); return "userinfo"; } - - private ExchangeFilterFunction oauth2Credentials(OAuth2AuthorizedClient authorizedClient) { - return ExchangeFilterFunction.ofRequestProcessor( - clientRequest -> { - ClientRequest authorizedRequest = ClientRequest.from(clientRequest) - .header(HttpHeaders.AUTHORIZATION, "Bearer " + authorizedClient.getAccessToken().getTokenValue()) - .build(); - return Mono.just(authorizedRequest); - }); - } }