From 7335c5745cc5f0137f4a65fa73bd1cf1b8993ca6 Mon Sep 17 00:00:00 2001
From: Steve Riesenberg <sriesenberg@vmware.com>
Date: Thu, 9 Nov 2023 10:46:32 -0600
Subject: [PATCH] Document authentication helper method in WebClient
 integration

This commit re-applies 49f3c0ce534254ea4b5f5a674c5afb8322c1736c
which was lost while splitting pages for Antora.

Issue gh-13816
Issue gh-10120
---
 .../oauth2/client/authorized-clients.adoc     | 57 +++++++++++++++++++
 1 file changed, 57 insertions(+)

diff --git a/docs/modules/ROOT/pages/servlet/oauth2/client/authorized-clients.adoc b/docs/modules/ROOT/pages/servlet/oauth2/client/authorized-clients.adoc
index ffb64b3f8b..378c3599fa 100644
--- a/docs/modules/ROOT/pages/servlet/oauth2/client/authorized-clients.adoc
+++ b/docs/modules/ROOT/pages/servlet/oauth2/client/authorized-clients.adoc
@@ -198,6 +198,63 @@ fun index(): String {
 ======
 <1> `clientRegistrationId()` is a `static` method in `ServletOAuth2AuthorizedClientExchangeFilterFunction`.
 
+The following code shows how to set an `Authentication` as a request attribute:
+
+[tabs]
+======
+Java::
++
+[source,java,role="primary"]
+----
+@GetMapping("/")
+public String index() {
+	String resourceUri = ...
+
+	Authentication anonymousAuthentication = new AnonymousAuthenticationToken(
+			"anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
+	String body = webClient
+			.get()
+			.uri(resourceUri)
+			.attributes(authentication(anonymousAuthentication))   <1>
+			.retrieve()
+			.bodyToMono(String.class)
+			.block();
+
+	...
+
+	return "index";
+}
+----
+
+Kotlin::
++
+[source,kotlin,role="secondary"]
+----
+@GetMapping("/")
+fun index(): String {
+    val resourceUri: String = ...
+
+    val anonymousAuthentication: Authentication = AnonymousAuthenticationToken(
+            "anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"))
+    val body: String = webClient
+            .get()
+            .uri(resourceUri)
+            .attributes(authentication(anonymousAuthentication))  <1>
+            .retrieve()
+            .bodyToMono()
+            .block()
+
+    ...
+
+    return "index"
+}
+----
+======
+<1> `authentication()` is a `static` method in `ServletOAuth2AuthorizedClientExchangeFilterFunction`.
+
+[WARNING]
+It is recommended to be cautious with this feature since all HTTP requests will receive an access token bound to the provided principal.
+
 
 === Defaulting the Authorized Client