Merge branch '5.8.x' into 6.0.x

docs/modules/ROOT/pages/servlet/oauth2/client/authorized-clients.adoc

@@ -201,6 +201,63 @@ fun index(): String {
 ======
 <1> `clientRegistrationId()` is a `static` method in `ServletOAuth2AuthorizedClientExchangeFilterFunction`.
 
+The following code shows how to set an `Authentication` as a request attribute:
+
+[tabs]
+======
+Java::
++
+[source,java,role="primary"]
+----
+@GetMapping("/")
+public String index() {
+	String resourceUri = ...
+
+	Authentication anonymousAuthentication = new AnonymousAuthenticationToken(
+			"anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
+	String body = webClient
+			.get()
+			.uri(resourceUri)
+			.attributes(authentication(anonymousAuthentication))   <1>
+			.retrieve()
+			.bodyToMono(String.class)
+			.block();
+
+	...
+
+	return "index";
+}
+----
+
+Kotlin::
++
+[source,kotlin,role="secondary"]
+----
+@GetMapping("/")
+fun index(): String {
+    val resourceUri: String = ...
+
+    val anonymousAuthentication: Authentication = AnonymousAuthenticationToken(
+            "anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"))
+    val body: String = webClient
+            .get()
+            .uri(resourceUri)
+            .attributes(authentication(anonymousAuthentication))  <1>
+            .retrieve()
+            .bodyToMono()
+            .block()
+
+    ...
+
+    return "index"
+}
+----
+======
+<1> `authentication()` is a `static` method in `ServletOAuth2AuthorizedClientExchangeFilterFunction`.
+
+[WARNING]
+It is recommended to be cautious with this feature since all HTTP requests will receive an access token bound to the provided principal.
+
 
 === Defaulting the Authorized Client