BAEL-5300: add openfeign config

2022-01-31 10:50:19 +03:30 · 2022-01-31 10:50:19 +03:30 · 10dd6acd33
parent e459737a66
commit 10dd6acd33
2 changed files with 131 additions and 0 deletions
--- a/spring-cloud/spring-cloud-openfeign/src/main/java/com/baeldung/cloud/openfeign/oauthfeign/OAuthClientCredentialsFeignManager.java
+++ b/spring-cloud/spring-cloud-openfeign/src/main/java/com/baeldung/cloud/openfeign/oauthfeign/OAuthClientCredentialsFeignManager.java
@ -0,0 +1,85 @@
+package com.baeldung.cloud.openfeign.oauthfeign;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+
+import java.util.Collection;
+import java.util.Collections;
+
+import static java.util.Objects.isNull;
+
+public class OAuthClientCredentialsFeignManager {
+
+    private static final Logger logger = LoggerFactory.getLogger(OAuthClientCredentialsFeignManager.class);
+
+    private final OAuth2AuthorizedClientManager manager;
+    private final Authentication principal;
+    private final ClientRegistration clientRegistration;
+
+    public OAuthClientCredentialsFeignManager(OAuth2AuthorizedClientManager manager, ClientRegistration clientRegistration) {
+        this.manager = manager;
+        this.clientRegistration = clientRegistration;
+        this.principal = createPrincipal();
+    }
+
+    private Authentication createPrincipal() {
+        return new Authentication() {
+            @Override
+            public Collection<? extends GrantedAuthority> getAuthorities() {
+                return Collections.emptySet();
+            }
+
+            @Override
+            public Object getCredentials() {
+                return null;
+            }
+
+            @Override
+            public Object getDetails() {
+                return null;
+            }
+
+            @Override
+            public Object getPrincipal() {
+                return this;
+            }
+
+            @Override
+            public boolean isAuthenticated() {
+                return false;
+            }
+
+            @Override
+            public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
+            }
+
+            @Override
+            public String getName() {
+                return clientRegistration.getClientId();
+            }
+        };
+    }
+
+    public String getAccessToken() {
+        try {
+            OAuth2AuthorizeRequest oAuth2AuthorizeRequest = OAuth2AuthorizeRequest
+                .withClientRegistrationId(clientRegistration.getRegistrationId())
+                .principal(principal)
+                .build();
+            OAuth2AuthorizedClient client = manager.authorize(oAuth2AuthorizeRequest);
+            if (isNull(client)) {
+                throw new IllegalStateException("client credentials flow on " + clientRegistration.getRegistrationId() + " failed, client is null");
+            }
+            return client.getAccessToken().getTokenValue();
+        } catch (Exception exp) {
+            logger.error("client credentials error " + exp.getMessage());
+        }
+        return null;
+    }
+}
--- a/spring-cloud/spring-cloud-openfeign/src/main/java/com/baeldung/cloud/openfeign/oauthfeign/OAuthFeignConfig.java
+++ b/spring-cloud/spring-cloud-openfeign/src/main/java/com/baeldung/cloud/openfeign/oauthfeign/OAuthFeignConfig.java
@ -0,0 +1,46 @@
+package com.baeldung.cloud.openfeign.oauthfeign;
+
+import feign.RequestInterceptor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.oauth2.client.*;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+
+@Configuration
+public class OAuthFeignConfig {
+
+    public static final String CLIENT_REGISTRATION_ID = "keycloak";
+
+    private final OAuth2AuthorizedClientService oAuth2AuthorizedClientService;
+    private final ClientRegistrationRepository clientRegistrationRepository;
+
+    public OAuthFeignConfig(OAuth2AuthorizedClientService oAuth2AuthorizedClientService,
+            ClientRegistrationRepository clientRegistrationRepository) {
+        this.oAuth2AuthorizedClientService = oAuth2AuthorizedClientService;
+        this.clientRegistrationRepository = clientRegistrationRepository;
+    }
+
+    @Bean
+    public RequestInterceptor requestInterceptor() {
+        ClientRegistration clientRegistration = clientRegistrationRepository.findByRegistrationId(CLIENT_REGISTRATION_ID);
+        OAuthClientCredentialsFeignManager clientCredentialsFeignManager =
+            new OAuthClientCredentialsFeignManager(authorizedClientManager(), clientRegistration);
+        return requestTemplate -> {
+            requestTemplate.header("Authorization", "Bearer " + clientCredentialsFeignManager.getAccessToken());
+        };
+    }
+
+    @Bean
+    OAuth2AuthorizedClientManager authorizedClientManager() {
+        OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
+            .clientCredentials()
+            .build();
+
+        AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientManager =
+            new AuthorizedClientServiceOAuth2AuthorizedClientManager(clientRegistrationRepository, oAuth2AuthorizedClientService);
+        authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
+        return authorizedClientManager;
+    }
+
+}