|
This version is still in development and is not considered stable yet. For the latest stable version, please use Spring Security 6.5.3! |
HTTP Interface Integration
Spring Security’s OAuth Support can integrate with RestClient and WebClient HTTP Interface based REST Clients.
Configuration
After RestClient or WebClient specific configuration, usage of HTTP Interface Integration only requires adding a @ClientRegistrationId to methods that require OAuth.
Since the presence of @ClientRegistrationId determines if and how the OAuth token will be resolved, it is safe to add Spring Security’s OAuth support any configuration.
RestClient Configuration
Spring Security’s OAuth Support can integrate with HTTP Interface based REST Clients backed by RestClient.
The first step is to create an OAuthAuthorizedClientManager Bean.
Next you must configure HttpServiceProxyFactory and RestClient to be aware of @ClientRegistrationId
To simplify this configuration, use OAuth2RestClientHttpServiceGroupConfigurer.
-
Java
-
Kotlin
@Bean
OAuth2RestClientHttpServiceGroupConfigurer securityConfigurer(
OAuth2AuthorizedClientManager manager) {
return OAuth2RestClientHttpServiceGroupConfigurer.from(manager);
}@Bean
fun securityConfigurer(manager: OAuth2AuthorizedClientManager): OAuth2RestClientHttpServiceGroupConfigurer {
return OAuth2RestClientHttpServiceGroupConfigurer.from(manager)
}The configuration:
-
Adds
ClientRegistrationIdProcessortoHttpServiceProxyFactory -
Adds
OAuth2ClientHttpRequestInterceptorto theRestClient
WebClient Configuration
Spring Security’s OAuth Support can integrate with HTTP Interface based REST Clients backed by WebClient.
The first step is to create an ReactiveOAuthAuthorizedClientManager Bean.
Next you must configure HttpServiceProxyFactory and WebRestClient to be aware of @ClientRegistrationId
To simplify this configuration, use OAuth2WebClientHttpServiceGroupConfigurer.
-
Java
-
Kotlin
@Bean
OAuth2WebClientHttpServiceGroupConfigurer securityConfigurer(
ReactiveOAuth2AuthorizedClientManager manager) {
return OAuth2WebClientHttpServiceGroupConfigurer.from(manager);
}@Bean
fun securityConfigurer(
manager: ReactiveOAuth2AuthorizedClientManager?
): OAuth2WebClientHttpServiceGroupConfigurer {
return OAuth2WebClientHttpServiceGroupConfigurer.from(manager)
}The configuration:
-
Adds
ClientRegistrationIdProcessortoHttpServiceProxyFactory -
Adds
ServerOAuth2AuthorizedClientExchangeFilterFunctionto theWebClient
@ClientRegistrationId
You can add the ClientRegistrationId on the HTTP Interface to specify which ClientRegistration to use.
-
Java
-
Kotlin
@GetExchange("/user")
@ClientRegistrationId("github")
User getAuthenticatedUser(); @GetExchange("/user")
@ClientRegistrationId("github")
fun getAuthenticatedUser() : UserThe @ClientRegistrationId will be processed by ClientRegistrationIdProcessor
ClientRegistrationIdProcessor
The configured ClientRegistrationIdProcessor will:
-
Automatically invoke
ClientAttributes.clientRegistrationId(String)for each@ClientRegistrationId. -
This adds the
ClientRegistration.getId()to the attributes
The id is then processed by:
-
OAuth2ClientHttpRequestInterceptorfor RestClient Integration -
ServletOAuth2AuthorizedClientExchangeFilterFunction(servlets) orServerOAuth2AuthorizedClientExchangeFilterFunction(reactive environments) forWebClient.