HTTP Service Clients Integration
Spring Security’s OAuth Support can integrate with RestClient and WebClient HTTP Service Clients.
Configuration
After RestClient or WebClient specific configuration, usage of HTTP Service Clients Integration only requires adding a @ClientRegistrationId to methods that require OAuth or their declaring HTTP interface.
Since the presence of @ClientRegistrationId determines if and how the OAuth token will be resolved, it is safe to add Spring Security’s OAuth support any configuration.
RestClient Configuration
Spring Security’s OAuth Support can integrate with HTTP Service Clients backed by RestClient.
The first step is to create an OAuthAuthorizedClientManager Bean.
Next you must configure HttpServiceProxyFactory and RestClient to be aware of @ClientRegistrationId
To simplify this configuration, use OAuth2RestClientHttpServiceGroupConfigurer.
-
Java
-
Kotlin
@Bean
OAuth2RestClientHttpServiceGroupConfigurer securityConfigurer(
OAuth2AuthorizedClientManager manager) {
return OAuth2RestClientHttpServiceGroupConfigurer.from(manager);
}@Bean
fun securityConfigurer(manager: OAuth2AuthorizedClientManager): OAuth2RestClientHttpServiceGroupConfigurer {
return OAuth2RestClientHttpServiceGroupConfigurer.from(manager)
}The configuration:
-
Adds
ClientRegistrationIdProcessortoHttpServiceProxyFactory -
Adds
OAuth2ClientHttpRequestInterceptorto theRestClient
WebClient Configuration
Spring Security’s OAuth Support can integrate with HTTP Service Clients backed by WebClient.
The first step is to create an ReactiveOAuthAuthorizedClientManager Bean.
Next you must configure HttpServiceProxyFactory and WebRestClient to be aware of @ClientRegistrationId
To simplify this configuration, use OAuth2WebClientHttpServiceGroupConfigurer.
-
Java
-
Kotlin
@Bean
OAuth2WebClientHttpServiceGroupConfigurer securityConfigurer(
ReactiveOAuth2AuthorizedClientManager manager) {
return OAuth2WebClientHttpServiceGroupConfigurer.from(manager);
}@Bean
fun securityConfigurer(
manager: ReactiveOAuth2AuthorizedClientManager?
): OAuth2WebClientHttpServiceGroupConfigurer {
return OAuth2WebClientHttpServiceGroupConfigurer.from(manager)
}The configuration:
-
Adds
ClientRegistrationIdProcessortoHttpServiceProxyFactory -
Adds
ServerOAuth2AuthorizedClientExchangeFilterFunctionto theWebClient
@ClientRegistrationId
You can add the ClientRegistrationId on the HTTP Service to specify which ClientRegistration to use.
-
Java
-
Kotlin
@GetExchange("/user")
@ClientRegistrationId("github")
User getAuthenticatedUser(); @GetExchange("/user")
@ClientRegistrationId("github")
fun getAuthenticatedUser() : UserThe @ClientRegistrationId will be processed by ClientRegistrationIdProcessor
Type Level Declarations
@ClientRegistrationId can also be added at the type level to avoid repeating the declaration on every method.
-
Java
-
Kotlin
@HttpExchange
@ClientRegistrationId("github")
public interface UserService {
@GetExchange("/user")
User getAuthenticatedUser();
@GetExchange("/users/{username}/hovercard")
Hovercard getHovercard(@PathVariable String username);
}@HttpExchange
@ClientRegistrationId("github")
interface UserService {
@GetExchange("/user")
fun getAuthenticatedUser(): User
@GetExchange("/users/{username}/hovercard")
fun getHovercard(@PathVariable username: String): Hovercard
}ClientRegistrationIdProcessor
The configured ClientRegistrationIdProcessor will:
-
Automatically invoke
ClientAttributes.clientRegistrationId(String)for each@ClientRegistrationId. -
This adds the
ClientRegistration.getId()to the attributes
The id is then processed by:
-
OAuth2ClientHttpRequestInterceptorfor RestClient Integration -
ServletOAuth2AuthorizedClientExchangeFilterFunction(servlets) orServerOAuth2AuthorizedClientExchangeFilterFunction(reactive environments) forWebClient.