GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Polish servlet OAuth2 docs landing page 

Issue gh-14758
pull/14820/head
Steve Riesenberg 2 years ago
parent
22f84cf3f3
commit
be340a0085
No known key found for this signature in database
GPG Key ID: 3D0169B18AB8F0A9
1 changed files with 43 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 47
      docs/modules/ROOT/pages/servlet/oauth2/index.adoc

47
docs/modules/ROOT/pages/servlet/oauth2/index.adoc
Unescape View File

@ -491,7 +491,7 @@ With the above configuration, the application now supports two additional endpoi
==== ====
The presence of the `openid` scope in the above configuration indicates that OpenID Connect 1.0 should be used. The presence of the `openid` scope in the above configuration indicates that OpenID Connect 1.0 should be used.
This instructs Spring Security to use OIDC-specific components (such as `OidcUserService`) during request processing. This instructs Spring Security to use OIDC-specific components (such as `OidcUserService`) during request processing.
Without this scope, Spring Security will use OAuth2-specific components (such as `OAuth2UserService`) instead. Without this scope, Spring Security will use OAuth2-specific components (such as `DefaultOAuth2UserService`) instead.
==== ====
[[oauth2-client-access-protected-resources]] [[oauth2-client-access-protected-resources]]
@ -708,7 +708,7 @@ class MessagesController(private val webClient: WebClient) {
.uri("http://localhost:8090/messages") .uri("http://localhost:8090/messages")
.attributes(clientRegistrationId("my-oauth2-client")) .attributes(clientRegistrationId("my-oauth2-client"))
.retrieve() .retrieve()
.toEntityList(Message::class.java) .toEntityList<Message>()
.block()!! .block()!!
} }
@ -933,7 +933,7 @@ class MessagesController(private val webClient: WebClient) {
return webClient.get() return webClient.get()
.uri("http://localhost:8090/messages") .uri("http://localhost:8090/messages")
.retrieve() .retrieve()
.toEntityList(Message::class.java) .toEntityList<Message>()
.block()!! .block()!!
} }
@ -953,7 +953,7 @@ This is because it can be derived from the currently logged in user.
=== Enable an Extension Grant Type === Enable an Extension Grant Type
A common use case involves enabling and/or configuring an extension grant type. A common use case involves enabling and/or configuring an extension grant type.
For example, Spring Security provides support for the `jwt-bearer` grant type, but does not enable it by default because it is not part of the core OAuth 2.0 specification. For example, Spring Security provides support for the `jwt-bearer` and `token-exchange` grant types, but does not enable them by default because they are not part of the core OAuth 2.0 specification.
With Spring Security 6.2 and later, we can simply publish a bean for one or more `OAuth2AuthorizedClientProvider` and they will be picked up automatically. With Spring Security 6.2 and later, we can simply publish a bean for one or more `OAuth2AuthorizedClientProvider` and they will be picked up automatically.
The following example simply enables the `jwt-bearer` grant type: The following example simply enables the `jwt-bearer` grant type:
@ -1356,12 +1356,18 @@ Spring Security automatically resolves the following generic types of `OAuth2Acc
* `OAuth2ClientCredentialsGrantRequest` (see `DefaultClientCredentialsTokenResponseClient`) * `OAuth2ClientCredentialsGrantRequest` (see `DefaultClientCredentialsTokenResponseClient`)
* `OAuth2PasswordGrantRequest` (see `DefaultPasswordTokenResponseClient`) * `OAuth2PasswordGrantRequest` (see `DefaultPasswordTokenResponseClient`)
* `JwtBearerGrantRequest` (see `DefaultJwtBearerTokenResponseClient`) * `JwtBearerGrantRequest` (see `DefaultJwtBearerTokenResponseClient`)
* `TokenExchangeGrantRequest` (see `DefaultTokenExchangeTokenResponseClient`)
[TIP] [TIP]
==== ====
Publishing a bean of type `OAuth2AccessTokenResponseClient<JwtBearerGrantRequest>` will automatically enable the `jwt-bearer` grant type without the need to <<oauth2-client-enable-extension-grant-type,configure it separately>>. Publishing a bean of type `OAuth2AccessTokenResponseClient<JwtBearerGrantRequest>` will automatically enable the `jwt-bearer` grant type without the need to <<oauth2-client-enable-extension-grant-type,configure it separately>>.
==== ====
[TIP]
====
Publishing a bean of type `OAuth2AccessTokenResponseClient<TokenExchangeGrantRequest>` will automatically enable the `token-exchange` grant type without the need to <<oauth2-client-enable-extension-grant-type,configure it separately>>.
====
[[oauth2-client-customize-rest-operations]] [[oauth2-client-customize-rest-operations]]
=== Customize the `RestOperations` used by OAuth2 Client Components === Customize the `RestOperations` used by OAuth2 Client Components
@ -1427,6 +1433,15 @@ public class SecurityConfig {
return accessTokenResponseClient; return accessTokenResponseClient;
} }
@Bean
public OAuth2AccessTokenResponseClient<TokenExchangeGrantRequest> tokenExchangeAccessTokenResponseClient() {
DefaultTokenExchangeTokenResponseClient accessTokenResponseClient =
new DefaultTokenExchangeTokenResponseClient();
accessTokenResponseClient.setRestOperations(restTemplate());
return accessTokenResponseClient;
}
@Bean @Bean
public RestTemplate restTemplate() { public RestTemplate restTemplate() {
// ... // ...
@ -1482,6 +1497,14 @@ class SecurityConfig {
return accessTokenResponseClient return accessTokenResponseClient
} }
@Bean
fun tokenExchangeAccessTokenResponseClient(): OAuth2AccessTokenResponseClient<TokenExchangeGrantRequest> {
val accessTokenResponseClient = DefaultTokenExchangeTokenResponseClient()
accessTokenResponseClient.setRestOperations(restTemplate())
return accessTokenResponseClient
}
@Bean @Bean
fun restTemplate(): RestTemplate { fun restTemplate(): RestTemplate {
// ... // ...
@ -1561,6 +1584,14 @@ public class SecurityConfig {
new JwtBearerOAuth2AuthorizedClientProvider(); new JwtBearerOAuth2AuthorizedClientProvider();
jwtBearerAuthorizedClientProvider.setAccessTokenResponseClient(jwtBearerAccessTokenResponseClient); jwtBearerAuthorizedClientProvider.setAccessTokenResponseClient(jwtBearerAccessTokenResponseClient);
DefaultTokenExchangeTokenResponseClient tokenExchangeAccessTokenResponseClient =
new DefaultTokenExchangeTokenResponseClient();
tokenExchangeAccessTokenResponseClient.setRestOperations(restTemplate());
TokenExchangeOAuth2AuthorizedClientProvider tokenExchangeAuthorizedClientProvider =
new TokenExchangeOAuth2AuthorizedClientProvider();
tokenExchangeAuthorizedClientProvider.setAccessTokenResponseClient(tokenExchangeAccessTokenResponseClient);
OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProvider authorizedClientProvider =
OAuth2AuthorizedClientProviderBuilder.builder() OAuth2AuthorizedClientProviderBuilder.builder()
.authorizationCode() .authorizationCode()
@ -1574,6 +1605,7 @@ public class SecurityConfig {
.accessTokenResponseClient(passwordAccessTokenResponseClient) .accessTokenResponseClient(passwordAccessTokenResponseClient)
) )
.provider(jwtBearerAuthorizedClientProvider) .provider(jwtBearerAuthorizedClientProvider)
.provider(tokenExchangeAuthorizedClientProvider)
.build(); .build();
DefaultOAuth2AuthorizedClientManager authorizedClientManager = DefaultOAuth2AuthorizedClientManager authorizedClientManager =
@ -1644,6 +1676,12 @@ class SecurityConfig {
val jwtBearerAuthorizedClientProvider = JwtBearerOAuth2AuthorizedClientProvider() val jwtBearerAuthorizedClientProvider = JwtBearerOAuth2AuthorizedClientProvider()
jwtBearerAuthorizedClientProvider.setAccessTokenResponseClient(jwtBearerAccessTokenResponseClient) jwtBearerAuthorizedClientProvider.setAccessTokenResponseClient(jwtBearerAccessTokenResponseClient)
val tokenExchangeAccessTokenResponseClient = DefaultTokenExchangeTokenResponseClient()
tokenExchangeAccessTokenResponseClient.setRestOperations(restTemplate())
val tokenExchangeAuthorizedClientProvider = TokenExchangeOAuth2AuthorizedClientProvider()
tokenExchangeAuthorizedClientProvider.setAccessTokenResponseClient(tokenExchangeAccessTokenResponseClient)
val authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder() val authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
.authorizationCode() .authorizationCode()
.refreshToken { refreshToken -> .refreshToken { refreshToken ->
@ -1656,6 +1694,7 @@ class SecurityConfig {
password.accessTokenResponseClient(passwordAccessTokenResponseClient) password.accessTokenResponseClient(passwordAccessTokenResponseClient)
} }
.provider(jwtBearerAuthorizedClientProvider) .provider(jwtBearerAuthorizedClientProvider)
.provider(tokenExchangeAuthorizedClientProvider)
.build() .build()
val authorizedClientManager = DefaultOAuth2AuthorizedClientManager( val authorizedClientManager = DefaultOAuth2AuthorizedClientManager(

Write Preview
Loading…
Cancel
Save