Package com.c4_soft.springaddons.security.oidc.starter.reactive.client

Class SpringAddonsServerOAuth2AuthorizationRequestResolver

java.lang.Object

com.c4_soft.springaddons.security.oidc.starter.reactive.client.SpringAddonsServerOAuth2AuthorizationRequestResolver

All Implemented Interfaces:

org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver

public class SpringAddonsServerOAuth2AuthorizationRequestResolver
extends Object
implements org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver

Serves three purposes:

• Use the SpringAddonsOidcClientProperties#client-uri to set the base URI of authorization-code callback (of interest for instance when using an ingress or another gateway in front of the OAuth2 client with oauth2Login)
• Add the query params taken from authorization-request-params in application properties
• Save in session post-login URIs provided as header (SpringAddonsOidcClientProperties.POST_AUTHENTICATION_SUCCESS_URI_HEADER and SpringAddonsOidcClientProperties.POST_AUTHENTICATION_FAILURE_URI_HEADER) or request param (SpringAddonsOidcClientProperties.POST_AUTHENTICATION_SUCCESS_URI_PARAM and SpringAddonsOidcClientProperties.POST_AUTHENTICATION_FAILURE_URI_PARAM). If both are provided, header wins. The key used in session are SpringAddonsOidcClientProperties.POST_AUTHENTICATION_SUCCESS_URI_SESSION_ATTRIBUTE and SpringAddonsOidcClientProperties.POST_AUTHENTICATION_FAILURE_URI_SESSION_ATTRIBUTE.

The post-login URIs are used by the default ServerAuthenticationSuccessHandler and ServerAuthenticationFailureHandler

When needing fancy request customizers (for instance to add parameters with name or value computed at runtime), you may extend this class and override getOAuth2AuthorizationRequestCustomizer(ServerWebExchange, String)

Author:

Jerome Wacongne ch4mp@c4-soft.com

See Also:

• for header and request parameter constants definitions
• SpringAddonsOauth2ServerAuthenticationSuccessHandler
• SpringAddonsOauth2ServerAuthenticationFailureHandler

Constructor Summary

Constructors

Constructor	Description
SpringAddonsServerOAuth2AuthorizationRequestResolver(org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties bootClientProperties, org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository clientRegistrationRepository, SpringAddonsOidcClientProperties addonsClientProperties)

Method Summary

Modifier and Type	Method	Description
protected CompositeOAuth2AuthorizationRequestCustomizer	getCompositeOAuth2AuthorizationRequestCustomizer(String clientRegistrationId)
protected Consumer<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder>	getOAuth2AuthorizationRequestCustomizer(org.springframework.web.server.ServerWebExchange exchange, String clientRegistrationId)	Override this to use a "dynamic" request customizer.
protected org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver	getRequestResolver(org.springframework.web.server.ServerWebExchange exchange, String clientRegistrationId)	You probably don't need to override this.
reactor.core.publisher.Mono<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>	resolve(org.springframework.web.server.ServerWebExchange exchange)
reactor.core.publisher.Mono<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>	resolve(org.springframework.web.server.ServerWebExchange exchange, String clientRegistrationId)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SpringAddonsServerOAuth2AuthorizationRequestResolver

public SpringAddonsServerOAuth2AuthorizationRequestResolver(org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties bootClientProperties,
 org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository clientRegistrationRepository,
 SpringAddonsOidcClientProperties addonsClientProperties)

Method Details

resolve

public reactor.core.publisher.Mono<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest> resolve(org.springframework.web.server.ServerWebExchange exchange)

Specified by:

resolve in interface org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver

resolve

public reactor.core.publisher.Mono<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest> resolve(org.springframework.web.server.ServerWebExchange exchange,
 String clientRegistrationId)

Specified by:

resolve in interface org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver

getRequestResolver

protected org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver getRequestResolver(org.springframework.web.server.ServerWebExchange exchange,
 String clientRegistrationId)

You probably don't need to override this. See getOAuth2AuthorizationRequestCustomizer to add advanced request customizer(s)

Parameters:

exchange -

clientRegistrationId -

Returns:

getOAuth2AuthorizationRequestCustomizer

protected Consumer<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder> getOAuth2AuthorizationRequestCustomizer(org.springframework.web.server.ServerWebExchange exchange,
 String clientRegistrationId)

Override this to use a "dynamic" request customizer. Something like:

 return new CompositeOAuth2AuthorizationRequestCustomizer(getCompositeOAuth2AuthorizationRequestCustomizer(clientRegistrationId), new MyDynamicCustomizer(request), ...);
 

Returns:

getCompositeOAuth2AuthorizationRequestCustomizer

protected CompositeOAuth2AuthorizationRequestCustomizer getCompositeOAuth2AuthorizationRequestCustomizer(String clientRegistrationId)

Returns:

a request customizer adding PKCE token (if activated) and "static" parameters defined in spring-addons properties