Class OAuth2ClientHttpRequestInterceptor
- All Implemented Interfaces:
org.springframework.http.client.ClientHttpRequestInterceptor
OAuth2AuthorizedClient to make OAuth
2.0 requests by including the access
token as a bearer token.
Example usage:
OAuth2ClientHttpRequestInterceptor requestInterceptor =
new OAuth2ClientHttpRequestInterceptor(authorizedClientManager);
RestClient restClient = RestClient.builder()
.requestInterceptor(requestInterceptor)
.build();
String response = restClient.get()
.uri(uri)
.retrieve()
.body(String.class);
Authentication and Authorization Failures
This interceptor has the ability to forward authentication (HTTP 401 Unauthorized) and
authorization (HTTP 403 Forbidden) failures from an OAuth 2.0 Resource Server to an
OAuth2AuthorizationFailureHandler. A
RemoveAuthorizedClientOAuth2AuthorizationFailureHandler can be used to remove
the cached OAuth2AuthorizedClient, so that future requests will result in a new
token being retrieved from an Authorization Server, and sent to the Resource Server.
Use either authorizationFailureHandler(OAuth2AuthorizedClientRepository) or
authorizationFailureHandler(OAuth2AuthorizedClientService) to create a
RemoveAuthorizedClientOAuth2AuthorizationFailureHandler which can be provided
to setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler).
For example:
OAuth2AuthorizationFailureHandler authorizationFailureHandler =
OAuth2ClientHttpRequestInterceptor.authorizationFailureHandler(authorizedClientRepository);
requestInterceptor.setAuthorizationFailureHandler(authorizationFailureHandler);
- Since:
- 6.4
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic interfaceA strategy for resolving aclientRegistrationIdfrom an intercepted request.static interfaceA strategy for resolving aprincipalfrom an intercepted request. -
Constructor Summary
ConstructorsConstructorDescriptionOAuth2ClientHttpRequestInterceptor(OAuth2AuthorizedClientManager authorizedClientManager) Constructs aOAuth2ClientHttpRequestInterceptorusing the provided parameters. -
Method Summary
Modifier and TypeMethodDescriptionauthorizationFailureHandler(OAuth2AuthorizedClientService authorizedClientService) Provides anOAuth2AuthorizationFailureHandlerthat handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server using aOAuth2AuthorizedClientService.authorizationFailureHandler(OAuth2AuthorizedClientRepository authorizedClientRepository) Provides anOAuth2AuthorizationFailureHandlerthat handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server using aOAuth2AuthorizedClientRepository.org.springframework.http.client.ClientHttpResponseintercept(org.springframework.http.HttpRequest request, byte[] body, org.springframework.http.client.ClientHttpRequestExecution execution) voidsetAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler authorizationFailureHandler) Sets theOAuth2AuthorizationFailureHandlerthat handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server.voidsetClientRegistrationIdResolver(OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver clientRegistrationIdResolver) Sets the strategy for resolving aclientRegistrationIdfrom an intercepted request.voidsetPrincipalResolver(OAuth2ClientHttpRequestInterceptor.PrincipalResolver principalResolver) Sets the strategy for resolving aprincipalfrom an intercepted request.Methods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.springframework.http.client.ClientHttpRequestInterceptor
andThen, apply
-
Constructor Details
-
OAuth2ClientHttpRequestInterceptor
Constructs aOAuth2ClientHttpRequestInterceptorusing the provided parameters.- Parameters:
authorizedClientManager- theOAuth2AuthorizedClientManagerwhich manages the authorized client(s)
-
-
Method Details
-
setAuthorizationFailureHandler
public void setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler authorizationFailureHandler) Sets theOAuth2AuthorizationFailureHandlerthat handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server.For example, a
RemoveAuthorizedClientOAuth2AuthorizationFailureHandleris typically used to remove the cachedOAuth2AuthorizedClient, so that the same token is no longer used in future requests to the Resource Server.- Parameters:
authorizationFailureHandler- theOAuth2AuthorizationFailureHandlerthat handles authentication and authorization failures- See Also:
-
authorizationFailureHandler
public static OAuth2AuthorizationFailureHandler authorizationFailureHandler(OAuth2AuthorizedClientRepository authorizedClientRepository) Provides anOAuth2AuthorizationFailureHandlerthat handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server using aOAuth2AuthorizedClientRepository.When this method is used, authentication (HTTP 401) and authorization (HTTP 403) failures returned from an OAuth 2.0 Resource Server will be forwarded to a
RemoveAuthorizedClientOAuth2AuthorizationFailureHandler, which will potentially remove theOAuth2AuthorizedClientfrom the givenOAuth2AuthorizedClientRepository, depending on the OAuth 2.0 error code returned. Authentication failures returned from an OAuth 2.0 Resource Server typically indicate that the token is invalid, and should not be used in future requests. Removing the authorized client from the repository will ensure that the existing token will not be sent for future requests to the Resource Server, and a new token is retrieved from the Authorization Server and used for future requests to the Resource Server.- Parameters:
authorizedClientRepository- the repository of authorized clients- See Also:
-
authorizationFailureHandler
public static OAuth2AuthorizationFailureHandler authorizationFailureHandler(OAuth2AuthorizedClientService authorizedClientService) Provides anOAuth2AuthorizationFailureHandlerthat handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server using aOAuth2AuthorizedClientService.When this method is used, authentication (HTTP 401) and authorization (HTTP 403) failures returned from an OAuth 2.0 Resource Server will be forwarded to a
RemoveAuthorizedClientOAuth2AuthorizationFailureHandler, which will potentially remove theOAuth2AuthorizedClientfrom the givenOAuth2AuthorizedClientService, depending on the OAuth 2.0 error code returned. Authentication failures returned from an OAuth 2.0 Resource Server typically indicate that the token is invalid, and should not be used in future requests. Removing the authorized client from the repository will ensure that the existing token will not be sent for future requests to the Resource Server, and a new token is retrieved from the Authorization Server and used for future requests to the Resource Server.- Parameters:
authorizedClientService- the service used to manage authorized clients- See Also:
-
setClientRegistrationIdResolver
public void setClientRegistrationIdResolver(OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver clientRegistrationIdResolver) Sets the strategy for resolving aclientRegistrationIdfrom an intercepted request.- Parameters:
clientRegistrationIdResolver- the strategy for resolving aclientRegistrationIdfrom an intercepted request
-
setPrincipalResolver
public void setPrincipalResolver(OAuth2ClientHttpRequestInterceptor.PrincipalResolver principalResolver) Sets the strategy for resolving aprincipalfrom an intercepted request.- Parameters:
principalResolver- the strategy for resolving aprincipal
-
intercept
public org.springframework.http.client.ClientHttpResponse intercept(org.springframework.http.HttpRequest request, byte[] body, org.springframework.http.client.ClientHttpRequestExecution execution) throws IOException - Specified by:
interceptin interfaceorg.springframework.http.client.ClientHttpRequestInterceptor- Throws:
IOException
-