Stop creating a primary `Oauth2RestTemplate`

This commit removes the creation of a `@Primary` `OAuth2RestTemplate` and updates the documentation accordingly. Once #5507 is implemented we could revisit this area to provide a way for users to easily create such a bean. Closes gh-5202
9 years ago · 00f9adafd7
parent c11b28c3c7
commit 00f9adafd7
3 changed files with 111 additions and 21 deletions
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2RestOperationsConfiguration.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2RestOperationsConfiguration.java
@ -43,10 +43,7 @@ import org.springframework.core.type.AnnotatedTypeMetadata;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
 import org.springframework.security.oauth2.client.OAuth2ClientContext;
 import org.springframework.security.oauth2.client.OAuth2RestTemplate;
 import org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter;
 import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
 import org.springframework.security.oauth2.client.token.AccessTokenRequest;
 import org.springframework.security.oauth2.client.token.DefaultAccessTokenRequest;
 import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
@ -69,15 +66,6 @@ import org.springframework.util.StringUtils;
@Conditional(OAuth2ClientIdCondition.class)
 public class OAuth2RestOperationsConfiguration {
 	@Bean
 	@Primary
 	public OAuth2RestTemplate oauth2RestTemplate(OAuth2ClientContext oauth2ClientContext,
 			OAuth2ProtectedResourceDetails details) {
 		OAuth2RestTemplate template = new OAuth2RestTemplate(details,
 				oauth2ClientContext);
 		return template;
 	}
 	@Configuration
 	@ConditionalOnNotWebApplication
 	protected static class SingletonScopedConfiguration {
--- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/sso/CustomRestTemplateBasicOAuth2SsoConfigurationTests.java
+++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/sso/CustomRestTemplateBasicOAuth2SsoConfigurationTests.java
@ -0,0 +1,86 @@
 /*
 * Copyright 2012-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.springframework.boot.autoconfigure.security.oauth2.sso;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.security.oauth2.OAuth2AutoConfiguration;
 import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.context.annotation.Primary;
 import org.springframework.test.annotation.DirtiesContext;
 import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.web.client.RestTemplate;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verifyZeroInteractions;
 /**
 * Test to validate that a custom {@link RestTemplate} can be defined
 * with OAuth2 SSO.
 *
 * @author Stephane Nicoll
 */
@RunWith(SpringRunner.class)
@DirtiesContext
@SpringBootTest
@TestPropertySource(properties = {"security.oauth2.client.clientId=client",
 		"security.oauth2.client.clientSecret=secret",
 		"security.oauth2.client.userAuthorizationUri=http://example.com/oauth/authorize",
 		"security.oauth2.client.accessTokenUri=http://example.com/oauth/token",
 		"security.oauth2.resource.jwt.keyValue=SSSSHHH"})
 public class CustomRestTemplateBasicOAuth2SsoConfigurationTests {
 	@Autowired
 	private ApplicationContext applicationContext;
 	@Autowired
 	private ObjectProvider<RestTemplate> restTemplateProvider;
 	@Test
 	public void customRestTemplateCanBePrimary() {
 		RestTemplate restTemplate = this.restTemplateProvider.getIfAvailable();
 		verifyZeroInteractions(restTemplate);
 		assertThat(this.applicationContext.getBeansOfType(RestTemplate.class)).hasSize(2);
 	}
 	@Configuration
 	@Import(OAuth2AutoConfiguration.class)
 	@EnableOAuth2Sso
 	@MinimalSecureWebConfiguration
 	protected static class TestConfiguration {
 		@Bean
 		@Primary
 		public RestTemplate myRestTemplate() {
 			return mock(RestTemplate.class);
 		}
 	}
 }
--- a/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc
+++ b/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc
@ -2296,11 +2296,27 @@ language feature). Example:
 [[boot-features-security-custom-user-info-client]]
 ==== Client
-To make your webapp into an OAuth2 client you can simply add `@EnableOAuth2Client` and
+To make your web-app into an OAuth2 client you can simply add `@EnableOAuth2Client` and
-Spring Boot will create an `OAuth2RestTemplate` for you to `@Autowire`. It uses the
+Spring Boot will create a `OAuth2ClientContext` and `OAuth2ProtectedResourceDetails` that
-`security.oauth2.client.*` as credentials (the same as you might be using in the
+are necessary to create an `OAuth2RestOperations`. Spring Boot does not automatically
-Authorization Server), but in addition it will need to know the authorization and token
+create such bean but you can easily create your own:
-URIs in the Authorization Server. For example:
+
 [source,java,indent=0]
 ----
 	@Bean
 	public OAuth2RestTemplate oauth2RestTemplate(OAuth2ClientContext oauth2ClientContext,
 			OAuth2ProtectedResourceDetails details) {
 		return new OAuth2RestTemplate(details, oauth2ClientContext);
 	}
 ----
 NOTE: You may want to add a qualifier and review your configuration as more than one
 `RestTemplate` may be defined in your application.
 This configuration uses `security.oauth2.client.*` as credentials (the same as you might
 be using in the Authorization Server), but in addition it will need to know the
 authorization and token URIs in the Authorization Server. For example:
 .application.yml
 [source,yaml,indent=0]
@ -2332,12 +2348,12 @@ instance, your OAuth2 provider doesn't like header authentication). In fact, the
 `security.oauth2.client.*` properties are bound to an instance of
 `AuthorizationCodeResourceDetails` so all its properties can be specified.
-TIP: In a non-web application you can still `@Autowire` an `OAuth2RestOperations` and it
+TIP: In a non-web application you can still create an `OAuth2RestOperations` and it
 is still wired into the `security.oauth2.client.*` configuration. In this case it is a
 "`client credentials token grant`" you will be asking for if you use it (and there is no
-need to use `@EnableOAuth2Client` or `@EnableOAuth2Sso`). To switch it off, just remove
+need to use `@EnableOAuth2Client` or `@EnableOAuth2Sso`). To prevent that infrastructure
-the `security.oauth2.client.client-id` from your configuration (or make it the empty
+to be defined, just remove the `security.oauth2.client.client-id` from your configuration
-string).
+(or make it the empty string).