Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package it.giancarloparma.config;
- import java.io.IOException;
- import java.nio.charset.StandardCharsets;
- import java.util.HashMap;
- import java.util.Map;
- import java.util.function.Function;
- import org.slf4j.Logger;
- import org.slf4j.LoggerFactory;
- import org.springframework.beans.factory.annotation.Value;
- import org.springframework.boot.web.client.RestTemplateBuilder;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.http.HttpRequest;
- import org.springframework.http.client.ClientHttpRequestExecution;
- import org.springframework.http.client.ClientHttpRequestInterceptor;
- import org.springframework.http.client.ClientHttpResponse;
- import org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager;
- import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
- import org.springframework.security.oauth2.client.OAuth2AuthorizationContext;
- import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
- import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
- import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
- import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider;
- import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder;
- import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
- import org.springframework.security.oauth2.client.registration.ClientRegistration;
- import org.springframework.security.oauth2.client.registration.ClientRegistration.Builder;
- import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
- import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
- import org.springframework.security.oauth2.core.AuthorizationGrantType;
- import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
- import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
- import org.springframework.util.StringUtils;
- import org.springframework.web.client.RestTemplate;
- @Configuration
- public class GPRestTemplateConfig {
- @Value("${gp.token-uri}")
- private String accessTokenUri;
- @Value("${gp.client-id}")
- private String clientId;
- @Value("${gp.registration-id}")
- private String registrationId;
- @Value("${gp.principal}")
- private String principal;
- @Value("${gp.username}")
- private String username;
- @Value("${gp.password}")
- private String password;
- @Bean
- public OAuth2AuthorizedClientManager authorizedClientManager() {
- String tokenUri = accessTokenUri;
- Builder b = ClientRegistration.withRegistrationId(registrationId);
- b.authorizationGrantType(AuthorizationGrantType.PASSWORD);
- b.clientAuthenticationMethod(ClientAuthenticationMethod.POST);
- b.tokenUri(tokenUri);
- b.clientId(clientId);
- ClientRegistrationRepository clients = new InMemoryClientRegistrationRepository(b.build());
- OAuth2AuthorizedClientService service = new InMemoryOAuth2AuthorizedClientService(clients);
- AuthorizedClientServiceOAuth2AuthorizedClientManager manager = new AuthorizedClientServiceOAuth2AuthorizedClientManager(
- clients, service);
- OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
- .password().refreshToken().build();
- manager.setAuthorizedClientProvider(authorizedClientProvider);
- manager.setContextAttributesMapper(new Function<OAuth2AuthorizeRequest, Map<String, Object>>() {
- @Override
- public Map<String, Object> apply(OAuth2AuthorizeRequest authorizeRequest) {
- Map<String, Object> contextAttributes = new HashMap<>();
- String scope = authorizeRequest.getAttribute(OAuth2ParameterNames.SCOPE);
- if (StringUtils.hasText(scope)) {
- contextAttributes.put(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME,
- StringUtils.delimitedListToStringArray(scope, " "));
- }
- String username = authorizeRequest.getAttribute(OAuth2ParameterNames.USERNAME);
- if (StringUtils.hasText(username)) {
- contextAttributes.put(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, username);
- }
- String password = authorizeRequest.getAttribute(OAuth2ParameterNames.PASSWORD);
- if (StringUtils.hasText(password)) {
- contextAttributes.put(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, password);
- }
- return contextAttributes;
- }
- });
- return manager;
- }
- @Bean
- public RestTemplate restTemplate(RestTemplateBuilder builder, OAuth2AuthorizedClientManager manager) {
- RestTemplate restTemplate = builder.build();
- restTemplate.getInterceptors().add(new BearerTokenInterceptor(manager, username, password, registrationId));
- return restTemplate;
- }
- public class BearerTokenInterceptor implements ClientHttpRequestInterceptor {
- private OAuth2AuthorizedClientManager manager;
- private OAuth2AuthorizeRequest authorizeRequest;
- public BearerTokenInterceptor(OAuth2AuthorizedClientManager manager, String username, String password, String registrationId) {
- this.manager = manager;
- this.authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(registrationId)
- .attribute(OAuth2ParameterNames.USERNAME, username)
- .attribute(OAuth2ParameterNames.PASSWORD, password)
- .principal(principal).build();
- }
- @Override
- public ClientHttpResponse intercept(HttpRequest request, byte[] bytes, ClientHttpRequestExecution execution)
- throws IOException {
- OAuth2AuthorizedClient client = manager.authorize(authorizeRequest);
- if (client == null) {
- throw new IllegalStateException("Can't access the API without an authorized client");
- }
- String accessToken = client.getAccessToken() != null ? client.getAccessToken().getTokenValue() : null;
- if (accessToken != null) {
- request.getHeaders().add("Authorization", "Bearer " + accessToken);
- return execution.execute(request, bytes);
- } else {
- throw new IllegalStateException("Can't access the API without an access token");
- }
- }
- }
- }
Add Comment
Please, Sign In to add comment