diff --git a/spring-cloud/spring-cloud-openfeign/src/main/java/com/baeldung/cloud/openfeign/oauthfeign/OAuthClientCredentialsFeignManager.java b/spring-cloud/spring-cloud-openfeign/src/main/java/com/baeldung/cloud/openfeign/oauthfeign/OAuthClientCredentialsFeignManager.java new file mode 100644 index 0000000000..5e958a93de --- /dev/null +++ b/spring-cloud/spring-cloud-openfeign/src/main/java/com/baeldung/cloud/openfeign/oauthfeign/OAuthClientCredentialsFeignManager.java @@ -0,0 +1,85 @@ +package com.baeldung.cloud.openfeign.oauthfeign; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest; +import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; +import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager; +import org.springframework.security.oauth2.client.registration.ClientRegistration; + +import java.util.Collection; +import java.util.Collections; + +import static java.util.Objects.isNull; + +public class OAuthClientCredentialsFeignManager { + + private static final Logger logger = LoggerFactory.getLogger(OAuthClientCredentialsFeignManager.class); + + private final OAuth2AuthorizedClientManager manager; + private final Authentication principal; + private final ClientRegistration clientRegistration; + + public OAuthClientCredentialsFeignManager(OAuth2AuthorizedClientManager manager, ClientRegistration clientRegistration) { + this.manager = manager; + this.clientRegistration = clientRegistration; + this.principal = createPrincipal(); + } + + private Authentication createPrincipal() { + return new Authentication() { + @Override + public Collection getAuthorities() { + return Collections.emptySet(); + } + + @Override + public Object getCredentials() { + return null; + } + + @Override + public Object getDetails() { + return null; + } + + @Override + public Object getPrincipal() { + return this; + } + + @Override + public boolean isAuthenticated() { + return false; + } + + @Override + public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException { + } + + @Override + public String getName() { + return clientRegistration.getClientId(); + } + }; + } + + public String getAccessToken() { + try { + OAuth2AuthorizeRequest oAuth2AuthorizeRequest = OAuth2AuthorizeRequest + .withClientRegistrationId(clientRegistration.getRegistrationId()) + .principal(principal) + .build(); + OAuth2AuthorizedClient client = manager.authorize(oAuth2AuthorizeRequest); + if (isNull(client)) { + throw new IllegalStateException("client credentials flow on " + clientRegistration.getRegistrationId() + " failed, client is null"); + } + return client.getAccessToken().getTokenValue(); + } catch (Exception exp) { + logger.error("client credentials error " + exp.getMessage()); + } + return null; + } +} \ No newline at end of file diff --git a/spring-cloud/spring-cloud-openfeign/src/main/java/com/baeldung/cloud/openfeign/oauthfeign/OAuthFeignConfig.java b/spring-cloud/spring-cloud-openfeign/src/main/java/com/baeldung/cloud/openfeign/oauthfeign/OAuthFeignConfig.java new file mode 100644 index 0000000000..70ca45d86e --- /dev/null +++ b/spring-cloud/spring-cloud-openfeign/src/main/java/com/baeldung/cloud/openfeign/oauthfeign/OAuthFeignConfig.java @@ -0,0 +1,46 @@ +package com.baeldung.cloud.openfeign.oauthfeign; + +import feign.RequestInterceptor; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.oauth2.client.*; +import org.springframework.security.oauth2.client.registration.ClientRegistration; +import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; + +@Configuration +public class OAuthFeignConfig { + + public static final String CLIENT_REGISTRATION_ID = "keycloak"; + + private final OAuth2AuthorizedClientService oAuth2AuthorizedClientService; + private final ClientRegistrationRepository clientRegistrationRepository; + + public OAuthFeignConfig(OAuth2AuthorizedClientService oAuth2AuthorizedClientService, + ClientRegistrationRepository clientRegistrationRepository) { + this.oAuth2AuthorizedClientService = oAuth2AuthorizedClientService; + this.clientRegistrationRepository = clientRegistrationRepository; + } + + @Bean + public RequestInterceptor requestInterceptor() { + ClientRegistration clientRegistration = clientRegistrationRepository.findByRegistrationId(CLIENT_REGISTRATION_ID); + OAuthClientCredentialsFeignManager clientCredentialsFeignManager = + new OAuthClientCredentialsFeignManager(authorizedClientManager(), clientRegistration); + return requestTemplate -> { + requestTemplate.header("Authorization", "Bearer " + clientCredentialsFeignManager.getAccessToken()); + }; + } + + @Bean + OAuth2AuthorizedClientManager authorizedClientManager() { + OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder() + .clientCredentials() + .build(); + + AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientManager = + new AuthorizedClientServiceOAuth2AuthorizedClientManager(clientRegistrationRepository, oAuth2AuthorizedClientService); + authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider); + return authorizedClientManager; + } + +} \ No newline at end of file