/** * Return the request attribute value if present. * @param name the attribute name * @return the attribute value */ default Optional<Object> attribute(String name) { return Optional.ofNullable(attributes().get(name)); }
private static ServerWebExchange serverWebExchange(ClientRequest request) { return (ServerWebExchange) request.attributes().get(SERVER_WEB_EXCHANGE_ATTR_NAME); }
private static OAuth2AuthorizedClient oauth2AuthorizedClient(ClientRequest request) { return (OAuth2AuthorizedClient) request.attributes().get(OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME); }
private static String clientRegistrationId(ClientRequest request) { OAuth2AuthorizedClient authorizedClient = oauth2AuthorizedClient(request); if (authorizedClient != null) { return authorizedClient.getClientRegistration().getRegistrationId(); } return (String) request.attributes().get(CLIENT_REGISTRATION_ID_ATTR_NAME); }
/** * Variant of {@link #basicAuthentication(String, String)} that looks up * the {@link Credentials Credentials} in a * {@link #BASIC_AUTHENTICATION_CREDENTIALS_ATTRIBUTE request attribute}. * @return the filter to use * @see Credentials * @deprecated as of Spring 5.1 in favor of using * {@link HttpHeaders#setBasicAuth(String, String)} while building the request. */ @Deprecated public static ExchangeFilterFunction basicAuthentication() { return (request, next) -> { Object attr = request.attributes().get(BASIC_AUTHENTICATION_CREDENTIALS_ATTRIBUTE); if (attr instanceof Credentials) { Credentials cred = (Credentials) attr; return next.exchange(ClientRequest.from(request) .headers(headers -> headers.setBasicAuth(cred.username, cred.password)) .build()); } else { return next.exchange(request); } }; }
public DefaultClientRequestBuilder(ClientRequest other) { Assert.notNull(other, "ClientRequest must not be null"); this.method = other.method(); this.url = other.url(); headers(headers -> headers.addAll(other.headers())); cookies(cookies -> cookies.addAll(other.cookies())); attributes(attributes -> attributes.putAll(other.attributes())); body(other.body()); }
private Mono<OAuth2AuthorizedClient> authorizedClient(ClientRequest request, ExchangeFunction next, OAuth2AuthorizedClient authorizedClient) { ClientRegistration clientRegistration = authorizedClient.getClientRegistration(); if (isClientCredentialsGrantType(clientRegistration) && hasTokenExpired(authorizedClient)) { // Client credentials grant do not have refresh tokens but can expire so we need to get another one return Mono.fromSupplier(() -> authorizeWithClientCredentials(clientRegistration, request.attributes())); } else if (shouldRefreshToken(authorizedClient)) { return authorizeWithRefreshToken(request, next, authorizedClient); } return Mono.just(authorizedClient); }
@Test public void defaultRequest() { ThreadLocal<String> context = new NamedThreadLocal<>("foo"); Map<String, Object> actual = new HashMap<>(); ExchangeFilterFunction filter = (request, next) -> { actual.putAll(request.attributes()); return next.exchange(request); }; WebClient client = this.builder .defaultRequest(spec -> spec.attribute("foo", context.get())) .filter(filter) .build(); try { context.set("bar"); client.get().uri("/path").attribute("foo", "bar").exchange(); } finally { context.remove(); } assertEquals("bar", actual.get("foo")); }
@Test public void withStringAttribute() { Map<String, Object> actual = new HashMap<>(); ExchangeFilterFunction filter = (request, next) -> { actual.putAll(request.attributes()); return next.exchange(request); }; this.builder.filter(filter).build() .get().uri("/path") .attribute("foo", "bar") .exchange(); assertEquals("bar", actual.get("foo")); ClientRequest request = verifyAndGetRequest(); assertEquals("bar", request.attribute("foo").get()); }
@Test public void withNullAttribute() { Map<String, Object> actual = new HashMap<>(); ExchangeFilterFunction filter = (request, next) -> { actual.putAll(request.attributes()); return next.exchange(request); }; this.builder.filter(filter).build() .get().uri("/path") .attribute("foo", null) .exchange(); assertNull(actual.get("foo")); ClientRequest request = verifyAndGetRequest(); assertFalse(request.attribute("foo").isPresent()); }
private Mono<OAuth2AuthorizedClient> authorizeWithRefreshToken(ClientRequest request, ExchangeFunction next, OAuth2AuthorizedClient authorizedClient) { ClientRegistration clientRegistration = authorizedClient .getClientRegistration(); String tokenUri = clientRegistration .getProviderDetails().getTokenUri(); ClientRequest refreshRequest = ClientRequest.create(HttpMethod.POST, URI.create(tokenUri)) .header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE) .headers(headers -> headers.setBasicAuth(clientRegistration.getClientId(), clientRegistration.getClientSecret())) .body(refreshTokenBody(authorizedClient.getRefreshToken().getTokenValue())) .build(); return next.exchange(refreshRequest) .flatMap(response -> response.body(oauth2AccessTokenResponse())) .map(accessTokenResponse -> new OAuth2AuthorizedClient(authorizedClient.getClientRegistration(), authorizedClient.getPrincipalName(), accessTokenResponse.getAccessToken(), accessTokenResponse.getRefreshToken())) .map(result -> { Authentication principal = (Authentication) request.attribute( AUTHENTICATION_ATTR_NAME).orElse(new PrincipalNameAuthentication(authorizedClient.getPrincipalName())); HttpServletRequest httpRequest = (HttpServletRequest) request.attributes().get( HTTP_SERVLET_REQUEST_ATTR_NAME); HttpServletResponse httpResponse = (HttpServletResponse) request.attributes().get( HTTP_SERVLET_RESPONSE_ATTR_NAME); this.authorizedClientRepository.saveAuthorizedClient(result, principal, httpRequest, httpResponse); return result; }) .publishOn(Schedulers.elastic()); }
private Mono<ClientResponse> redirectIfNecessary(ClientRequest request, ExchangeFunction next, ClientResponse response) { URI location = response.headers().asHttpHeaders().getLocation(); String host = request.url().getHost(); String scheme = request.url().getScheme(); if (location != null) { String redirectUrl = location.toASCIIString(); if (location.getHost() == null) { redirectUrl = scheme+ "://" + host + location.toASCIIString(); } ClientRequest redirect = ClientRequest.method(HttpMethod.GET, URI.create(redirectUrl)) .headers(headers -> headers.addAll(request.headers())) .cookies(cookies -> cookies.addAll(request.cookies())) .attributes(attributes -> attributes.putAll(request.attributes())) .build(); return next.exchange(redirect).flatMap( r -> redirectIfNecessary(request, next, r)); } return Mono.just(response); } }
@Override public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) { URI originalUrl = request.url(); String serviceId = originalUrl.getHost(); if(serviceId == null) { String msg = String.format("Request URI does not contain a valid hostname: %s", originalUrl.toString()); logger.warn(msg); return Mono.just(ClientResponse.create(HttpStatus.BAD_REQUEST).body(msg).build()); } //TODO: reactive lb client ServiceInstance instance = this.loadBalancerClient.choose(serviceId); if(instance == null) { String msg = String.format("Load balancer does not contain an instance for the service %s", serviceId); logger.warn(msg); return Mono.just(ClientResponse.create(HttpStatus.SERVICE_UNAVAILABLE).body(msg).build()); } URI uri = this.loadBalancerClient.reconstructURI(instance, originalUrl); ClientRequest newRequest = ClientRequest.method(request.method(), uri) .headers(headers -> headers.addAll(request.headers())) .cookies(cookies -> cookies.addAll(request.cookies())) .attributes(attributes -> attributes.putAll(request.attributes())) .body(request.body()) .build(); return next.exchange(newRequest); }
private static ServerWebExchange serverWebExchange(ClientRequest request) { return (ServerWebExchange) request.attributes().get(SERVER_WEB_EXCHANGE_ATTR_NAME); }
private static OAuth2AuthorizedClient oauth2AuthorizedClient(ClientRequest request) { return (OAuth2AuthorizedClient) request.attributes().get(OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME); }
private static String clientRegistrationId(ClientRequest request) { OAuth2AuthorizedClient authorizedClient = oauth2AuthorizedClient(request); if (authorizedClient != null) { return authorizedClient.getClientRegistration().getRegistrationId(); } return (String) request.attributes().get(CLIENT_REGISTRATION_ID_ATTR_NAME); }
@Override public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) { URI originalUrl = request.url(); String serviceId = originalUrl.getHost(); if(serviceId == null) { String msg = String.format("Request URI does not contain a valid hostname: %s", originalUrl.toString()); logger.warn(msg); return Mono.just(ClientResponse.create(HttpStatus.BAD_REQUEST).body(msg).build()); } //TODO: reactive lb client ServiceInstance instance = this.loadBalancerClient.choose(serviceId); if(instance == null) { String msg = String.format("Load balancer does not contain an instance for the service %s", serviceId); logger.warn(msg); return Mono.just(ClientResponse.create(HttpStatus.SERVICE_UNAVAILABLE).body(msg).build()); } URI uri = this.loadBalancerClient.reconstructURI(instance, originalUrl); ClientRequest newRequest = ClientRequest.method(request.method(), uri) .headers(headers -> headers.addAll(request.headers())) .cookies(cookies -> cookies.addAll(request.cookies())) .attributes(attributes -> attributes.putAll(request.attributes())) .body(request.body()) .build(); return next.exchange(newRequest); }
private Mono<OAuth2AuthorizedClient> refreshAuthorizedClient(ClientRequest request, ExchangeFunction next, OAuth2AuthorizedClient authorizedClient) { ClientRegistration clientRegistration = authorizedClient .getClientRegistration(); String tokenUri = clientRegistration .getProviderDetails().getTokenUri(); ClientRequest refreshRequest = ClientRequest.create(HttpMethod.POST, URI.create(tokenUri)) .header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE) .headers(headers -> headers.setBasicAuth(clientRegistration.getClientId(), clientRegistration.getClientSecret())) .body(refreshTokenBody(authorizedClient.getRefreshToken().getTokenValue())) .build(); return next.exchange(refreshRequest) .flatMap(response -> response.body(oauth2AccessTokenResponse())) .map(accessTokenResponse -> new OAuth2AuthorizedClient(authorizedClient.getClientRegistration(), authorizedClient.getPrincipalName(), accessTokenResponse.getAccessToken(), accessTokenResponse.getRefreshToken())) .map(result -> { Authentication principal = (Authentication) request.attribute( AUTHENTICATION_ATTR_NAME).orElse(new PrincipalNameAuthentication(authorizedClient.getPrincipalName())); HttpServletRequest httpRequest = (HttpServletRequest) request.attributes().get( HTTP_SERVLET_REQUEST_ATTR_NAME); HttpServletResponse httpResponse = (HttpServletResponse) request.attributes().get( HTTP_SERVLET_RESPONSE_ATTR_NAME); this.authorizedClientRepository.saveAuthorizedClient(result, principal, httpRequest, httpResponse); return result; }) .publishOn(Schedulers.elastic()); }