search

spring-projects / spring-security

Spring Security
http://spring.io/projects/spring-security
Apache License 2.0
8.84k stars 5.91k forks source link

ServletOAuth2AuthorizedClientExchangeFilterFunction still uses/returns a Webclient instead of RestClient #16083

Closed mhayen closed 1 week ago

mhayen commented 1 week ago

Describe the bug In the 6.4-RC1 release RestClient support is being upgraded to provide more or less the same functionality as Webclient has, but when trying to replicate the WebClient setup into RestClient, the supposedly Servlet oriented class ServletOAuth2AuthorizedClientExchangeFilterFunction still uses a WebClient.

To Reproduce Try to port this 

    @Bean
    public WebClient.Builder webClientBuilder2(OAuth2AuthorizedClientManager clientManager) {
        var oauth = new ServletOAuth2AuthorizedClientExchangeFilterFunction(clientManager);
        oauth.setDefaultClientRegistrationId("some_client");
        return WebClient.builder()
                .filter(oauth);
    }

to 

    @Bean
    public RestClient.Builder restClientBuilder(OAuth2AuthorizedClientManager clientManager) {
        var oauth2 = new ServletOAuth2AuthorizedClientExchangeFilterFunction(clientManager);
        oauth2.setDefaultClientRegistrationId("test_data");
        return RestClient.builder().apply(oauth2.oauth2Configuration())
                .build();
    }

Expected behavior To be able to use the servlet stack

sjohnr commented 1 week ago

@mhayen thanks for trying the new support!

In the 6.4-RC1 release RestClient support is being upgraded to provide more or less the same functionality as Webclient has, but when trying to replicate the WebClient setup into RestClient, the supposedly Servlet oriented class ServletOAuth2AuthorizedClientExchangeFilterFunction still uses a WebClient.

Please see the latest version of the reference for an example of using RestClient, which demonstrates the correct set up. You can read more about RestClient support there as well.

Try to port this

As you will see in the reference, it is not intended that you apply the ServletOAuth2AuthorizedClientExchangeFilterFunction to a RestClient since that API is not compatible. If you have any further questions, please open a question on Stack Overflow and share the link here.

I'm going to close this issue with the above explanation.