feat: Add initial implementation for oauth2 support in the spring cloud config client

Signed-off-by: prafsoni <prafsoni@gmail.com>

Author: prafsoni

spring-cloud-config-client/pom.xml

@@ -58,6 +58,10 @@
 			<artifactId>spring-boot-starter-actuator</artifactId>
 			<optional>true</optional>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security-oauth2-client</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-aspectj</artifactId>

spring-cloud-config-client/src/main/java/org/springframework/cloud/config/client/ConfigClientProperties.java

@@ -28,6 +28,7 @@
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.security.oauth2.client.autoconfigure.OAuth2ClientProperties;
 import org.springframework.cloud.config.environment.EnvironmentMediaType;
 import org.springframework.cloud.configuration.TlsProperties;
 import org.springframework.core.env.Environment;
@@ -185,6 +186,8 @@ public class ConfigClientProperties {
 	 */
 	private boolean sendAllLabels = false;
 
+	private OAuth2Properties oauth2 = new OAuth2Properties();
+
 	ConfigClientProperties() {
 	}
 
@@ -352,6 +355,14 @@ public void setSendAllLabels(boolean sendAllLabels) {
 		this.sendAllLabels = sendAllLabels;
 	}
 
+	public OAuth2Properties getOauth2() {
+		return oauth2;
+	}
+
+	public void setOauth2(OAuth2Properties oauth2) {
+		this.oauth2 = oauth2;
+	}
+
 	private Credentials extractCredentials(int index) {
 		Credentials result = new Credentials();
 		int noOfUrl = this.uri.length;
@@ -441,7 +452,8 @@ public String toString() {
 				+ Arrays.toString(this.uri) + ", mediaType=" + this.mediaType + ", discovery=" + this.discovery
 				+ ", failFast=" + this.failFast + ", token=" + this.token + ", requestConnectTimeout="
 				+ this.requestConnectTimeout + ", requestReadTimeout=" + this.requestReadTimeout + ", sendState="
-				+ this.sendState + ", headers=" + this.headers + ", sendAllLabels=" + this.sendAllLabels + "]";
+				+ this.sendState + ", headers=" + this.headers + ", sendAllLabels=" + this.sendAllLabels + ", oauth2"
+				+ this.oauth2 + "]";
 	}
 
 	/**
@@ -526,4 +538,52 @@ public enum MultipleUriStrategy {
 
 	}
 
+	public static class OAuth2Properties {
+
+		/**
+		 * Default client registration id.
+		 */
+		public static final String CLIENT_REGISTRATION_ID = "config-oauth2-client";
+
+		/**
+		 * Flag to say that the remote configuration server is configured with OAuth2.
+		 * Default false.;
+		 */
+		private boolean enabled = false;
+
+		private OAuth2ClientProperties.Provider provider = new OAuth2ClientProperties.Provider();
+
+		private OAuth2ClientProperties.Registration registration = new OAuth2ClientProperties.Registration();
+
+		public boolean isEnabled() {
+			return enabled;
+		}
+
+		public void setEnabled(boolean enabled) {
+			this.enabled = enabled;
+		}
+
+		public OAuth2ClientProperties.Provider getProvider() {
+			return provider;
+		}
+
+		public void setProvider(OAuth2ClientProperties.Provider provider) {
+			this.provider = provider;
+		}
+
+		public OAuth2ClientProperties.Registration getRegistration() {
+			return registration;
+		}
+
+		public void setRegistration(OAuth2ClientProperties.Registration registration) {
+			this.registration = registration;
+		}
+
+		@Override
+		public String toString() {
+			return "OAuth2Properties [" + "enabled=" + enabled + "]";
+		}
+
+	}
+
 }

spring-cloud-config-client/src/main/java/org/springframework/cloud/config/client/ConfigClientRequestTemplateFactory.java

@@ -18,9 +18,10 @@
 
 import java.io.IOException;
 import java.security.GeneralSecurityException;
-import java.util.Arrays;
+import java.util.ArrayList;
 import java.util.Base64;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
 
@@ -35,6 +36,8 @@
 import org.apache.hc.core5.http.io.SocketConfig;
 import org.apache.hc.core5.util.Timeout;
 
+import org.springframework.boot.security.oauth2.client.autoconfigure.OAuth2ClientProperties;
+import org.springframework.boot.security.oauth2.client.autoconfigure.OAuth2ClientPropertiesMapper;
 import org.springframework.cloud.configuration.SSLContextFactory;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpRequest;
@@ -44,6 +47,16 @@
 import org.springframework.http.client.ClientHttpResponse;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.http.client.SimpleClientHttpRequestFactory;
+import org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager;
+import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
+import org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor;
 import org.springframework.web.client.RestTemplate;
 
 import static org.springframework.cloud.config.client.ConfigClientProperties.AUTHORIZATION;
@@ -77,15 +90,67 @@ public RestTemplate create() {
 
 		ClientHttpRequestFactory requestFactory = createHttpRequestFactory(properties);
 		RestTemplate template = new RestTemplate(requestFactory);
+
+		final List<ClientHttpRequestInterceptor> interceptors = new ArrayList<>();
 		Map<String, String> headers = new HashMap<>(properties.getHeaders());
 		headers.remove(AUTHORIZATION); // To avoid redundant addition of header
 		if (!headers.isEmpty()) {
-			template.setInterceptors(Arrays.asList(new GenericRequestHeaderInterceptor(headers)));
+			interceptors.add(new GenericRequestHeaderInterceptor(headers));
+		}
+
+		if (properties.getOauth2().isEnabled()) {
+			ClientHttpRequestInterceptor oauth2Interceptor = createOauth2Interceptor(properties.getOauth2());
+			interceptors.add(oauth2Interceptor);
 		}
+		template.setInterceptors(interceptors);
 
 		return template;
 	}
 
+	private ClientHttpRequestInterceptor createOauth2Interceptor(ConfigClientProperties.OAuth2Properties properties) {
+		final OAuth2AuthorizedClientManager authorizedClientManager = createAuthorizedClientManager(properties);
+		OAuth2ClientHttpRequestInterceptor oauth2Interceptor = new OAuth2ClientHttpRequestInterceptor(
+				authorizedClientManager);
+		oauth2Interceptor
+			.setClientRegistrationIdResolver(request -> ConfigClientProperties.OAuth2Properties.CLIENT_REGISTRATION_ID);
+		return oauth2Interceptor;
+	}
+
+	private OAuth2AuthorizedClientManager createAuthorizedClientManager(
+			ConfigClientProperties.OAuth2Properties properties) {
+
+		OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
+			.clientCredentials()
+			.refreshToken()
+			.build();
+
+		ClientRegistrationRepository clientRegistrationRepository = clientRegistrationRepository(properties);
+
+		OAuth2AuthorizedClientService authorizedClientService = new InMemoryOAuth2AuthorizedClientService(
+				clientRegistrationRepository);
+
+		AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientManager = new AuthorizedClientServiceOAuth2AuthorizedClientManager(
+				clientRegistrationRepository, authorizedClientService);
+		authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
+		return authorizedClientManager;
+	}
+
+	private ClientRegistrationRepository clientRegistrationRepository(
+			ConfigClientProperties.OAuth2Properties properties) {
+		OAuth2ClientProperties oauth2ClientProperties = new OAuth2ClientProperties();
+		properties.getRegistration().setProvider(null); // In case it was set in config
+														// properties
+		oauth2ClientProperties.getRegistration()
+			.put(ConfigClientProperties.OAuth2Properties.CLIENT_REGISTRATION_ID, properties.getRegistration());
+		oauth2ClientProperties.getProvider()
+			.put(ConfigClientProperties.OAuth2Properties.CLIENT_REGISTRATION_ID, properties.getProvider());
+		oauth2ClientProperties.afterPropertiesSet();
+
+		List<ClientRegistration> registrations = new ArrayList<>(
+				new OAuth2ClientPropertiesMapper(oauth2ClientProperties).asClientRegistrations().values());
+		return new InMemoryClientRegistrationRepository(registrations);
+	}
+
 	protected ClientHttpRequestFactory createHttpRequestFactory(ConfigClientProperties client) {
 		if (client.getTls().isEnabled()) {
 			try {