Skip to content

Commit c342b89

Browse files
committed
Remove setRequestEntityConverter
Given that RestClient does not read RequestEntity objects, let's leave it out of a class built around using RestClient Issue gh-18745 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
1 parent 5687867 commit c342b89

2 files changed

Lines changed: 9 additions & 50 deletions

File tree

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/RestClientOpaqueTokenIntrospector.java

Lines changed: 9 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,6 @@
1717
package org.springframework.security.oauth2.server.resource.introspection;
1818

1919
import java.io.Serial;
20-
import java.net.URI;
2120
import java.net.URLEncoder;
2221
import java.nio.charset.StandardCharsets;
2322
import java.time.Instant;
@@ -35,11 +34,8 @@
3534

3635
import org.springframework.core.ParameterizedTypeReference;
3736
import org.springframework.core.convert.converter.Converter;
38-
import org.springframework.http.HttpHeaders;
39-
import org.springframework.http.HttpMethod;
4037
import org.springframework.http.HttpStatus;
4138
import org.springframework.http.MediaType;
42-
import org.springframework.http.RequestEntity;
4339
import org.springframework.http.ResponseEntity;
4440
import org.springframework.security.core.GrantedAuthority;
4541
import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -71,7 +67,7 @@ public final class RestClientOpaqueTokenIntrospector implements OpaqueTokenIntro
7167

7268
private final RestClient restClient;
7369

74-
private Converter<String, RequestEntity<?>> requestEntityConverter;
70+
private final String introspectionUri;
7571

7672
private Converter<OAuth2TokenIntrospectionClaimAccessor, ? extends OAuth2AuthenticatedPrincipal> authenticationConverter = this::defaultAuthenticationConverter;
7773

@@ -85,24 +81,10 @@ public final class RestClientOpaqueTokenIntrospector implements OpaqueTokenIntro
8581
public RestClientOpaqueTokenIntrospector(String introspectionUri, RestClient restClient) {
8682
Assert.notNull(introspectionUri, "introspectionUri cannot be null");
8783
Assert.notNull(restClient, "restClient cannot be null");
88-
this.requestEntityConverter = this.defaultRequestEntityConverter(URI.create(introspectionUri));
84+
this.introspectionUri = introspectionUri;
8985
this.restClient = restClient;
9086
}
9187

92-
private Converter<String, RequestEntity<?>> defaultRequestEntityConverter(URI introspectionUri) {
93-
return (token) -> {
94-
HttpHeaders headers = requestHeaders();
95-
MultiValueMap<String, String> body = requestBody(token);
96-
return new RequestEntity<>(body, headers, HttpMethod.POST, introspectionUri);
97-
};
98-
}
99-
100-
private HttpHeaders requestHeaders() {
101-
HttpHeaders headers = new HttpHeaders();
102-
headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
103-
return headers;
104-
}
105-
10688
private MultiValueMap<String, String> requestBody(String token) {
10789
MultiValueMap<String, String> body = new LinkedMultiValueMap<>();
10890
body.add("token", token);
@@ -111,33 +93,19 @@ private MultiValueMap<String, String> requestBody(String token) {
11193

11294
@Override
11395
public OAuth2AuthenticatedPrincipal introspect(String token) {
114-
RequestEntity<?> requestEntity = this.requestEntityConverter.convert(token);
115-
if (requestEntity == null) {
116-
throw new OAuth2IntrospectionException("requestEntityConverter returned a null entity");
117-
}
118-
ResponseEntity<Map<String, Object>> responseEntity = makeRequest(requestEntity);
96+
ResponseEntity<Map<String, Object>> responseEntity = makeRequest(token);
11997
Map<String, Object> claims = adaptToNimbusResponse(responseEntity);
12098
OAuth2TokenIntrospectionClaimAccessor accessor = convertClaimsSet(claims);
12199
return this.authenticationConverter.convert(accessor);
122100
}
123101

124-
/**
125-
* Sets the {@link Converter} used for converting the OAuth 2.0 access token to a
126-
* {@link RequestEntity} representation of the OAuth 2.0 token introspection request.
127-
* @param requestEntityConverter the {@link Converter} used for converting to a
128-
* {@link RequestEntity} representation of the token introspection request
129-
*/
130-
public void setRequestEntityConverter(Converter<String, RequestEntity<?>> requestEntityConverter) {
131-
Assert.notNull(requestEntityConverter, "requestEntityConverter cannot be null");
132-
this.requestEntityConverter = requestEntityConverter;
133-
}
134-
135-
private ResponseEntity<Map<String, Object>> makeRequest(RequestEntity<?> requestEntity) {
102+
private ResponseEntity<Map<String, Object>> makeRequest(String token) {
136103
try {
137-
RestClient.RequestBodySpec spec = this.restClient.method(requestEntity.getMethod())
138-
.uri(requestEntity.getUrl())
139-
.headers((headers) -> headers.addAll(requestEntity.getHeaders()));
140-
return spec.body(requestEntity.getBody()).retrieve().toEntity(STRING_OBJECT_MAP);
104+
RestClient.RequestBodySpec spec = this.restClient.post()
105+
.uri(this.introspectionUri)
106+
.headers((h) -> h.setAccept(List.of(MediaType.APPLICATION_JSON)))
107+
.body(requestBody(token));
108+
return spec.retrieve().toEntity(STRING_OBJECT_MAP);
141109
}
142110
catch (Exception ex) {
143111
throw new OAuth2IntrospectionException(ex.getMessage(), ex);

oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/RestClientOpaqueTokenIntrospectorTests.java

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -279,15 +279,6 @@ public void introspectWhenActiveThenMapsAuthorities() throws Exception {
279279
}
280280
}
281281

282-
@Test
283-
public void setRequestEntityConverterWhenConverterIsNullThenExceptionIsThrown() {
284-
RestClient restClient = mock(RestClient.class);
285-
RestClientOpaqueTokenIntrospector introspectionClient = new RestClientOpaqueTokenIntrospector(INTROSPECTION_URL,
286-
restClient);
287-
assertThatExceptionOfType(IllegalArgumentException.class)
288-
.isThrownBy(() -> introspectionClient.setRequestEntityConverter(null));
289-
}
290-
291282
@Test
292283
public void setAuthenticationConverterWhenConverterIsNullThenExceptionIsThrown() {
293284
RestClient restClient = mock(RestClient.class);

0 commit comments

Comments
 (0)