Add PrincipalResolver to RestClient sample

Closes gh-328

Author: sjohnr

servlet/spring-boot/java/oauth2/restclient/README.adoc

@@ -60,6 +60,14 @@ Activate one of the following profiles to try them out:
 
 4. `authentication-required` - Demonstrates a custom `ClientRegistrationIdResolver` that requires authentication using OAuth 2.0 or Open ID Connect 1.0. Uses `login-client-with-messaging` to log in.
 
+This sample also demonstrates alternate strategies for resolving a `principal` (see https://github.com/spring-projects/spring-security-samples/tree/main/servlet/spring-boot/java/oauth2/restclient/src/main/java/example/PrincipalResolverConfiguration.java[PrincipalResolverConfiguration] for more information).
+
+Activate one of the following profiles to try them out:
+
+1. `per-request` - Demonstrates an alternate setup with `RequestAttributePrincipalResolver` that resolves the principal using attributes.
+
+2. `anonymous-user` - Demonstrates a custom `PrincipalResolver` that statically resolves a `principal`. Requires specifying the `principal` via `RequestAttributePrincipalResolver.principal(Authentication)`.
+
 [TIP]
 ====
 You can activate a profile with the `./gradlew bootRun` command by adding the argument `--args='--spring.profiles.active=xyz'`.

servlet/spring-boot/java/oauth2/restclient/src/main/java/example/ClientRegistrationIdResolverConfiguration.java

@@ -116,7 +116,7 @@ private static ClientRegistrationIdResolver authenticationRequiredClientRegistra
 
 	@Configuration
 	@Profile("current-user")
-	public static class CurrentUserConfiguration {
+	public static class CurrentUserClientRegistrationIdResolverConfiguration {
 
 		@Bean
 		public ClientRegistrationIdResolver clientRegistrationIdResolver() {
@@ -127,7 +127,7 @@ public ClientRegistrationIdResolver clientRegistrationIdResolver() {
 
 	@Configuration
 	@Profile("composite")
-	public static class CompositeConfiguration {
+	public static class CompositeClientRegistrationIdResolverConfiguration {
 
 		@Bean
 		public ClientRegistrationIdResolver clientRegistrationIdResolver() {
@@ -138,7 +138,7 @@ public ClientRegistrationIdResolver clientRegistrationIdResolver() {
 
 	@Configuration
 	@Profile("authentication-required")
-	public static class AuthenticationRequiredConfiguration {
+	public static class AuthenticationRequiredClientRegistrationIdResolverConfiguration {
 
 		@Bean
 		public ClientRegistrationIdResolver clientRegistrationIdResolver() {

servlet/spring-boot/java/oauth2/restclient/src/main/java/example/PrincipalResolverConfiguration.java

@@ -0,0 +1,72 @@
+/*
+ * Copyright 2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package example;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor.PrincipalResolver;
+import org.springframework.security.oauth2.client.web.client.RequestAttributePrincipalResolver;
+import org.springframework.security.oauth2.client.web.client.SecurityContextHolderPrincipalResolver;
+
+/**
+ * Configuration for demonstrating additional strategies for resolving a {@code principal}
+ * via the {@link PrincipalResolver}. This sample uses the following profiles to
+ * demonstrate multiple configurations:
+ *
+ * <ol>
+ * <li>{@code default} - Demonstrates the default setup with
+ * {@link SecurityContextHolderPrincipalResolver}.</li>
+ * <li>{@code per-request} - Demonstrates an alternate setup with
+ * {@link RequestAttributePrincipalResolver}. Requires specifying the {@code principal}
+ * via {@link RequestAttributePrincipalResolver#principal(Authentication)}.</li>
+ * <li>{@code anonymous-user} - Demonstrates a custom {@link PrincipalResolver} that
+ * statically resolves the {@code principal}.</li>
+ * </ol>
+ *
+ * @author Steve Riesenberg
+ */
+public class PrincipalResolverConfiguration {
+
+	@Configuration
+	@Profile("per-request")
+	public static class PerRequestPrincipalResolverConfiguration {
+
+		@Bean
+		public PrincipalResolver principalResolver() {
+			return new RequestAttributePrincipalResolver();
+		}
+
+	}
+
+	@Configuration
+	@Profile("anonymous-user")
+	public static class AnonymousUserPrincipalResolverConfiguration {
+
+		@Bean
+		public PrincipalResolver principalResolver() {
+			AnonymousAuthenticationToken anonymousUser = new AnonymousAuthenticationToken("anonymous", "anonymousUser",
+					AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
+			return (request) -> anonymousUser;
+		}
+
+	}
+
+}

servlet/spring-boot/java/oauth2/restclient/src/main/java/example/RestClientConfiguration.java

@@ -25,6 +25,7 @@
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
 import org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor;
 import org.springframework.security.oauth2.client.web.client.RequestAttributeClientRegistrationIdResolver;
+import org.springframework.security.oauth2.client.web.client.SecurityContextHolderPrincipalResolver;
 import org.springframework.web.client.RestClient;
 
 /**
@@ -45,11 +46,12 @@ public RestClientConfiguration(@Value("${messages.base-url}") String baseUrl) {
 	public RestClient restClient(OAuth2AuthorizedClientManager authorizedClientManager,
 			OAuth2AuthorizedClientRepository authorizedClientRepository,
 			OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver clientRegistrationIdResolver,
-			RestClient.Builder builder) {
+			OAuth2ClientHttpRequestInterceptor.PrincipalResolver principalResolver, RestClient.Builder builder) {
 
 		OAuth2ClientHttpRequestInterceptor requestInterceptor = new OAuth2ClientHttpRequestInterceptor(
 				authorizedClientManager);
 		requestInterceptor.setClientRegistrationIdResolver(clientRegistrationIdResolver);
+		requestInterceptor.setPrincipalResolver(principalResolver);
 
 		OAuth2AuthorizationFailureHandler authorizationFailureHandler = OAuth2ClientHttpRequestInterceptor
 			.authorizationFailureHandler(authorizedClientRepository);
@@ -62,7 +64,8 @@ public RestClient restClient(OAuth2AuthorizedClientManager authorizedClientManag
 	 * This sample uses profiles to demonstrate additional strategies for resolving the
 	 * {@code clientRegistrationId}. See {@link ClientRegistrationIdResolverConfiguration}
 	 * for alternate implementations.
-	 * @return the default {@link ClientRegistrationIdResolverConfiguration}
+	 * @return the default
+	 * {@link OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver}
 	 * @see ClientRegistrationIdResolverConfiguration
 	 */
 	@Bean
@@ -71,4 +74,17 @@ public OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver clientReg
 		return new RequestAttributeClientRegistrationIdResolver();
 	}
 
+	/**
+	 * This sample uses profiles to demonstrate additional strategies for resolving the
+	 * {@code principal}. See {@link PrincipalResolverConfiguration} for alternate
+	 * implementations.
+	 * @return the default {@link OAuth2ClientHttpRequestInterceptor.PrincipalResolver}
+	 * @see PrincipalResolverConfiguration
+	 */
+	@Bean
+	@ConditionalOnMissingBean
+	public OAuth2ClientHttpRequestInterceptor.PrincipalResolver principalResolver() {
+		return new SecurityContextHolderPrincipalResolver();
+	}
+
 }