diff --git a/generators/server/templates/src/main/java/package/config/OAuth2Configuration.java.ejs b/generators/server/templates/src/main/java/package/config/OAuth2Configuration.java.ejs index 601d91556e5..5744dd02dc0 100644 --- a/generators/server/templates/src/main/java/package/config/OAuth2Configuration.java.ejs +++ b/generators/server/templates/src/main/java/package/config/OAuth2Configuration.java.ejs @@ -1,9 +1,11 @@ <%_ const reactivePrefix = reactive ? 'Reactive' : '' %> package <%= packageName %>.config; +import java.time.Duration; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.oauth2.client.<%= reactivePrefix %>OAuth2AuthorizedClientManager; +import org.springframework.security.oauth2.client.<%= reactivePrefix %>OAuth2AuthorizedClientProviderBuilder; import org.springframework.security.oauth2.client.registration.<%= reactivePrefix %>ClientRegistrationRepository; import org.springframework.security.oauth2.client.web.Default<%= reactivePrefix %>OAuth2AuthorizedClientManager; import org.springframework.security.oauth2.client.web.<%= reactive ? 'server.Server' : '' %>OAuth2AuthorizedClientRepository; @@ -16,10 +18,21 @@ public class OAuth2Configuration { <%= reactivePrefix %>ClientRegistrationRepository clientRegistrationRepository, <%= reactive ? 'Server' : '' %>OAuth2AuthorizedClientRepository authorizedClientRepository ) { - <%= reactivePrefix %>OAuth2AuthorizedClientManager authorizedClientManager = new Default<%= reactivePrefix %>OAuth2AuthorizedClientManager( + Default<%= reactivePrefix %>OAuth2AuthorizedClientManager authorizedClientManager = new Default<%= reactivePrefix %>OAuth2AuthorizedClientManager( clientRegistrationRepository, authorizedClientRepository ); + + authorizedClientManager.setAuthorizedClientProvider( + <%= reactivePrefix %>OAuth2AuthorizedClientProviderBuilder + .builder() + .authorizationCode() + .refreshToken(builder -> builder.clockSkew(Duration.ofMinutes(1))) + .clientCredentials() + .password() + .build() + ); + return authorizedClientManager; } } diff --git a/generators/server/templates/src/main/java/package/config/WebConfigurer.java.ejs b/generators/server/templates/src/main/java/package/config/WebConfigurer.java.ejs index a3f7a4d1604..13decb19dd2 100644 --- a/generators/server/templates/src/main/java/package/config/WebConfigurer.java.ejs +++ b/generators/server/templates/src/main/java/package/config/WebConfigurer.java.ejs @@ -111,16 +111,12 @@ public class WebConfigurer implements <% if (!reactive) { %>ServletContextInitia this.jHipsterProperties = jHipsterProperties; <%_ if (devDatabaseTypeH2Any && reactive) { _%> if (env.acceptsProfiles(Profiles.of(JHipsterConstants.SPRING_PROFILE_DEVELOPMENT))) { - <%_ if (!applicationTypeMonolith) { _%> try { - <%_ } _%> H2ConfigurationHelper.initH2Console(); - <%_ if (!applicationTypeMonolith) { _%> } catch (Exception e) { - // Console may already be running on another app. + // Console may already be running on another app or after a refresh. e.printStackTrace(); }; - <%_ } _%> } <%_ } _%> } diff --git a/generators/server/templates/src/main/java/package/web/filter/OAuth2ReactiveRefreshTokensWebFilter.java.ejs b/generators/server/templates/src/main/java/package/web/filter/OAuth2ReactiveRefreshTokensWebFilter.java.ejs index 4ba2c59c522..0064abccf3c 100644 --- a/generators/server/templates/src/main/java/package/web/filter/OAuth2ReactiveRefreshTokensWebFilter.java.ejs +++ b/generators/server/templates/src/main/java/package/web/filter/OAuth2ReactiveRefreshTokensWebFilter.java.ejs @@ -46,6 +46,7 @@ public class OAuth2ReactiveRefreshTokensWebFilter implements WebFilter { .filter(principal -> principal instanceof OAuth2AuthenticationToken) .cast(OAuth2AuthenticationToken.class) .flatMap(authentication -> authorizedClient(exchange, authentication)) + .onErrorResume(e -> Mono.empty()) .thenReturn(exchange) .flatMap(chain::filter); } diff --git a/generators/server/templates/src/main/java/package/web/filter/OAuth2RefreshTokensWebFilter.java.ejs b/generators/server/templates/src/main/java/package/web/filter/OAuth2RefreshTokensWebFilter.java.ejs index 71dacfece8f..3c749b5a3ab 100644 --- a/generators/server/templates/src/main/java/package/web/filter/OAuth2RefreshTokensWebFilter.java.ejs +++ b/generators/server/templates/src/main/java/package/web/filter/OAuth2RefreshTokensWebFilter.java.ejs @@ -30,6 +30,14 @@ import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest; import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager; import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; +import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; +import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver; +import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter; +import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver; +import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; +import org.springframework.security.web.DefaultRedirectStrategy; +import org.springframework.security.web.RedirectStrategy; import org.springframework.stereotype.Component; import org.springframework.web.filter.OncePerRequestFilter; @@ -40,16 +48,39 @@ import org.springframework.web.filter.OncePerRequestFilter; public class OAuth2RefreshTokensWebFilter extends OncePerRequestFilter { private final OAuth2AuthorizedClientManager clientManager; + private final OAuth2AuthorizedClientRepository authorizedClientRepository; + private final OAuth2AuthorizationRequestResolver authorizationRequestResolver; + private final RedirectStrategy authorizationRedirectStrategy = new DefaultRedirectStrategy(); - public OAuth2RefreshTokensWebFilter(OAuth2AuthorizedClientManager clientManager) { + public OAuth2RefreshTokensWebFilter( + OAuth2AuthorizedClientManager clientManager, + OAuth2AuthorizedClientRepository authorizedClientRepository, + ClientRegistrationRepository clientRegistrationRepository + ) { this.clientManager = clientManager; + this.authorizedClientRepository = authorizedClientRepository; + this.authorizationRequestResolver = + new DefaultOAuth2AuthorizationRequestResolver( + clientRegistrationRepository, + OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + ); } @Override - public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { + public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) + throws IOException, ServletException { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if ((authentication instanceof OAuth2AuthenticationToken)) { - authorizedClient((OAuth2AuthenticationToken) authentication); + try { + OAuth2AuthorizedClient authorizedClient = authorizedClient((OAuth2AuthenticationToken) authentication); + this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, authentication, request, response); + } catch (Exception e) { + OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestResolver.resolve(request); + if (authorizationRequest != null) { + this.authorizationRedirectStrategy.sendRedirect(request, response, authorizationRequest.getAuthorizationRequestUri()); + return; + } + } } filterChain.doFilter(request, response);