spring-projects · aotitoola · Mar 3, 2019
diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -31,6 +31,8 @@
 import java.util.UUID;
 import java.util.function.Function;
 
+import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
+import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient;
 import reactor.core.publisher.Mono;
 import reactor.util.context.Context;
 
@@ -621,14 +623,13 @@ private ReactiveAuthenticationManager getAuthenticationManager() {
 		}
 
 		private ReactiveAuthenticationManager createDefault() {
-			WebClientReactiveAuthorizationCodeTokenResponseClient client = new WebClientReactiveAuthorizationCodeTokenResponseClient();
-			ReactiveAuthenticationManager result = new OAuth2LoginReactiveAuthenticationManager(client, getOauth2UserService());
+			ReactiveAuthenticationManager result = new OAuth2LoginReactiveAuthenticationManager(getAccessTokenResponseClient(), getOauth2UserService());
 
 			boolean oidcAuthenticationProviderEnabled = ClassUtils.isPresent(
 					"org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
 			if (oidcAuthenticationProviderEnabled) {
 				OidcAuthorizationCodeReactiveAuthenticationManager oidc =
-						new OidcAuthorizationCodeReactiveAuthenticationManager(client, getOidcUserService());
+						new OidcAuthorizationCodeReactiveAuthenticationManager(getAccessTokenResponseClient(), getOidcUserService());
 				ResolvableType type = ResolvableType.forClassWithGenerics(
 						ReactiveJwtDecoderFactory.class, ClientRegistration.class);
 				ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory = getBeanOrNull(type);
@@ -788,6 +789,15 @@ private Map<String, String> getLinks() {
 			return result;
 		}
 
+		private ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> getAccessTokenResponseClient() {
+			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2AccessTokenResponseClient.class, OAuth2AuthorizationCodeGrantRequest.class);
+			ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> bean = getBeanOrNull(type);
+			if (bean == null) {
+				return new WebClientReactiveAuthorizationCodeTokenResponseClient();
+			}
+			return bean;
+		}
+
 		private ReactiveClientRegistrationRepository getClientRegistrationRepository() {
 			if (this.clientRegistrationRepository == null) {
 				this.clientRegistrationRepository = getBeanOrNull(ReactiveClientRegistrationRepository.class);

diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
@@ -218,16 +218,16 @@ public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
 	}
 
 	@Test
-	public void oauth2LoginWhenCustomJwtDecoderFactoryThenUsed() {
+	public void oauth2LoginWhenCustomBeansThenUsed() {
 		this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class,
-				OAuth2LoginWithJwtDecoderFactoryBeanConfig.class).autowire();
+				OAuth2LoginWithCustomBeansConfig.class).autowire();
 
 		WebTestClient webTestClient = WebTestClientBuilder
 				.bindToWebFilters(this.springSecurity)
 				.build();
 
-		OAuth2LoginWithJwtDecoderFactoryBeanConfig config = this.spring.getContext()
-				.getBean(OAuth2LoginWithJwtDecoderFactoryBeanConfig.class);
+		OAuth2LoginWithCustomBeansConfig config = this.spring.getContext()
+				.getBean(OAuth2LoginWithCustomBeansConfig.class);
 
 		OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build();
 		OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build();
@@ -258,10 +258,11 @@ public void oauth2LoginWhenCustomJwtDecoderFactoryThenUsed() {
 				.expectStatus().is3xxRedirection();
 
 		verify(config.jwtDecoderFactory).createDecoder(any());
+		verify(tokenResponseClient).getTokenResponse(any());
 	}
 
 	@Configuration
-	static class OAuth2LoginWithJwtDecoderFactoryBeanConfig {
+	static class OAuth2LoginWithCustomBeansConfig {
 
 		ServerAuthenticationConverter authenticationConverter = mock(ServerAuthenticationConverter.class);
 
@@ -298,6 +299,11 @@ public ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory() {
 			return jwtDecoderFactory;
 		}
 
+		@Bean
+		public ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> oAuth2AccessTokenResponseClient() {
+			return tokenResponseClient;
+		}
+
 		private static class JwtDecoderFactory implements ReactiveJwtDecoderFactory<ClientRegistration> {
 
 			@Override