Allow ClientRegistrations HTTP Client (RestTemplate) to be configurable #15935

mluckam · 2024-10-16T14:41:37Z

Expected Behavior

ClientRegistrations RestTemplate is configurable.

Current Behavior

ClientRegistrations RestTemplate is not configurable, see code

Context

Currently the ClientRegistrations RestTemplate does not allow customization. As of July 2020 this was the agreed upon design (#8882 (comment)).

My use case is to utilize a custom key store and trust store for the oauth2 client to communicate with the authentication server. In order for the oauth2 client to utilize a custom key store and trust store the jvm defaults must be updated.

-Djavax.net.ssl.trustStore=XXXX
-Djavax.net.ssl.trustStorePassword=XXXX
-Djavax.net.ssl.keyStore=XXXX
-Djavax.net.ssl.keyStoreAlias=XXXX
-Djavax.net.ssl.keyStorePassword=XXXX

This seems to be overkill, requiring an update to the jvm defaults in order to update the oauth2 client configuration. Given that the RestTemplate is highly configurable, why not expose the RestTemplate for configuration? A configuration could look like below:

SSL Bundles.

spring.security.oauth2.client.registration.[registrationId].ssl.bundle

SSL configuration

spring.security.oauth2.client.registration.[registrationId].ssl.keystorePath
spring.security.oauth2.client.registration.[registrationId].ssl.keystorePassword
spring.security.oauth2.client.registration.[registrationId].ssl.keyStoreAlias
spring.security.oauth2.client.registration.[registrationId].ssl.trustStorePath
spring.security.oauth2.client.registration.[registrationId].ssl.trustStorePassword

Exposing configuration would allow for tighter control of what configurations are allowed on the RestTemplate. Alternatively the ClientRegistrations RestTemplate could utlize the RestTemplateBuilder as proposed here (#7027 (comment)) and be fully configurable.

The text was updated successfully, but these errors were encountered:

jzheaux · 2024-10-22T15:38:44Z

Duplicate of #15716 which was just recently merged. Please give 6.4.0-RC1 a try and see if it meets your needs.

mluckam · 2024-10-25T13:47:50Z

@jzheaux it does not appear the suggested change provides a way in which to update the configuration of the ClientHttpRequestFactory of the RestTemplate of the ClientRegistrations. The ClientHttpRequestFactory allows loading of key material and trust material into the RestTemplate (https://www.baeldung.com/spring-resttemplate-secure-https-service#2-configuring-the-resttemplatefor-https-access). Do you have further insight into how the suggested change can achieve this goal?

jzheaux · 2024-10-28T20:01:58Z

Hi, @mluckam, thanks for reaching out.

You are correct that it doesn't expose the RestOperations instance or make it configurable. What the added method does is allow you to query your own RestOperations and send ClientRegistrations the result. For more details, you can take a look at the discussion in #14633 from this point onward.

mluckam added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Oct 16, 2024

jzheaux closed this as completed Oct 22, 2024

jzheaux self-assigned this Oct 22, 2024

jzheaux added status: duplicate A duplicate of another issue and removed status: waiting-for-triage An issue we've not yet triaged labels Oct 22, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow ClientRegistrations HTTP Client (RestTemplate) to be configurable #15935

Allow ClientRegistrations HTTP Client (RestTemplate) to be configurable #15935

mluckam commented Oct 16, 2024

jzheaux commented Oct 22, 2024

mluckam commented Oct 25, 2024

jzheaux commented Oct 28, 2024

Allow ClientRegistrations HTTP Client (RestTemplate) to be configurable #15935

Allow ClientRegistrations HTTP Client (RestTemplate) to be configurable #15935

Comments

mluckam commented Oct 16, 2024

jzheaux commented Oct 22, 2024

mluckam commented Oct 25, 2024

jzheaux commented Oct 28, 2024