Skip to content

Add builder customizer for SpringOpaqueTokenIntrospector and SpringReactiveOpaqueTokenIntrospector #49029

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
itsmevichu wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add builder customizer for SpringOpaqueTokenIntrospector and SpringReactiveOpaqueTokenIntrospector #49029

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6365871
Add builder customizer for SpringOpaqueTokenIntrospector and SpringRe…
itsmevichu Feb 1, 2026
ba491f3
Merge branch 'spring-projects:main' into gh-47138
itsmevichu Feb 11, 2026
de02953
Add unit test for SpringReactiveOpaqueTokenIntrospectorBuilderCustomizer
itsmevichu Feb 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 8 additions & 4 deletions ...resource/autoconfigure/reactive/ReactiveOAuth2ResourceServerOpaqueTokenConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

package org.springframework.boot.security.oauth2.server.resource.autoconfigure.reactive;

import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
Expand Down Expand Up @@ -45,16 +46,19 @@ static class OpaqueTokenIntrospectionClientConfiguration {

@Bean
@ConditionalOnProperty(name = "spring.security.oauth2.resourceserver.opaquetoken.introspection-uri")
SpringReactiveOpaqueTokenIntrospector opaqueTokenIntrospector(OAuth2ResourceServerProperties properties) {
SpringReactiveOpaqueTokenIntrospector opaqueTokenIntrospector(OAuth2ResourceServerProperties properties,
ObjectProvider<SpringReactiveOpaqueTokenIntrospectorBuilderCustomizer> customizers) {
OAuth2ResourceServerProperties.Opaquetoken opaquetoken = properties.getOpaquetoken();
String clientId = opaquetoken.getClientId();
Assert.state(clientId != null, "'clientId' must not be null");
String clientSecret = opaquetoken.getClientSecret();
Assert.state(clientSecret != null, "'clientSecret' must not be null");
return SpringReactiveOpaqueTokenIntrospector.withIntrospectionUri(opaquetoken.getIntrospectionUri())
SpringReactiveOpaqueTokenIntrospector.Builder builder = SpringReactiveOpaqueTokenIntrospector
.withIntrospectionUri(opaquetoken.getIntrospectionUri())
.clientId(clientId)
.clientSecret(clientSecret)
.build();
.clientSecret(clientSecret);
customizers.orderedStream().forEach((customizer) -> customizer.customize(builder));
return builder.build();
}

}
Expand Down
39 changes: 39 additions & 0 deletions ...source/autoconfigure/reactive/SpringReactiveOpaqueTokenIntrospectorBuilderCustomizer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
/*
* Copyright 2012-present the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package org.springframework.boot.security.oauth2.server.resource.autoconfigure.reactive;

import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
import org.springframework.security.oauth2.server.resource.introspection.SpringReactiveOpaqueTokenIntrospector;

/**
* Callback interface for the customization of the
* {@link SpringReactiveOpaqueTokenIntrospector.Builder} used to create the
* auto-configured {@link ReactiveOpaqueTokenIntrospector}.
*
* @author Vishnutheep B
* @since 4.x.x
*/
@FunctionalInterface
public interface SpringReactiveOpaqueTokenIntrospectorBuilderCustomizer {

/**
* Customize the given {@code builder}.
* @param builder the {@code builder} to customize
*/
void customize(SpringReactiveOpaqueTokenIntrospector.Builder builder);

}
12 changes: 8 additions & 4 deletions ...2/server/resource/autoconfigure/servlet/OAuth2ResourceServerOpaqueTokenConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

package org.springframework.boot.security.oauth2.server.resource.autoconfigure.servlet;

import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
Expand Down Expand Up @@ -47,18 +48,21 @@ static class OpaqueTokenIntrospectionClientConfiguration {

@Bean
@ConditionalOnProperty(name = "spring.security.oauth2.resourceserver.opaquetoken.introspection-uri")
SpringOpaqueTokenIntrospector opaqueTokenIntrospector(OAuth2ResourceServerProperties properties) {
SpringOpaqueTokenIntrospector opaqueTokenIntrospector(OAuth2ResourceServerProperties properties,
ObjectProvider<SpringOpaqueTokenIntrospectorBuilderCustomizer> customizers) {
OAuth2ResourceServerProperties.Opaquetoken opaquetoken = properties.getOpaquetoken();
String introspectionUri = opaquetoken.getIntrospectionUri();
Assert.state(introspectionUri != null, "'introspectionUri' must not be null");
String clientId = opaquetoken.getClientId();
Assert.state(clientId != null, "'clientId' must not be null");
String clientSecret = opaquetoken.getClientSecret();
Assert.state(clientSecret != null, "'clientSecret' must not be null");
return SpringOpaqueTokenIntrospector.withIntrospectionUri(introspectionUri)
SpringOpaqueTokenIntrospector.Builder builder = SpringOpaqueTokenIntrospector
.withIntrospectionUri(introspectionUri)
.clientId(clientId)
.clientSecret(clientSecret)
.build();
.clientSecret(clientSecret);
customizers.orderedStream().forEach((customizer) -> customizer.customize(builder));
return builder.build();
}

}
Expand Down
39 changes: 39 additions & 0 deletions ...server/resource/autoconfigure/servlet/SpringOpaqueTokenIntrospectorBuilderCustomizer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
/*
* Copyright 2012-present the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package org.springframework.boot.security.oauth2.server.resource.autoconfigure.servlet;

import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
import org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector;

/**
* Callback interface for the customization of the
* {@link SpringOpaqueTokenIntrospector.Builder} used to create the auto-configured
* {@link OpaqueTokenIntrospector}.
*
* @author Vishnutheep B
* @since 4.x.x
*/
@FunctionalInterface
public interface SpringOpaqueTokenIntrospectorBuilderCustomizer {

/**
* Customize the given {@code builder}.
* @param builder the {@code builder} to customize
*/
void customize(SpringOpaqueTokenIntrospector.Builder builder);

}
26 changes: 26 additions & 0 deletions ...r/resource/autoconfigure/reactive/ReactiveOAuth2ResourceServerAutoConfigurationTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -414,9 +414,23 @@ void autoConfigurationWhenIntrospectionUriAvailableShouldConfigureIntrospectionC
.run((context) -> {
assertThat(context).hasSingleBean(ReactiveOpaqueTokenIntrospector.class);
assertFilterConfiguredWithOpaqueTokenAuthenticationManager(context);
assertSpringReactiveOpaqueTokenIntrospectorBuilderCustomization(context);
});
}

private void assertSpringReactiveOpaqueTokenIntrospectorBuilderCustomization(
AssertableReactiveWebApplicationContext context) {
SpringReactiveOpaqueTokenIntrospectorBuilderCustomizer customizer = context.getBean(
"reactiveOpaqueTokenIntrospectorBuilderCustomizer",
SpringReactiveOpaqueTokenIntrospectorBuilderCustomizer.class);
SpringReactiveOpaqueTokenIntrospectorBuilderCustomizer anotherCustomizer = context.getBean(
"anotherReactiveOpaqueTokenIntrospectorBuilderCustomizer",
SpringReactiveOpaqueTokenIntrospectorBuilderCustomizer.class);
InOrder inOrder = inOrder(customizer, anotherCustomizer);
inOrder.verify(customizer).customize(any());
inOrder.verify(anotherCustomizer).customize(any());
}

@Test
void autoConfigurationWhenJwkSetUriAndIntrospectionUriAvailable() {
this.contextRunner
Expand Down Expand Up @@ -929,6 +943,18 @@ JwkSetUriReactiveJwtDecoderBuilderCustomizer anotherDecoderBuilderCustomizer() {
return mock(JwkSetUriReactiveJwtDecoderBuilderCustomizer.class);
}

@Bean
@Order(1)
SpringReactiveOpaqueTokenIntrospectorBuilderCustomizer reactiveOpaqueTokenIntrospectorBuilderCustomizer() {
return mock(SpringReactiveOpaqueTokenIntrospectorBuilderCustomizer.class);
}

@Bean
@Order(2)
SpringReactiveOpaqueTokenIntrospectorBuilderCustomizer anotherReactiveOpaqueTokenIntrospectorBuilderCustomizer() {
return mock(SpringReactiveOpaqueTokenIntrospectorBuilderCustomizer.class);
}

}

@Configuration(proxyBeanMethods = false)
Expand Down
24 changes: 24 additions & 0 deletions ...th2/server/resource/autoconfigure/servlet/OAuth2ResourceServerAutoConfigurationTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -465,9 +465,21 @@ void autoConfigurationWhenIntrospectionUriAvailableShouldConfigureIntrospectionC
.run((context) -> {
assertThat(context).hasSingleBean(OpaqueTokenIntrospector.class);
assertThat(getBearerTokenFilter(context)).isNotNull();
assertSpringOpaqueTokenIntrospectorBuilderCustomization(context);
});
}

private void assertSpringOpaqueTokenIntrospectorBuilderCustomization(AssertableWebApplicationContext context) {
SpringOpaqueTokenIntrospectorBuilderCustomizer customizer = context
.getBean("opaqueTokenIntrospectorBuilderCustomizer", SpringOpaqueTokenIntrospectorBuilderCustomizer.class);
SpringOpaqueTokenIntrospectorBuilderCustomizer anotherCustomizer = context.getBean(
"anotherOpaqueTokenIntrospectorBuilderCustomizer",
SpringOpaqueTokenIntrospectorBuilderCustomizer.class);
InOrder inOrder = inOrder(customizer, anotherCustomizer);
inOrder.verify(customizer).customize(any());
inOrder.verify(anotherCustomizer).customize(any());
}

@Test
void opaqueTokenIntrospectorIsConditionalOnMissingBean() {
this.contextRunner
Expand Down Expand Up @@ -912,6 +924,18 @@ JwkSetUriJwtDecoderBuilderCustomizer anotherDecoderBuilderCustomizer() {
return mock(JwkSetUriJwtDecoderBuilderCustomizer.class);
}

@Bean
@Order(1)
SpringOpaqueTokenIntrospectorBuilderCustomizer opaqueTokenIntrospectorBuilderCustomizer() {
return mock(SpringOpaqueTokenIntrospectorBuilderCustomizer.class);
}

@Bean
@Order(2)
SpringOpaqueTokenIntrospectorBuilderCustomizer anotherOpaqueTokenIntrospectorBuilderCustomizer() {
return mock(SpringOpaqueTokenIntrospectorBuilderCustomizer.class);
}

}

@Configuration(proxyBeanMethods = false)
Expand Down