Add dynamic CallCredentials helpers

ST-DDT · ST-DDT · commit 7c6fda7fd0bc · 2021-11-13T23:34:18.000+01:00
Fixes #552
diff --git a/grpc-client-spring-boot-autoconfigure/src/main/java/net/devh/boot/grpc/client/security/CallCredentialsHelper.java b/grpc-client-spring-boot-autoconfigure/src/main/java/net/devh/boot/grpc/client/security/CallCredentialsHelper.java
@@ -27,6 +27,7 @@
 import java.util.Base64;
 import java.util.Map;
 import java.util.concurrent.Executor;
+import java.util.function.Supplier;
 
 import javax.annotation.Nullable;
 
@@ -159,7 +160,8 @@ public static StubTransformer mappedCredentialsStubTransformer(
     }
 
     /**
-     * Creates new call credentials with the given token for bearer auth.
+     * Creates new call credentials with the given token for bearer auth. Use this method if you have a permanent token
+     * or only use the call credentials for a single call/while the token is valid.
      *
      * <p>
      * <b>Note:</b> This method uses experimental grpc-java-API features.
@@ -174,6 +176,23 @@ public static CallCredentials bearerAuth(final String token) {
         return authorizationHeader(BEARER_AUTH_PREFIX + token);
     }
 
+    /**
+     * Creates new call credentials with the given token source for bearer auth. Use this method if you derive the token
+     * from the active context (e.g. currently logged in user) or dynamically obtain it from the authentication server.
+     *
+     * <p>
+     * <b>Note:</b> This method uses experimental grpc-java-API features.
+     * </p>
+     *
+     * @param tokenSource the bearer token source to use
+     * @return The newly created bearer auth credentials.
+     * @see SecurityConstants#BEARER_AUTH_PREFIX
+     * @see #authorizationHeader(Supplier)
+     */
+    public static CallCredentials bearerAuth(final Supplier<String> tokenSource) {
+        return authorizationHeader(() -> BEARER_AUTH_PREFIX + tokenSource);
+    }
+
     /**
      * Creates new call credentials with the given username and password for basic auth.
      *
@@ -228,32 +247,55 @@ public static String encodeBasicAuth(final String username, final String passwor
      * @see #authorizationHeaders(Metadata)
      */
     public static CallCredentials authorizationHeader(final String authorization) {
-        requireNonNull(authorization);
+        requireNonNull(authorization, "authorization");
         final Metadata extraHeaders = new Metadata();
         extraHeaders.put(AUTHORIZATION_HEADER, authorization);
         return authorizationHeaders(extraHeaders);
     }
 
+    /**
+     * Creates new call credentials with the given authorization information source.
+     *
+     * <p>
+     * <b>Note:</b> This method uses experimental grpc-java-API features.
+     * </p>
+     *
+     * @param authorizationSource The authorization source to use. The authorization usually starts with the scheme such
+     *        as as {@code "Basic "} or {@code "Bearer "} followed by the actual authentication information.
+     * @return The newly created call credentials.
+     * @see SecurityConstants#AUTHORIZATION_HEADER
+     * @see #authorizationHeaders(Supplier)
+     */
+    public static CallCredentials authorizationHeader(final Supplier<String> authorizationSource) {
+        requireNonNull(authorizationSource, "authorizationSource");
+
+        return authorizationHeaders(() -> {
+            final Metadata extraHeaders = new Metadata();
+            extraHeaders.put(AUTHORIZATION_HEADER, authorizationSource.get());
+            return extraHeaders;
+        });
+    }
+
     /**
      * Creates new call credentials with the given static authorization headers.
      *
      * @param authorizationHeaders The authorization headers to use.
      * @return The newly created call credentials.
      */
     public static CallCredentials authorizationHeaders(final Metadata authorizationHeaders) {
-        return new StaticSecurityHeaderCallCredentials(requireNonNull(authorizationHeaders));
+        return new StaticSecurityHeaderCallCredentials(authorizationHeaders);
     }
 
     /**
-     * The static security header {@link CallCredentials} simply add a set of predefined headers to the call. Their
+     * The static security header {@link CallCredentials} simply adds a set of predefined headers to the call. Their
      * specific meaning is server specific. This implementation can be used, for example, for BasicAuth.
      */
     private static final class StaticSecurityHeaderCallCredentials extends CallCredentials {
 
         private final Metadata extraHeaders;
 
-        StaticSecurityHeaderCallCredentials(final Metadata extraHeaders) {
-            this.extraHeaders = requireNonNull(extraHeaders, "extraHeaders");
+        StaticSecurityHeaderCallCredentials(final Metadata authorizationHeaders) {
+            this.extraHeaders = requireNonNull(authorizationHeaders, "authorizationHeaders");
         }
 
         @Override
@@ -272,6 +314,44 @@ public String toString() {
 
     }
 
+    /**
+     * Creates new call credentials with the given authorization headers source.
+     *
+     * @param authorizationHeadersSupplier The authorization headers source to use.
+     * @return The newly created call credentials.
+     */
+    public static CallCredentials authorizationHeaders(final Supplier<Metadata> authorizationHeadersSupplier) {
+        return new DynamicSecurityHeaderCallCredentials(authorizationHeadersSupplier);
+    }
+
+    /**
+     * The dynamic security header {@link CallCredentials} simply adds a set of dynamic headers to the call. Their
+     * specific meaning is server specific. This implementation can be used, for example, for BasicAuth.
+     */
+    private static final class DynamicSecurityHeaderCallCredentials extends CallCredentials {
+
+        private final Supplier<Metadata> extraHeadersSupplier;
+
+        DynamicSecurityHeaderCallCredentials(final Supplier<Metadata> authorizationHeadersSupplier) {
+            this.extraHeadersSupplier = requireNonNull(authorizationHeadersSupplier, "authorizationHeadersSupplier");
+        }
+
+        @Override
+        public void applyRequestMetadata(final RequestInfo requestInfo, final Executor appExecutor,
+                final MetadataApplier applier) {
+            applier.apply(this.extraHeadersSupplier.get());
+        }
+
+        @Override
+        public void thisUsesUnstableApi() {} // API evolution in progress
+
+        @Override
+        public String toString() {
+            return "DynamicSecurityHeaderCallCredentials [extraHeadersSupplier=" + this.extraHeadersSupplier + "]";
+        }
+
+    }
+
     /**
      * Checks whether the given security level provides privacy for all data being send on the connection.
      *
