Ensure OAuth2 resource server works in webflux app

dsyer · dsyer · commit d1713dfabc6e · 2025-07-17T06:36:03.000+01:00
diff --git a/samples/grpc-webflux-secure/src/test/java/org/springframework/grpc/sample/GrpcServerApplicationTests.java b/samples/grpc-webflux-secure/src/test/java/org/springframework/grpc/sample/GrpcServerApplicationTests.java
@@ -7,7 +7,7 @@
 import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.boot.SpringApplication;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.boot.test.context.TestConfiguration;
@@ -30,7 +30,6 @@
 
 import io.grpc.Status.Code;
 import io.grpc.StatusRuntimeException;
-import io.grpc.reflection.v1.ServerReflectionGrpc;
 
 @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT,
 		properties = { "spring.grpc.client.default-channel.address=0.0.0.0:${local.grpc.port}",
@@ -39,7 +38,7 @@
 public class GrpcServerApplicationTests {
 
 	public static void main(String[] args) {
-		new SpringApplicationBuilder(GrpcServerApplication.class).run(args);
+		SpringApplication.from(GrpcServerApplication::main).with(ExtraConfiguration.class).run(args);
 	}
 
 	@Autowired
@@ -70,8 +69,7 @@ void authenticated() {
 
 	@TestConfiguration(proxyBeanMethods = false)
 	@EnableDynamicProperty
-	@ImportGrpcClients(target = "stub",
-			types = { SimpleGrpc.SimpleBlockingStub.class, ServerReflectionGrpc.ServerReflectionStub.class })
+	@ImportGrpcClients(target = "stub", types = { SimpleGrpc.SimpleBlockingStub.class })
 	@ImportGrpcClients(target = "secure", prefix = "secure", types = { SimpleGrpc.SimpleBlockingStub.class })
 	static class ExtraConfiguration {
 
diff --git a/spring-grpc-spring-boot-autoconfigure/src/main/java/org/springframework/grpc/autoconfigure/server/security/OAuth2ClientAutoConfiguration.java b/spring-grpc-spring-boot-autoconfigure/src/main/java/org/springframework/grpc/autoconfigure/server/security/OAuth2ClientAutoConfiguration.java
@@ -19,6 +19,7 @@
 import java.util.List;
 
 import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.security.oauth2.client.ClientsConfiguredCondition;
 import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties;
@@ -36,6 +37,7 @@
 @AutoConfiguration(
 		after = org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientAutoConfiguration.class)
 @Configuration(proxyBeanMethods = false)
+@ConditionalOnClass(InMemoryClientRegistrationRepository.class)
 @Conditional(ClientsConfiguredCondition.class)
 @EnableConfigurationProperties(OAuth2ClientProperties.class)
 public class OAuth2ClientAutoConfiguration {
diff --git a/spring-grpc-spring-boot-autoconfigure/src/main/java/org/springframework/grpc/autoconfigure/server/security/OAuth2ResourceServerAutoConfiguration.java b/spring-grpc-spring-boot-autoconfigure/src/main/java/org/springframework/grpc/autoconfigure/server/security/OAuth2ResourceServerAutoConfiguration.java
@@ -116,7 +116,7 @@ static class OpaqueTokenIntrospectionClientConfiguration {
 
 		@Bean
 		@ConditionalOnProperty(name = "spring.security.oauth2.resourceserver.opaquetoken.introspection-uri")
-		SpringOpaqueTokenIntrospector opaqueTokenIntrospector(OAuth2ResourceServerProperties properties) {
+		SpringOpaqueTokenIntrospector blockingOpaqueTokenIntrospector(OAuth2ResourceServerProperties properties) {
 			OAuth2ResourceServerProperties.Opaquetoken opaqueToken = properties.getOpaquetoken();
 			return new SpringOpaqueTokenIntrospector(opaqueToken.getIntrospectionUri(), opaqueToken.getClientId(),
 					opaqueToken.getClientSecret());
@@ -161,7 +161,7 @@ static class JwtDecoderConfiguration {
 
 		@Bean
 		@ConditionalOnProperty(name = "spring.security.oauth2.resourceserver.jwt.jwk-set-uri")
-		JwtDecoder jwtDecoderByJwkKeySetUri(ObjectProvider<JwkSetUriJwtDecoderBuilderCustomizer> customizers) {
+		JwtDecoder blockingJwtDecoderByJwkKeySetUri(ObjectProvider<JwkSetUriJwtDecoderBuilderCustomizer> customizers) {
 			JwkSetUriJwtDecoderBuilder builder = NimbusJwtDecoder.withJwkSetUri(this.properties.getJwkSetUri())
 				.jwsAlgorithms(this::jwsAlgorithms);
 			customizers.orderedStream().forEach((customizer) -> customizer.customize(builder));
@@ -203,7 +203,7 @@ private boolean nullSafeDisjoint(List<String> c1, List<String> c2) {
 
 		@Bean
 		@Conditional(KeyValueCondition.class)
-		JwtDecoder jwtDecoderByPublicKeyValue() throws Exception {
+		JwtDecoder blockingJwtDecoderByPublicKeyValue() throws Exception {
 			RSAPublicKey publicKey = (RSAPublicKey) KeyFactory.getInstance("RSA")
 				.generatePublic(new X509EncodedKeySpec(getKeySpec(this.properties.readPublicKey())));
 			NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withPublicKey(publicKey)
@@ -231,7 +231,8 @@ private String exactlyOneAlgorithm() {
 
 		@Bean
 		@Conditional(IssuerUriCondition.class)
-		SupplierJwtDecoder jwtDecoderByIssuerUri(ObjectProvider<JwkSetUriJwtDecoderBuilderCustomizer> customizers) {
+		SupplierJwtDecoder blockingJwtDecoderByIssuerUri(
+				ObjectProvider<JwkSetUriJwtDecoderBuilderCustomizer> customizers) {
 			return new SupplierJwtDecoder(() -> {
 				String issuerUri = this.properties.getIssuerUri();
 				JwkSetUriJwtDecoderBuilder builder = NimbusJwtDecoder.withIssuerLocation(issuerUri);
