Announcement Announcement Module
Collapse
No announcement yet.
Why 'resouce' in OAuth2RestTemplate is private final (cannot change values) Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Why 'resouce' in OAuth2RestTemplate is private final (cannot change values)

    In class OAuth2RestTemplate, I see that the resource (of type OAuth2ProtectedResourceDetails) is private final. Why is that?
    I know use case usually is
    Code:
    	<oauth:rest-template id="oauthRestTemplate" resource="a" />
    	<oauth:resource id="a"
                        type="authorization_code"
                        client-id="${oauth2.client.id}"
                        client-secret="${oauth2.client.secret}"
    		    access-token-uri="accessTokenUri"
                        user-authorization-uri="userAuthorizationUri"
                        scope="read"/>
    but my case is a bit more complicated so I cannot use the regular <resource> (OAuth2ProtectedResourceDetails) but instead I extend it and do someting like this:
    Code:
    <beans:bean id="WebAppOAuth2ResourceDetails" class="com...WebAppOAuth2ResourceDetails">
    		<beans:constructor-arg index="0"><beans:value>${oauth2.client.userAuthorizationUri}</beans:value></beans:constructor-arg>
      		<beans:constructor-arg index="1"><beans:value>${oauth2.client.accessTokenUri}</beans:value></beans:constructor-arg>
      		<beans:constructor-arg index="2"><beans:value>${oauth2.client.id}</beans:value></beans:constructor-arg>
      		<beans:constructor-arg index="3"><beans:value>${oauth2.client.secret}</beans:value></beans:constructor-arg>
    		
    	</beans:bean>
    where WebAppOAuth2ResourceDetails extends AuthorizationCodeResourceDetails.
    So far so good - but let's say I cannot pass the params in the ctor, but want to read them (the URIs) from a DB and then update the object (which is the 'resource' inside OAuth2RestTemplate.

    How can I do it?

  • #2
    I'm not really sure I understand the use case. You wouldn't want to change the resource inside an OAuth2RestTemplate once it is configured because it wouldn't be thread safe. Maybe you just need to change your implementation of the resource, or (if I understand correctly) just get the placeholder properties from somewhere else (like the db you mentioned)?

    Comment


    • #3
      Originally posted by Dave Syer View Post
      I'm not really sure I understand the use case. You wouldn't want to change the resource inside an OAuth2RestTemplate once it is configured because it wouldn't be thread safe. Maybe you just need to change your implementation of the resource, or (if I understand correctly) just get the placeholder properties from somewhere else (like the db you mentioned)?
      The thing is my oAuth-client has no DB; instead, he makes a REST call to another component that does use a DB. Therefore, I cannot simply change the placeholder. So on init, I do not know my URLs /authorize and /token, but I read them later on. This is why I need update the resource' URLs inside the OAuth2RestTemplate (I do not need to replace it, just to update it; yet I understand the multi-threading issue here)

      What do you suggest?

      Comment


      • #4
        Easiest might be to use a custom OAuth2ProtectedResourceDetails bean (like you have) and inside that do a lazy initialization, so the URLs are populated when they are first needed.

        Comment


        • #5
          Originally posted by Dave Syer View Post
          Easiest might be to use a custom OAuth2ProtectedResourceDetails bean (like you have) and inside that do a lazy initialization, so the URLs are populated when they are first needed.
          Bingo! This is exactly what I need; I do have my impl for OAuth2ProtectedResourceDetails, but how do I implement this lazy init? (resource is private and final ...)

          Comment


          • #6
            Why do you need to modify the OAuth2RestTemplate? Just put the initialization logic in your custom resource details. I feel like I must be missing something.

            Comment


            • #7
              I agree - I do not need to modify OAuth2RestTemplate; only the resource. So I have my implementation for the OAuth2ProtectedResourceDetails, but how do implement lazy initialization in it?
              Thanks

              Comment


              • #8
                I suppose the normal way is with an if block.

                Code:
                if (x==null) {
                      x = initializeX();
                }
                You can be defensive and synchronize the inner block if you like. What's hard about that?

                Comment


                • #9
                  Got it.
                  Code:
                  	@Override
                  	public String getAccessTokenUri() 
                  	{
                  		//lazy init:
                  		String accessTokenUri = super.getAccessTokenUri();
                  		if(accessTokenUri == null)
                  		{
                  			accessTokenUri = initTokenUri();
                  			setAccessTokenUri(accessTokenUri)
                  		}
                  		return accessTokenUri;
                  	}
                  Thanks!

                  Comment

                  Working...
                  X