spring-boot

History

Andy Wilkinson 231396e6ba Restructure OAuth2 client auto-configuration Previously, OAuth2 client auto-configuration was managed by a single class: - OAuth2ClientAutoConfiguration for servlet apps - ReactiveOAuth2ClientAutoConfiguration for reactive apps OAuth2ClientAutoConfiguration being for servlet apps meant that a blocking OAuth2 client was not availabile in a non-web application. The auto-configuration classes did two things: - Auto-configured beans that are specific to server-side web security that uses an OAuth2 client - Auto-configured OAuth2 client beans that may be used client- or server-side Combining these two things into a single auto-configuration class meant that you could not choose to use one or the other. For example, you may want to make use of an OAuth2 client in a web application without also using OAuth2 client-based web security. This commit restructures the auto-configuration to address these problems. There are now two auto-configurations for non-reactive apps: - OAuth2ClientAutoConfiguration - OAuth2ClientWebSecurityAutoConfiguration and two auto-configurations for reactive apps: - ReactiveOAuth2ClientAutoConfiguration - ReactiveOAuth2ClientWebSecurityAutoConfiguration This separation allows one to be used without the other. Furthermore, the conditions have been updated so that, for example, the blocking OAuth2 client is available in a non-web application. Closes gh-40997 Closes gh-44906 Co-authored-by: Moritz Halbritter <moritz.halbritter@broadcom.com>	2025-04-22 15:31:35 +01:00
..
src	Restructure OAuth2 client auto-configuration	2025-04-22 15:31:35 +01:00
build.gradle	Merge branch '3.4.x'	2025-04-14 16:18:50 -07:00

Andy Wilkinson 231396e6ba Restructure OAuth2 client auto-configuration

Previously, OAuth2 client auto-configuration was managed by a single
class:

- OAuth2ClientAutoConfiguration for servlet apps
- ReactiveOAuth2ClientAutoConfiguration for reactive apps

OAuth2ClientAutoConfiguration being for servlet apps meant that
a blocking OAuth2 client was not availabile in a non-web application.

The auto-configuration classes did two things:

- Auto-configured beans that are specific to server-side web security
  that uses an OAuth2 client
- Auto-configured OAuth2 client beans that may be used client- or
  server-side

Combining these two things into a single auto-configuration class
meant that you could not choose to use one or the other. For example,
you may want to make use of an OAuth2 client in a web application
without also using OAuth2 client-based web security.

This commit restructures the auto-configuration to address these
problems. There are now two auto-configurations for non-reactive apps:

- OAuth2ClientAutoConfiguration
- OAuth2ClientWebSecurityAutoConfiguration

and two auto-configurations for reactive apps:

- ReactiveOAuth2ClientAutoConfiguration
- ReactiveOAuth2ClientWebSecurityAutoConfiguration

This separation allows one to be used without the other. Furthermore,
the conditions have been updated so that, for example, the blocking
OAuth2 client is available in a non-web application.

Closes gh-40997
Closes gh-44906

Co-authored-by: Moritz Halbritter <moritz.halbritter@broadcom.com>

2025-04-22 15:31:35 +01:00

src

Restructure OAuth2 client auto-configuration

2025-04-22 15:31:35 +01:00

build.gradle

Merge branch '3.4.x'

2025-04-14 16:18:50 -07:00