I have following Spring Security configuration:
security:
oauth2:
resourceserver:
jwt:
issuer-uri: ${issuer-uri-of-identity}
client:
registration:
some-app:
client-id: ${qwerty.server.client.client-id}
client-secret: ${qwerty.server.client.client-secret}
scope: ${qwerty.server.client.some-app-scope}
authorization-grant-type: client_credentials
provider: qwerty
qwerty:
server:
max-clock-skew: 60
url: ....
scope: my-scope
client:
client-id: ...
client-secret: ....
some-app-scope: my-ticket-scope
And following configuration is used:
private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken(
"anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
...
@Bean("someAppRestTemplate")
@Autowired
public RestTemplate buildRestTemplateForSomeApp(RestTemplateBuilder builder) {
return builder
.messageConverters(converter)
.additionalInterceptors(Arrays.asList(contentTypeInterceptor(), oauthInterceptor("some-app")))
.build();
}
...
private ClientHttpRequestInterceptor oauthInterceptor(String id) {
return (r, b, e) -> {
OAuth2AuthorizedClient client = manager.authorize(
OAuth2AuthorizeRequest
.withClientRegistrationId(id)
.principal(ANONYMOUS_AUTHENTICATION)
.build()
);
Assert.notNull(client, "Can not access File Storage Service");
r.getHeaders().setBearerAuth(client.getAccessToken().getTokenValue());
return e.execute(r, b);
};
}
Now I need to do impersonation(https://datatracker.ietf.org/doc/html/rfc8693). So I need to pretend as some user. I need it because of "current user" logic inside some-app application.
How can I reconfigure to achieve it ?
P.S. I tried to google it but I haven't found anything relevant.
