Java源码示例:org.springframework.vault.authentication.ClientAuthentication
示例1
@Test
public void configureClientAuthenticationIfAllEnvVarsSetThenAppRoleMethod() {
KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);
when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn("role-id");
when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn("secret-id");
when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn("token");
when(keyVaultConfig.getProperty("approlePath")).thenReturn(Optional.of("approle"));
ClientAuthentication result = util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint);
assertThat(result).isInstanceOf(AppRoleAuthentication.class);
}
示例2
@Test
public void configureClientAuthenticationIfOnlyRoleIdAndSecretIdSetThenAppRoleMethod() {
KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);
when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn("role-id");
when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn("secret-id");
when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn(null);
when(keyVaultConfig.getProperty("approlePath")).thenReturn(Optional.of("somepath"));
ClientAuthentication result = util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint);
assertThat(result).isInstanceOf(AppRoleAuthentication.class);
}
示例3
protected ClientAuthentication appRoleAuthentication() {
String roleId = getProperty("vault.app-role.role-id");
String secretId = getProperty("vault.app-role.secret-id");
String path = getProperty("vault.app-role.app-role-path",
AppRoleAuthenticationOptions.DEFAULT_APPROLE_AUTHENTICATION_PATH);
Assert.hasText(roleId, "Vault AppRole authentication: RoleId (vault.app-role.role-id) must not be empty");
AppRoleAuthenticationOptionsBuilder builder = AppRoleAuthenticationOptions.builder()
.roleId(RoleId.provided(roleId)).path(path);
if (StringUtils.hasText(secretId)) {
builder = builder.secretId(SecretId.provided(secretId));
}
return new AppRoleAuthentication(builder.build(), restOperations());
}
示例4
protected ClientAuthentication azureMsiAuthentication() {
String role = getProperty("vault.azure-msi.role");
String path = getProperty("vault.azure-msi.azure-path",
AzureMsiAuthenticationOptions.DEFAULT_AZURE_AUTHENTICATION_PATH);
URI metadataServiceUri = getUri("vault.azure-msi.metadata-service",
AzureMsiAuthenticationOptions.DEFAULT_INSTANCE_METADATA_SERVICE_URI);
URI identityTokenServiceUri = getUri("vault.azure-msi.identity-token-service",
AzureMsiAuthenticationOptions.DEFAULT_IDENTITY_TOKEN_SERVICE_URI);
Assert.hasText(role, "Vault Azure MSI authentication: Role (vault.azure-msi.role) must not be empty");
AzureMsiAuthenticationOptionsBuilder builder = AzureMsiAuthenticationOptions.builder().role(role).path(path)
.instanceMetadataUri(metadataServiceUri).identityTokenServiceUri(identityTokenServiceUri);
return new AzureMsiAuthentication(builder.build(), restOperations());
}
示例5
protected ClientAuthentication kubeAuthentication() {
String role = getProperty("vault.kubernetes.role");
String tokenFile = getProperty("vault.kubernetes.service-account-token-file",
KubernetesServiceAccountTokenFile.DEFAULT_KUBERNETES_SERVICE_ACCOUNT_TOKEN_FILE);
String path = getProperty("vault.kubernetes.kubernetes-path",
KubernetesAuthenticationOptions.DEFAULT_KUBERNETES_AUTHENTICATION_PATH);
Assert.hasText(role, "Vault Kubernetes authentication: role must not be empty");
KubernetesJwtSupplier jwtSupplier = new KubernetesServiceAccountTokenFile(tokenFile);
KubernetesAuthenticationOptionsBuilder builder = KubernetesAuthenticationOptions.builder().role(role)
.jwtSupplier(jwtSupplier).path(path);
return new KubernetesAuthentication(builder.build(), restOperations());
}
示例6
private ClientAuthentication gcpGceAuthentication(VaultProperties vaultProperties) {
VaultProperties.GcpGceProperties gcp = vaultProperties.getGcpGce();
Assert.hasText(gcp.getRole(),
"Role (spring.cloud.vault.gcp-gce.role) must not be empty");
GcpComputeAuthenticationOptionsBuilder builder = GcpComputeAuthenticationOptions
.builder().path(gcp.getGcpPath()).role(gcp.getRole());
if (StringUtils.hasText(gcp.getServiceAccount())) {
builder.serviceAccount(gcp.getServiceAccount());
}
return new GcpComputeAuthentication(builder.build(), this.restOperations,
this.externalRestOperations);
}
示例7
private ClientAuthentication gcpIamAuthentication(VaultProperties vaultProperties) {
VaultProperties.GcpIamProperties gcp = vaultProperties.getGcpIam();
Assert.hasText(gcp.getRole(),
"Role (spring.cloud.vault.gcp-iam.role) must not be empty");
GcpIamAuthenticationOptionsBuilder builder = GcpIamAuthenticationOptions.builder()
.path(gcp.getGcpPath()).role(gcp.getRole())
.jwtValidity(gcp.getJwtValidity());
if (StringUtils.hasText(gcp.getProjectId())) {
builder.projectId(gcp.getProjectId());
}
if (StringUtils.hasText(gcp.getServiceAccountId())) {
builder.serviceAccountId(gcp.getServiceAccountId());
}
GcpCredentialSupplier supplier = () -> getGoogleCredential(gcp);
builder.credential(supplier.get());
GcpIamAuthenticationOptions options = builder.build();
return new GcpIamAuthentication(options, this.restOperations);
}
示例8
private ClientAuthentication kubernetesAuthentication(
VaultProperties vaultProperties) {
VaultProperties.KubernetesProperties kubernetes = vaultProperties.getKubernetes();
Assert.hasText(kubernetes.getRole(),
"Role (spring.cloud.vault.kubernetes.role) must not be empty");
Assert.hasText(kubernetes.getServiceAccountTokenFile(),
"Service account token file (spring.cloud.vault.kubernetes.service-account-token-file) must not be empty");
KubernetesAuthenticationOptions options = KubernetesAuthenticationOptions
.builder().path(kubernetes.getKubernetesPath()).role(kubernetes.getRole())
.jwtSupplier(new KubernetesServiceAccountTokenFile(
kubernetes.getServiceAccountTokenFile()))
.build();
return new KubernetesAuthentication(options, this.restOperations);
}
示例9
private ClientAuthentication pcfAuthentication(VaultProperties vaultProperties) {
VaultProperties.PcfProperties pcfProperties = vaultProperties.getPcf();
Assert.isTrue(
ClassUtils.isPresent("org.bouncycastle.crypto.signers.PSSSigner",
getClass().getClassLoader()),
"BouncyCastle (bcpkix-jdk15on) must be on the classpath");
Assert.hasText(pcfProperties.getRole(),
"Role (spring.cloud.vault.pcf.role) must not be empty");
PcfAuthenticationOptions.PcfAuthenticationOptionsBuilder builder = PcfAuthenticationOptions
.builder().role(pcfProperties.getRole()).path(pcfProperties.getPcfPath());
if (pcfProperties.getInstanceCertificate() != null) {
builder.instanceCertificate(new ResourceCredentialSupplier(
pcfProperties.getInstanceCertificate()));
}
if (pcfProperties.getInstanceKey() != null) {
builder.instanceKey(
new ResourceCredentialSupplier(pcfProperties.getInstanceKey()));
}
return new PcfAuthentication(builder.build(), this.restOperations);
}
示例10
/**
* @return the {@link SessionManager} for Vault session management.
* @param clientAuthentication the {@link ClientAuthentication}.
* @param asyncTaskExecutorFactory the {@link ObjectFactory} for
* {@link TaskSchedulerWrapper}.
* @see SessionManager
* @see LifecycleAwareSessionManager
*/
@Bean
@ConditionalOnMissingBean
@ConditionalOnAuthentication
public SessionManager vaultSessionManager(ClientAuthentication clientAuthentication,
ObjectFactory<TaskSchedulerWrapper> asyncTaskExecutorFactory) {
if (this.vaultProperties.getConfig().getLifecycle().isEnabled()) {
RestTemplate restTemplate = this.restTemplateBuilder.build();
return new LifecycleAwareSessionManager(clientAuthentication,
asyncTaskExecutorFactory.getObject().getTaskScheduler(),
restTemplate);
}
return new SimpleSessionManager(clientAuthentication);
}
示例11
@Test
public void shouldSupportPcfAuthentication() {
VaultProperties properties = new VaultProperties();
properties.setAuthentication(VaultProperties.AuthenticationMethod.PCF);
properties.getPcf().setRole("my-role");
properties.getPcf().setInstanceKey(new ClassPathResource("bootstrap.yml"));
properties.getPcf()
.setInstanceCertificate(new ClassPathResource("bootstrap.yml"));
ClientAuthentication clientAuthentication = new ClientAuthenticationFactory(
properties, new RestTemplate(), new RestTemplate())
.createClientAuthentication();
assertThat(clientAuthentication).isInstanceOf(PcfAuthentication.class);
}
示例12
@Override
public void init(GatewayConfig config, Map<String, String> options) throws ServiceLifecycleException {
this.config = config;
Map<String, String> remoteAliasServiceConfiguration = config.getRemoteAliasServiceConfiguration();
Map<String, String> vaultConfiguration = new HashMap<>();
for(Map.Entry<String, String> entry : remoteAliasServiceConfiguration.entrySet()) {
if(entry.getKey().startsWith(VAULT_CONFIG_PREFIX)) {
vaultConfiguration.put(entry.getKey(),
entry.getValue());
}
}
String vaultAddress = vaultConfiguration.get(VAULT_ADDRESS_KEY);
String vaultSecretsEngine = vaultConfiguration.get(VAULT_SECRETS_ENGINE_KEY);
vaultPathPrefix = getVaultPathPrefix(vaultConfiguration);
VaultEndpoint vaultEndpoint;
try {
vaultEndpoint = VaultEndpoint.from(new URI(vaultAddress));
ClientAuthentication vaultAuthentication = getClientAuthentication(vaultConfiguration);
VaultTemplate vaultTemplate = new VaultTemplate(vaultEndpoint, vaultAuthentication);
vault = vaultTemplate.opsForVersionedKeyValue(vaultSecretsEngine);
} catch (Exception e) {
throw new ServiceLifecycleException("Failed to init", e);
}
}
示例13
/**
* @return a new {@link ClientAuthentication}.
*/
public ClientAuthentication clientAuthentication() {
AuthenticationMethod authentication = this.vaultProperties.getAuthentication();
if (authentication == null) {
return new ConfigTokenProviderAuthentication(this.configTokenProvider);
}
if (this.authProviders == null || this.authProviders.isEmpty()) {
throw new UnsupportedOperationException(
"No Vault client authentication providers are configured");
}
for (SpringVaultClientAuthenticationProvider authProvider : this.authProviders) {
if (authProvider.supports(this.vaultProperties)) {
return authProvider.getClientAuthentication(this.vaultProperties,
restOperations(), this.externalRestOperations);
}
}
throw new UnsupportedOperationException(
String.format("Client authentication %s not supported", authentication));
}
示例14
@Override
public ClientAuthentication getClientAuthentication(
VaultEnvironmentProperties vaultProperties,
RestOperations vaultRestOperations, RestOperations externalRestOperations) {
VaultEnvironmentProperties.KubernetesProperties kubernetes = vaultProperties
.getKubernetes();
Assert.hasText(kubernetes.getRole(), missingPropertyForAuthMethod(
"kubernetes.role", AuthenticationMethod.KUBERNETES));
Assert.hasText(kubernetes.getServiceAccountTokenFile(),
missingPropertyForAuthMethod("kubernetes.service-account-token-file",
AuthenticationMethod.KUBERNETES));
KubernetesAuthenticationOptions options = KubernetesAuthenticationOptions
.builder().path(kubernetes.getKubernetesPath()).role(kubernetes.getRole())
.jwtSupplier(new KubernetesServiceAccountTokenFile(
kubernetes.getServiceAccountTokenFile()))
.build();
return new KubernetesAuthentication(options, vaultRestOperations);
}
示例15
@Override
public ClientAuthentication getClientAuthentication(
VaultEnvironmentProperties vaultProperties,
RestOperations vaultRestOperations, RestOperations externalRestOperations) {
String token = vaultProperties.getToken();
Assert.hasText(token,
missingPropertyForAuthMethod("token", AuthenticationMethod.CUBBYHOLE));
CubbyholeAuthenticationOptions options = CubbyholeAuthenticationOptions.builder() //
.wrapped() //
.initialToken(VaultToken.of(token)) //
.build();
return new CubbyholeAuthentication(options, vaultRestOperations);
}
示例16
@Override
public ClientAuthentication getClientAuthentication(
VaultEnvironmentProperties vaultProperties,
RestOperations vaultRestOperations, RestOperations externalRestOperations) {
VaultEnvironmentProperties.AzureMsiProperties azureMsi = vaultProperties
.getAzureMsi();
Assert.hasText(azureMsi.getRole(), missingPropertyForAuthMethod("azure-msi.role",
AuthenticationMethod.AZURE_MSI));
AzureMsiAuthenticationOptions options = AzureMsiAuthenticationOptions.builder()
.role(azureMsi.getRole()).path(azureMsi.getAzurePath())
.instanceMetadataUri(getUri(azureMsi.getMetadataService(),
AzureMsiAuthenticationOptions.DEFAULT_INSTANCE_METADATA_SERVICE_URI))
.identityTokenServiceUri(getUri(azureMsi.getIdentityTokenService(),
AzureMsiAuthenticationOptions.DEFAULT_IDENTITY_TOKEN_SERVICE_URI))
.build();
return new AzureMsiAuthentication(options, vaultRestOperations,
externalRestOperations);
}
示例17
@Override
public ClientAuthentication getClientAuthentication(
VaultEnvironmentProperties vaultProperties,
RestOperations vaultRestOperations, RestOperations externalRestOperations) {
VaultEnvironmentProperties.GcpGceProperties gcp = vaultProperties.getGcpGce();
Assert.hasText(gcp.getRole(), missingPropertyForAuthMethod("gcp-iam.role",
AuthenticationMethod.GCP_GCE));
GcpComputeAuthenticationOptions.GcpComputeAuthenticationOptionsBuilder builder = GcpComputeAuthenticationOptions
.builder().path(gcp.getGcpPath()).role(gcp.getRole());
if (StringUtils.hasText(gcp.getServiceAccount())) {
builder.serviceAccount(gcp.getServiceAccount());
}
return new GcpComputeAuthentication(builder.build(), vaultRestOperations,
externalRestOperations);
}
示例18
@Override
public ClientAuthentication clientAuthentication() {
if (AUTH_TYPE_K8S.equalsIgnoreCase(authType)) {
LOGGER.info("Kubernetes based Vault auth is configured");
try {
String token = FileReaderUtils.readFileFromPath(Paths.get(kubernetesSATokenPath));
KubernetesAuthenticationOptions k8sOptions = KubernetesAuthenticationOptions.builder()
.jwtSupplier(() -> token)
.role(kubernetesLoginRole)
.path(kubernetesMountPath)
.build();
return new KubernetesAuthentication(k8sOptions, restOperations());
} catch (IOException e) {
throw new RuntimeException("Failed to read the Kubernetes service account token", e);
}
} else {
LOGGER.info("Token based Vault auth is configured");
return new TokenAuthentication(rootToken);
}
}
示例19
@Override
public ClientAuthentication clientAuthentication() {
KubernetesAuthenticationOptions options =
KubernetesAuthenticationOptions.builder().path(path).role(role).build();
return new KubernetesAuthentication(options, restOperations());
}
示例20
@Test
public void configureClientAuthenticationIfOnlyTokenSetThenTokenMethod() {
KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);
when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn(null);
when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn(null);
when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn("token");
ClientAuthentication result = util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint);
assertThat(result).isInstanceOf(TokenAuthentication.class);
}
示例21
/**
* Construct a {@link VaultTokenSupplier} using {@link #clientAuthentication()}.
* @return the {@link VaultTokenSupplier} for Vault session token management.
* @see VaultTokenSupplier
* @see #clientAuthentication()
*/
protected VaultTokenSupplier vaultTokenSupplier() {
ClientAuthentication clientAuthentication = clientAuthentication();
Assert.notNull(clientAuthentication, "ClientAuthentication must not be null");
if (clientAuthentication instanceof TokenAuthentication) {
TokenAuthentication authentication = (TokenAuthentication) clientAuthentication;
return () -> Mono.just(authentication.login());
}
if (clientAuthentication instanceof AuthenticationStepsFactory) {
AuthenticationStepsFactory factory = (AuthenticationStepsFactory) clientAuthentication;
WebClient webClient = getWebClientFactory().create();
AuthenticationStepsOperator stepsOperator = new AuthenticationStepsOperator(
factory.getAuthenticationSteps(), webClient);
return CachingVaultTokenSupplier.of(stepsOperator);
}
throw new IllegalStateException(String.format(
"Cannot construct VaultTokenSupplier from %s. "
+ "ClientAuthentication must implement AuthenticationStepsFactory or be TokenAuthentication",
clientAuthentication));
}
示例22
@Override
public ClientAuthentication clientAuthentication() {
String authentication = getProperty("vault.authentication", AuthenticationMethod.TOKEN.name()).toUpperCase()
.replace('-', '_');
AuthenticationMethod authenticationMethod = AuthenticationMethod.valueOf(authentication);
switch (authenticationMethod) {
case TOKEN:
return tokenAuthentication();
case APPID:
return appIdAuthentication();
case APPROLE:
return appRoleAuthentication();
case AWS_EC2:
return awsEc2Authentication();
case AZURE:
return azureMsiAuthentication();
case CERT:
return new ClientCertificateAuthentication(restOperations());
case CUBBYHOLE:
return cubbyholeAuthentication();
case KUBERNETES:
return kubeAuthentication();
default:
throw new IllegalStateException(String.format("Vault authentication method %s is not supported with %s",
authenticationMethod, getClass().getSimpleName()));
}
}
示例23
protected ClientAuthentication appIdAuthentication() {
String appId = getProperty("vault.app-id.app-id", getProperty("spring.application.name"));
String userId = getProperty("vault.app-id.user-id");
String path = getProperty("vault.app-id.app-id-path",
AppIdAuthenticationOptions.DEFAULT_APPID_AUTHENTICATION_PATH);
Assert.hasText(appId, "Vault AppId authentication: AppId (vault.app-id.app-id) must not be empty");
Assert.hasText(userId, "Vault AppId authentication: UserId (vault.app-id.user-id) must not be empty");
AppIdAuthenticationOptionsBuilder builder = AppIdAuthenticationOptions.builder().appId(appId)
.userIdMechanism(getAppIdUserIdMechanism(userId)).path(path);
return new AppIdAuthentication(builder.build(), restOperations());
}
示例24
@Test
void shouldConfigureTokenAuthentication() {
ClientAuthentication clientAuthentication = this.configuration.clientAuthentication();
assertThat(clientAuthentication).isInstanceOf(TokenAuthentication.class);
assertThat(clientAuthentication.login()).isEqualTo(VaultToken.of("my-token"));
}
示例25
@Test
void shouldConfigureAuthentication(@Autowired EnvironmentVaultConfiguration configuration) {
ClientAuthentication clientAuthentication = configuration.clientAuthentication();
assertThat(clientAuthentication).isInstanceOf(AzureMsiAuthentication.class);
DirectFieldAccessor accessor = new DirectFieldAccessor(clientAuthentication);
AzureMsiAuthenticationOptions options = (AzureMsiAuthenticationOptions) accessor.getPropertyValue("options");
assertThat(options.getIdentityTokenServiceUri())
.isEqualTo(AzureMsiAuthenticationOptions.DEFAULT_IDENTITY_TOKEN_SERVICE_URI);
assertThat(options.getInstanceMetadataServiceUri()).isEqualTo(URI.create("http://foo"));
}
示例26
private ClientAuthentication appIdAuthentication(VaultProperties vaultProperties) {
VaultProperties.AppIdProperties appId = vaultProperties.getAppId();
Assert.hasText(appId.getUserId(),
"UserId (spring.cloud.vault.app-id.user-id) must not be empty");
AppIdAuthenticationOptions authenticationOptions = AppIdAuthenticationOptions
.builder().appId(vaultProperties.getApplicationName()) //
.path(appId.getAppIdPath()) //
.userIdMechanism(getAppIdMechanism(appId)).build();
return new AppIdAuthentication(authenticationOptions, this.restOperations);
}
示例27
private ClientAuthentication awsEc2Authentication(VaultProperties vaultProperties) {
VaultProperties.AwsEc2Properties awsEc2 = vaultProperties.getAwsEc2();
Nonce nonce = StringUtils.hasText(awsEc2.getNonce())
? Nonce.provided(awsEc2.getNonce().toCharArray()) : Nonce.generated();
AwsEc2AuthenticationOptions authenticationOptions = AwsEc2AuthenticationOptions
.builder().role(awsEc2.getRole()) //
.path(awsEc2.getAwsEc2Path()) //
.nonce(nonce) //
.identityDocumentUri(URI.create(awsEc2.getIdentityDocument())) //
.build();
return new AwsEc2Authentication(authenticationOptions, this.restOperations,
this.externalRestOperations);
}
示例28
private ClientAuthentication awsIamAuthentication(VaultProperties vaultProperties) {
AwsIamProperties awsIam = vaultProperties.getAwsIam();
AWSCredentialsProvider credentialsProvider = AwsCredentialProvider
.getAwsCredentialsProvider();
AwsIamAuthenticationOptionsBuilder builder = AwsIamAuthenticationOptions
.builder();
if (StringUtils.hasText(awsIam.getRole())) {
builder.role(awsIam.getRole());
}
if (StringUtils.hasText(awsIam.getServerName())) {
builder.serverName(awsIam.getServerName());
}
if (awsIam.getEndpointUri() != null) {
builder.endpointUri(awsIam.getEndpointUri());
}
builder.path(awsIam.getAwsPath()) //
.credentialsProvider(credentialsProvider);
AwsIamAuthenticationOptions options = builder
.credentialsProvider(credentialsProvider).build();
return new AwsIamAuthentication(options, this.restOperations);
}
示例29
private ClientAuthentication cubbyholeAuthentication() {
Assert.hasText(this.vaultProperties.getToken(),
"Initial Token (spring.cloud.vault.token) for Cubbyhole authentication must not be empty");
CubbyholeAuthenticationOptions options = CubbyholeAuthenticationOptions.builder() //
.wrapped() //
.initialToken(VaultToken.of(this.vaultProperties.getToken())) //
.build();
return new CubbyholeAuthentication(options, this.restOperations);
}
示例30
/**
* @return the {@link ClientAuthentication} to obtain a
* {@link org.springframework.vault.support.VaultToken}.
* @see SessionManager
* @see LifecycleAwareSessionManager
*/
@Bean
@ConditionalOnMissingBean
@ConditionalOnAuthentication
public ClientAuthentication clientAuthentication() {
RestTemplate restTemplate = this.restTemplateBuilder.build();
ClientAuthenticationFactory factory = new ClientAuthenticationFactory(
this.vaultProperties, restTemplate, this.externalRestOperations);
return factory.createClientAuthentication();
}
