Register RestOperations @Bean to be used as default for oauth2-client flows

[jgrandja]

We should register a RestOperations @Bean in OAuth2ClientConfiguration that is configured with default settings and is used as the default via setRestOperations(restOperations) in the various oauth2-client flows - see #5601.

The well-known @Bean should be named springSecurityOAuth2RestOperations and automatically be injected/used as the default in all oauth2-client flows. The user has the ability to register a @Bean with the same name, which will effectively override the default.

For now, the default @Bean will be configured with default connect and read timeout settings for 30 secs. However, the user may override this @Bean and provide custom settings for Proxy, SSL, HTTP Client backing implementation, etc.

[rwinch]

I'm not sure we should be quite as granular as springSecurityOAuth2RestOperations. Otherwise we run into a pretty slippery slope on bean names. Do we add springSecurityOAuth2ClientRestOperations, springSecurityOAuth2ResourceServerRestOperations, etc? Likely springSecurityRestOperations is good enough or potentially even just a Bean rather than the name.

[jgrandja]

Likely springSecurityRestOperations is good enough or potentially even just a Bean rather than the name.

I'm fine with springSecurityRestOperations. But I'm not sure about...

even just a Bean rather than the name

How do we know RestOperations bean is meant for oauth2-client flows? The user may have configured a bean for another use case within the app.