diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProvider.java index 68f1681c623..ae9b6947829 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProvider.java @@ -16,7 +16,8 @@ package org.springframework.security.oauth2.client; -import org.springframework.lang.Nullable; +import org.jspecify.annotations.Nullable; + import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter; import org.springframework.security.oauth2.core.AuthorizationGrantType; @@ -47,8 +48,7 @@ public final class AuthorizationCodeOAuth2AuthorizedClientProvider implements OA * the authorization request */ @Override - @Nullable - public OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context) { + @Nullable public OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context) { Assert.notNull(context, "context cannot be null"); if (AuthorizationGrantType.AUTHORIZATION_CODE.equals( context.getClientRegistration().getAuthorizationGrantType()) && context.getAuthorizedClient() == null) { diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java index 90877408953..ca1745f9f80 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java @@ -21,7 +21,8 @@ import java.util.Map; import java.util.function.Function; -import org.springframework.lang.Nullable; +import org.jspecify.annotations.Nullable; + import org.springframework.security.core.Authentication; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProvider.java index 90143314c7f..49f55c66576 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProvider.java @@ -20,7 +20,8 @@ import java.time.Duration; import java.time.Instant; -import org.springframework.lang.Nullable; +import org.jspecify.annotations.Nullable; + import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest; import org.springframework.security.oauth2.client.endpoint.RestClientClientCredentialsTokenResponseClient; @@ -61,8 +62,7 @@ public final class ClientCredentialsOAuth2AuthorizedClientProvider implements OA * re-authorization) is not supported */ @Override - @Nullable - public OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context) { + @Nullable public OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context) { Assert.notNull(context, "context cannot be null"); ClientRegistration clientRegistration = context.getClientRegistration(); if (!AuthorizationGrantType.CLIENT_CREDENTIALS.equals(clientRegistration.getAuthorizationGrantType())) { @@ -98,7 +98,12 @@ private OAuth2AccessTokenResponse getTokenResponse(ClientRegistration clientRegi } private boolean hasTokenExpired(OAuth2Token token) { - return this.clock.instant().isAfter(token.getExpiresAt().minus(this.clockSkew)); + // Capture the expiration time in a local variable to ensure: + // 1. Thread safety: The value cannot change between the null check and its use. + // 2. Static analysis: Prevents IDEs (like VS Code/Eclipse) from reporting a + // potential NullPointerException on the second call. + Instant expiresAt = token.getExpiresAt(); + return expiresAt != null && this.clock.instant().isAfter(expiresAt.minus(this.clockSkew)); } /** diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java index 5448199a0ed..09b8a2802d8 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java @@ -89,7 +89,12 @@ public Mono authorize(OAuth2AuthorizationContext context } private boolean hasTokenExpired(OAuth2Token token) { - return this.clock.instant().isAfter(token.getExpiresAt().minus(this.clockSkew)); + // Capture the expiration time in a local variable to ensure: + // 1. Thread safety: The value cannot change between the null check and its use. + // 2. Static analysis: Prevents IDEs (like VS Code/Eclipse) from reporting a + // potential NullPointerException on the second call. + Instant expiresAt = token.getExpiresAt(); + return expiresAt != null && this.clock.instant().isAfter(expiresAt.minus(this.clockSkew)); } /** diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java index cddf44c91f9..7d9279107c8 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProvider.java @@ -21,7 +21,8 @@ import java.util.Collections; import java.util.List; -import org.springframework.lang.Nullable; +import org.jspecify.annotations.Nullable; + import org.springframework.util.Assert; /** @@ -64,8 +65,7 @@ public DelegatingOAuth2AuthorizedClientProvider(List resolveJwtAssertion(OAuth2AuthorizationContext context) { } private boolean hasTokenExpired(OAuth2Token token) { - return this.clock.instant().isAfter(token.getExpiresAt().minus(this.clockSkew)); + // Capture the expiration time in a local variable to ensure: + // 1. Thread safety: The value cannot change between the null check and its use. + // 2. Static analysis: Prevents IDEs (like VS Code/Eclipse) from reporting a + // potential NullPointerException on the second call. + Instant expiresAt = token.getExpiresAt(); + return expiresAt != null && this.clock.instant().isAfter(expiresAt.minus(this.clockSkew)); } /** diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java index 7b0b952e7f4..b01ea7e82a4 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java @@ -22,7 +22,8 @@ import java.util.Map; import java.util.function.Consumer; -import org.springframework.lang.Nullable; +import org.jspecify.annotations.Nullable; + import org.springframework.security.core.Authentication; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.util.Assert; @@ -74,8 +75,7 @@ public ClientRegistration getClientRegistration() { * @return the {@link OAuth2AuthorizedClient} or {@code null} if the client * registration was supplied */ - @Nullable - public OAuth2AuthorizedClient getAuthorizedClient() { + @Nullable public OAuth2AuthorizedClient getAuthorizedClient() { return this.authorizedClient; } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java index 82184888b31..e939dc227cb 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java @@ -23,7 +23,8 @@ import java.util.Map; import java.util.function.Consumer; -import org.springframework.lang.Nullable; +import org.jspecify.annotations.Nullable; + import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; @@ -67,8 +68,7 @@ public String getClientRegistrationId() { * was not provided. * @return the {@link OAuth2AuthorizedClient} or {@code null} if it was not provided */ - @Nullable - public OAuth2AuthorizedClient getAuthorizedClient() { + @Nullable public OAuth2AuthorizedClient getAuthorizedClient() { return this.authorizedClient; } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java index 47091bf168c..e1410f69f3a 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java @@ -18,7 +18,8 @@ import java.io.Serializable; -import org.springframework.lang.Nullable; +import org.jspecify.annotations.Nullable; + import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2RefreshToken; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientManager.java index 0cf99029df9..6d202238554 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientManager.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientManager.java @@ -16,7 +16,8 @@ package org.springframework.security.oauth2.client; -import org.springframework.lang.Nullable; +import org.jspecify.annotations.Nullable; + import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository; @@ -62,7 +63,6 @@ public interface OAuth2AuthorizedClientManager { * @return the {@link OAuth2AuthorizedClient} or {@code null} if authorization is not * supported for the specified client */ - @Nullable - OAuth2AuthorizedClient authorize(OAuth2AuthorizeRequest authorizeRequest); + @Nullable OAuth2AuthorizedClient authorize(OAuth2AuthorizeRequest authorizeRequest); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProvider.java index 42761789f43..7306fa8ad5e 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProvider.java @@ -16,7 +16,8 @@ package org.springframework.security.oauth2.client; -import org.springframework.lang.Nullable; +import org.jspecify.annotations.Nullable; + import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.core.AuthorizationGrantType; @@ -46,7 +47,6 @@ public interface OAuth2AuthorizedClientProvider { * @return the {@link OAuth2AuthorizedClient} or {@code null} if authorization is not * supported for the specified client */ - @Nullable - OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context); + @Nullable OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java index 8a0c6b7aa3f..3843578406f 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java @@ -24,9 +24,10 @@ import java.util.HashSet; import java.util.Set; +import org.jspecify.annotations.Nullable; + import org.springframework.context.ApplicationEventPublisher; import org.springframework.context.ApplicationEventPublisherAware; -import org.springframework.lang.Nullable; import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest; import org.springframework.security.oauth2.client.endpoint.RestClientRefreshTokenTokenResponseClient; @@ -78,8 +79,7 @@ public final class RefreshTokenOAuth2AuthorizedClientProvider * not supported */ @Override - @Nullable - public OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context) { + @Nullable public OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context) { Assert.notNull(context, "context cannot be null"); OAuth2AuthorizedClient authorizedClient = context.getAuthorizedClient(); if (authorizedClient == null || authorizedClient.getRefreshToken() == null @@ -123,7 +123,8 @@ private OAuth2AccessTokenResponse getTokenResponse(OAuth2AuthorizedClient author } private boolean hasTokenExpired(OAuth2Token token) { - return this.clock.instant().isAfter(token.getExpiresAt().minus(this.clockSkew)); + Instant expiresAt = token.getExpiresAt(); + return expiresAt != null && this.clock.instant().isAfter(expiresAt.minus(this.clockSkew)); } /** diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java index 03e0bef1c48..ce52d3f35b2 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java @@ -101,7 +101,8 @@ public Mono authorize(OAuth2AuthorizationContext context } private boolean hasTokenExpired(OAuth2Token token) { - return this.clock.instant().isAfter(token.getExpiresAt().minus(this.clockSkew)); + Instant expiresAt = token.getExpiresAt(); + return expiresAt != null && this.clock.instant().isAfter(expiresAt.minus(this.clockSkew)); } /** diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/TokenExchangeOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/TokenExchangeOAuth2AuthorizedClientProvider.java index b98fd2e48a1..54a46d312c9 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/TokenExchangeOAuth2AuthorizedClientProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/TokenExchangeOAuth2AuthorizedClientProvider.java @@ -21,7 +21,8 @@ import java.time.Instant; import java.util.function.Function; -import org.springframework.lang.Nullable; +import org.jspecify.annotations.Nullable; + import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.RestClientTokenExchangeTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequest; @@ -66,8 +67,7 @@ public final class TokenExchangeOAuth2AuthorizedClientProvider implements OAuth2 * supported */ @Override - @Nullable - public OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context) { + @Nullable public OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context) { Assert.notNull(context, "context cannot be null"); ClientRegistration clientRegistration = context.getClientRegistration(); if (!AuthorizationGrantType.TOKEN_EXCHANGE.equals(clientRegistration.getAuthorizationGrantType())) { @@ -111,7 +111,8 @@ private OAuth2AccessTokenResponse getTokenResponse(ClientRegistration clientRegi } private boolean hasTokenExpired(OAuth2Token token) { - return this.clock.instant().isAfter(token.getExpiresAt().minus(this.clockSkew)); + Instant expiresAt = token.getExpiresAt(); + return expiresAt != null && this.clock.instant().isAfter(expiresAt.minus(this.clockSkew)); } /** diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/TokenExchangeReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/TokenExchangeReactiveOAuth2AuthorizedClientProvider.java index 6cdb5649102..31fb36baab2 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/TokenExchangeReactiveOAuth2AuthorizedClientProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/TokenExchangeReactiveOAuth2AuthorizedClientProvider.java @@ -101,7 +101,8 @@ private Mono resolveSubjectToken(OAuth2AuthorizationContext context } private boolean hasTokenExpired(OAuth2Token token) { - return this.clock.instant().isAfter(token.getExpiresAt().minus(this.clockSkew)); + Instant expiresAt = token.getExpiresAt(); + return expiresAt != null && this.clock.instant().isAfter(expiresAt.minus(this.clockSkew)); } /** diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java deleted file mode 100644 index d9b8eedaf41..00000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import java.io.IOException; - -import com.fasterxml.jackson.core.JsonParser; -import com.fasterxml.jackson.databind.DeserializationContext; -import com.fasterxml.jackson.databind.JsonDeserializer; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.util.StdConverter; - -import org.springframework.security.oauth2.client.registration.ClientRegistration; -import org.springframework.security.oauth2.core.AuthenticationMethod; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; - -/** - * A {@code JsonDeserializer} for {@link ClientRegistration}. - * - * @author Joe Grandja - * @since 5.3 - * @see ClientRegistration - * @see ClientRegistrationMixin - * @deprecated as of 7.0 in favor of - * {@code org.springframework.security.oauth2.client.jackson.ClientRegistrationDeserializer} - * based on Jackson 3 - */ -@Deprecated(forRemoval = true) -final class ClientRegistrationDeserializer extends JsonDeserializer { - - private static final StdConverter CLIENT_AUTHENTICATION_METHOD_CONVERTER = new StdConverters.ClientAuthenticationMethodConverter(); - - private static final StdConverter AUTHORIZATION_GRANT_TYPE_CONVERTER = new StdConverters.AuthorizationGrantTypeConverter(); - - private static final StdConverter AUTHENTICATION_METHOD_CONVERTER = new StdConverters.AuthenticationMethodConverter(); - - @Override - public ClientRegistration deserialize(JsonParser parser, DeserializationContext context) throws IOException { - ObjectMapper mapper = (ObjectMapper) parser.getCodec(); - JsonNode clientRegistrationNode = mapper.readTree(parser); - JsonNode providerDetailsNode = JsonNodeUtils.findObjectNode(clientRegistrationNode, "providerDetails"); - JsonNode userInfoEndpointNode = JsonNodeUtils.findObjectNode(providerDetailsNode, "userInfoEndpoint"); - return ClientRegistration - .withRegistrationId(JsonNodeUtils.findStringValue(clientRegistrationNode, "registrationId")) - .clientId(JsonNodeUtils.findStringValue(clientRegistrationNode, "clientId")) - .clientSecret(JsonNodeUtils.findStringValue(clientRegistrationNode, "clientSecret")) - .clientAuthenticationMethod(CLIENT_AUTHENTICATION_METHOD_CONVERTER - .convert(JsonNodeUtils.findObjectNode(clientRegistrationNode, "clientAuthenticationMethod"))) - .authorizationGrantType(AUTHORIZATION_GRANT_TYPE_CONVERTER - .convert(JsonNodeUtils.findObjectNode(clientRegistrationNode, "authorizationGrantType"))) - .redirectUri(JsonNodeUtils.findStringValue(clientRegistrationNode, "redirectUri")) - .scope(JsonNodeUtils.findValue(clientRegistrationNode, "scopes", JsonNodeUtils.STRING_SET, mapper)) - .clientName(JsonNodeUtils.findStringValue(clientRegistrationNode, "clientName")) - .authorizationUri(JsonNodeUtils.findStringValue(providerDetailsNode, "authorizationUri")) - .tokenUri(JsonNodeUtils.findStringValue(providerDetailsNode, "tokenUri")) - .userInfoUri(JsonNodeUtils.findStringValue(userInfoEndpointNode, "uri")) - .userInfoAuthenticationMethod(AUTHENTICATION_METHOD_CONVERTER - .convert(JsonNodeUtils.findObjectNode(userInfoEndpointNode, "authenticationMethod"))) - .userNameAttributeName(JsonNodeUtils.findStringValue(userInfoEndpointNode, "userNameAttributeName")) - .jwkSetUri(JsonNodeUtils.findStringValue(providerDetailsNode, "jwkSetUri")) - .issuerUri(JsonNodeUtils.findStringValue(providerDetailsNode, "issuerUri")) - .providerConfigurationMetadata(JsonNodeUtils.findValue(providerDetailsNode, "configurationMetadata", - JsonNodeUtils.STRING_OBJECT_MAP, mapper)) - .build(); - } - -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationMixin.java deleted file mode 100644 index c8af80b1fb8..00000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationMixin.java +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonTypeInfo; -import com.fasterxml.jackson.databind.annotation.JsonDeserialize; - -import org.springframework.security.oauth2.client.registration.ClientRegistration; - -/** - * This mixin class is used to serialize/deserialize {@link ClientRegistration}. It also - * registers a custom deserializer {@link ClientRegistrationDeserializer}. - * - * @author Joe Grandja - * @since 5.3 - * @see ClientRegistration - * @see ClientRegistrationDeserializer - * @see OAuth2ClientJackson2Module - * @deprecated as of 7.0 in favor of - * {@code org.springframework.security.oauth2.client.jackson.ClientRegistrationMixin} - * based on Jackson 3 - */ -@Deprecated(forRemoval = true) -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS) -@JsonDeserialize(using = ClientRegistrationDeserializer.class) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, - isGetterVisibility = JsonAutoDetect.Visibility.NONE) -@JsonIgnoreProperties(ignoreUnknown = true) -abstract class ClientRegistrationMixin { - -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java deleted file mode 100644 index b3f221d5b58..00000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import java.util.Collection; -import java.util.Map; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.oauth2.core.user.DefaultOAuth2User; - -/** - * This mixin class is used to serialize/deserialize {@link DefaultOAuth2User}. - * - * @author Joe Grandja - * @since 5.3 - * @see DefaultOAuth2User - * @see OAuth2ClientJackson2Module - * @deprecated as of 7.0 in favor of - * {@code org.springframework.security.oauth2.client.jackson.DefaultOAuth2UserMixin} based - * on Jackson 3 - */ -@Deprecated(forRemoval = true) -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, - isGetterVisibility = JsonAutoDetect.Visibility.NONE) -@JsonIgnoreProperties(ignoreUnknown = true) -abstract class DefaultOAuth2UserMixin { - - @JsonCreator - DefaultOAuth2UserMixin(@JsonProperty("authorities") Collection authorities, - @JsonProperty("attributes") Map attributes, - @JsonProperty("nameAttributeKey") String nameAttributeKey) { - } - -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java deleted file mode 100644 index 0a0dfdaf283..00000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import java.util.Collection; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.oauth2.core.oidc.OidcIdToken; -import org.springframework.security.oauth2.core.oidc.OidcUserInfo; -import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser; - -/** - * This mixin class is used to serialize/deserialize {@link DefaultOidcUser}. - * - * @author Joe Grandja - * @since 5.3 - * @see DefaultOidcUser - * @see OAuth2ClientJackson2Module - * @deprecated as of 7.0 in favor of - * {@code org.springframework.security.oauth2.client.jackson.DefaultOidcUserMixin} based - * on Jackson 3 - */ -@Deprecated(forRemoval = true) -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, - isGetterVisibility = JsonAutoDetect.Visibility.NONE) -@JsonIgnoreProperties(value = { "attributes" }, ignoreUnknown = true) -abstract class DefaultOidcUserMixin { - - @JsonCreator - DefaultOidcUserMixin(@JsonProperty("authorities") Collection authorities, - @JsonProperty("idToken") OidcIdToken idToken, @JsonProperty("userInfo") OidcUserInfo userInfo, - @JsonProperty("nameAttributeKey") String nameAttributeKey) { - } - -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java deleted file mode 100644 index 1bfdbfa21a2..00000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import java.util.Map; -import java.util.Set; - -import com.fasterxml.jackson.core.type.TypeReference; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; - -/** - * Utility class for {@code JsonNode}. - * - * @author Joe Grandja - * @since 5.3 - * @deprecated as of 7.0 in favor of - * {@code org.springframework.security.oauth2.client.jackson.JsonNodeUtils} based on - * Jackson 3 - */ -@Deprecated(forRemoval = true) -abstract class JsonNodeUtils { - - static final TypeReference> STRING_SET = new TypeReference<>() { - }; - - static final TypeReference> STRING_OBJECT_MAP = new TypeReference<>() { - }; - - static String findStringValue(JsonNode jsonNode, String fieldName) { - if (jsonNode == null) { - return null; - } - JsonNode value = jsonNode.findValue(fieldName); - return (value != null && value.isTextual()) ? value.asText() : null; - } - - static T findValue(JsonNode jsonNode, String fieldName, TypeReference valueTypeReference, - ObjectMapper mapper) { - if (jsonNode == null) { - return null; - } - JsonNode value = jsonNode.findValue(fieldName); - return (value != null && value.isContainerNode()) ? mapper.convertValue(value, valueTypeReference) : null; - } - - static JsonNode findObjectNode(JsonNode jsonNode, String fieldName) { - if (jsonNode == null) { - return null; - } - JsonNode value = jsonNode.findValue(fieldName); - return (value != null && value.isObject()) ? value : null; - } - -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AccessTokenMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AccessTokenMixin.java deleted file mode 100644 index 6f86af534ef..00000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AccessTokenMixin.java +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import java.time.Instant; -import java.util.Set; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonTypeInfo; -import com.fasterxml.jackson.databind.annotation.JsonDeserialize; - -import org.springframework.security.oauth2.core.OAuth2AccessToken; - -/** - * This mixin class is used to serialize/deserialize {@link OAuth2AccessToken}. - * - * @author Joe Grandja - * @since 5.3 - * @see OAuth2AccessToken - * @see OAuth2ClientJackson2Module - * @deprecated as of 7.0 in favor of - * {@code org.springframework.security.oauth2.client.jackson.OAuth2AccessTokenMixin} based - * on Jackson 3 - */ -@Deprecated(forRemoval = true) -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, - isGetterVisibility = JsonAutoDetect.Visibility.NONE) -@JsonIgnoreProperties(ignoreUnknown = true) -abstract class OAuth2AccessTokenMixin { - - @JsonCreator - OAuth2AccessTokenMixin( - @JsonProperty("tokenType") @JsonDeserialize( - converter = StdConverters.AccessTokenTypeConverter.class) OAuth2AccessToken.TokenType tokenType, - @JsonProperty("tokenValue") String tokenValue, @JsonProperty("issuedAt") Instant issuedAt, - @JsonProperty("expiresAt") Instant expiresAt, @JsonProperty("scopes") Set scopes) { - } - -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixin.java deleted file mode 100644 index 7ac2561592e..00000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixin.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - -import org.springframework.security.oauth2.core.OAuth2AuthenticationException; -import org.springframework.security.oauth2.core.OAuth2Error; - -/** - * This mixin class is used to serialize/deserialize - * {@link OAuth2AuthenticationException}. - * - * @author Dennis Neufeld - * @author Steve Riesenberg - * @since 5.3.4 - * @see OAuth2AuthenticationException - * @see OAuth2ClientJackson2Module - * @deprecated as of 7.0 in favor of - * {@code org.springframework.security.oauth2.client.jackson.OAuth2AuthenticationExceptionMixin} - * based on Jackson 3 - */ -@Deprecated(forRemoval = true) -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.NONE, getterVisibility = JsonAutoDetect.Visibility.NONE, - isGetterVisibility = JsonAutoDetect.Visibility.NONE) -@JsonIgnoreProperties(ignoreUnknown = true, value = { "cause", "stackTrace", "suppressedExceptions" }) -abstract class OAuth2AuthenticationExceptionMixin { - - @JsonProperty("error") - abstract OAuth2Error getError(); - - @JsonProperty("detailMessage") - abstract String getMessage(); - - @JsonCreator - OAuth2AuthenticationExceptionMixin(@JsonProperty("error") OAuth2Error error, - @JsonProperty("detailMessage") String message) { - } - -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixin.java deleted file mode 100644 index a89ad61155b..00000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixin.java +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import java.util.Collection; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; -import org.springframework.security.oauth2.core.user.OAuth2User; - -/** - * This mixin class is used to serialize/deserialize {@link OAuth2AuthenticationToken}. - * - * @author Joe Grandja - * @since 5.3 - * @see OAuth2AuthenticationToken - * @see OAuth2ClientJackson2Module - * @deprecated as of 7.0 in favor of - * {@code org.springframework.security.oauth2.client.jackson.OAuth2AuthenticationTokenMixin} - * based on Jackson 3 - */ -@Deprecated(forRemoval = true) -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, - isGetterVisibility = JsonAutoDetect.Visibility.NONE) -@JsonIgnoreProperties(value = { "authenticated" }, ignoreUnknown = true) -abstract class OAuth2AuthenticationTokenMixin { - - @JsonCreator - OAuth2AuthenticationTokenMixin(@JsonProperty("principal") OAuth2User principal, - @JsonProperty("authorities") Collection authorities, - @JsonProperty("authorizedClientRegistrationId") String authorizedClientRegistrationId) { - } - -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java deleted file mode 100644 index 1296a5b7836..00000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import java.io.IOException; - -import com.fasterxml.jackson.core.JsonParseException; -import com.fasterxml.jackson.core.JsonParser; -import com.fasterxml.jackson.databind.DeserializationContext; -import com.fasterxml.jackson.databind.JsonDeserializer; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.util.StdConverter; - -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; -import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder; - -/** - * A {@code JsonDeserializer} for {@link OAuth2AuthorizationRequest}. - * - * @author Joe Grandja - * @since 5.3 - * @see OAuth2AuthorizationRequest - * @see OAuth2AuthorizationRequestMixin - * @deprecated as of 7.0 in favor of - * {@code org.springframework.security.oauth2.client.jackson.OAuth2AuthorizationRequestDeserializer} - * based on Jackson 3 - */ -@Deprecated(forRemoval = true) -final class OAuth2AuthorizationRequestDeserializer extends JsonDeserializer { - - private static final StdConverter AUTHORIZATION_GRANT_TYPE_CONVERTER = new StdConverters.AuthorizationGrantTypeConverter(); - - @Override - public OAuth2AuthorizationRequest deserialize(JsonParser parser, DeserializationContext context) - throws IOException { - ObjectMapper mapper = (ObjectMapper) parser.getCodec(); - JsonNode root = mapper.readTree(parser); - return deserialize(parser, mapper, root); - } - - private OAuth2AuthorizationRequest deserialize(JsonParser parser, ObjectMapper mapper, JsonNode root) - throws JsonParseException { - AuthorizationGrantType authorizationGrantType = AUTHORIZATION_GRANT_TYPE_CONVERTER - .convert(JsonNodeUtils.findObjectNode(root, "authorizationGrantType")); - Builder builder = getBuilder(parser, authorizationGrantType); - builder.authorizationUri(JsonNodeUtils.findStringValue(root, "authorizationUri")); - builder.clientId(JsonNodeUtils.findStringValue(root, "clientId")); - builder.redirectUri(JsonNodeUtils.findStringValue(root, "redirectUri")); - builder.scopes(JsonNodeUtils.findValue(root, "scopes", JsonNodeUtils.STRING_SET, mapper)); - builder.state(JsonNodeUtils.findStringValue(root, "state")); - builder.additionalParameters( - JsonNodeUtils.findValue(root, "additionalParameters", JsonNodeUtils.STRING_OBJECT_MAP, mapper)); - builder.authorizationRequestUri(JsonNodeUtils.findStringValue(root, "authorizationRequestUri")); - builder.attributes(JsonNodeUtils.findValue(root, "attributes", JsonNodeUtils.STRING_OBJECT_MAP, mapper)); - return builder.build(); - } - - private OAuth2AuthorizationRequest.Builder getBuilder(JsonParser parser, - AuthorizationGrantType authorizationGrantType) throws JsonParseException { - if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(authorizationGrantType)) { - return OAuth2AuthorizationRequest.authorizationCode(); - } - throw new JsonParseException(parser, "Invalid authorizationGrantType"); - } - -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixin.java deleted file mode 100644 index ea91168d2d7..00000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixin.java +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonTypeInfo; -import com.fasterxml.jackson.databind.annotation.JsonDeserialize; - -import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; - -/** - * This mixin class is used to serialize/deserialize {@link OAuth2AuthorizationRequest}. - * It also registers a custom deserializer {@link OAuth2AuthorizationRequestDeserializer}. - * - * @author Joe Grandja - * @since 5.3 - * @see OAuth2AuthorizationRequest - * @see OAuth2AuthorizationRequestDeserializer - * @see OAuth2ClientJackson2Module - * @deprecated as of 7.0 in favor of - * {@code org.springframework.security.oauth2.client.jackson.OAuth2AuthorizationRequestMixin} - * based on Jackson 3 - */ -@Deprecated(forRemoval = true) -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS) -@JsonDeserialize(using = OAuth2AuthorizationRequestDeserializer.class) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, - isGetterVisibility = JsonAutoDetect.Visibility.NONE) -@JsonIgnoreProperties(ignoreUnknown = true) -abstract class OAuth2AuthorizationRequestMixin { - -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixin.java deleted file mode 100644 index 4afc7a7d740..00000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixin.java +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - -import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; -import org.springframework.security.oauth2.client.registration.ClientRegistration; -import org.springframework.security.oauth2.core.OAuth2AccessToken; -import org.springframework.security.oauth2.core.OAuth2RefreshToken; - -/** - * This mixin class is used to serialize/deserialize {@link OAuth2AuthorizedClient}. - * - * @author Joe Grandja - * @since 5.3 - * @see OAuth2AuthorizedClient - * @see OAuth2ClientJackson2Module - * @deprecated as of 7.0 in favor of - * {@code org.springframework.security.oauth2.client.jackson.OAuth2AuthorizedClientMixin} - * based on Jackson 3 - */ -@Deprecated(forRemoval = true) -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, - isGetterVisibility = JsonAutoDetect.Visibility.NONE) -@JsonIgnoreProperties(ignoreUnknown = true) -abstract class OAuth2AuthorizedClientMixin { - - @JsonCreator - OAuth2AuthorizedClientMixin(@JsonProperty("clientRegistration") ClientRegistration clientRegistration, - @JsonProperty("principalName") String principalName, - @JsonProperty("accessToken") OAuth2AccessToken accessToken, - @JsonProperty("refreshToken") OAuth2RefreshToken refreshToken) { - } - -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ClientJackson2Module.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ClientJackson2Module.java deleted file mode 100644 index 3290d284284..00000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ClientJackson2Module.java +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import com.fasterxml.jackson.core.Version; -import com.fasterxml.jackson.databind.module.SimpleModule; - -import org.springframework.security.jackson2.SecurityJackson2Modules; -import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; -import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; -import org.springframework.security.oauth2.client.registration.ClientRegistration; -import org.springframework.security.oauth2.core.OAuth2AccessToken; -import org.springframework.security.oauth2.core.OAuth2AuthenticationException; -import org.springframework.security.oauth2.core.OAuth2Error; -import org.springframework.security.oauth2.core.OAuth2RefreshToken; -import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; -import org.springframework.security.oauth2.core.oidc.OidcIdToken; -import org.springframework.security.oauth2.core.oidc.OidcUserInfo; -import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser; -import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority; -import org.springframework.security.oauth2.core.user.DefaultOAuth2User; -import org.springframework.security.oauth2.core.user.OAuth2UserAuthority; - -/** - * Jackson {@code Module} for {@code spring-security-oauth2-client}, that registers the - * following mix-in annotations: - * - *
    - *
  • {@link OAuth2AuthorizationRequestMixin}
    • - *
  • {@link ClientRegistrationMixin}
    • - *
  • {@link OAuth2AccessTokenMixin}
    • - *
  • {@link OAuth2RefreshTokenMixin}
    • - *
  • {@link OAuth2AuthorizedClientMixin}
    • - *
  • {@link OAuth2UserAuthorityMixin}
    • - *
  • {@link DefaultOAuth2UserMixin}
    • - *
  • {@link OidcIdTokenMixin}
    • - *
  • {@link OidcUserInfoMixin}
    • - *
  • {@link OidcUserAuthorityMixin}
    • - *
  • {@link DefaultOidcUserMixin}
    • - *
  • {@link OAuth2AuthenticationTokenMixin}
    • - *
  • {@link OAuth2AuthenticationExceptionMixin}
    • - *
  • {@link OAuth2ErrorMixin}
    • - *
- * - * If not already enabled, default typing will be automatically enabled as type info is - * required to properly serialize/deserialize objects. In order to use this module just - * add it to your {@code ObjectMapper} configuration. - * - * 
- *     ObjectMapper mapper = new ObjectMapper();
- *     mapper.registerModule(new OAuth2ClientJackson2Module());
- *
- * - * NOTE: Use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get a list - * of all security modules. - * - * @author Joe Grandja - * @since 5.3 - * @see SecurityJackson2Modules - * @see OAuth2AuthorizationRequestMixin - * @see ClientRegistrationMixin - * @see OAuth2AccessTokenMixin - * @see OAuth2RefreshTokenMixin - * @see OAuth2AuthorizedClientMixin - * @see OAuth2UserAuthorityMixin - * @see DefaultOAuth2UserMixin - * @see OidcIdTokenMixin - * @see OidcUserInfoMixin - * @see OidcUserAuthorityMixin - * @see DefaultOidcUserMixin - * @see OAuth2AuthenticationTokenMixin - * @see OAuth2AuthenticationExceptionMixin - * @see OAuth2ErrorMixin - * @deprecated as of 7.0 in favor of - * {@link org.springframework.security.oauth2.client.jackson.OAuth2ClientJacksonModule} - * based on Jackson 3 - */ -@Deprecated(forRemoval = true) -@SuppressWarnings({ "serial", "removal" }) -public class OAuth2ClientJackson2Module extends SimpleModule { - - public OAuth2ClientJackson2Module() { - super(OAuth2ClientJackson2Module.class.getName(), new Version(1, 0, 0, null, null, null)); - } - - @Override - public void setupModule(SetupContext context) { - SecurityJackson2Modules.enableDefaultTyping(context.getOwner()); - context.setMixInAnnotations(OAuth2AuthorizationRequest.class, OAuth2AuthorizationRequestMixin.class); - context.setMixInAnnotations(ClientRegistration.class, ClientRegistrationMixin.class); - context.setMixInAnnotations(OAuth2AccessToken.class, OAuth2AccessTokenMixin.class); - context.setMixInAnnotations(OAuth2RefreshToken.class, OAuth2RefreshTokenMixin.class); - context.setMixInAnnotations(OAuth2AuthorizedClient.class, OAuth2AuthorizedClientMixin.class); - context.setMixInAnnotations(OAuth2UserAuthority.class, OAuth2UserAuthorityMixin.class); - context.setMixInAnnotations(DefaultOAuth2User.class, DefaultOAuth2UserMixin.class); - context.setMixInAnnotations(OidcIdToken.class, OidcIdTokenMixin.class); - context.setMixInAnnotations(OidcUserInfo.class, OidcUserInfoMixin.class); - context.setMixInAnnotations(OidcUserAuthority.class, OidcUserAuthorityMixin.class); - context.setMixInAnnotations(DefaultOidcUser.class, DefaultOidcUserMixin.class); - context.setMixInAnnotations(OAuth2AuthenticationToken.class, OAuth2AuthenticationTokenMixin.class); - context.setMixInAnnotations(OAuth2AuthenticationException.class, OAuth2AuthenticationExceptionMixin.class); - context.setMixInAnnotations(OAuth2Error.class, OAuth2ErrorMixin.class); - } - -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ErrorMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ErrorMixin.java deleted file mode 100644 index 69f25d95252..00000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ErrorMixin.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - -import org.springframework.security.oauth2.core.OAuth2Error; - -/** - * This mixin class is used to serialize/deserialize {@link OAuth2Error} as part of - * {@link org.springframework.security.oauth2.core.OAuth2AuthenticationException}. - * - * @author Dennis Neufeld - * @since 5.3.4 - * @see OAuth2Error - * @see OAuth2AuthenticationExceptionMixin - * @see OAuth2ClientJackson2Module - * @deprecated as of 7.0 in favor of - * {@code org.springframework.security.oauth2.client.jackson.OAuth2ErrorMixin} based on - * Jackson 3 - */ -@Deprecated(forRemoval = true) -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, - isGetterVisibility = JsonAutoDetect.Visibility.NONE) -@JsonIgnoreProperties(ignoreUnknown = true) -abstract class OAuth2ErrorMixin { - - @JsonCreator - OAuth2ErrorMixin(@JsonProperty("errorCode") String errorCode, @JsonProperty("description") String description, - @JsonProperty("uri") String uri) { - } - -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2RefreshTokenMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2RefreshTokenMixin.java deleted file mode 100644 index 2a3eaac28cd..00000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2RefreshTokenMixin.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import java.time.Instant; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - -import org.springframework.security.oauth2.core.OAuth2RefreshToken; - -/** - * This mixin class is used to serialize/deserialize {@link OAuth2RefreshToken}. - * - * @author Joe Grandja - * @since 5.3 - * @see OAuth2RefreshToken - * @see OAuth2ClientJackson2Module - * @deprecated as of 7.0 in favor of - * {@code org.springframework.security.oauth2.client.jackson.OAuth2RefreshTokenMixin} - * based on Jackson 3 - */ -@Deprecated(forRemoval = true) -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, - isGetterVisibility = JsonAutoDetect.Visibility.NONE) -@JsonIgnoreProperties(ignoreUnknown = true) -abstract class OAuth2RefreshTokenMixin { - - @JsonCreator - OAuth2RefreshTokenMixin(@JsonProperty("tokenValue") String tokenValue, @JsonProperty("issuedAt") Instant issuedAt) { - } - -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2UserAuthorityMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2UserAuthorityMixin.java deleted file mode 100644 index d334c4abfed..00000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2UserAuthorityMixin.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import java.util.Map; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - -import org.springframework.security.oauth2.core.user.OAuth2UserAuthority; - -/** - * This mixin class is used to serialize/deserialize {@link OAuth2UserAuthority}. - * - * @author Joe Grandja - * @since 5.3 - * @see OAuth2UserAuthority - * @see OAuth2ClientJackson2Module - * @deprecated as of 7.0 in favor of - * {@code org.springframework.security.oauth2.client.jackson.OAuth2UserAuthorityMixin} - * based on Jackson 3 - */ -@Deprecated(forRemoval = true) -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, - isGetterVisibility = JsonAutoDetect.Visibility.NONE) -@JsonIgnoreProperties(ignoreUnknown = true) -abstract class OAuth2UserAuthorityMixin { - - @JsonCreator - OAuth2UserAuthorityMixin(@JsonProperty("authority") String authority, - @JsonProperty("attributes") Map attributes) { - } - -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcIdTokenMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcIdTokenMixin.java deleted file mode 100644 index 6eba4cd3158..00000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcIdTokenMixin.java +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import java.time.Instant; -import java.util.Map; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - -import org.springframework.security.oauth2.core.oidc.OidcIdToken; - -/** - * This mixin class is used to serialize/deserialize {@link OidcIdToken}. - * - * @author Joe Grandja - * @since 5.3 - * @see OidcIdToken - * @see OAuth2ClientJackson2Module - * @deprecated as of 7.0 in favor of - * {@code org.springframework.security.oauth2.client.jackson.OidcIdTokenMixin} based on - * Jackson 3 - */ -@Deprecated(forRemoval = true) -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, - isGetterVisibility = JsonAutoDetect.Visibility.NONE) -@JsonIgnoreProperties(ignoreUnknown = true) -abstract class OidcIdTokenMixin { - - @JsonCreator - OidcIdTokenMixin(@JsonProperty("tokenValue") String tokenValue, @JsonProperty("issuedAt") Instant issuedAt, - @JsonProperty("expiresAt") Instant expiresAt, @JsonProperty("claims") Map claims) { - } - -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserAuthorityMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserAuthorityMixin.java deleted file mode 100644 index 36769c238bf..00000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserAuthorityMixin.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - -import org.springframework.security.oauth2.core.oidc.OidcIdToken; -import org.springframework.security.oauth2.core.oidc.OidcUserInfo; -import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority; - -/** - * This mixin class is used to serialize/deserialize {@link OidcUserAuthority}. - * - * @author Joe Grandja - * @since 5.3 - * @see OidcUserAuthority - * @see OAuth2ClientJackson2Module - * @deprecated as of 7.0 in favor of - * {@code org.springframework.security.oauth2.client.jackson.OidcUserAuthorityMixin} based - * on Jackson 3 - */ -@Deprecated(forRemoval = true) -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, - isGetterVisibility = JsonAutoDetect.Visibility.NONE) -@JsonIgnoreProperties(value = { "attributes" }, ignoreUnknown = true) -abstract class OidcUserAuthorityMixin { - - @JsonCreator - OidcUserAuthorityMixin(@JsonProperty("authority") String authority, @JsonProperty("idToken") OidcIdToken idToken, - @JsonProperty("userInfo") OidcUserInfo userInfo) { - } - -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserInfoMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserInfoMixin.java deleted file mode 100644 index 22538a54507..00000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserInfoMixin.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import java.util.Map; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - -import org.springframework.security.oauth2.core.oidc.OidcUserInfo; - -/** - * This mixin class is used to serialize/deserialize {@link OidcUserInfo}. - * - * @author Joe Grandja - * @since 5.3 - * @see OidcUserInfo - * @see OAuth2ClientJackson2Module - * @deprecated as of 7.0 in favor of - * {@code org.springframework.security.oauth2.client.jackson.OidcUserInfoMixin} based on - * Jackson 3 - */ -@Deprecated(forRemoval = true) -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, - isGetterVisibility = JsonAutoDetect.Visibility.NONE) -@JsonIgnoreProperties(ignoreUnknown = true) -abstract class OidcUserInfoMixin { - - @JsonCreator - OidcUserInfoMixin(@JsonProperty("claims") Map claims) { - } - -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java deleted file mode 100644 index 2bceb429e38..00000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.util.StdConverter; - -import org.springframework.security.oauth2.core.AuthenticationMethod; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; -import org.springframework.security.oauth2.core.OAuth2AccessToken; - -/** - * {@code StdConverter} implementations. - * - * @author Joe Grandja - * @since 5.3 - * @deprecated as of 7.0 in favor of - * {@code org.springframework.security.oauth2.client.jackson.StdConverters} based on - * Jackson 3 - */ -@Deprecated(forRemoval = true) -abstract class StdConverters { - - static final class AccessTokenTypeConverter extends StdConverter { - - @Override - public OAuth2AccessToken.TokenType convert(JsonNode jsonNode) { - String value = JsonNodeUtils.findStringValue(jsonNode, "value"); - if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(value)) { - return OAuth2AccessToken.TokenType.BEARER; - } - return null; - } - - } - - static final class ClientAuthenticationMethodConverter extends StdConverter { - - @Override - public ClientAuthenticationMethod convert(JsonNode jsonNode) { - String value = JsonNodeUtils.findStringValue(jsonNode, "value"); - return ClientAuthenticationMethod.valueOf(value); - } - - } - - static final class AuthorizationGrantTypeConverter extends StdConverter { - - @Override - public AuthorizationGrantType convert(JsonNode jsonNode) { - String value = JsonNodeUtils.findStringValue(jsonNode, "value"); - if (AuthorizationGrantType.AUTHORIZATION_CODE.getValue().equalsIgnoreCase(value)) { - return AuthorizationGrantType.AUTHORIZATION_CODE; - } - if (AuthorizationGrantType.CLIENT_CREDENTIALS.getValue().equalsIgnoreCase(value)) { - return AuthorizationGrantType.CLIENT_CREDENTIALS; - } - return new AuthorizationGrantType(value); - } - - } - - static final class AuthenticationMethodConverter extends StdConverter { - - @Override - public AuthenticationMethod convert(JsonNode jsonNode) { - String value = JsonNodeUtils.findStringValue(jsonNode, "value"); - if (AuthenticationMethod.HEADER.getValue().equalsIgnoreCase(value)) { - return AuthenticationMethod.HEADER; - } - if (AuthenticationMethod.FORM.getValue().equalsIgnoreCase(value)) { - return AuthenticationMethod.FORM; - } - if (AuthenticationMethod.QUERY.getValue().equalsIgnoreCase(value)) { - return AuthenticationMethod.QUERY; - } - return null; - } - - } - -} diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/package-info.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/package-info.java deleted file mode 100644 index 5477db1b362..00000000000 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/package-info.java +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * Jackson 2 serialization support for OAuth2 client. - */ -package org.springframework.security.oauth2.client.jackson2; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/SupplierClientRegistrationRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/SupplierClientRegistrationRepository.java index 402e9d50390..282bef221ad 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/SupplierClientRegistrationRepository.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/SupplierClientRegistrationRepository.java @@ -58,7 +58,10 @@ public ClientRegistration findByRegistrationId(String registrationId) { * @return an {@code Iterator} */ @Override + @SuppressWarnings("unchecked") public Iterator iterator() { + // The constructor signature ensures that the ClientRegistrationRepository is an + // Iterable return ((Iterable) this.repositorySupplier.get()).iterator(); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java index 39053118228..9e56844d554 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java @@ -59,7 +59,7 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { private OAuth2AuthorizedClientProvider authorizedClientProvider; - private Function contextAttributesMapper; + private Function> contextAttributesMapper; private OAuth2AuthorizationSuccessHandler authorizationSuccessHandler; @@ -182,7 +182,6 @@ public void authorizeWhenClientRegistrationNotFoundThenThrowIllegalArgumentExcep // @formatter:on } - @SuppressWarnings("unchecked") @Test public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) @@ -203,7 +202,6 @@ public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any()); } - @SuppressWarnings("unchecked") @Test public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) @@ -229,7 +227,6 @@ public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() { verify(this.authorizedClientService).saveAuthorizedClient(eq(this.authorizedClient), eq(this.principal)); } - @SuppressWarnings("unchecked") @Test public void authorizeWhenAuthorizedAndSupportedProviderThenReauthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) @@ -260,7 +257,6 @@ public void authorizeWhenAuthorizedAndSupportedProviderThenReauthorized() { verify(this.authorizedClientService).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal)); } - @SuppressWarnings("unchecked") @Test public void reauthorizeWhenUnsupportedProviderThenNotReauthorized() { OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) @@ -278,7 +274,6 @@ public void reauthorizeWhenUnsupportedProviderThenNotReauthorized() { verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any()); } - @SuppressWarnings("unchecked") @Test public void reauthorizeWhenSupportedProviderThenReauthorized() { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, @@ -301,7 +296,6 @@ public void reauthorizeWhenSupportedProviderThenReauthorized() { verify(this.authorizedClientService).saveAuthorizedClient(eq(reauthorizedClient), eq(this.principal)); } - @SuppressWarnings("unchecked") @Test public void reauthorizeWhenRequestAttributeScopeThenMappedToContext() { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java index 48974ca2f54..b186ea9469a 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java @@ -164,7 +164,6 @@ public void authorizeWhenClientRegistrationNotFoundThenThrowIllegalArgumentExcep .verifyError(IllegalArgumentException.class); } - @SuppressWarnings("unchecked") @Test public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) @@ -189,7 +188,6 @@ public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() eq(this.principal)); } - @SuppressWarnings("unchecked") @Test public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) @@ -214,7 +212,6 @@ public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() { verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any()); } - @SuppressWarnings("unchecked") @Test public void authorizeWhenNotAuthorizedAndSupportedProviderAndCustomSuccessHandlerThenInvokeCustomSuccessHandler() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) @@ -395,7 +392,6 @@ public void authorizeWhenOAuth2AuthorizationExceptionAndCustomFailureHandlerThen verify(this.authorizedClientService, never()).saveAuthorizedClient(any(), any()); } - @SuppressWarnings("unchecked") @Test public void authorizeWhenAuthorizedAndSupportedProviderThenReauthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) @@ -428,7 +424,6 @@ public void authorizeWhenAuthorizedAndSupportedProviderThenReauthorized() { verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any()); } - @SuppressWarnings("unchecked") @Test public void reauthorizeWhenUnsupportedProviderThenNotReauthorized() { given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).willReturn(Mono.empty()); @@ -449,7 +444,6 @@ public void reauthorizeWhenUnsupportedProviderThenNotReauthorized() { eq(this.principal)); } - @SuppressWarnings("unchecked") @Test public void reauthorizeWhenSupportedProviderThenReauthorized() { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, @@ -474,7 +468,6 @@ public void reauthorizeWhenSupportedProviderThenReauthorized() { verify(this.authorizedClientService, never()).removeAuthorizedClient(any(), any()); } - @SuppressWarnings("unchecked") @Test public void reauthorizeWhenRequestAttributeScopeThenMappedToContext() { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java index ccef5db5f42..b1235408794 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java @@ -67,10 +67,10 @@ public class OAuth2AuthorizedClientProviderBuilderTests { @BeforeEach public void setup() { - RestClient.Builder restClientBuilder = RestClient.builder().messageConverters((messageConverters) -> { - messageConverters.clear(); - messageConverters.add(new FormHttpMessageConverter()); - messageConverters.add(new OAuth2AccessTokenResponseHttpMessageConverter()); + RestClient.Builder restClientBuilder = RestClient.builder().configureMessageConverters((messageConverters) -> { + // These are added to the front of the list, ahead of defaults + messageConverters.addCustomConverter(new FormHttpMessageConverter()); + messageConverters.addCustomConverter(new OAuth2AccessTokenResponseHttpMessageConverter()); }); this.server = MockRestServiceServer.bindTo(restClientBuilder).build(); RestClient restClient = restClientBuilder.build(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/TokenExchangeOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/TokenExchangeOAuth2AuthorizedClientProviderTests.java index 58ab3e3e0ed..e6cf81e18f3 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/TokenExchangeOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/TokenExchangeOAuth2AuthorizedClientProviderTests.java @@ -73,7 +73,10 @@ public class TokenExchangeOAuth2AuthorizedClientProviderTests { @BeforeEach public void setUp() { this.authorizedClientProvider = new TokenExchangeOAuth2AuthorizedClientProvider(); - this.accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class); + @SuppressWarnings("unchecked") + OAuth2AccessTokenResponseClient responseClient = (OAuth2AccessTokenResponseClient) mock( + OAuth2AccessTokenResponseClient.class); + this.accessTokenResponseClient = responseClient; this.authorizedClientProvider.setAccessTokenResponseClient(this.accessTokenResponseClient); // @formatter:off this.clientRegistration = ClientRegistration.withRegistrationId("token-exchange") @@ -318,6 +321,7 @@ public void authorizeWhenTokenExchangeAndNotAuthorizedAndSubjectTokenResolvesThe @Test public void authorizeWhenCustomSubjectTokenResolverSetThenCalled() { + @SuppressWarnings("unchecked") Function subjectTokenResolver = mock(Function.class); given(subjectTokenResolver.apply(any(OAuth2AuthorizationContext.class))).willReturn(this.subjectToken); this.authorizedClientProvider.setSubjectTokenResolver(subjectTokenResolver); @@ -350,6 +354,7 @@ public void authorizeWhenCustomSubjectTokenResolverSetThenCalled() { @Test public void authorizeWhenCustomActorTokenResolverSetThenCalled() { + @SuppressWarnings("unchecked") Function actorTokenResolver = mock(Function.class); given(actorTokenResolver.apply(any(OAuth2AuthorizationContext.class))).willReturn(this.actorToken); this.authorizedClientProvider.setActorTokenResolver(actorTokenResolver); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/TokenExchangeReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/TokenExchangeReactiveOAuth2AuthorizedClientProviderTests.java index e9902941e0f..5ac48370985 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/TokenExchangeReactiveOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/TokenExchangeReactiveOAuth2AuthorizedClientProviderTests.java @@ -74,7 +74,10 @@ public class TokenExchangeReactiveOAuth2AuthorizedClientProviderTests { @BeforeEach public void setUp() { this.authorizedClientProvider = new TokenExchangeReactiveOAuth2AuthorizedClientProvider(); - this.accessTokenResponseClient = mock(ReactiveOAuth2AccessTokenResponseClient.class); + @SuppressWarnings("unchecked") + ReactiveOAuth2AccessTokenResponseClient mockClient = mock( + ReactiveOAuth2AccessTokenResponseClient.class); + this.accessTokenResponseClient = mockClient; this.authorizedClientProvider.setAccessTokenResponseClient(this.accessTokenResponseClient); // @formatter:off this.clientRegistration = ClientRegistration.withRegistrationId("token-exchange") @@ -322,6 +325,7 @@ public void authorizeWhenTokenExchangeAndNotAuthorizedAndSubjectTokenResolvesThe @Test public void authorizeWhenCustomSubjectTokenResolverSetThenCalled() { + @SuppressWarnings("unchecked") Function> subjectTokenResolver = mock(Function.class); given(subjectTokenResolver.apply(any(OAuth2AuthorizationContext.class))) .willReturn(Mono.just(this.subjectToken)); @@ -355,6 +359,7 @@ public void authorizeWhenCustomSubjectTokenResolverSetThenCalled() { @Test public void authorizeWhenCustomActorTokenResolverSetThenCalled() { + @SuppressWarnings("unchecked") Function> actorTokenResolver = mock(Function.class); given(actorTokenResolver.apply(any(OAuth2AuthorizationContext.class))).willReturn(Mono.just(this.actorToken)); this.authorizedClientProvider.setActorTokenResolver(actorTokenResolver); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java index d6f2c585b9b..dcc6236ea47 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java @@ -162,7 +162,7 @@ public void authenticationWhenOAuth2UserFoundThenSuccess() { OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken()) .block(); assertThat(result.getPrincipal()).isEqualTo(user); - assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities()); + assertThat(result.getAuthorities()).isSubsetOf(user.getAuthorities()); assertThat(result.isAuthenticated()).isTrue(); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultOAuth2TokenRequestHeadersConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultOAuth2TokenRequestHeadersConverterTests.java index 8f87d6e496d..1085ddd2208 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultOAuth2TokenRequestHeadersConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultOAuth2TokenRequestHeadersConverterTests.java @@ -16,8 +16,6 @@ package org.springframework.security.oauth2.client.endpoint; -import java.nio.charset.StandardCharsets; - import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -35,9 +33,6 @@ */ public class DefaultOAuth2TokenRequestHeadersConverterTests { - private static final MediaType APPLICATION_FORM_URLENCODED_UTF8 = new MediaType( - MediaType.APPLICATION_FORM_URLENCODED, StandardCharsets.UTF_8); - private DefaultOAuth2TokenRequestHeadersConverter converter; @BeforeEach diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusJwtClientAuthenticationParametersConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusJwtClientAuthenticationParametersConverterTests.java index 44765913996..f30e0e9a27c 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusJwtClientAuthenticationParametersConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusJwtClientAuthenticationParametersConverterTests.java @@ -66,7 +66,9 @@ public class NimbusJwtClientAuthenticationParametersConverterTests { @BeforeEach public void setup() { - this.jwkResolver = mock(Function.class); + @SuppressWarnings("unchecked") + Function jwkResolverMock = mock(Function.class); + this.jwkResolver = jwkResolverMock; this.converter = new NimbusJwtClientAuthenticationParametersConverter<>(this.jwkResolver); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientAuthorizationCodeTokenResponseClientTests.java index a7a4acb9820..60d6fbebb23 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientAuthorizationCodeTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientAuthorizationCodeTokenResponseClientTests.java @@ -456,10 +456,12 @@ public void getTokenResponseWhenParametersCustomizerSetThenCalled() throws Excep @Test public void getTokenResponseWhenRestClientSetThenCalled() { this.server.enqueue(MockResponses.json("access-token-response.json")); - RestClient restClient = RestClient.builder().messageConverters((messageConverters) -> { - messageConverters.add(0, new FormHttpMessageConverter()); - messageConverters.add(1, new OAuth2AccessTokenResponseHttpMessageConverter()); + RestClient restClient = RestClient.builder().configureMessageConverters((messageConverters) -> { + // These are added to the front of the list, ahead of defaults + messageConverters.addCustomConverter(new FormHttpMessageConverter()); + messageConverters.addCustomConverter(new OAuth2AccessTokenResponseHttpMessageConverter()); }).build(); + RestClient customClient = spy(restClient); this.tokenResponseClient.setRestClient(customClient); ClientRegistration clientRegistration = this.clientRegistration.build(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientClientCredentialsTokenResponseClientTests.java index 77f8adba692..b97fd30cf76 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientClientCredentialsTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientClientCredentialsTokenResponseClientTests.java @@ -455,9 +455,10 @@ public void getTokenResponseWhenParametersCustomizerSetThenCalled() throws Excep @Test public void getTokenResponseWhenRestClientSetThenCalled() { this.server.enqueue(MockResponses.json("access-token-response.json")); - RestClient restClient = RestClient.builder().messageConverters((messageConverters) -> { - messageConverters.add(0, new FormHttpMessageConverter()); - messageConverters.add(1, new OAuth2AccessTokenResponseHttpMessageConverter()); + RestClient restClient = RestClient.builder().configureMessageConverters((messageConverters) -> { + // These are added to the front of the list, ahead of defaults + messageConverters.addCustomConverter(new FormHttpMessageConverter()); + messageConverters.addCustomConverter(new OAuth2AccessTokenResponseHttpMessageConverter()); }).build(); RestClient customClient = spy(restClient); this.tokenResponseClient.setRestClient(customClient); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientRefreshTokenTokenResponseClientTests.java index ea0f883b56c..4171dd466b9 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientRefreshTokenTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientRefreshTokenTokenResponseClientTests.java @@ -478,9 +478,10 @@ public void getTokenResponseWhenParametersCustomizerSetThenCalled() throws Excep @Test public void getTokenResponseWhenRestClientSetThenCalled() { this.server.enqueue(MockResponses.json("access-token-response.json")); - RestClient restClient = RestClient.builder().messageConverters((messageConverters) -> { - messageConverters.add(0, new FormHttpMessageConverter()); - messageConverters.add(1, new OAuth2AccessTokenResponseHttpMessageConverter()); + RestClient restClient = RestClient.builder().configureMessageConverters((messageConverters) -> { + // These are added to the front of the list, ahead of defaults + messageConverters.addCustomConverter(new FormHttpMessageConverter()); + messageConverters.addCustomConverter(new OAuth2AccessTokenResponseHttpMessageConverter()); }).build(); RestClient customClient = spy(restClient); this.tokenResponseClient.setRestClient(customClient); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java index 0ab0f4e3487..1fd241da7f1 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java @@ -131,7 +131,10 @@ public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() t assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); assertThat(accessTokenResponse.getAccessToken().getScopes()) .containsExactly(this.accessToken.getScopes().toArray(new String[0])); - assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo(this.refreshToken.getTokenValue()); + OAuth2RefreshToken token = accessTokenResponse.getRefreshToken(); + assertThat(token).isNotNull() + .extracting(OAuth2RefreshToken::getTokenValue) + .isEqualTo(this.refreshToken.getTokenValue()); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java deleted file mode 100644 index b0949e87ddd..00000000000 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java +++ /dev/null @@ -1,130 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.skyscreamer.jsonassert.JSONAssert; - -import org.springframework.security.jackson2.SecurityJackson2Modules; -import org.springframework.security.oauth2.core.OAuth2AuthenticationException; -import org.springframework.security.oauth2.core.OAuth2Error; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.assertThatExceptionOfType; - -/** - * Tests for {@link OAuth2AuthenticationExceptionMixin}. - * - * @author Dennis Neufeld - * @since 5.3.4 - */ -@SuppressWarnings("removal") -public class OAuth2AuthenticationExceptionMixinTests { - - private ObjectMapper mapper; - - @BeforeEach - public void setup() { - ClassLoader loader = getClass().getClassLoader(); - this.mapper = new ObjectMapper(); - this.mapper.registerModules(SecurityJackson2Modules.getModules(loader)); - } - - @Test - public void serializeWhenMixinRegisteredThenSerializes() throws Exception { - OAuth2AuthenticationException exception = new OAuth2AuthenticationException( - new OAuth2Error("[authorization_request_not_found]", "Authorization Request Not Found", "/foo/bar"), - "Authorization Request Not Found"); - String serializedJson = this.mapper.writeValueAsString(exception); - String expected = asJson(exception); - JSONAssert.assertEquals(expected, serializedJson, true); - } - - @Test - public void serializeWhenRequiredAttributesOnlyThenSerializes() throws Exception { - OAuth2AuthenticationException exception = new OAuth2AuthenticationException( - new OAuth2Error("[authorization_request_not_found]")); - String serializedJson = this.mapper.writeValueAsString(exception); - String expected = asJson(exception); - JSONAssert.assertEquals(expected, serializedJson, true); - } - - @Test - public void deserializeWhenMixinNotRegisteredThenThrowJsonProcessingException() { - String json = asJson(new OAuth2AuthenticationException(new OAuth2Error("[authorization_request_not_found]"))); - assertThatExceptionOfType(JsonProcessingException.class) - .isThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthenticationException.class)); - } - - @Test - public void deserializeWhenMixinRegisteredThenDeserializes() throws Exception { - OAuth2AuthenticationException expected = new OAuth2AuthenticationException( - new OAuth2Error("[authorization_request_not_found]", "Authorization Request Not Found", "/foo/bar"), - "Authorization Request Not Found"); - OAuth2AuthenticationException exception = this.mapper.readValue(asJson(expected), - OAuth2AuthenticationException.class); - assertThat(exception).isNotNull(); - assertThat(exception.getCause()).isNull(); - assertThat(exception.getMessage()).isEqualTo(expected.getMessage()); - OAuth2Error oauth2Error = exception.getError(); - assertThat(oauth2Error).isNotNull(); - assertThat(oauth2Error.getErrorCode()).isEqualTo(expected.getError().getErrorCode()); - assertThat(oauth2Error.getDescription()).isEqualTo(expected.getError().getDescription()); - assertThat(oauth2Error.getUri()).isEqualTo(expected.getError().getUri()); - } - - @Test - public void deserializeWhenRequiredAttributesOnlyThenDeserializes() throws Exception { - OAuth2AuthenticationException expected = new OAuth2AuthenticationException( - new OAuth2Error("[authorization_request_not_found]")); - OAuth2AuthenticationException exception = this.mapper.readValue(asJson(expected), - OAuth2AuthenticationException.class); - assertThat(exception).isNotNull(); - assertThat(exception.getCause()).isNull(); - assertThat(exception.getMessage()).isNull(); - OAuth2Error oauth2Error = exception.getError(); - assertThat(oauth2Error).isNotNull(); - assertThat(oauth2Error.getErrorCode()).isEqualTo(expected.getError().getErrorCode()); - assertThat(oauth2Error.getDescription()).isNull(); - assertThat(oauth2Error.getUri()).isNull(); - } - - private String asJson(OAuth2AuthenticationException exception) { - OAuth2Error error = exception.getError(); - // @formatter:off - return "\n{" - + "\n \"@class\": \"org.springframework.security.oauth2.core.OAuth2AuthenticationException\"," - + "\n \"error\":" - + "\n {" - + "\n \"@class\":\"org.springframework.security.oauth2.core.OAuth2Error\"," - + "\n \"errorCode\":\"" + error.getErrorCode() + "\"," - + "\n \"description\":" + jsonStringOrNull(error.getDescription()) + "," - + "\n \"uri\":" + jsonStringOrNull(error.getUri()) - + "\n }," - + "\n \"detailMessage\":" + jsonStringOrNull(exception.getMessage()) - + "\n}"; - // @formatter:on - } - - private String jsonStringOrNull(String input) { - return (input != null) ? "\"" + input + "\"" : "null"; - } - -} diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java deleted file mode 100644 index 3c30106f4f7..00000000000 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java +++ /dev/null @@ -1,339 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import java.time.Instant; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.List; -import java.util.stream.Collectors; - -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.DeserializationFeature; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.datatype.jsr310.DecimalUtils; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.skyscreamer.jsonassert.JSONAssert; - -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.jackson2.SecurityJackson2Modules; -import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; -import org.springframework.security.oauth2.client.authentication.TestOAuth2AuthenticationTokens; -import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames; -import org.springframework.security.oauth2.core.oidc.OidcIdToken; -import org.springframework.security.oauth2.core.oidc.OidcUserInfo; -import org.springframework.security.oauth2.core.oidc.StandardClaimNames; -import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser; -import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority; -import org.springframework.security.oauth2.core.oidc.user.TestOidcUsers; -import org.springframework.security.oauth2.core.user.DefaultOAuth2User; -import org.springframework.security.oauth2.core.user.OAuth2UserAuthority; -import org.springframework.util.CollectionUtils; -import org.springframework.util.StringUtils; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.assertThatExceptionOfType; - -/** - * Tests for {@link OAuth2AuthenticationTokenMixin}. - * - * @author Joe Grandja - */ -@SuppressWarnings("removal") -public class OAuth2AuthenticationTokenMixinTests { - - private ObjectMapper mapper; - - @BeforeEach - public void setup() { - ClassLoader loader = getClass().getClassLoader(); - this.mapper = new ObjectMapper(); - this.mapper.registerModules(SecurityJackson2Modules.getModules(loader)); - - // see https://github.com/FasterXML/jackson-databind/issues/3052 for details - this.mapper.configure(DeserializationFeature.USE_BIG_DECIMAL_FOR_FLOATS, true); - } - - @Test - public void serializeWhenMixinRegisteredThenSerializes() throws Exception { - // OidcUser - OAuth2AuthenticationToken authentication = TestOAuth2AuthenticationTokens.oidcAuthenticated(); - String expectedJson = asJson(authentication); - String json = this.mapper.writeValueAsString(authentication); - JSONAssert.assertEquals(expectedJson, json, true); - // OAuth2User - authentication = TestOAuth2AuthenticationTokens.authenticated(); - expectedJson = asJson(authentication); - json = this.mapper.writeValueAsString(authentication); - JSONAssert.assertEquals(expectedJson, json, true); - } - - @Test - public void serializeWhenRequiredAttributesOnlyThenSerializes() throws Exception { - DefaultOidcUser principal = TestOidcUsers.create(); - principal = new DefaultOidcUser(principal.getAuthorities(), principal.getIdToken()); - OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(principal, Collections.emptyList(), - "registration-id"); - String expectedJson = asJson(authentication); - String json = this.mapper.writeValueAsString(authentication); - JSONAssert.assertEquals(expectedJson, json, true); - } - - @Test - public void deserializeWhenMixinNotRegisteredThenThrowJsonProcessingException() { - OAuth2AuthenticationToken authentication = TestOAuth2AuthenticationTokens.oidcAuthenticated(); - String json = asJson(authentication); - assertThatExceptionOfType(JsonProcessingException.class) - .isThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthenticationToken.class)); - } - - @Test - public void deserializeWhenMixinRegisteredThenDeserializes() throws Exception { - // OidcUser - OAuth2AuthenticationToken expectedAuthentication = TestOAuth2AuthenticationTokens.oidcAuthenticated(); - String json = asJson(expectedAuthentication); - OAuth2AuthenticationToken authentication = this.mapper.readValue(json, OAuth2AuthenticationToken.class); - assertThat(authentication.getAuthorities()).containsExactlyElementsOf(expectedAuthentication.getAuthorities()); - assertThat(authentication.getDetails()).isEqualTo(expectedAuthentication.getDetails()); - assertThat(authentication.isAuthenticated()).isEqualTo(expectedAuthentication.isAuthenticated()); - assertThat(authentication.getAuthorizedClientRegistrationId()) - .isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId()); - DefaultOidcUser expectedOidcUser = (DefaultOidcUser) expectedAuthentication.getPrincipal(); - DefaultOidcUser oidcUser = (DefaultOidcUser) authentication.getPrincipal(); - assertThat(oidcUser.getAuthorities().containsAll(expectedOidcUser.getAuthorities())).isTrue(); - assertThat(oidcUser.getAttributes()).containsExactlyEntriesOf(expectedOidcUser.getAttributes()); - assertThat(oidcUser.getName()).isEqualTo(expectedOidcUser.getName()); - OidcIdToken expectedIdToken = expectedOidcUser.getIdToken(); - OidcIdToken idToken = oidcUser.getIdToken(); - assertThat(idToken.getTokenValue()).isEqualTo(expectedIdToken.getTokenValue()); - assertThat(idToken.getIssuedAt()).isEqualTo(expectedIdToken.getIssuedAt()); - assertThat(idToken.getExpiresAt()).isEqualTo(expectedIdToken.getExpiresAt()); - assertThat(idToken.getClaims()).containsExactlyEntriesOf(expectedIdToken.getClaims()); - OidcUserInfo expectedUserInfo = expectedOidcUser.getUserInfo(); - OidcUserInfo userInfo = oidcUser.getUserInfo(); - assertThat(userInfo.getClaims()).containsExactlyEntriesOf(expectedUserInfo.getClaims()); - // OAuth2User - expectedAuthentication = TestOAuth2AuthenticationTokens.authenticated(); - json = asJson(expectedAuthentication); - authentication = this.mapper.readValue(json, OAuth2AuthenticationToken.class); - assertThat(authentication.getAuthorities()).containsExactlyElementsOf(expectedAuthentication.getAuthorities()); - assertThat(authentication.getDetails()).isEqualTo(expectedAuthentication.getDetails()); - assertThat(authentication.isAuthenticated()).isEqualTo(expectedAuthentication.isAuthenticated()); - assertThat(authentication.getAuthorizedClientRegistrationId()) - .isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId()); - DefaultOAuth2User expectedOauth2User = (DefaultOAuth2User) expectedAuthentication.getPrincipal(); - DefaultOAuth2User oauth2User = (DefaultOAuth2User) authentication.getPrincipal(); - assertThat(oauth2User.getAuthorities().containsAll(expectedOauth2User.getAuthorities())).isTrue(); - assertThat(oauth2User.getAttributes()).containsExactlyEntriesOf(expectedOauth2User.getAttributes()); - assertThat(oauth2User.getName()).isEqualTo(expectedOauth2User.getName()); - } - - @Test - public void deserializeWhenRequiredAttributesOnlyThenDeserializes() throws Exception { - DefaultOidcUser expectedPrincipal = TestOidcUsers.create(); - expectedPrincipal = new DefaultOidcUser(expectedPrincipal.getAuthorities(), expectedPrincipal.getIdToken()); - OAuth2AuthenticationToken expectedAuthentication = new OAuth2AuthenticationToken(expectedPrincipal, - Collections.emptyList(), "registration-id"); - String json = asJson(expectedAuthentication); - OAuth2AuthenticationToken authentication = this.mapper.readValue(json, OAuth2AuthenticationToken.class); - assertThat(authentication.getAuthorities()).isEmpty(); - assertThat(authentication.getDetails()).isEqualTo(expectedAuthentication.getDetails()); - assertThat(authentication.isAuthenticated()).isEqualTo(expectedAuthentication.isAuthenticated()); - assertThat(authentication.getAuthorizedClientRegistrationId()) - .isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId()); - DefaultOidcUser principal = (DefaultOidcUser) authentication.getPrincipal(); - assertThat(principal.getAuthorities().containsAll(expectedPrincipal.getAuthorities())).isTrue(); - assertThat(principal.getAttributes()).containsExactlyEntriesOf(expectedPrincipal.getAttributes()); - assertThat(principal.getName()).isEqualTo(expectedPrincipal.getName()); - OidcIdToken expectedIdToken = expectedPrincipal.getIdToken(); - OidcIdToken idToken = principal.getIdToken(); - assertThat(idToken.getTokenValue()).isEqualTo(expectedIdToken.getTokenValue()); - assertThat(idToken.getIssuedAt()).isEqualTo(expectedIdToken.getIssuedAt()); - assertThat(idToken.getExpiresAt()).isEqualTo(expectedIdToken.getExpiresAt()); - assertThat(idToken.getClaims()).containsExactlyEntriesOf(expectedIdToken.getClaims()); - assertThat(principal.getUserInfo()).isNull(); - } - - private static String asJson(OAuth2AuthenticationToken authentication) { - String principalJson = (authentication.getPrincipal() instanceof DefaultOidcUser) - ? asJson((DefaultOidcUser) authentication.getPrincipal()) - : asJson((DefaultOAuth2User) authentication.getPrincipal()); - // @formatter:off - return "{\n" + - " \"@class\": \"org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken\",\n" + - " \"principal\": " + principalJson + ",\n" + - " \"authorities\": " + asJson(authentication.getAuthorities(), "java.util.Collections$UnmodifiableRandomAccessList") + ",\n" + - " \"authorizedClientRegistrationId\": \"" + authentication.getAuthorizedClientRegistrationId() + "\",\n" + - " \"details\": null\n" + - "}"; - // @formatter:on - } - - private static String asJson(DefaultOAuth2User oauth2User) { - // @formatter:off - return "{\n" + - " \"@class\": \"org.springframework.security.oauth2.core.user.DefaultOAuth2User\",\n" + - " \"authorities\": " + asJson(oauth2User.getAuthorities(), "java.util.Collections$UnmodifiableSet") + ",\n" + - " \"attributes\": {\n" + - " \"@class\": \"java.util.Collections$UnmodifiableMap\",\n" + - " \"username\": \"user\"\n" + - " },\n" + - " \"nameAttributeKey\": \"username\"\n" + - " }"; - // @formatter:on - } - - private static String asJson(DefaultOidcUser oidcUser) { - // @formatter:off - return "{\n" + - " \"@class\": \"org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser\",\n" + - " \"authorities\": " + asJson(oidcUser.getAuthorities(), "java.util.Collections$UnmodifiableSet") + ",\n" + - " \"idToken\": " + asJson(oidcUser.getIdToken()) + ",\n" + - " \"userInfo\": " + asJson(oidcUser.getUserInfo()) + ",\n" + - " \"nameAttributeKey\": \"" + IdTokenClaimNames.SUB + "\"\n" + - " }"; - // @formatter:on - } - - private static String asJson(Collection authorities, String classTypeInfo) { - OAuth2UserAuthority oauth2UserAuthority = null; - OidcUserAuthority oidcUserAuthority = null; - List simpleAuthorities = new ArrayList<>(); - for (GrantedAuthority authority : authorities) { - if (authority instanceof OidcUserAuthority) { - oidcUserAuthority = (OidcUserAuthority) authority; - } - else if (authority instanceof OAuth2UserAuthority) { - oauth2UserAuthority = (OAuth2UserAuthority) authority; - } - else if (authority instanceof SimpleGrantedAuthority) { - simpleAuthorities.add((SimpleGrantedAuthority) authority); - } - } - String authoritiesJson = (oidcUserAuthority != null) ? asJson(oidcUserAuthority) - : (oauth2UserAuthority != null) ? asJson(oauth2UserAuthority) : ""; - if (!simpleAuthorities.isEmpty()) { - if (StringUtils.hasLength(authoritiesJson)) { - authoritiesJson += ","; - } - authoritiesJson += asJson(simpleAuthorities); - } - // @formatter:off - return "[\n" + - " \"" + classTypeInfo + "\",\n" + - " [" + authoritiesJson + "]\n" + - " ]"; - // @formatter:on - } - - private static String asJson(OAuth2UserAuthority oauth2UserAuthority) { - // @formatter:off - return "{\n" + - " \"@class\": \"org.springframework.security.oauth2.core.user.OAuth2UserAuthority\",\n" + - " \"authority\": \"" + oauth2UserAuthority.getAuthority() + "\",\n" + - " \"userNameAttributeName\": \"username\",\n" + - " \"attributes\": {\n" + - " \"@class\": \"java.util.Collections$UnmodifiableMap\",\n" + - " \"username\": \"user\"\n" + - " }\n" + - " }"; - // @formatter:on - } - - private static String asJson(OidcUserAuthority oidcUserAuthority) { - // @formatter:off - return "{\n" + - " \"@class\": \"org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority\",\n" + - " \"authority\": \"" + oidcUserAuthority.getAuthority() + "\",\n" + - " \"userNameAttributeName\": \"" + oidcUserAuthority.getUserNameAttributeName() + "\",\n" + - " \"idToken\": " + asJson(oidcUserAuthority.getIdToken()) + ",\n" + - " \"userInfo\": " + asJson(oidcUserAuthority.getUserInfo()) + "\n" + - " }"; - // @formatter:on - } - - private static String asJson(List simpleAuthorities) { - // @formatter:off - return simpleAuthorities.stream() - .map((authority) -> "{\n" + - " \"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\",\n" + - " \"authority\": \"" + authority.getAuthority() + "\"\n" + - " }") - .collect(Collectors.joining(",")); - // @formatter:on - } - - private static String asJson(OidcIdToken idToken) { - String aud = ""; - if (!CollectionUtils.isEmpty(idToken.getAudience())) { - aud = StringUtils.collectionToDelimitedString(idToken.getAudience(), ",", "\"", "\""); - } - // @formatter:off - return "{\n" + - " \"@class\": \"org.springframework.security.oauth2.core.oidc.OidcIdToken\",\n" + - " \"tokenValue\": \"" + idToken.getTokenValue() + "\",\n" + - " \"issuedAt\": " + toString(idToken.getIssuedAt()) + ",\n" + - " \"expiresAt\": " + toString(idToken.getExpiresAt()) + ",\n" + - " \"claims\": {\n" + - " \"@class\": \"java.util.Collections$UnmodifiableMap\",\n" + - " \"iat\": [\n" + - " \"java.time.Instant\",\n" + - " " + toString(idToken.getIssuedAt()) + "\n" + - " ],\n" + - " \"exp\": [\n" + - " \"java.time.Instant\",\n" + - " " + toString(idToken.getExpiresAt()) + "\n" + - " ],\n" + - " \"sub\": \"" + idToken.getSubject() + "\",\n" + - " \"iss\": \"" + idToken.getIssuer() + "\",\n" + - " \"aud\": [\n" + - " \"java.util.Collections$UnmodifiableSet\",\n" + - " [" + aud + "]\n" + - " ],\n" + - " \"azp\": \"" + idToken.getAuthorizedParty() + "\"\n" + - " }\n" + - " }"; - // @formatter:on - } - - private static String asJson(OidcUserInfo userInfo) { - if (userInfo == null) { - return null; - } - // @formatter:off - return "{\n" + - " \"@class\": \"org.springframework.security.oauth2.core.oidc.OidcUserInfo\",\n" + - " \"claims\": {\n" + - " \"@class\": \"java.util.Collections$UnmodifiableMap\",\n" + - " \"sub\": \"" + userInfo.getSubject() + "\",\n" + - " \"name\": \"" + userInfo.getClaim(StandardClaimNames.NAME) + "\"\n" + - " }\n" + - " }"; - // @formatter:on - } - - private static String toString(Instant instant) { - if (instant == null) { - return null; - } - return DecimalUtils.toBigDecimal(instant.getEpochSecond(), instant.getNano()).toString(); - } - -} diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java deleted file mode 100644 index 90c42ff3251..00000000000 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java +++ /dev/null @@ -1,200 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import java.util.LinkedHashMap; -import java.util.Map; -import java.util.stream.Collectors; - -import com.fasterxml.jackson.core.JsonParseException; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.skyscreamer.jsonassert.JSONAssert; - -import org.springframework.security.jackson2.SecurityJackson2Modules; -import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; -import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests; -import org.springframework.util.CollectionUtils; -import org.springframework.util.StringUtils; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.assertThatExceptionOfType; - -/** - * Tests for {@link OAuth2AuthorizationRequestMixin}. - * - * @author Joe Grandja - */ -@SuppressWarnings("removal") -public class OAuth2AuthorizationRequestMixinTests { - - private ObjectMapper mapper; - - private OAuth2AuthorizationRequest.Builder authorizationRequestBuilder; - - @BeforeEach - public void setup() { - ClassLoader loader = getClass().getClassLoader(); - this.mapper = new ObjectMapper(); - this.mapper.registerModules(SecurityJackson2Modules.getModules(loader)); - Map additionalParameters = new LinkedHashMap<>(); - additionalParameters.put("param1", "value1"); - additionalParameters.put("param2", "value2"); - // @formatter:off - this.authorizationRequestBuilder = TestOAuth2AuthorizationRequests.request() - .scope("read", "write") - .additionalParameters(additionalParameters); - // @formatter:on - } - - @Test - public void serializeWhenMixinRegisteredThenSerializes() throws Exception { - OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestBuilder.build(); - String expectedJson = asJson(authorizationRequest); - String json = this.mapper.writeValueAsString(authorizationRequest); - JSONAssert.assertEquals(expectedJson, json, true); - } - - @Test - public void serializeWhenRequiredAttributesOnlyThenSerializes() throws Exception { - // @formatter:off - OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestBuilder - .scopes(null) - .state(null) - .additionalParameters(Map::clear) - .attributes(Map::clear) - .build(); - // @formatter:on - String expectedJson = asJson(authorizationRequest); - String json = this.mapper.writeValueAsString(authorizationRequest); - JSONAssert.assertEquals(expectedJson, json, true); - } - - @Test - public void deserializeWhenMixinNotRegisteredThenThrowJsonProcessingException() { - String json = asJson(this.authorizationRequestBuilder.build()); - assertThatExceptionOfType(JsonProcessingException.class) - .isThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthorizationRequest.class)); - } - - @Test - public void deserializeWhenMixinRegisteredThenDeserializes() throws Exception { - OAuth2AuthorizationRequest expectedAuthorizationRequest = this.authorizationRequestBuilder.build(); - String json = asJson(expectedAuthorizationRequest); - OAuth2AuthorizationRequest authorizationRequest = this.mapper.readValue(json, OAuth2AuthorizationRequest.class); - assertThat(authorizationRequest.getAuthorizationUri()) - .isEqualTo(expectedAuthorizationRequest.getAuthorizationUri()); - assertThat(authorizationRequest.getGrantType()).isEqualTo(expectedAuthorizationRequest.getGrantType()); - assertThat(authorizationRequest.getResponseType()).isEqualTo(expectedAuthorizationRequest.getResponseType()); - assertThat(authorizationRequest.getClientId()).isEqualTo(expectedAuthorizationRequest.getClientId()); - assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedAuthorizationRequest.getRedirectUri()); - assertThat(authorizationRequest.getScopes()).isEqualTo(expectedAuthorizationRequest.getScopes()); - assertThat(authorizationRequest.getState()).isEqualTo(expectedAuthorizationRequest.getState()); - assertThat(authorizationRequest.getAdditionalParameters()) - .containsExactlyEntriesOf(expectedAuthorizationRequest.getAdditionalParameters()); - assertThat(authorizationRequest.getAuthorizationRequestUri()) - .isEqualTo(expectedAuthorizationRequest.getAuthorizationRequestUri()); - assertThat(authorizationRequest.getAttributes()) - .containsExactlyEntriesOf(expectedAuthorizationRequest.getAttributes()); - } - - @Test - public void deserializeWhenRequiredAttributesOnlyThenDeserializes() throws Exception { - // @formatter:off - OAuth2AuthorizationRequest expectedAuthorizationRequest = this.authorizationRequestBuilder.scopes(null) - .state(null) - .additionalParameters(Map::clear) - .attributes(Map::clear) - .build(); - // @formatter:on - String json = asJson(expectedAuthorizationRequest); - OAuth2AuthorizationRequest authorizationRequest = this.mapper.readValue(json, OAuth2AuthorizationRequest.class); - assertThat(authorizationRequest.getAuthorizationUri()) - .isEqualTo(expectedAuthorizationRequest.getAuthorizationUri()); - assertThat(authorizationRequest.getGrantType()).isEqualTo(expectedAuthorizationRequest.getGrantType()); - assertThat(authorizationRequest.getResponseType()).isEqualTo(expectedAuthorizationRequest.getResponseType()); - assertThat(authorizationRequest.getClientId()).isEqualTo(expectedAuthorizationRequest.getClientId()); - assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedAuthorizationRequest.getRedirectUri()); - assertThat(authorizationRequest.getScopes()).isEmpty(); - assertThat(authorizationRequest.getState()).isNull(); - assertThat(authorizationRequest.getAdditionalParameters()).isEmpty(); - assertThat(authorizationRequest.getAuthorizationRequestUri()) - .isEqualTo(expectedAuthorizationRequest.getAuthorizationRequestUri()); - assertThat(authorizationRequest.getAttributes()).isEmpty(); - } - - @Test - public void deserializeWhenInvalidAuthorizationGrantTypeThenThrowJsonParseException() { - OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestBuilder.build(); - String json = asJson(authorizationRequest).replace("authorization_code", "client_credentials"); - assertThatExceptionOfType(JsonParseException.class) - .isThrownBy(() -> this.mapper.readValue(json, OAuth2AuthorizationRequest.class)) - .withMessageContaining("Invalid authorizationGrantType"); - } - - private static String asJson(OAuth2AuthorizationRequest authorizationRequest) { - String scopes = ""; - if (!CollectionUtils.isEmpty(authorizationRequest.getScopes())) { - scopes = StringUtils.collectionToDelimitedString(authorizationRequest.getScopes(), ",", "\"", "\""); - } - String additionalParameters = "\"@class\": \"java.util.Collections$UnmodifiableMap\""; - if (!CollectionUtils.isEmpty(authorizationRequest.getAdditionalParameters())) { - additionalParameters += "," + authorizationRequest.getAdditionalParameters() - .keySet() - .stream() - .map((key) -> "\"" + key + "\": \"" + authorizationRequest.getAdditionalParameters().get(key) + "\"") - .collect(Collectors.joining(",")); - } - String attributes = "\"@class\": \"java.util.Collections$UnmodifiableMap\""; - if (!CollectionUtils.isEmpty(authorizationRequest.getAttributes())) { - attributes += "," + authorizationRequest.getAttributes() - .keySet() - .stream() - .map((key) -> "\"" + key + "\": \"" + authorizationRequest.getAttributes().get(key) + "\"") - .collect(Collectors.joining(",")); - } - // @formatter:off - return "{\n" + - " \"@class\": \"org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest\",\n" + - " \"authorizationUri\": \"" + authorizationRequest.getAuthorizationUri() + "\",\n" + - " \"authorizationGrantType\": {\n" + - " \"value\": \"" + authorizationRequest.getGrantType().getValue() + "\"\n" + - " },\n" + - " \"responseType\": {\n" + - " \"value\": \"" + authorizationRequest.getResponseType().getValue() + "\"\n" + - " },\n" + - " \"clientId\": \"" + authorizationRequest.getClientId() + "\",\n" + - " \"redirectUri\": \"" + authorizationRequest.getRedirectUri() + "\",\n" + - " \"scopes\": [\n" + - " \"java.util.Collections$UnmodifiableSet\",\n" + - " [" + scopes + "]\n" + - " ],\n" + - " \"state\": " + ((authorizationRequest.getState() != null) ? "\"" + authorizationRequest.getState() + "\"" : "null") + ",\n" + - " \"additionalParameters\": {\n" + - " " + additionalParameters + "\n" + - " },\n" + - " \"authorizationRequestUri\": \"" + authorizationRequest.getAuthorizationRequestUri() + "\",\n" + - " \"attributes\": {\n" + - " " + attributes + "\n" + - " }\n" + - "}"; - // @formatter:on - } - -} diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java deleted file mode 100644 index a57a0727884..00000000000 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java +++ /dev/null @@ -1,396 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import java.time.Instant; -import java.util.LinkedHashMap; -import java.util.Map; -import java.util.stream.Collectors; - -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.datatype.jsr310.DecimalUtils; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.skyscreamer.jsonassert.JSONAssert; - -import org.springframework.security.jackson2.SecurityJackson2Modules; -import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; -import org.springframework.security.oauth2.client.registration.ClientRegistration; -import org.springframework.security.oauth2.client.registration.TestClientRegistrations; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.OAuth2AccessToken; -import org.springframework.security.oauth2.core.OAuth2RefreshToken; -import org.springframework.security.oauth2.core.TestOAuth2AccessTokens; -import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens; -import org.springframework.util.CollectionUtils; -import org.springframework.util.StringUtils; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.assertThatExceptionOfType; - -/** - * Tests for {@link OAuth2AuthorizedClientMixin}. - * - * @author Joe Grandja - */ -@SuppressWarnings("removal") -public class OAuth2AuthorizedClientMixinTests { - - private ObjectMapper mapper; - - private ClientRegistration.Builder clientRegistrationBuilder; - - private OAuth2AccessToken accessToken; - - private OAuth2RefreshToken refreshToken; - - private String principalName; - - @BeforeEach - public void setup() { - ClassLoader loader = getClass().getClassLoader(); - this.mapper = new ObjectMapper(); - this.mapper.registerModules(SecurityJackson2Modules.getModules(loader)); - Map providerConfigurationMetadata = new LinkedHashMap<>(); - providerConfigurationMetadata.put("config1", "value1"); - providerConfigurationMetadata.put("config2", "value2"); - // @formatter:off - this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration() - .authorizationGrantType(new AuthorizationGrantType("custom-grant")) - .scope("read", "write") - .providerConfigurationMetadata(providerConfigurationMetadata); - // @formatter:on - this.accessToken = TestOAuth2AccessTokens.scopes("read", "write"); - this.refreshToken = TestOAuth2RefreshTokens.refreshToken(); - this.principalName = "principal-name"; - } - - @Test - public void serializeWhenMixinRegisteredThenSerializes() throws Exception { - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistrationBuilder.build(), - this.principalName, this.accessToken, this.refreshToken); - String expectedJson = asJson(authorizedClient); - String json = this.mapper.writeValueAsString(authorizedClient); - JSONAssert.assertEquals(expectedJson, json, true); - } - - @Test - public void serializeWhenRequiredAttributesOnlyThenSerializes() throws Exception { - // @formatter:off - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() - .clientSecret(null) - .clientName(null) - .userInfoUri(null) - .userNameAttributeName(null) - .jwkSetUri(null) - .issuerUri(null) - .build(); - // @formatter:on - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, this.principalName, - TestOAuth2AccessTokens.noScopes()); - String expectedJson = asJson(authorizedClient); - String json = this.mapper.writeValueAsString(authorizedClient); - JSONAssert.assertEquals(expectedJson, json, true); - } - - @Test - public void deserializeWhenMixinNotRegisteredThenThrowJsonProcessingException() { - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistrationBuilder.build(), - this.principalName, this.accessToken); - String json = asJson(authorizedClient); - assertThatExceptionOfType(JsonProcessingException.class) - .isThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthorizedClient.class)); - } - - @Test - public void deserializeWhenMixinRegisteredThenDeserializes() throws Exception { - ClientRegistration expectedClientRegistration = this.clientRegistrationBuilder.build(); - OAuth2AccessToken expectedAccessToken = this.accessToken; - OAuth2RefreshToken expectedRefreshToken = this.refreshToken; - OAuth2AuthorizedClient expectedAuthorizedClient = new OAuth2AuthorizedClient(expectedClientRegistration, - this.principalName, expectedAccessToken, expectedRefreshToken); - String json = asJson(expectedAuthorizedClient); - OAuth2AuthorizedClient authorizedClient = this.mapper.readValue(json, OAuth2AuthorizedClient.class); - ClientRegistration clientRegistration = authorizedClient.getClientRegistration(); - assertThat(clientRegistration.getRegistrationId()).isEqualTo(expectedClientRegistration.getRegistrationId()); - assertThat(clientRegistration.getClientId()).isEqualTo(expectedClientRegistration.getClientId()); - assertThat(clientRegistration.getClientSecret()).isEqualTo(expectedClientRegistration.getClientSecret()); - assertThat(clientRegistration.getClientAuthenticationMethod()) - .isEqualTo(expectedClientRegistration.getClientAuthenticationMethod()); - assertThat(clientRegistration.getAuthorizationGrantType()) - .isEqualTo(expectedClientRegistration.getAuthorizationGrantType()); - assertThat(clientRegistration.getRedirectUri()).isEqualTo(expectedClientRegistration.getRedirectUri()); - assertThat(clientRegistration.getScopes()).isEqualTo(expectedClientRegistration.getScopes()); - assertThat(clientRegistration.getProviderDetails().getAuthorizationUri()) - .isEqualTo(expectedClientRegistration.getProviderDetails().getAuthorizationUri()); - assertThat(clientRegistration.getProviderDetails().getTokenUri()) - .isEqualTo(expectedClientRegistration.getProviderDetails().getTokenUri()); - assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri()) - .isEqualTo(expectedClientRegistration.getProviderDetails().getUserInfoEndpoint().getUri()); - assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()) - .isEqualTo(expectedClientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()); - assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName()).isEqualTo( - expectedClientRegistration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName()); - assertThat(clientRegistration.getProviderDetails().getJwkSetUri()) - .isEqualTo(expectedClientRegistration.getProviderDetails().getJwkSetUri()); - assertThat(clientRegistration.getProviderDetails().getIssuerUri()) - .isEqualTo(expectedClientRegistration.getProviderDetails().getIssuerUri()); - assertThat(clientRegistration.getProviderDetails().getConfigurationMetadata()) - .containsExactlyEntriesOf(clientRegistration.getProviderDetails().getConfigurationMetadata()); - assertThat(clientRegistration.getClientName()).isEqualTo(expectedClientRegistration.getClientName()); - assertThat(authorizedClient.getPrincipalName()).isEqualTo(expectedAuthorizedClient.getPrincipalName()); - OAuth2AccessToken accessToken = authorizedClient.getAccessToken(); - assertThat(accessToken.getTokenType()).isEqualTo(expectedAccessToken.getTokenType()); - assertThat(accessToken.getScopes()).isEqualTo(expectedAccessToken.getScopes()); - assertThat(accessToken.getTokenValue()).isEqualTo(expectedAccessToken.getTokenValue()); - assertThat(accessToken.getIssuedAt()).isEqualTo(expectedAccessToken.getIssuedAt()); - assertThat(accessToken.getExpiresAt()).isEqualTo(expectedAccessToken.getExpiresAt()); - OAuth2RefreshToken refreshToken = authorizedClient.getRefreshToken(); - assertThat(refreshToken.getTokenValue()).isEqualTo(expectedRefreshToken.getTokenValue()); - assertThat(refreshToken.getIssuedAt()).isEqualTo(expectedRefreshToken.getIssuedAt()); - assertThat(refreshToken.getExpiresAt()).isEqualTo(expectedRefreshToken.getExpiresAt()); - } - - @Test - public void deserializeWhenRequiredAttributesOnlyThenDeserializes() throws Exception { - // @formatter:off - ClientRegistration expectedClientRegistration = TestClientRegistrations.clientRegistration() - .clientSecret(null) - .clientName(null) - .userInfoUri(null) - .userNameAttributeName(null) - .jwkSetUri(null) - .issuerUri(null) - .build(); - // @formatter:on - OAuth2AccessToken expectedAccessToken = TestOAuth2AccessTokens.noScopes(); - OAuth2AuthorizedClient expectedAuthorizedClient = new OAuth2AuthorizedClient(expectedClientRegistration, - this.principalName, expectedAccessToken); - String json = asJson(expectedAuthorizedClient); - OAuth2AuthorizedClient authorizedClient = this.mapper.readValue(json, OAuth2AuthorizedClient.class); - ClientRegistration clientRegistration = authorizedClient.getClientRegistration(); - assertThat(clientRegistration.getRegistrationId()).isEqualTo(expectedClientRegistration.getRegistrationId()); - assertThat(clientRegistration.getClientId()).isEqualTo(expectedClientRegistration.getClientId()); - assertThat(clientRegistration.getClientSecret()).isEmpty(); - assertThat(clientRegistration.getClientAuthenticationMethod()) - .isEqualTo(expectedClientRegistration.getClientAuthenticationMethod()); - assertThat(clientRegistration.getAuthorizationGrantType()) - .isEqualTo(expectedClientRegistration.getAuthorizationGrantType()); - assertThat(clientRegistration.getRedirectUri()).isEqualTo(expectedClientRegistration.getRedirectUri()); - assertThat(clientRegistration.getScopes()).isEqualTo(expectedClientRegistration.getScopes()); - assertThat(clientRegistration.getProviderDetails().getAuthorizationUri()) - .isEqualTo(expectedClientRegistration.getProviderDetails().getAuthorizationUri()); - assertThat(clientRegistration.getProviderDetails().getTokenUri()) - .isEqualTo(expectedClientRegistration.getProviderDetails().getTokenUri()); - assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri()).isNull(); - assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()) - .isEqualTo(expectedClientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()); - assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName()).isNull(); - assertThat(clientRegistration.getProviderDetails().getJwkSetUri()).isNull(); - assertThat(clientRegistration.getProviderDetails().getIssuerUri()).isNull(); - assertThat(clientRegistration.getProviderDetails().getConfigurationMetadata()).isEmpty(); - assertThat(clientRegistration.getClientName()).isEqualTo(clientRegistration.getRegistrationId()); - assertThat(authorizedClient.getPrincipalName()).isEqualTo(expectedAuthorizedClient.getPrincipalName()); - OAuth2AccessToken accessToken = authorizedClient.getAccessToken(); - assertThat(accessToken.getTokenType()).isEqualTo(expectedAccessToken.getTokenType()); - assertThat(accessToken.getScopes()).isEmpty(); - assertThat(accessToken.getTokenValue()).isEqualTo(expectedAccessToken.getTokenValue()); - assertThat(accessToken.getIssuedAt()).isEqualTo(expectedAccessToken.getIssuedAt()); - assertThat(accessToken.getExpiresAt()).isEqualTo(expectedAccessToken.getExpiresAt()); - assertThat(authorizedClient.getRefreshToken()).isNull(); - } - - @Test - void deserializeWhenClientSettingsPropertyDoesNotExistThenDefaulted() throws JsonProcessingException { - // ClientRegistration.clientSettings was added later, so old values will be - // serialized without that property - // this test checks for passivity - ClientRegistration clientRegistration = this.clientRegistrationBuilder.build(); - ClientRegistration.ProviderDetails providerDetails = clientRegistration.getProviderDetails(); - ClientRegistration.ProviderDetails.UserInfoEndpoint userInfoEndpoint = providerDetails.getUserInfoEndpoint(); - String scopes = ""; - if (!CollectionUtils.isEmpty(clientRegistration.getScopes())) { - scopes = StringUtils.collectionToDelimitedString(clientRegistration.getScopes(), ",", "\"", "\""); - } - String configurationMetadata = "\"@class\": \"java.util.Collections$UnmodifiableMap\""; - if (!CollectionUtils.isEmpty(providerDetails.getConfigurationMetadata())) { - configurationMetadata += "," + providerDetails.getConfigurationMetadata() - .keySet() - .stream() - .map((key) -> "\"" + key + "\": \"" + providerDetails.getConfigurationMetadata().get(key) + "\"") - .collect(Collectors.joining(",")); - } - // @formatter:off - String json = "{\n" + - " \"@class\": \"org.springframework.security.oauth2.client.registration.ClientRegistration\",\n" + - " \"registrationId\": \"" + clientRegistration.getRegistrationId() + "\",\n" + - " \"clientId\": \"" + clientRegistration.getClientId() + "\",\n" + - " \"clientSecret\": \"" + clientRegistration.getClientSecret() + "\",\n" + - " \"clientAuthenticationMethod\": {\n" + - " \"value\": \"" + clientRegistration.getClientAuthenticationMethod().getValue() + "\"\n" + - " },\n" + - " \"authorizationGrantType\": {\n" + - " \"value\": \"" + clientRegistration.getAuthorizationGrantType().getValue() + "\"\n" + - " },\n" + - " \"redirectUri\": \"" + clientRegistration.getRedirectUri() + "\",\n" + - " \"scopes\": [\n" + - " \"java.util.Collections$UnmodifiableSet\",\n" + - " [" + scopes + "]\n" + - " ],\n" + - " \"providerDetails\": {\n" + - " \"@class\": \"org.springframework.security.oauth2.client.registration.ClientRegistration$ProviderDetails\",\n" + - " \"authorizationUri\": \"" + providerDetails.getAuthorizationUri() + "\",\n" + - " \"tokenUri\": \"" + providerDetails.getTokenUri() + "\",\n" + - " \"userInfoEndpoint\": {\n" + - " \"@class\": \"org.springframework.security.oauth2.client.registration.ClientRegistration$ProviderDetails$UserInfoEndpoint\",\n" + - " \"uri\": " + ((userInfoEndpoint.getUri() != null) ? "\"" + userInfoEndpoint.getUri() + "\"" : null) + ",\n" + - " \"authenticationMethod\": {\n" + - " \"value\": \"" + userInfoEndpoint.getAuthenticationMethod().getValue() + "\"\n" + - " },\n" + - " \"userNameAttributeName\": " + ((userInfoEndpoint.getUserNameAttributeName() != null) ? "\"" + userInfoEndpoint.getUserNameAttributeName() + "\"" : null) + "\n" + - " },\n" + - " \"jwkSetUri\": " + ((providerDetails.getJwkSetUri() != null) ? "\"" + providerDetails.getJwkSetUri() + "\"" : null) + ",\n" + - " \"issuerUri\": " + ((providerDetails.getIssuerUri() != null) ? "\"" + providerDetails.getIssuerUri() + "\"" : null) + ",\n" + - " \"configurationMetadata\": {\n" + - " " + configurationMetadata + "\n" + - " }\n" + - " },\n" + - " \"clientName\": \"" + clientRegistration.getClientName() + "\"\n" + - "}"; - // @formatter:on - // validate the test input - assertThat(json).doesNotContain("clientSettings"); - ClientRegistration registration = this.mapper.readValue(json, ClientRegistration.class); - // the default value of requireProofKey is false - assertThat(registration.getClientSettings().isRequireProofKey()).isFalse(); - } - - private static String asJson(OAuth2AuthorizedClient authorizedClient) { - // @formatter:off - return "{\n" + - " \"@class\": \"org.springframework.security.oauth2.client.OAuth2AuthorizedClient\",\n" + - " \"clientRegistration\": " + asJson(authorizedClient.getClientRegistration()) + ",\n" + - " \"principalName\": \"" + authorizedClient.getPrincipalName() + "\",\n" + - " \"accessToken\": " + asJson(authorizedClient.getAccessToken()) + ",\n" + - " \"refreshToken\": " + asJson(authorizedClient.getRefreshToken()) + "\n" + - "}"; - // @formatter:on - } - - private static String asJson(ClientRegistration clientRegistration) { - ClientRegistration.ProviderDetails providerDetails = clientRegistration.getProviderDetails(); - ClientRegistration.ProviderDetails.UserInfoEndpoint userInfoEndpoint = providerDetails.getUserInfoEndpoint(); - String scopes = ""; - if (!CollectionUtils.isEmpty(clientRegistration.getScopes())) { - scopes = StringUtils.collectionToDelimitedString(clientRegistration.getScopes(), ",", "\"", "\""); - } - String configurationMetadata = "\"@class\": \"java.util.Collections$UnmodifiableMap\""; - if (!CollectionUtils.isEmpty(providerDetails.getConfigurationMetadata())) { - configurationMetadata += "," + providerDetails.getConfigurationMetadata() - .keySet() - .stream() - .map((key) -> "\"" + key + "\": \"" + providerDetails.getConfigurationMetadata().get(key) + "\"") - .collect(Collectors.joining(",")); - } - // @formatter:off - return "{\n" + - " \"@class\": \"org.springframework.security.oauth2.client.registration.ClientRegistration\",\n" + - " \"registrationId\": \"" + clientRegistration.getRegistrationId() + "\",\n" + - " \"clientId\": \"" + clientRegistration.getClientId() + "\",\n" + - " \"clientSecret\": \"" + clientRegistration.getClientSecret() + "\",\n" + - " \"clientAuthenticationMethod\": {\n" + - " \"value\": \"" + clientRegistration.getClientAuthenticationMethod().getValue() + "\"\n" + - " },\n" + - " \"authorizationGrantType\": {\n" + - " \"value\": \"" + clientRegistration.getAuthorizationGrantType().getValue() + "\"\n" + - " },\n" + - " \"redirectUri\": \"" + clientRegistration.getRedirectUri() + "\",\n" + - " \"scopes\": [\n" + - " \"java.util.Collections$UnmodifiableSet\",\n" + - " [" + scopes + "]\n" + - " ],\n" + - " \"providerDetails\": {\n" + - " \"@class\": \"org.springframework.security.oauth2.client.registration.ClientRegistration$ProviderDetails\",\n" + - " \"authorizationUri\": \"" + providerDetails.getAuthorizationUri() + "\",\n" + - " \"tokenUri\": \"" + providerDetails.getTokenUri() + "\",\n" + - " \"userInfoEndpoint\": {\n" + - " \"@class\": \"org.springframework.security.oauth2.client.registration.ClientRegistration$ProviderDetails$UserInfoEndpoint\",\n" + - " \"uri\": " + ((userInfoEndpoint.getUri() != null) ? "\"" + userInfoEndpoint.getUri() + "\"" : null) + ",\n" + - " \"authenticationMethod\": {\n" + - " \"value\": \"" + userInfoEndpoint.getAuthenticationMethod().getValue() + "\"\n" + - " },\n" + - " \"userNameAttributeName\": " + ((userInfoEndpoint.getUserNameAttributeName() != null) ? "\"" + userInfoEndpoint.getUserNameAttributeName() + "\"" : null) + "\n" + - " },\n" + - " \"jwkSetUri\": " + ((providerDetails.getJwkSetUri() != null) ? "\"" + providerDetails.getJwkSetUri() + "\"" : null) + ",\n" + - " \"issuerUri\": " + ((providerDetails.getIssuerUri() != null) ? "\"" + providerDetails.getIssuerUri() + "\"" : null) + ",\n" + - " \"configurationMetadata\": {\n" + - " " + configurationMetadata + "\n" + - " }\n" + - " },\n" + - " \"clientName\": \"" + clientRegistration.getClientName() + "\",\n" + - " \"clientSettings\": {\n" + - " \"requireProofKey\": " + clientRegistration.getClientSettings().isRequireProofKey() + "\n" + - " }\n" + - "}"; - // @formatter:on - } - - private static String asJson(OAuth2AccessToken accessToken) { - String scopes = ""; - if (!CollectionUtils.isEmpty(accessToken.getScopes())) { - scopes = StringUtils.collectionToDelimitedString(accessToken.getScopes(), ",", "\"", "\""); - } - // @formatter:off - return "{\n" + - " \"@class\": \"org.springframework.security.oauth2.core.OAuth2AccessToken\",\n" + - " \"tokenType\": {\n" + - " \"value\": \"" + accessToken.getTokenType().getValue() + "\"\n" + - " },\n" + - " \"tokenValue\": \"" + accessToken.getTokenValue() + "\",\n" + - " \"issuedAt\": " + toString(accessToken.getIssuedAt()) + ",\n" + - " \"expiresAt\": " + toString(accessToken.getExpiresAt()) + ",\n" + - " \"scopes\": [\n" + - " \"java.util.Collections$UnmodifiableSet\",\n" + - " [" + scopes + "]\n" + - " ]\n" + - "}"; - // @formatter:on - } - - private static String asJson(OAuth2RefreshToken refreshToken) { - if (refreshToken == null) { - return null; - } - // @formatter:off - return "{\n" + - " \"@class\": \"org.springframework.security.oauth2.core.OAuth2RefreshToken\",\n" + - " \"tokenValue\": \"" + refreshToken.getTokenValue() + "\",\n" + - " \"issuedAt\": " + toString(refreshToken.getIssuedAt()) + ",\n" + - " \"expiresAt\": " + toString(refreshToken.getExpiresAt()) + "\n" + - "}"; - // @formatter:on - } - - private static String toString(Instant instant) { - if (instant == null) { - return null; - } - return DecimalUtils.toBigDecimal(instant.getEpochSecond(), instant.getNano()).toString(); - } - -} diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/StdConvertersTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/StdConvertersTests.java deleted file mode 100644 index 8b16e756731..00000000000 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/StdConvertersTests.java +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.client.jackson2; - -import java.util.stream.Stream; - -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.node.JsonNodeFactory; -import com.fasterxml.jackson.databind.node.ObjectNode; -import com.fasterxml.jackson.databind.util.StdConverter; -import org.junit.jupiter.params.ParameterizedTest; -import org.junit.jupiter.params.provider.Arguments; -import org.junit.jupiter.params.provider.MethodSource; - -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; - -import static org.assertj.core.api.Assertions.assertThat; - -@SuppressWarnings("removal") -public class StdConvertersTests { - - private final StdConverter clientAuthenticationMethodConverter = new StdConverters.ClientAuthenticationMethodConverter(); - - @ParameterizedTest - @MethodSource("convertWhenClientAuthenticationMethodConvertedThenDeserializes") - void convertWhenClientAuthenticationMethodConvertedThenDeserializes(String clientAuthenticationMethod) { - ObjectNode jsonNode = JsonNodeFactory.instance.objectNode(); - jsonNode.put("value", clientAuthenticationMethod); - ClientAuthenticationMethod actual = this.clientAuthenticationMethodConverter.convert(jsonNode); - assertThat(actual.getValue()).isEqualTo(clientAuthenticationMethod); - } - - static Stream convertWhenClientAuthenticationMethodConvertedThenDeserializes() { - return Stream.of(Arguments.of(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue()), - Arguments.of(ClientAuthenticationMethod.CLIENT_SECRET_POST.getValue()), - Arguments.of(ClientAuthenticationMethod.PRIVATE_KEY_JWT.getValue()), - Arguments.of(ClientAuthenticationMethod.NONE.getValue()), Arguments.of("custom_method")); - } - -} diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java index d389344cd9f..50040d90e89 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java @@ -50,6 +50,7 @@ import org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService; import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; +import org.springframework.security.oauth2.core.OAuth2RefreshToken; import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; @@ -262,7 +263,7 @@ public void authenticationWhenOAuth2UserFoundThenSuccess() { .authenticate(authorizationCodeAuthentication) .block(); assertThat(result.getPrincipal()).isEqualTo(user); - assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities()); + assertThat(result.getAuthorities()).isSubsetOf(user.getAuthorities()); assertThat(result.isAuthenticated()).isTrue(); } @@ -293,9 +294,9 @@ public void authenticationWhenRefreshTokenThenRefreshTokenInAuthorizedClient() { .authenticate(authorizationCodeAuthentication) .block(); assertThat(result.getPrincipal()).isEqualTo(user); - assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities()); + assertThat(result.getAuthorities()).isSubsetOf(user.getAuthorities()); assertThat(result.isAuthenticated()).isTrue(); - assertThat(result.getRefreshToken().getTokenValue()).isNotNull(); + assertThat(result.getRefreshToken()).isNotNull().extracting(OAuth2RefreshToken::getTokenValue).isNotNull(); } // gh-5368 diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java index b63414308cb..de154e6853c 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java @@ -44,7 +44,6 @@ public class OAuth2UserRequestEntityConverterTests { private OAuth2UserRequestEntityConverter converter = new OAuth2UserRequestEntityConverter(); - @SuppressWarnings("unchecked") @Test public void convertWhenAuthenticationMethodHeaderThenGetRequest() { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java index 51974ec1ee4..6ef7d935d22 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java @@ -48,6 +48,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; +import static org.assertj.core.api.Assertions.assertThatReflectiveOperationException; import static org.mockito.ArgumentMatchers.any; import static org.mockito.BDDMockito.given; import static org.mockito.BDDMockito.willAnswer; @@ -89,7 +90,8 @@ public void setUp() { public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() { Constructor constructor = ClassUtils.getConstructorIfAvailable( OAuth2AuthorizationRequestRedirectFilter.class, ClientRegistrationRepository.class); - assertThatIllegalArgumentException().isThrownBy(() -> constructor.newInstance(null)); + assertThatReflectiveOperationException().isThrownBy(() -> constructor.newInstance((Object) null)) + .withCauseInstanceOf(IllegalArgumentException.class); } @Test @@ -102,7 +104,8 @@ public void constructorWhenAuthorizationRequestBaseUriIsNullThenThrowIllegalArgu public void constructorWhenAuthorizationRequestResolverIsNullThenThrowIllegalArgumentException() { Constructor constructor = ClassUtils.getConstructorIfAvailable( OAuth2AuthorizationRequestRedirectFilter.class, OAuth2AuthorizationRequestResolver.class); - assertThatIllegalArgumentException().isThrownBy(() -> constructor.newInstance(null)); + assertThatReflectiveOperationException().isThrownBy(() -> constructor.newInstance((Object) null)) + .withCauseInstanceOf(IllegalArgumentException.class); } @Test @@ -193,6 +196,7 @@ public void doFilterWhenAuthorizationRequestOAuth2LoginThenAuthorizationRequestS MockHttpServletRequest request = get(requestUri).build(); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); + @SuppressWarnings("unchecked") AuthorizationRequestRepository authorizationRequestRepository = mock( AuthorizationRequestRepository.class); this.filter.setAuthorizationRequestRepository(authorizationRequestRepository); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java index ec3bc6d1c82..38fd3766265 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java @@ -26,6 +26,8 @@ import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.mockito.ArgumentCaptor; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; @@ -96,7 +98,8 @@ public class OAuth2LoginAuthenticationFilterTests { private AuthenticationManager authenticationManager; - private AuthenticationDetailsSource authenticationDetailsSource; + @Mock + private AuthenticationDetailsSource authenticationDetailsSource; private OAuth2LoginAuthenticationToken loginAuthentication; @@ -104,6 +107,7 @@ public class OAuth2LoginAuthenticationFilterTests { @BeforeEach public void setUp() { + MockitoAnnotations.openMocks(this); this.registration1 = TestClientRegistrations.clientRegistration().build(); this.registration2 = TestClientRegistrations.clientRegistration2().build(); this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(this.registration1, @@ -114,7 +118,6 @@ public void setUp() { this.authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository(); this.failureHandler = mock(AuthenticationFailureHandler.class); this.authenticationManager = mock(AuthenticationManager.class); - this.authenticationDetailsSource = mock(AuthenticationDetailsSource.class); this.filter = spy(new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository, this.authorizedClientRepository, OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI)); this.filter.setAuthorizationRequestRepository(this.authorizationRequestRepository); @@ -398,8 +401,11 @@ public void attemptAuthenticationShouldSetAuthenticationDetailsOnAuthenticationR MockHttpServletRequest request = get(requestUri).param(OAuth2ParameterNames.CODE, "code") .param(OAuth2ParameterNames.STATE, state) .build(); + @SuppressWarnings("unchecked") + AuthenticationDetailsSource detailsSource = (AuthenticationDetailsSource) this.authenticationDetailsSource; + WebAuthenticationDetails webAuthenticationDetails = mock(WebAuthenticationDetails.class); - given(this.authenticationDetailsSource.buildDetails(any())).willReturn(webAuthenticationDetails); + given(detailsSource.buildDetails(any())).willReturn(webAuthenticationDetails); MockHttpServletResponse response = new MockHttpServletResponse(); this.setUpAuthorizationRequest(request, response, this.registration2, state); this.setUpAuthenticationResult(this.registration2); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java index b78a8258f6b..ccf2c1b6a15 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java @@ -48,7 +48,7 @@ import org.springframework.http.codec.HttpMessageWriter; import org.springframework.http.codec.ResourceHttpMessageWriter; import org.springframework.http.codec.ServerSentEventHttpMessageWriter; -import org.springframework.http.codec.json.Jackson2JsonEncoder; +import org.springframework.http.codec.json.JacksonJsonEncoder; import org.springframework.http.codec.multipart.MultipartHttpMessageWriter; import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.mock.http.client.reactive.MockClientHttpRequest; @@ -865,7 +865,7 @@ private static String getBody(ClientRequest request) { messageWriters.add(new EncoderHttpMessageWriter<>(new ByteBufferEncoder())); messageWriters.add(new EncoderHttpMessageWriter<>(CharSequenceEncoder.textPlainOnly())); messageWriters.add(new ResourceHttpMessageWriter()); - Jackson2JsonEncoder jsonEncoder = new Jackson2JsonEncoder(); + JacksonJsonEncoder jsonEncoder = new JacksonJsonEncoder(); messageWriters.add(new EncoderHttpMessageWriter<>(jsonEncoder)); messageWriters.add(new ServerSentEventHttpMessageWriter(jsonEncoder)); messageWriters.add(new FormHttpMessageWriter()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java index bdb76b73353..3544c2f1b66 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java @@ -53,7 +53,7 @@ import org.springframework.http.codec.HttpMessageWriter; import org.springframework.http.codec.ResourceHttpMessageWriter; import org.springframework.http.codec.ServerSentEventHttpMessageWriter; -import org.springframework.http.codec.json.Jackson2JsonEncoder; +import org.springframework.http.codec.json.JacksonJsonEncoder; import org.springframework.http.codec.multipart.MultipartHttpMessageWriter; import org.springframework.http.converter.FormHttpMessageConverter; import org.springframework.http.server.reactive.ServerHttpRequest; @@ -354,10 +354,10 @@ public void filterWhenRefreshRequiredThenRefreshAndResponseDoesNotContainRefresh .expiresIn(3600) // .refreshToken(xxx) // No refreshToken in response .build(); - RestClient.Builder builder = RestClient.builder().messageConverters((messageConverters) -> { - messageConverters.clear(); - messageConverters.add(new FormHttpMessageConverter()); - messageConverters.add(new OAuth2AccessTokenResponseHttpMessageConverter()); + RestClient.Builder builder = RestClient.builder().configureMessageConverters((messageConverters) -> { + // These are added to the front of the list, ahead of defaults + messageConverters.addCustomConverter(new FormHttpMessageConverter()); + messageConverters.addCustomConverter(new OAuth2AccessTokenResponseHttpMessageConverter()); }); MockRestServiceServer server = MockRestServiceServer.bindTo(builder).build(); RestClient refreshTokenClient = builder.build(); @@ -807,7 +807,7 @@ private static String getBody(ClientRequest request) { messageWriters.add(new EncoderHttpMessageWriter<>(new ByteBufferEncoder())); messageWriters.add(new EncoderHttpMessageWriter<>(CharSequenceEncoder.textPlainOnly())); messageWriters.add(new ResourceHttpMessageWriter()); - Jackson2JsonEncoder jsonEncoder = new Jackson2JsonEncoder(); + JacksonJsonEncoder jsonEncoder = new JacksonJsonEncoder(); messageWriters.add(new EncoderHttpMessageWriter<>(jsonEncoder)); messageWriters.add(new ServerSentEventHttpMessageWriter(jsonEncoder)); messageWriters.add(new FormHttpMessageWriter()); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java index 79c573d28fd..2b734eeb4a7 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java @@ -35,7 +35,7 @@ import org.springframework.http.codec.DecoderHttpMessageReader; import org.springframework.http.codec.FormHttpMessageReader; import org.springframework.http.codec.HttpMessageReader; -import org.springframework.http.codec.json.Jackson2JsonDecoder; +import org.springframework.http.codec.json.JacksonJsonDecoder; import org.springframework.http.server.reactive.ServerHttpResponse; import org.springframework.mock.http.client.reactive.MockClientHttpResponse; import org.springframework.security.oauth2.core.OAuth2AccessToken; @@ -61,7 +61,7 @@ public void createContext() { final List> messageReaders = new ArrayList<>(); messageReaders.add(new DecoderHttpMessageReader<>(new ByteBufferDecoder())); messageReaders.add(new DecoderHttpMessageReader<>(StringDecoder.allMimeTypes())); - messageReaders.add(new DecoderHttpMessageReader<>(new Jackson2JsonDecoder())); + messageReaders.add(new DecoderHttpMessageReader<>(new JacksonJsonDecoder())); messageReaders.add(new FormHttpMessageReader()); this.hints = new HashMap<>(); this.context = new BodyExtractor.Context() {