diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
new file mode 100644
index 000000000..aaeb72f2a
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,49 @@
+
+
+
+
+### Summary
+
+
+
+### Actual Behavior
+
+
+
+### Expected Behavior
+
+
+
+### Configuration
+
+
+
+### Version
+
+
+
+### Sample
+
+
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 000000000..570bf5e02
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,16 @@
+
+
+
+
+
diff --git a/.gitignore b/.gitignore
index eaf2dd9f7..f68c4b90b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,14 +1,22 @@
+*#
+.#*
+*~
+_site/
*/src/META-INF/
*/src/main/java/META-INF/
samples/*/*/src/main/webapp/META-INF/
+build/
target/
+bin/
.classpath
.project
.DS_Store
.settings/
+.springBeans
*.iml
*.iws
*.ipr
.idea/
+./code/
cargo-installs/
atlassian-ide-plugin.xml
diff --git a/.mvn/jvm.config b/.mvn/jvm.config
new file mode 100644
index 000000000..0e7dabeff
--- /dev/null
+++ b/.mvn/jvm.config
@@ -0,0 +1 @@
+-Xmx1024m -XX:CICompilerCount=1 -XX:TieredStopAtLevel=1 -Djava.security.egd=file:/dev/./urandom
\ No newline at end of file
diff --git a/.mvn/maven.config b/.mvn/maven.config
new file mode 100644
index 000000000..3b8cf46e1
--- /dev/null
+++ b/.mvn/maven.config
@@ -0,0 +1 @@
+-DaltSnapshotDeploymentRepository=repo.spring.io::default::https://repo.spring.io/libs-snapshot-local -P spring
diff --git a/.mvn/wrapper/maven-wrapper.jar b/.mvn/wrapper/maven-wrapper.jar
new file mode 100644
index 000000000..5fd4d5023
Binary files /dev/null and b/.mvn/wrapper/maven-wrapper.jar differ
diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties
new file mode 100644
index 000000000..eb9194764
--- /dev/null
+++ b/.mvn/wrapper/maven-wrapper.properties
@@ -0,0 +1 @@
+distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.3.3/apache-maven-3.3.3-bin.zip
\ No newline at end of file
diff --git a/.travis.yml b/.travis.yml
index dff5f3a5d..2eeabb479 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1 +1,19 @@
language: java
+
+dist: trusty
+
+jdk:
+ - openjdk8
+ - openjdk7
+
+services:
+ - redis-server
+
+install: ./mvnw -U install --quiet -DskipTests=true -P bootstrap
+
+script:
+ - jdk_switcher use openjdk7
+ - ./mvnw clean test -P bootstrap
+ - jdk_switcher use openjdk8
+ - ./mvnw -U clean checkstyle:check -P spring5
+ - ./mvnw -f spring-security-oauth2 -U clean test -P spring5
diff --git a/CODE_OF_CONDUCT.adoc b/CODE_OF_CONDUCT.adoc
new file mode 100644
index 000000000..17783c7c0
--- /dev/null
+++ b/CODE_OF_CONDUCT.adoc
@@ -0,0 +1,44 @@
+= Contributor Code of Conduct
+
+As contributors and maintainers of this project, and in the interest of fostering an open
+and welcoming community, we pledge to respect all people who contribute through reporting
+issues, posting feature requests, updating documentation, submitting pull requests or
+patches, and other activities.
+
+We are committed to making participation in this project a harassment-free experience for
+everyone, regardless of level of experience, gender, gender identity and expression,
+sexual orientation, disability, personal appearance, body size, race, ethnicity, age,
+religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing other's private information, such as physical or electronic addresses,
+ without explicit permission
+* Other unethical or unprofessional conduct
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments,
+commits, code, wiki edits, issues, and other contributions that are not aligned to this
+Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors
+that they deem inappropriate, threatening, offensive, or harmful.
+
+By adopting this Code of Conduct, project maintainers commit themselves to fairly and
+consistently applying these principles to every aspect of managing this project. Project
+maintainers who do not follow or enforce the Code of Conduct may be permanently removed
+from the project team.
+
+This Code of Conduct applies both within project spaces and in public spaces when an
+individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by
+contacting a project maintainer at spring-code-of-conduct@pivotal.io . All complaints will
+be reviewed and investigated and will result in a response that is deemed necessary and
+appropriate to the circumstances. Maintainers are obligated to maintain confidentiality
+with regard to the reporter of an incident.
+
+This Code of Conduct is adapted from the
+https://contributor-covenant.org[Contributor Covenant], version 1.3.0, available at
+https://contributor-covenant.org/version/1/3/0/[contributor-covenant.org/version/1/3/0/]
diff --git a/README.md b/README.md
index 16b62e347..64beaafd3 100644
--- a/README.md
+++ b/README.md
@@ -1,20 +1,35 @@
+# spring-security-oauth is no longer actively maintained by VMware, Inc.
+
+## This project has been replaced by the OAuth2 support provided by [Spring Security](https://spring.io/projects/spring-security) (client and resource server) and [Spring Authorization Server](https://spring.io/projects/spring-authorization-server).
+
+# About
+
This project provides support for using Spring Security with OAuth
(1a) and OAuth2. It provides features for implementing both consumers
and providers of these protocols using standard Spring and Spring
Security programming models and configuration idioms.
+# Code of Conduct
+This project adheres to the Contributor Covenant [code of conduct](CODE_OF_CONDUCT.adoc).
+By participating, you are expected to uphold this code. Please report unacceptable behavior to spring-code-of-conduct@pivotal.io.
+
# Getting Started
-[Dowload](https://github.com/SpringSource/spring-security-oauth/tags)
+[Download](https://github.com/spring-projects/spring-security-oauth/tags)
or clone from
-[GIT](https://github.com/SpringSource/spring-security-oauth) and then
-use Maven (2.2.*):
+[GIT](https://github.com/spring-projects/spring-security-oauth) and then
+use Maven (3.0.\*) and Java (1.6 or better):
$ git clone ...
$ mvn install -P bootstrap
Use the `bootstrap` profile only the first time - it enables some
-repositories that can't be exposed in the poms by default.
+repositories that can't be exposed in the poms by default. You may
+find it useful to add this profile to your local `settings.xml`.
+
+You need to run Redis to get the build to work. You can install this
+using homebrew. Without Redis running the build will lots of Jedis
+connection exceptions
SpringSource ToolSuite users (or Eclipse users with the latest
m2eclipse plugin) can import the projects as existing Maven projects.
@@ -24,41 +39,45 @@ Software License Version 2.0 (see license.txt).
## Samples
-Samples and integration tests are in [a subdirectory](./samples).
-There is a separate README there for orientation and information.
-Once you have installed the artifacts locally (as per the getting
-started instructions above) you should be able to
+Samples and integration tests are in [a subdirectory](samples). There
+is a separate README there for orientation and information. Once you
+have installed the artifacts locally (as per the getting started
+instructions above) you should be able to
$ cd samples/oauth2/tonr
- $ mvn tomcat:run
+ $ mvn tomcat7:run
-and visit the app in your browser at [http://localhost:8080/tonr/][]
+and visit the app in your browser at [http://localhost:8080/tonr2/](http://localhost:8080/tonr2/)
to check that it works. (This is for the OAuth 2.0 sample, for the
-OAuth 1.0a sample just remove the "2" from the directory path.)
+OAuth 1.0a sample just remove the "2" from the directory path.) Integration tests
+require slightly different settings for Tomcat so you need to add a profile:
+
+ $ cd samples/oauth2/tonr
+ $ mvn integration-test -P integration
## Changelog
-Lists of issues addressed per release can be found in
-[JIRA](https://jira.springsource.org/browse/SECOAUTH#selectedTab=com.atlassian.jira.plugin.system.project%3Aversions-panel).
+Lists of issues addressed per release can be found in [github](https://github.com/spring-projects/spring-security-oauth/milestones) (older releases are in
+[JIRA](https://jira.spring.io/browse/SECOAUTH/?selectedTab=com.atlassian.jira.jira-projects-plugin:versions-panel)).
## Additional Resources
-* [Spring Security OAuth Homepage](http://static.springsource.org/spring-security/oauth)
-* [Spring Security OAuth Source](http://github.com/SpringSource/spring-security-oauth)
-* [Spring Security OAuth Forum](http://forum.springsource.org/forumdisplay.php?f=79)
+* [Spring Security OAuth User Guide](https://projects.spring.io/spring-security-oauth/docs/Home.html)
+* [Spring Security OAuth Source](https://github.com/spring-projects/spring-security-oauth)
+* [Stackoverflow](https://stackoverflow.com/questions/tagged/spring-security+spring+oauth)
# Contributing to Spring Security OAuth
Here are some ways for you to get involved in the community:
* Get involved with the Spring community on the Spring Community Forums. Please help out on the
- [forum](http://forum.springsource.org/forumdisplay.php?f=79) by responding to questions and joining the debate.
-* Create [JIRA](https://jira.springsource.org/browse/SECOAUTH) tickets for bugs and new features and comment and
+ [forum](https://forum.spring.io/forumdisplay.php?f=79) by responding to questions and joining the debate.
+* Create [github issues](https://github.com/spring-projects/spring-security-oauth/issues) for bugs and new features and comment and
vote on the ones that you are interested in.
* Github is for social coding: if you want to write code, we encourage contributions through pull requests from
- [forks of this repository](http://help.github.com/forking/). If you want to contribute code this way, please
- reference a JIRA ticket as well covering the specific issue you are addressing.
-* Watch for upcoming articles on Spring by [subscribing](http://www.springsource.org/node/feed) to springframework.org
+ [forks of this repository](https://help.github.com/forking/). If you want to contribute code this way, please
+ reference a github issue as well covering the specific issue you are addressing.
+* Watch for upcoming articles on Spring by [subscribing](https://www.springsource.org/node/feed) to springframework.org
Before we accept a non-trivial patch or pull request we will need you to sign the
[contributor's agreement](https://support.springsource.com/spring_committer_signup).
@@ -72,12 +91,12 @@ None of these is essential for a pull request, but they will all help. They can
request but before a merge.
* Use the Spring Framework code format conventions. Import `eclipse-code-formatter.xml` from the root of the project
- if you are using Eclipse. If using IntelliJ, copy `spring-intellij-code-style.xml` to ~/.IntelliJIdea*/config/codestyles
+ if you are using Eclipse. If using IntelliJ, copy `spring-intellij-code-style.xml` to `~/.IntelliJIdea*/config/codestyles`
and select spring-intellij-code-style from Settings -> Code Styles.
-* Make sure all new .java files to have a simple Javadoc class comment with at least an @author tag identifying you, and
+* Make sure all new .java files have a simple Javadoc class comment with at least an @author tag identifying you, and
preferably at least a paragraph on what the class is for.
* Add the ASF license header comment to all new .java files (copy from existing files in the project)
-* Add yourself as an @author to the .java files that you modify substantially (moew than cosmetic changes).
+* Add yourself as an @author to the .java files that you modify substantially (more than cosmetic changes).
* Add some Javadocs and, if you change the namespace, some XSD doc elements.
* A few unit tests would help a lot as well - someone has to do it.
-* If no-one else is using your branch, please rebase it against the current master (or other target branch in the main project).
+* If no-one else is using your branch, please rebase it against the current main (or other target branch in the main project).
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 000000000..e5a62d0ef
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,4 @@
+redis:
+ image: redis
+ ports:
+ - "6379:6379"
diff --git a/docs/.gitignore b/docs/.gitignore
deleted file mode 100644
index 4d94ec080..000000000
--- a/docs/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-target
-*.ipr
-*.iml
-*.iws
diff --git a/docs/Home.md b/docs/Home.md
deleted file mode 100644
index e5acb0740..000000000
--- a/docs/Home.md
+++ /dev/null
@@ -1,34 +0,0 @@
-# Welcome
-
-OAuth for Spring Security provides an [OAuth](http://oauth.net)
-implementation for
-[Spring Security](http://static.springsource.org/spring-security/site/).
-Support is provided for the implementation of OAuth providers and
-OAuth consumers. There is support for [[Oauth 1(a)|oauth1]] (including
-[[two-legged OAuth|twolegged]], a.k.a. "Signed Fetch") and for
-[[OAuth 2.0|oauth2]].
-
-Applying security to an application is not for the faint of heart, and OAuth is no exception. Before you get started,
-you're going to want to make sure you understand OAuth and the problem it's designed to address. There is good
-documentation at [the OAuth site](http://oauth.net). You will also want to make sure you understand how
-[Spring](http://springframework.org/) and [Spring Security](http://static.springsource.org/spring-security/site/) work.
-
-You're going to want to be quite familiar with both [OAuth](http://oauth.net) (and/or [OAuth2](http://tools.ietf.org/html/draft-ietf-oauth-v2))
-and [Spring Security](http://static.springsource.org/spring-security/site/), to maximize the effectiveness of this developers guide. OAuth for
-Spring Security is tightly tied to both technologies, so the more familiar you are with them, the more likely you'll be to recognize the terminology
-and patterns that are used.
-
-With that, you're ready to get started. Here are some useful links:
-
-* For access to the binaries, use Maven ([[instructions here|downloads]])
-
-* Source code is in github
- [at SpringSource/spring-security-oauth](https://github.com/SpringSource/spring-security-oauth).
-
-* You'll want to see OAuth for Spring Security in action, so here is a
-[[tutorial]]
-
-* Read a more detailed explanation in the [[developer's guide|devguide]].
-
-* For more help and support, checkout the [[support links|support]].
-
diff --git a/docs/_Sidebar.md b/docs/_Sidebar.md
deleted file mode 100644
index 309045857..000000000
--- a/docs/_Sidebar.md
+++ /dev/null
@@ -1,6 +0,0 @@
-* [[Home]]
-* [Tuturial](wiki/tutorial)
-* [OAuth 1.0](wiki/oauth1)
-* [OAuth 2.0](wiki/oauth2)
-* [Downloads](wiki/downloads)
-* [Support](wiki/support)
diff --git a/docs/devguide.md b/docs/devguide.md
deleted file mode 100644
index 2e45399b6..000000000
--- a/docs/devguide.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Developers Guide
-
-## Preparation
-
-You're going to want to be quite familiar with both [OAuth](http://oauth.net) (and/or [OAuth2](http://tools.ietf.org/html/draft-ietf-oauth-v2))
-and [Spring Security](http://static.springsource.org/spring-security/site/), to maximize the effectiveness of this developers guide. OAuth for
-Spring Security is tightly tied to both technologies, so the more familiar you are with them, the more likely you'll be to recognize the terminology
-and patterns that are used.
-
-## Options
-
-Your first decision is whether you need to leverage support for OAuth 1.0, OAuth 2.0, or both.
-
-So pick your poison:
-
-* [[OAuth 1.0|oauth1]]
-* [[OAuth 2|oauth2]]
\ No newline at end of file
diff --git a/docs/downloads.md b/docs/downloads.md
deleted file mode 100644
index 67ada27d1..000000000
--- a/docs/downloads.md
+++ /dev/null
@@ -1,10 +0,0 @@
-# Downloads
-
-OAuth for Spring Security is a Maven-based project.
-
-* groupId: `org.springframework.security.oauth`
-* artifactId: `spring-security-oauth`
-
-To download the jars, just look in the [Maven repository][mavenrepo].
-
-[mavenrepo]: http://shrub.appspot.com/maven.springframework.org/milestone/org/springframework/security/oauth/spring-security-oauth/
diff --git a/docs/oauth1.md b/docs/oauth1.md
deleted file mode 100644
index b4b5ffedf..000000000
--- a/docs/oauth1.md
+++ /dev/null
@@ -1,266 +0,0 @@
-# OAuth 1 Developers Guide
-
-## Introduction
-
-This is the developers guide for the support for OAuth 1.0. For OAuth 2.0, everything is different, so [[see it's developers guide|oauth2]].
-
-This user guide is divided into two parts, the first for the OAuth 1.0 provider, the second for the OAuth 1.0 consumer. Here's a
-TOC for quick navigation:
-
-## OAuth 1.0 Provider
-
-The OAuth 1.0 provider is responsible for managing the OAuth 1.0 consumers that can access its protected resources on behalf of
-a user. The provider does this by managing and verifying the OAuth 1.0 tokens that can be used to access the protected
-resources. Of course, the provider must also supply an interface for the user to confirm that a consumer can be granted
-access to the protected resources (i.e. a confirmation page).
-
-### Managing Consumers
-
-The entry point into your database of consumers is defined by the [`ConsumerDetailsService`][ConsumerDetailsService].
-You must define your own [`ConsumerDetailsService`][ConsumerDetailsService] that will load [`ConsumerDetails`][ConsumerDetails]
-by the _consumer key_. Note the existence of an [in-memory implementation][InMemoryConsumerDetailsService] of
-[`ConsumerDetailsService`][ConsumerDetailsService].
-
-When implementing your [`ConsumerDetailsService`][ConsumerDetailsService] consider returning instances of
-[BaseConsumerDetails][BaseConsumerDetails] which contains additional information about the consumer that may be useful when
-displaying a confirmation screen to the user.
-
-### Managing Tokens
-
-The [`OAuthProviderTokenServices`][OAuthProviderTokenServices] interface defines the operations that are necessary to manage
-OAuth 1.0 tokens. Note the following:
-
-* When a request token is created, care must be taken to ensure that it is not an access token.
-* When a request token is authorized, the authentication must be stored so that the subsequent access token can reference it.
-* When an access token is created, it must reference the authentication that was used to authorized the request token that is used
- to create the access token.
-
-When creating your [`OAuthProviderTokenServices`][OAuthProviderTokenServices] implementation, you may want to consider extending
-the [`RandomValueProviderTokenServices`][RandomValueProviderTokenServices] which creates tokens via random value and handles
-everything except for the persistence of the tokens. There is also an [in-memory implementation][InMemoryProviderTokenServices]
-of the [`OAuthProviderTokenServices`][OAuthProviderTokenServices] that may be suitable, but note that when using the in-memory implementation
-a separate thread is spawned to take care of the cleanup of expired tokens.
-
-### OAuth 1.0 Provider Request Filters
-
-The requests for the tokens and for access to protected resources are handled by standard Spring Security request filters. The following filters
-are required in the Spring Security filter chain in order to implement OAuth 1.0:
-
-* The [`UnauthenticatedRequestTokenProcessingFilter`][UnauthenticatedRequestTokenProcessingFilter] is used to service the request for
- an unauthenticated request token. Default URL: `/oauth_request_token`.
-* The [`UserAuthorizationProcessingFilter`][UserAuthorizationProcessingFilter] is used authorize a request token. The user must be
- authenticated and it is assumed that the user has been presented with the appropriate confirmation page.
-* The [`AccessTokenProcessingFilter`][AccessTokenProcessingFilter] is used to service the request for an OAuth 1.0 access token.
- Default URL: `/oauth_access_token`.
-* The [`ProtectedResourceProcessingFilter`][ProtectedResourceProcessingFilter] is used to load the Authentication for the request given
- an authenticated access token.
-
-### Managing Nonces
-
-The OAuth 1.0 spec also recommends that the nonce that is supplied on every OAuth 1.0 request be checked to ensure it isn't used twice for the
-same timestamp. In order to do this, nonces must be stored and verified on every OAuth 1.0 request. The interface that is used
-to validate nonces is [`OAuthNonceServices`][OAuthNonceServices]. The default implementation, [`ExpiringTimestampNonceServices`][ExpiringTimestampNonceServices],
-does not adhere to this recommendation, but only validates that the timestamp isn't too old. If further assurance is required, you will need
-to supply your own implementation of `OAuthNonceServices`. Note the existence of an [in-memory implementation][InMemoryNonceServices].
-
-### Managing Callbacks
-
-With the 1.0a revision of the OAuth 1.0 specification, the callback URL is provided at the time the request is made for a request token and will be used when
-redirecting the user back to the OAuth 1.0 consumer. Therefore, a means must be provided to persist the callback between requests. The interface that is used
-to persist callbacks is [`OAuthCallbackServices`][OAuthCallbackServices]. The default implementation, [`InMemoryCallbackServices`][InMemoryCallbackServices]
-persists the callbacks in-memory. You must supply your own implementation of `OAuthCallbackServices` if this is inadequate.
-
-### Managing Verifiers
-
-With the 1.0a revision of the OAuth 1.0 specification, the a verifier is provided to the consumer via the user that must be passed back
-to the provider when requesting the access token. Therefore, a means must be provided to create and persist the verifier. The interface
-that is used to this end is [`OAuthVerifierServices`][OAuthVerifierServices]. The default implementation,
-[`RandomValueInMemoryVerifierServices`][RandomValueInMemoryVerifierServices], creates a small, user-friendly (6 readable ASCII characters
-by default) verifier and persists the verifier in memory. You must supply your own implementation of `OAuthVerifierServices` if this is inadequate.
-
-### Authorization By Consumer
-
-It is sometimes required to limit access to a resource to a specific consumer or to a consumer that has specific roles. The classes in the
-[`org.springframework.security.oauth.provider.attributes`][attributes-package] package can be used to do this. Methods can be protected using the
-annotations in that package, and the [`ConsumerSecurityConfig`][ConsumerSecurityConfig] can be supplied to the standard Spring Security filter
-interceptor in order to enable the annotations. Finally, the [`ConsumerSecurityVoter`][ConsumerSecurityVoter] would need to be supplied to the
-Spring Security authentication manager.
-
-### Provider Configuration
-
-For the OAuth 1.0 provider, configuration is simplified using the custom spring configuration elements. The schema for these elements rests at
-[http://www.springframework.org/schema/security/spring-security-oauth.xsd]. The namespace is `http://www.springframework.org/schema/security/oauth`.
-
-The following configuration elements are used to supply provider configuration:
-
-#### The "provider" element
-
-The `provider` element is used to configure the OAuth 1.0 provider mechanism. The following attributes can be applied to the `provider` element:
-
-* `consumer-details-service-ref`: The reference to the bean that defines the consumer details service. This is required if not autowired.
-* `token-services-ref`: The reference to the bean that defines the token services.
-* `request-token-url`: The URL at which a request for an unauthenticated request token will be serviced. Default value: "/oauth_request_token"
-* `authenticate-token-url`: The URL at which a request to authenticate a request token will be serviced. Default value: "/oauth_authenticate_token"
-* `access-token-url`: The URL at which a request for an access token (using an authenticated request token) will be serviced. Default value: "/oauth_access_token"
-* `access-granted-url`: The URL to which the user will be redirected upon authenticating a request token, but only if there was no callback URL supplied from the oauth consumer. Default value: "/"
-* `user-approval-url`: The URL to which the user will be redirected if for some reason authentication of a request token failed. Default behavior is to just issue a "401: unauthorized" response.
-* `nonce-services-ref`: The reference to the bean that defines the nonce services. Default is to supply an instance of `org.springframework.security.oauth.provider.nonce.ExpiringTimestampNonceServices`
-* `callback-services-ref`: The reference to the bean that defines the callback services. Default is to supply an instance of `org.springframework.security.oauth.provider.callback.InMemoryCallbackServices`
-* `verifier-services-ref`: The reference to the bean that defines the verifier services. Default is to supply an instance of `org.springframework.security.oauth.provider.verifier.RandomValueInMemoryVerifierServices`
-* `auth-handler-ref`: The reference to the bean that defines the authentication handler. Default is to supply an instance of `org.springframework.security.oauth.provider.DefaultAuthenticationHandler`
-* `support-ref`: The reference to the bean that defines the provider support logic. Default is to supply an instance of `org.springframework.security.oauth.provider.CoreOAuthProviderSupport`
-* `token-id-param`: The name of the request parameter that specifies to the 'authenticate-token-url' the id of the token that is to be authenticated. Default value: "requestToken".
-* `callback-url-param`: The name of the request parameter that specifies to the 'authenticate-token-url' the callback URL to which the user is to be redirected upon successful authentication. Default value: "callbackURL".
-
-#### The "consumer-details-service" element
-
-The `consumer-details-service` element is used to define an in-memory implementation of the consumer details service. It takes an `id` attribute and an
-arbitrary number of `consumer` child elements that define the following attributes for each consumer:
-
-* `key`: (required) The consumer key.
-* `secret`: (required) The consumer secret.
-* `name`: The (display) name of the consumer.
-* `authorities`: Comma-separated list of authorities (e.g. roles) that are granted to the consumer.
-* `resourceName`: The name of the resource.
-* `resourceDescription`: The description of the resource.
-* `requiredToObtainAuthenticatedToken`: Whether this consumer is required to obtain an authenticated oauth token. If _true_, it means that the OAuth 1.0 consumer won't be granted access to the protected resource unless the user is directed to the token authorization page. If _false_, it means that the provider has an additional level of trust with the consumer. Not requiring an authenticated access token is also known as "2-legged" OAuth or "signed fetch". For more information, see [two-legged OAuth](./twolegged.html).
-
-#### The "token-services" element
-
-The `token-services` element is a simple element that can be used to provide an in-memory implementation of the provider token services.
-It supports an _id_ attribute (bean id) and a _cleanupInterval_ attribute that specifies how often the cleanup thread should wake up (in seconds).
-
-#### The "verifier-services" element
-
-The `verifier-services` element is a simple element that can be used to provide an in-memory implementation of the provider verifier services.
-It supports an `id` attribute (bean id) and a `verifierLengthBytes` attribute that specifies the length of the verifier.
-
-### Configuring An OAuth-Aware Expression Handler
-
-You may want to take advantage of Spring Security's [expression-based access control](http://static.springsource.org/spring-security/site/docs/3.0.x/reference/el-access.html).
-You can register a oauth-aware expression handler with the `expression-handler` element. Use the id of the oauth expression handler to add oauth-aware
-expressions to the built-in expressions.
-
-The expressions include _oauthConsumerHasRole_, _oauthConsumerHasAnyRole_, and _denyOAuthConsumer_ which can be used to provide access based on the role of the
-oauth consumer.
-
-## OAuth 1.0 Consumer
-
-The OAuth 1.0 consumer logic is responsible for (1) obtaining an OAuth 1 access token and (2) signing requests for OAuth 1
-protected resources. OAuth for Spring Security provides a request filter for acquiring the access token, a request filter
-for ensuring that access to certain URLs is locked down to a set of acquired access token, and utilities for making a request
-for a protected resource. A consumer must be responsible for maintaing a list of protected resources that can be accessed and,
-like the provider, a consumer must be responsible for managing the OAuth 1.0 tokens.
-
-If you were discouraged by the complexity of implementing an OAuth 1.0 provider, take heart. Implementation of an OAuth 1.0
-consumer is easier, partially because OAuth 1.0 for Spring Security provides suitable defaults for most cases.
-
-### Managing Protected Resources
-
-A database of protected resources that are accessible by a consumer must be provided through the [`ProtectedResourceDetailsService`][ProtectedResourceDetailsService].
-Each protected resource must provide all information related to obtaining access to it. This includes the URL to obtain a request token, the URL to which to
-redirect the user for authorization, the URL at which to obtain an access token, etc. It also contains various properties that describe the provider of the
-protected resource. Consider the existence of the [`InMemoryProtectedResourceDetailsService`][InMemoryProtectedResourceDetailsService]
-and the [`BaseProtectedResourceDetails`][BaseProtectedResourceDetails] for help in creating the database of protected resources.
-
-### Managing Provider Tokens
-
-Like the provider, the consumer must be responsible for managing the OAuth tokens. The necessary interface for managing the consumer tokens is
-[`OAuthConsumerTokenServices`][OAuthConsumerTokenServices]. Assuming that the consumer can leverage an active HTTP session, the default
-[`HttpSessionBasedTokenServices`][HttpSessionBasedTokenServices] might be adequate, but if you'd like to persist access tokens longer than a user
-session, you'll have to implement your own persistent implementation of the token services.
-
-### OAuth 1.0 Consumer Request Filters
-
-There are two request filters that are applicable to the OAuth consumer logic. The first filter, [`OAuthConsumerContextFilter`][OAuthConsumerContextFilter],
-is responsible for establishing an OAuth-specific security context, very similar to Spring Security's `SecurityContext`. The security
-context simply contains a set of access tokens that have been obtained for the current user. This security context is leveraged when making requests
-for protected resources.
-
-There is another request filter, [`OAuthConsumerProcessingFilter`][OAuthConsumerProcessingFilter], that can be applied to specific URLs or
-URL patterns that require access to a remote protected resource. Putting this filter in Spring Security's filter chain
-will ensure that any access tokens needed for the specified URL patters will be obtained before allowing access to the resources.
-
-### Requesting Protected Resources
-
-The [`OAuthRestTemplate`][OAuthRestTemplate] can be used to make REST-like requests to resources protected by OAuth. It's used just like a standard
-RestTemplate (new in Spring 3), but is supplied with a specific `ProtectedResourcDetails` so it can sign its requests.
-
-### Consumer Configuration
-
-For the OAuth 1.0 consumer, configuration is simplified using the custom spring configuration elements. The schema for these elements rests at
-[http://www.springframework.org/schema/security/spring-security-oauth.xsd](http://www.springframework.org/schema/security/spring-security-oauth.xsd).
-The namespace is `http://www.springframework.org/schema/security/oauth`.
-
-Two custom configuration elements are used to supply provider configuration:
-
-#### The "consumer" element
-
-The `consumer` element configures the OAuth 1.0 consumer mechanism. This element is used to set up the security filter(s) that will handle
-the OAuth consumer logic. The OAuth context filter establishes a context for the OAuth consumer logic. The OAuth access filter is used to
-apply OAuth constraints on specified URLs (request paths) in your application. The access filter is applied by specified one or more `url`
-child elements to the `consumer` element.
-
-The `url` element supports the following attributes:
-
-* `pattern`: (required) The URL pattern.
-* `resources`: (required) Comma-separated list of the ids of the protected resources that the URL requires access to.
-* `httpMethod`: The HTTP method that requires access. Default is all methods.
-
-The `consumer` element also supports the following attributes:
-
-* `resource-details-service-ref`: The reference to the resource details service. This is required if not autowired.
-* `oauth-failure-page`: The page to which to redirect the user if a problem happens during OAuth 1.0 authentication.
-* `entry-point-ref`: Reference to the entry point to use if a problem happens during OAuth 1.0 authentication (overrides _oauth-failure-page_).
-* `path-type`: URL path type. Default value: "ant".
-* `lowercase-comparisons`: Whether to use lowercase comparisons.
-* `support-ref`: Reference to the OAuth 1.0 consumer support logic.
-* `token-services-factory-ref`: Reference to the token services factory.
-
-#### The "resource-details-service" element
-
-The `resource-details-service` element configures an in-memory implementation of the resource details. It supports an "id" attribute
-and an arbitrary number of `resource` child elements which are used to define the protected resources and support the following attributes:
-
-* `id`: (required) The resource id.
-* `key`: (required) The consumer key.
-* `secret`: (required) The shared secret.
-* `request-token-url`: (required) The URL to use to get the OAuth 1.0 request token.
-* `user-authorization-url`: (required) The URL to which to redirect the user to authorize the request token.
-* `access-token-url`: (required) The URL to use to get an OAuth 1.0 access token.
-* `signature-method`: The signature method to use (e.g. "HMAC-SHA1", "PLAINTEXT", etc.). Default "HMAC-SHA1".
-* `user-authorization-token-param`: Name of the request parameter to use to pass the value of the request token when redirecting the user to the authorization page. Default value: "requestToken"
-* `user-authorization-callback-param`: Name of the request parameter to use to pass the value of the callback URL when redirecting the user to the authorization page. Default value: "callbackURL"
-* `accepts-authorization-header`: Whether the provider accepts the HTTP authorization header. Default: "true"
-* `authorization-header-realm`: The "realm" for the HTTP authorization header.
-* `use10a`: Whether the resource is protected using OAuth 1.0a. Default: "true"
-
-[ConsumerDetailsService]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/ConsumerDetailsService.html
-[ConsumerDetails]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/ConsumerDetails.html
-[InMemoryConsumerDetailsService]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/InMemoryConsumerDetailsService.html
-[BaseConsumerDetails]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/BaseConsumerDetails.html
-[OAuthProviderTokenServices]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/token/OAuthProviderTokenServices.html
-[RandomValueProviderTokenServices]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/token/RandomValueProviderTokenServices.html
-[InMemoryProviderTokenServices]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/token/InMemoryProviderTokenServices.html
-[UnauthenticatedRequestTokenProcessingFilter]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/UnauthenticatedRequestTokenProcessingFilter.html
-[UserAuthorizationProcessingFilter]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/UserAuthorizationProcessingFilter.html
-[AccessTokenProcessingFilter]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/AccessTokenProcessingFilter.html
-[ProtectedResourceProcessingFilter]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/ProtectedResourceProcessingFilter.html
-[OAuthNonceServices]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/nonce/OAuthNonceServices.html
-[ExpiringTimestampNonceServices]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/nonce/ExpiringTimestampNonceServices.html
-[InMemoryNonceServices]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/nonce/InMemoryNonceServices.html
-[OAuthCallbackServices]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/callback/OAuthCallbackServices.html
-[InMemoryCallbackServices]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/callback/InMemoryCallbackServices.html
-[OAuthVerifierServices]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/verifier/OAuthVerifierServices.html
-[RandomValueInMemoryVerifierServices]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/verifier/RandomValueInMemoryVerifierServices.html
-[attributes-package]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/attributes/package-summary.html
-[ConsumerSecurityConfig]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/attributes/ConsumerSecurityConfig.html
-[ConsumerSecurityVoter]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/attributes/ConsumerSecurityVoter.html
-[ProtectedResourceDetailsService]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/consumer/ProtectedResourceDetailsService.html
-[InMemoryProtectedResourceDetailsService]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/consumer/InMemoryProtectedResourceDetailsService.html
-[BaseProtectedResourceDetails]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/consumer/BaseProtectedResourceDetails.html
-[OAuthConsumerTokenServices]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/consumer/token/OAuthConsumerTokenServices.html
-[HttpSessionBasedTokenServices]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/consumer/token/HttpSessionBasedTokenServices.html
-[OAuthConsumerContextFilter]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/consumer/OAuthConsumerContextFilter.html
-[OAuthConsumerProcessingFilter]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/consumer/OAuthConsumerProcessingFilter.html
-[OAuthRestTemplate]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/consumer/OAuthRestTemplate.html
\ No newline at end of file
diff --git a/docs/oauth2.md b/docs/oauth2.md
deleted file mode 100644
index 84086bd70..000000000
--- a/docs/oauth2.md
+++ /dev/null
@@ -1,201 +0,0 @@
-# OAuth 2 Developers Guide
-
-## Introduction
-
-This is the user guide for the support for [`OAuth 2.0`](http://tools.ietf.org/html/draft-ietf-oauth-v2). For OAuth 1.0, everything is different, so [see it's user guide][oauth1].
-
-This user guide is divided into two parts, the first for the OAuth 2.0 provider, the second for the OAuth 2.0 client.
-
-## OAuth 2.0 Provider
-
-The OAuth 2.0 provider mechanism is responsible for exposing OAuth 2.0 protected resources. The configuration involves establishing the OAuth 2.0 clients that can access its protected resources on behalf of a user. The provider does this by managing and verifying the OAuth 2.0 tokens that can be used to access the protected resources. Where applicable, the provider must also supply an interface for the user to confirm that a client can be granted access to the protected resources (i.e. a confirmation page).
-
-### Managing Clients
-
-The entry point into your database of clients is defined by the [`ClientDetailsService`][ClientDetailsService]. You must define your own `ClientDetailsService` that will load [`ClientDetails`][ClientDetails] by the . Note the existence of an [in-memory implementation][InMemoryClientDetailsService] of `ClientDetailsService`.
-
-When implementing your `ClientDetailsService` consider returning instances of (or extending) [`BaseClientDetails`][BaseClientDetails].
-
-### Managing Tokens
-
-The [`AuthorizationServerTokenServices`][AuthorizationServerTokenServices] interface defines the operations that are necessary to manage OAuth 2.0 tokens. Note the following:
-
-* When an access token is created, the authentication must be stored so that the subsequent access token can reference it.
-* The access token is used to load the authentication that was used to authorize its creation.
-
-When creating your `AuthorizationServerTokenServices` implementation, you may want to consider using the [`RandomValueTokenServices`][RandomValueTokenServices] which creates tokens via random value and handles everything except for the persistence of the tokens which it delegates to a `TokenStore`.
-
-There is an [in-memory implementation][InMemoryTokenStore] of the `TokenStore` that may be suitable.
-
-## OAuth 2.0 Provider Implementation
-
-The provider role in OAuth 2.0 is actually split between Authorization Service and Resource Service, and while these sometimes reside in the same application, with Spring Security OAuth you have the option to split them across two applications, and also to have multiple Resource Services that share an Authorization Service. The requests for the tokens are handled by Spring MVC controller endpoints, and access to protected resources is handled by standard Spring Security request filters. The following endpoints are required in the Spring Security filter chain in order to implement OAuth 2.0 Authorization Server:
-
-* [`AuthorizationEndpoint`][AuthorizationEndpoint] is used to service requests for authorization. Default URL: `/oauth/authorize`.
-* [`TokenEndpoint`][TokenEndpoint] is used to service requests for access tokens. Default URL: `/oauth/token`.
-
-The following filters are required to implement an OAuth 2.0 Resource Server:
-
-* The [`OAuth2ExceptionHandlerFilter`][OAuth2ExceptionHandlerFilter] is used to handle any errors.
-* The [`OAuth2AuthenticationProcessingFilter`][OAuth2AuthenticationProcessingFilter] is used to load the Authentication for the request given an authenticated access token.
-
-For all the OAuth 2.0 provider features, configuration is simplified using the custom spring configuration elements. The schema for these elements rests at [http://www.springframework.org/schema/security/spring-security-oauth2.xsd][oauth2.xsd]. The namespace is `http://www.springframework.org/schema/security/oauth2`.
-
-## Authorization Server Configuration
-
-As you configure the Authorization Server, you have to consider the grant type that the client is to use to obtain an access token from the end-user (e.g. authorization code, user credentials, refresh token). The configuration of the server is used to provide implementations of the client details service and token services and to enable or disable certain aspects of the mechanism globally. Note, however, that each client can be configured specifically with permissions to be able to use certain authorization mechanisms and access grants. I.e. just because your provider is configured to support the "client credentials" grant type, doesn't mean that a specific client is authorized to use that grant type.
-
-The `` element is used to configure the OAuth 2.0 Authorization Server mechanism. The following attributes can be applied to the `authorization-server` element:
-
-* `client-details-service-ref`: The reference to the bean that defines the client details service.
-* `token-services-ref`: The reference to the bean that defines the token services.
-
-An important aspect of the provider configuration is the way that a authorization code is supplied to an OAuth client. A authorization code is obtained by the OAuth client by directing the end-user to an authorization page where the user can enter her credentials, resulting in a redirection from the provider authorization server back to the OAuth client with the authorization code. Examples of this are elaborated in the OAuth 2 specification.
-
-### Grant Types
-
-The authorization code grant type is configured via the `authorization-code` child element of the `authorization-server` element. The `authorization-code` element supports the following attributes:
-
-* `disabled`: Boolean value specifying whether the authorization code mechanism is disabled. This effectively disables the authorization code grant mechanism.
-* `services-ref`: The reference to the bean that defines the authorization code services (instance of `org.springframework.security.oauth2.provider.code.AuthorizationCodeServices`)
-* `user-approval-page`: The URL of the page that handles the user approval form.
-* `approval-parameter-name`: The name of the form parameter that is used to indicate user approval of the client authentication request.
-
-Other grant types are also included as child elements of the `authorization-server`.
-
-### Configuring Client Details
-
-The `client-details-service` element is used to define an in-memory implementation of the client details service. It takes an `id` attribute and an arbitrary number of `client` child elements that define the following attributes for each client:
-
-* `client-id`: (required) The client id.
-* `secret`: (required) The client secret, if any.
-* `scope`: The scope to which the client is limited (comma-separated). If scope is undefined or empty (the default) the client is not limited by scope.
-* `authorized-grant-types`: Flows that are authorized for the client to use (comma-separated). Default value is "web\_server".
-* `authorities`: Authorities that are granted to the client (comma-separated).
-
-### Configuring the Endpoint URLs
-
-The `` element has some attributes that can be used to change the default endpoint URLs:
-
-* `authorization-endpoint-url`: The URL at which a request for an authorization will be serviced (defaults to `/oauth/authorize`). This URL should be protected using Spring Security so that it is only accessible to authenticated users.
-* `token-endpoint-url`: The URL at which a request for an access token will be serviced (defaults to `/oauth/token`). This URL should be accessible to anonymous users.
-
-If the endpoint URLs are changed in this way via the namespace, then an extra bean definition for a servlet Filter is created with id `oauth2EndpointUrlFilter`. This has to be mapped in your servlet container so that incoming requests with those paths are recognized by the Spring dispatcher servlet. The filter definition in `web.xml` would look like this:
-
-
- oauth2EndpointUrlFilter
- org.springframework.web.filter.DelegatingFilterProxy
-
- contextAttribute
- org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring
-
-
-
-
- oauth2EndpointUrlFilter
- /*
-
-
-
-This filter has to be applied in the right order, so make sure the mapping appears in `web.xml` _before_ the mapping for the Spring Security filter.
-
-### Configuring An OAuth-Aware Expression Handler
-
-You may want to take advantage of Spring Security's [expression-based access control][expressions]. You can register a oauth-aware expression handler with the `expression-handler` element. Use the id of the oauth expression handler to add oauth-aware expressions to the built-in expressions.
-
-The expressions include _oauth2.clientHasRole_, _oauth2.clientHasAnyRole_, and _oath2.denyClient_ which can be used to provide access based on the role of the oauth client.
-
-## Resource Server Configuration
-
-You need to supply the `` element with an `id` attribute - this is the bean id for a servlet `Filter` that can be added to teh standard Spring Security chain, e.g.
-
-
-
- ...
-
-
-
-
-
-
-The following attributes can be applied to the `resource-server` element:
-
-* `token-services-ref`: The reference to the bean that defines the token services.
-* `resource-id`: The id for the resource (optional, but recommended and will be validated by the auth server if present)
-
-## OAuth 2.0 Client
-
-The OAuth 2.0 client mechanism is responsible for access the OAuth 2.0 protected resources of other servers. The configuration involves establishing the relevant protected resources to which users might have access. The client also needs to be supplied with mechanisms for storing authorization codes and access tokens for users.
-
-### Managing Protected Resources
-
-The entry point into your database of protected resources is defined by the [`OAuth2ProtectedResourceDetailsService`][OAuth2ProtectedResourceDetailsService]. You must define your own `OAuth2ProtectedResourceDetailsService` that will load [`OAuth2ProtectedResourceDetails`][OAuth2ProtectedResourceDetails] by id. Note the existence of an [in-memory implementation][InMemoryOAuth2ProtectedResourceDetailsService] of `OAuth2ProtectedResourceDetailsService`, which might be adequate for your needs. See "Configuring Resource Details" for more information.
-
-### Managing Tokens
-
-The [`OAuth2ClientTokenServices`][OAuth2ClientTokenServices] interface defines the operations that are necessary to manage OAuth 2.0 tokens for specific users. There is an in-memory implementation provided, but it's likely you'll need to implement your own service for storing the access tokens and associated authentication instances in a persistent database.
-
-### Client Configuration
-
-For the OAuth 2.0 client, configuration is simplified using the custom spring configuration elements. The schema for these elements rests at [http://www.springframework.org/schema/security/spring-security-oauth2.xsd][oauth2.xsd]. The namespace is `http://www.springframework.org/schema/security/oauth2`. You need to supply the `` element with an `id` attribute - this is the bean id for a servlet `Filter` that can be added to the standard Spring Security chain, e.g.
-
-
-
- ...
-
-
-
-
-
-The `client` element is used to configure the OAuth 2.0 client mechanism. The following attributes can be applied to the `client` element:
-
-* `token-services-ref`: The reference to the bean that stores tokens on behalf of a user. Default value is an instance of [`InMemoryOAuth2ClientTokenServices`][InMemoryOAuth2ClientTokenServices].
-* `resource-details-service-ref`: The reference to the bean that services the known resource details.
-
-### Protected Resource Configuration
-
-Protected resources can be defined using the `resource` configuration element. Each `resource` element is effectively a definition of a bean that is an instance of [`OAuth2ProtectedResourceDetails`][OAuth2ProtectedResourceDetails]. The `resource` element supports the following attributes:
-
-* `id`: The id of the resource. The id is only used by the client to lookup the resource; it's never used in the OAuth protocol. It's also used as the id of the bean.
-* `type`: The type (i.e. "grant type") of the resource. This is used to specify how an access token is to be obtained for this resource. Valid values include "authorization\_code", "password", and "assertion". Default value is "authorization\_code".
-* `client-id`: The OAuth client id. This is the id by with the OAuth provider is to identify your client.
-* `client-secret`: The secret associated with the resource. By default, no secret will be supplied for access to the resource.
-* `access-token-uri`: The URI of the provider OAuth endpoint that provides the access token.
-* `user-authorization-uri`: The uri to which the user will be redirected if the user is ever needed to authorize access to the resource. Note that this is not always required, depending on which OAuth 2 profiles are supported.
-* `scope`: Comma-separted list of string specifying the scope of the access to the resource. By default, no scope will be specified.
-* `client-authentication-scheme`: The scheme used by your client to authenticate to the access token endpoint. Suggested values: "http\_basic" and "form". Default: "http\_basic". See section 2.1 of the OAuth 2 spec.
-
-### Accessing Protected Resources
-
-Once you've supplied all the configuration for the resources, you can now access those resources. The suggested method for accessing those resources is by using [the `RestTemplate` introduced in Spring 3][restTemplate]. OAuth for Spring Security has provided [an extension of RestTemplate][OAuth2RestTemplate] that only needs to be supplied an instance of [`OAuth2ProtectedResourceDetails`][OAuth2ProtectedResourceDetails]. To use it with user-tokens (authorization code grants) you should consider using the XML namespace shortcut `` which creates some request and session scoped context objects so that requests for different users do not collide at runtime.
-
-## Customizations for Clients of External OAuth2 Providers
-
-Some external OAuth2 providers (e.g. [Facebook][Facebook]) do not quite implement the specification correctly, or else they are just stuck on an older version of the spec than Spring Security OAuth. To use those providers in your client application you might need to adapt various parts of the client-side infrastructure.
-
-To use Facebook as an example, there is a Facebook feature in the `tonr2` application (you need to change the configuration to add your own, valid, client id and secret - they are easy to generate on the Facebook website).
-
-Facebook token responses also contain a non-compliant JSON entry for the expiry time of the token (they use `expires` instead of `expires_in`), so if you want to use the expiry time in your application you will have to decode it manually using a custom `OAuth2SerializationService`.
-
- [oauth1]: https://github.com/SpringSource/spring-security-oauth/wiki/oauth1.html "OAuth 1.0a support"
- [AuthorizationEndpoint]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpoint.html "AuthorizationEndpoint"
- [TokenEndpoint]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.html "TokenEndpoint"
- [RandomValueTokenServices]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/token/RandomValueOAuth2ProviderTokenServices.html "RandomValueTokenServices"
- [InMemoryTokenStore]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/token/InMemoryTokenStore.html "InMemoryTokenStore"
- [ClientDetailsService]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/ClientDetailsService.html "ClientDetailsService"
- [ClientDetails]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/ClientDetails.html "ClientDetails"
- [InMemoryClientDetailsService]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/InMemoryClientDetailsService.html "InMemoryClientDetailsService"
- [BaseClientDetails]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/BaseClientDetails.html "BaseClientDetails"
- [AuthorizationServerTokenServices]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/token/AuthorizationServerTokenServices.html "AuthorizationServerTokenServices"
- [OAuth2ExceptionHandlerFilter]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/filter/OAuth2ExceptionHandlerFilter.html "OAuth2ExceptionHandlerFilter"
- [OAuth2AuthenticationProcessingFilter]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/filter/OAuth2AuthenticationProcessingFilter.html "OAuth2AuthenticationProcessingFilter"
- [oauth2.xsd]: http://www.springframework.org/schema/security/spring-security-oauth2.xsd "oauth2.xsd"
- [expressions]: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/el-access.html "Expression Access Control"
- [OAuth2ProtectedResourceDetailsService]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth2/client/OAuth2ProtectedResourceDetailsService.html "OAuth2ProtectedResourceDetailsService"
- [InMemoryOAuth2ProtectedResourceDetailsService]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth2/client/InMemoryOAuth2ProtectedResourceDetailsService.html "InMemoryOAuth2ProtectedResourceDetailsService"
- [InMemoryOAuth2ClientTokenServices]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth2/client/token/service/InMemoryOAuth2ConsumerTokenServices.html "InMemoryOAuth2ClientTokenServices"
- [OAuth2ClientTokenServices]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth2/client/token/OAuth2ClientTokenServices.html "OAuth2ClientTokenServices"
- [restTemplate]: http://static.springsource.org/spring/docs/3.0.x/javadoc-api/org/springframework/web/client/RestTemplate.html "RestTemplate"
- [OAuth2RestTemplate]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth2/client/OAuth2RestTemplate.html "OAuth2RestTemplate"
- [OAuth2ProtectedResourceDetails]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth2/client/OAuth2ProtectedResourceDetails.html "OAuth2ProtectedResourceDetails"
- [Facebook]: http://developers.facebook.com/docs/authentication "Facebook"
diff --git a/docs/support.md b/docs/support.md
deleted file mode 100644
index 56bffc2f3..000000000
--- a/docs/support.md
+++ /dev/null
@@ -1,7 +0,0 @@
-# Support
-
-Questions about OAuth for Spring Security can be posed at the [forum at SpringSource](http://forum.springsource.org/forumdisplay.php?f=79).
-To report bugs, submit enchancement requests or add something to the wish list, use [JIRA](https://jira.springsource.org/browse/SECOAUTH).
-
-Commercial support is available through [Web Cohesion](http://www.webcohesion.com). To inquire about commercial support send an email to
-"info at webcohesion dot com".
\ No newline at end of file
diff --git a/docs/tutorial.md b/docs/tutorial.md
deleted file mode 100644
index 99ffcc1d6..000000000
--- a/docs/tutorial.md
+++ /dev/null
@@ -1,84 +0,0 @@
-# Tutorial
-
-## Introduction
-
-There's a good [getting started guide](http://www.hueniverse.com/hueniverse/2007/10/beginners-gui-1.html) that illustrates OAuth
-1.0 by describing two different (but related) services. One is a photo-sharing application. The other is a photo-printing
-application. In OAuth terms, the photo sharing application is the OAuth _provider_ and the photo printing application
-is the OAuth _consumer_ or _client_.
-
-For this tutorial, we will see OAuth for Spring Security in action by deploying a photo-sharing application and a
-photo-printing application on our local machine. We'll name the photo-sharing application "Sparklr" and the
-photo-printing application "Tonr". A user named "Marissa" (who has an account at both Sparkr and Tonr) will use Tonr
-to access her photos on Sparklr without ever giving Tonr her credentials to Sparklr.
-
-There is a Sparklr application for both OAuth 1.0 and for OAuth 2.0, likewise Tonr. Download the pair for the spec that you'd like to to see
-in action:
-
-OAuth 1.0|OAuth 2.0
----------|---------
-[Sparklr 1](http://static.springsource.org/spring-security/oauth/sparklr.zip) | [Sparklr 2](http://static.springsource.org/spring-security/oauth/sparklr2.zip)
-[Tonr 1](http://static.springsource.org/spring-security/oauth/tonr.zip) | [Tonr 2](http://static.springsource.org/spring-security/oauth/tonr2.zip)
-
-Each application is a standard [Maven](http://maven.apache.org/) project, so you will need Maven installed. Each application
-is a standard Spring MVC application with Spring Security integrated. Presumably, you're familiar with Spring and Spring Security so
-the configuration files will look familiar to you.
-
-## Setup
-
-Unzip the Sparklr and Tonr applications, and take a look around. Note especially the Spring configuration files in `src/main/webapp/WEB-INF`.
-
-For Sparklr, you'll notice the definition of the OAuth provider mechanism and the consumer/client details along with the
-[standard spring security configuration](http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html) elements. For Tonr,
-you'll notice the definition of the OAuth consumer/client mechanism and the resource details. For more information about the necessary
-components of an OAuth provider and consumer, see the [[developers guide|devguide]].
-
-You'll also notice the Spring Security filter chain in `applicationContext.xml` and how it's configured for OAuth support.
-
-### Deploy Sparklr
-
-```
-mvn install
-cd samples/oauth(2)/sparklr
-mvn tomcat:run
-```
-
-Sparklr should be started on port 8080. Go ahead and browse to [http;//localhost:8080/sparklr](http;//localhost:8080/sparklr). Note the basic
-login page and the page that can be used to browse Marissa's photos. Logout to ensure Marissa's session is no longer valid. (Of course,
-the logout isn't mandatory; an active Sparklr session will simply bypass the step that prompts for Marissa's credentials before
-confirming authorization for Marissa's protected resources.)
-
-### Start Tonr.
-
-Shutdown sparklr (it will be launched in the same container when tonr runs), then
-
-```
-mvn install
-cd samples/oauth(2)/tonr
-mvn tomcat:run
-```
-
-Tonr should be started on port 8080. Browse to [http://localhost:8080/tonr(2)](http://localhost:8080/tonr). Note Tonr's home page has a '2' on the end if it is the oauth2 version.
-
-### Observe...
-
-Now that you've got both applications deployed, you're ready to observe OAuth in action.
-
-1. Login to Tonr.
-
- Marissa's credentials are already hardcoded into the login form.
-
-2. Click to view Marissa's Sparklr photos.
-
- You will be redirected to the Sparklr site where you will be prompted for Marissa's credentials.
-
-3. Login to Sparklr.
-
- Upon successful login, you will be prompted with a confirmation screen to authorize access to Tonr
- for Marissa's pictures.
-
-4. Click "authorize".
-
- Upon authorization, you should be redirected back to Tonr where Marissa's Sparklr photos are displayed
- (presumably to be printed).
-
diff --git a/docs/twolegged.md b/docs/twolegged.md
deleted file mode 100644
index 87880bf44..000000000
--- a/docs/twolegged.md
+++ /dev/null
@@ -1,26 +0,0 @@
-# 2-Legged OAuth
-
-Two-legged OAuth (also known as "signed fetch") is basically OAuth without the user. It's a way for a consumer (i.e. client) to make a signed request
-to a provider (i.e. server) by leveraging the OAuth signature algorithm. This means that the provider has an extra level of trust with the consumer and will
-therefore provide data to the consumer without making an end-user authorize a token.
-
-This has particular applicability to gadget frameworks. For example, [OpenSocial](http://www.opensocial.org/) platforms often use 2-legged OAuth so gadget
-developers can have the gadget (the OAuth consumer) make Web service requests to their remote server (the OAuth provider). Since the gadget developer and
-the server developer are often the same entity, the server can trust the gadget without the need for the gadget to obtain special permission from the user to
-access the user's data.
-
-To implement 2-legged OAuth using _OAuth for Spring Security_, all that is needed is for the provider to indicate that a specific consumer has an extra
-level of trust. To do this, make sure your implementation of [`ConsumerDetailsService`][ConsumerDetailsService] returns instances of
-[`ConsumerDetails`][ConsumerDetails] that implement [`ExtraTrustConsumerDetails`][ExtraTrustConsumerDetails]. Then, for each consumer
-that doesn't need to obtain a user-authorized token, make sure [`ExtraTrustConsumerDetails.isRequiredToObtainAuthenticatedToken()`][isRequiredToObtainAuthenticatedToken]
-returns `false`.
-
-In many instances, providers may want to manage the authentication that is set up in the security context. By default for 2-legged OAuth, only the consumer's
-authentication will be set up in the context. However, if a user authentication is needed in the context, provide an alternate implementation of
-`org.springframework.security.oauth.provider.OAuthAuthenticationHandler` that loads the user authentication, and provide a reference to the alternate
-implementation using the "auth-handler-ref" attribute of the "provider" configuration element.
-
-[ConsumerDetailsService]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/ConsumerDetailsService.html
-[ConsumerDetails]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/ConsumerDetails.html
-[ExtraTrustConsumerDetails]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/ExtraTrustConsumerDetails.html
-[isRequiredToObtainAuthenticatedToken]: http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/ExtraTrustConsumerDetails.html#isRequiredToObtainAuthenticatedToken()
diff --git a/etc/nohttp/checkstyle.xml b/etc/nohttp/checkstyle.xml
new file mode 100644
index 000000000..4b2ef2e48
--- /dev/null
+++ b/etc/nohttp/checkstyle.xml
@@ -0,0 +1,26 @@
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/etc/nohttp/whitelist.lines b/etc/nohttp/whitelist.lines
new file mode 100644
index 000000000..55860ea4f
--- /dev/null
+++ b/etc/nohttp/whitelist.lines
@@ -0,0 +1 @@
+http://junit.sourceforge.net/javadoc/
\ No newline at end of file
diff --git a/license.txt b/license.txt
index 261eeb9e9..20e4bd856 100755
--- a/license.txt
+++ b/license.txt
@@ -1,6 +1,6 @@
Apache License
Version 2.0, January 2004
- http://www.apache.org/licenses/
+ https://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
@@ -192,7 +192,7 @@
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+ https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/mvnw b/mvnw
new file mode 100755
index 000000000..02f96acef
--- /dev/null
+++ b/mvnw
@@ -0,0 +1,243 @@
+#!/bin/sh
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+
+# ----------------------------------------------------------------------------
+# Maven2 Start Up Batch script
+#
+# Required ENV vars:
+# ------------------
+# JAVA_HOME - location of a JDK home dir
+#
+# Optional ENV vars
+# -----------------
+# M2_HOME - location of maven2's installed home dir
+# MAVEN_OPTS - parameters passed to the Java VM when running Maven
+# e.g. to debug Maven itself, use
+# set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+# MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+# ----------------------------------------------------------------------------
+
+if [ -z "$MAVEN_SKIP_RC" ] ; then
+
+ if [ -f /etc/mavenrc ] ; then
+ . /etc/mavenrc
+ fi
+
+ if [ -f "$HOME/.mavenrc" ] ; then
+ . "$HOME/.mavenrc"
+ fi
+
+fi
+
+VERSION=$(awk '/ 0) {$0=$0} 1' `dirname $0`/pom.xml| grep '\(.*\)<.*/\1/')
+if echo $VERSION | egrep -q 'M|RC'; then
+ echo Activating \"milestone\" profile for version=\"$VERSION\"
+ echo $MAVEN_ARGS | grep -q milestone || MAVEN_ARGS="$MAVEN_ARGS -Pmilestone"
+else
+ echo Deactivating \"milestone\" profile for version=\"$VERSION\"
+ echo $MAVEN_ARGS | grep -q milestone && MAVEN_ARGS=$(echo $MAVEN_ARGS | sed -e 's/-Pmilestone//')
+fi
+
+# OS specific support. $var _must_ be set to either true or false.
+cygwin=false;
+darwin=false;
+mingw=false
+case "`uname`" in
+ CYGWIN*) cygwin=true ;;
+ MINGW*) mingw=true;;
+ Darwin*) darwin=true
+ #
+ # Look for the Apple JDKs first to preserve the existing behaviour, and then look
+ # for the new JDKs provided by Oracle.
+ #
+ if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK ] ; then
+ #
+ # Apple JDKs
+ #
+ export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home
+ fi
+
+ if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Java/JavaVirtualMachines/CurrentJDK ] ; then
+ #
+ # Apple JDKs
+ #
+ export JAVA_HOME=/System/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home
+ fi
+
+ if [ -z "$JAVA_HOME" ] && [ -L "/Library/Java/JavaVirtualMachines/CurrentJDK" ] ; then
+ #
+ # Oracle JDKs
+ #
+ export JAVA_HOME=/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home
+ fi
+
+ if [ -z "$JAVA_HOME" ] && [ -x "/usr/libexec/java_home" ]; then
+ #
+ # Apple JDKs
+ #
+ export JAVA_HOME=`/usr/libexec/java_home`
+ fi
+ ;;
+esac
+
+if [ -z "$JAVA_HOME" ] ; then
+ if [ -r /etc/gentoo-release ] ; then
+ JAVA_HOME=`java-config --jre-home`
+ fi
+fi
+
+if [ -z "$M2_HOME" ] ; then
+ ## resolve links - $0 may be a link to maven's home
+ PRG="$0"
+
+ # need this for relative symlinks
+ while [ -h "$PRG" ] ; do
+ ls=`ls -ld "$PRG"`
+ link=`expr "$ls" : '.*-> \(.*\)$'`
+ if expr "$link" : '/.*' > /dev/null; then
+ PRG="$link"
+ else
+ PRG="`dirname "$PRG"`/$link"
+ fi
+ done
+
+ saveddir=`pwd`
+
+ M2_HOME=`dirname "$PRG"`/..
+
+ # make it fully qualified
+ M2_HOME=`cd "$M2_HOME" && pwd`
+
+ cd "$saveddir"
+ # echo Using m2 at $M2_HOME
+fi
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched
+if $cygwin ; then
+ [ -n "$M2_HOME" ] &&
+ M2_HOME=`cygpath --unix "$M2_HOME"`
+ [ -n "$JAVA_HOME" ] &&
+ JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+ [ -n "$CLASSPATH" ] &&
+ CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
+fi
+
+# For Migwn, ensure paths are in UNIX format before anything is touched
+if $mingw ; then
+ [ -n "$M2_HOME" ] &&
+ M2_HOME="`(cd "$M2_HOME"; pwd)`"
+ [ -n "$JAVA_HOME" ] &&
+ JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
+ # TODO classpath?
+fi
+
+if [ -z "$JAVA_HOME" ]; then
+ javaExecutable="`which javac`"
+ if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
+ # readlink(1) is not available as standard on Solaris 10.
+ readLink=`which readlink`
+ if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
+ if $darwin ; then
+ javaHome="`dirname \"$javaExecutable\"`"
+ javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
+ else
+ javaExecutable="`readlink -f \"$javaExecutable\"`"
+ fi
+ javaHome="`dirname \"$javaExecutable\"`"
+ javaHome=`expr "$javaHome" : '\(.*\)/bin'`
+ JAVA_HOME="$javaHome"
+ export JAVA_HOME
+ fi
+ fi
+fi
+
+if [ -z "$JAVACMD" ] ; then
+ if [ -n "$JAVA_HOME" ] ; then
+ if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+ # IBM's JDK on AIX uses strange locations for the executables
+ JAVACMD="$JAVA_HOME/jre/sh/java"
+ else
+ JAVACMD="$JAVA_HOME/bin/java"
+ fi
+ else
+ JAVACMD="`which java`"
+ fi
+fi
+
+if [ ! -x "$JAVACMD" ] ; then
+ echo "Error: JAVA_HOME is not defined correctly." >&2
+ echo " We cannot execute $JAVACMD" >&2
+ exit 1
+fi
+
+if [ -z "$JAVA_HOME" ] ; then
+ echo "Warning: JAVA_HOME environment variable is not set."
+fi
+
+CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin; then
+ [ -n "$M2_HOME" ] &&
+ M2_HOME=`cygpath --path --windows "$M2_HOME"`
+ [ -n "$JAVA_HOME" ] &&
+ JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
+ [ -n "$CLASSPATH" ] &&
+ CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
+fi
+
+# traverses directory structure from process work directory to filesystem root
+# first directory with .mvn subdirectory is considered project base directory
+find_maven_basedir() {
+ local basedir=$(pwd)
+ local wdir=$(pwd)
+ while [ "$wdir" != '/' ] ; do
+ if [ -d "$wdir"/.mvn ] ; then
+ basedir=$wdir
+ break
+ fi
+ wdir=$(cd "$wdir/.."; pwd)
+ done
+ echo "${basedir}"
+}
+
+# concatenates all lines of a file
+concat_lines() {
+ if [ -f "$1" ]; then
+ echo "$(tr -s '\n' ' ' < "$1")"
+ fi
+}
+
+export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-$(find_maven_basedir)}
+MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
+
+# Provide a "standardized" way to retrieve the CLI args that will
+# work with both Windows and non-Windows executions.
+MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@"
+export MAVEN_CMD_LINE_ARGS
+
+WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+exec "$JAVACMD" \
+ $MAVEN_OPTS \
+ -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
+ "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
+ ${WRAPPER_LAUNCHER} ${MAVEN_ARGS} "$@"
+
diff --git a/mvnw.cmd b/mvnw.cmd
new file mode 100644
index 000000000..eb9a292a7
--- /dev/null
+++ b/mvnw.cmd
@@ -0,0 +1,145 @@
+@REM ----------------------------------------------------------------------------
+@REM Licensed to the Apache Software Foundation (ASF) under one
+@REM or more contributor license agreements. See the NOTICE file
+@REM distributed with this work for additional information
+@REM regarding copyright ownership. The ASF licenses this file
+@REM to you under the Apache License, Version 2.0 (the
+@REM "License"); you may not use this file except in compliance
+@REM with the License. You may obtain a copy of the License at
+@REM
+@REM https://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing,
+@REM software distributed under the License is distributed on an
+@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@REM KIND, either express or implied. See the License for the
+@REM specific language governing permissions and limitations
+@REM under the License.
+@REM ----------------------------------------------------------------------------
+
+@REM ----------------------------------------------------------------------------
+@REM Maven2 Start Up Batch script
+@REM
+@REM Required ENV vars:
+@REM JAVA_HOME - location of a JDK home dir
+@REM
+@REM Optional ENV vars
+@REM M2_HOME - location of maven2's installed home dir
+@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
+@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending
+@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
+@REM e.g. to debug Maven itself, use
+@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+@REM ----------------------------------------------------------------------------
+
+@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
+@echo off
+@REM enable echoing my setting MAVEN_BATCH_ECHO to 'on'
+@if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
+
+@REM set %HOME% to equivalent of $HOME
+if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
+
+@REM Execute a user defined script before this one
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
+@REM check for pre script, once with legacy .bat ending and once with .cmd ending
+if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
+if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
+:skipRcPre
+
+@setlocal
+
+set ERROR_CODE=0
+
+@REM To isolate internal variables from possible post scripts, we use another setlocal
+@setlocal
+
+@REM ==== START VALIDATION ====
+if not "%JAVA_HOME%" == "" goto OkJHome
+
+echo.
+echo Error: JAVA_HOME not found in your environment. >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+:OkJHome
+if exist "%JAVA_HOME%\bin\java.exe" goto init
+
+echo.
+echo Error: JAVA_HOME is set to an invalid directory. >&2
+echo JAVA_HOME = "%JAVA_HOME%" >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+@REM ==== END VALIDATION ====
+
+:init
+
+set MAVEN_CMD_LINE_ARGS=%*
+
+@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
+@REM Fallback to current working directory if not found.
+
+set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
+IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
+
+set EXEC_DIR=%CD%
+set WDIR=%EXEC_DIR%
+:findBaseDir
+IF EXIST "%WDIR%"\.mvn goto baseDirFound
+cd ..
+IF "%WDIR%"=="%CD%" goto baseDirNotFound
+set WDIR=%CD%
+goto findBaseDir
+
+:baseDirFound
+set MAVEN_PROJECTBASEDIR=%WDIR%
+cd "%EXEC_DIR%"
+goto endDetectBaseDir
+
+:baseDirNotFound
+set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
+cd "%EXEC_DIR%"
+
+:endDetectBaseDir
+
+IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
+
+@setlocal EnableExtensions EnableDelayedExpansion
+for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
+@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
+
+:endReadAdditionalConfig
+
+SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
+
+set WRAPPER_JAR="".\.mvn\wrapper\maven-wrapper.jar""
+set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+%MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CMD_LINE_ARGS%
+if ERRORLEVEL 1 goto error
+goto end
+
+:error
+set ERROR_CODE=1
+
+:end
+@endlocal & set ERROR_CODE=%ERROR_CODE%
+
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
+@REM check for post script, once with legacy .bat ending and once with .cmd ending
+if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
+if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
+:skipRcPost
+
+@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
+if "%MAVEN_BATCH_PAUSE%" == "on" pause
+
+if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
+
+exit /B %ERROR_CODE%
diff --git a/notice.txt b/notice.txt
index 77391586a..9007f5823 100755
--- a/notice.txt
+++ b/notice.txt
@@ -5,16 +5,16 @@
======================================================================
This product includes software developed by
-the Apache Software Foundation (http://www.apache.org).
+the Apache Software Foundation (https://www.apache.org).
This product includes software developed by the Spring Framework
-Project (http://www.springframework.org).
+Project (https://www.springframework.org).
The end-user documentation included with a redistribution, if any,
must include the following acknowledgement:
"This product includes software developed by Web Cohesion
- (http://www.webcohesion.com)."
+ (https://www.webcohesion.com)."
Alternately, this acknowledgement may appear in the software itself,
if and wherever such third-party acknowledgements normally appear.
diff --git a/pom.xml b/pom.xml
index 67c09375a..c1837e581 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,42 +1,48 @@
-
+4.0.0org.springframework.security.oauthspring-security-oauth-parentOAuth for Spring SecurityParent Project for OAuth Support for Spring Securitypom
- 1.0.1.BUILD-SNAPSHOT
- http://static.springframework.org/spring-security/oauth
+ 2.5.3.BUILD-SNAPSHOT
+ https://docs.spring.io/spring-security/oauthspring-security-oauthspring-security-oauth2
+ testssamples
+
UTF-8
- 3.1.2.RELEASE
- 3.1.3.RELEASE
- [3.1.0,4.0.0)
- [3.1.0,4.0.0)
+ 1.14
+ 4.3.30.RELEASE
+ 4.2.20.RELEASE
+ 1.5.2.RELEASE
+ 2.6.3
+ 4.12
+ 1.10.19
+ 1.6
- http://github.com/SpringSource/spring-security-oauth
+ https://github.com/SpringSource/spring-security-oauthscm:git:git://github.com/SpringSource/spring-security-oauth.gitscm:git:ssh://git@github.com/SpringSource/spring-security-oauth.gitHEADJIRA
- http://opensource.atlassian.com/projects/spring/browse/SECOAUTH
+ https://opensource.atlassian.com/projects/spring/browse/SECOAUTHSpring Security OAuth Forum
- http://forum.springframework.org/forumdisplay.php?f=79
- http://forum.springframework.org/forumdisplay.php?f=79
+ https://forum.springframework.org/forumdisplay.php?f=79
+ https://forum.springframework.org/forumdisplay.php?f=79
@@ -46,10 +52,10 @@
Apache 2.0
- http://www.apache.org/licenses/LICENSE-2.0.txt
+ https://www.apache.org/licenses/LICENSE-2.0.txt
-
+
stoicflame
@@ -88,24 +94,24 @@
bootstrap
- spring-milestone
+ repo.spring.io-milestoneSpring Framework Milestone Repository
- http://s3.amazonaws.com/maven.springframework.org/milestone
+ https://repo.spring.io/libs-milestone-local
- spring-release
+ repo.spring.io-releaseSpring Framework Release Repository
- http://maven.springframework.org/release
+ https://repo.spring.io/libs-release-local
-
- repository.springframework.maven.snapshot
- Spring Framework Maven Release Repository
- http://maven.springframework.org/snapshot
+ repo.spring.io-snapshot
+ Spring Framework Maven Snapshot Repository
+ https://repo.spring.io/libs-snapshot-local
+ trueoauth.googlecode.net
- http://oauth.googlecode.com/svn/code/maven/
+ https://oauth.googlecode.com/svn/code/maven/
@@ -113,12 +119,22 @@
milestone
- spring-release
- Spring Release Repository
- s3://maven.springframework.org/release
+ repo.spring.io
+ Spring Milestone Repository
+ https://repo.spring.io/libs-milestone-local
+
+ bintray
+
+
+ bintray
+ Jcenter Repository
+ https://api.bintray.com/maven/spring/jars/org.springframework.security.oauth
+
+
+ central
@@ -150,8 +166,234 @@
+
+ spring5
+
+ 5.0.16.RELEASE
+ 5.0.3.RELEASE
+ 2.0.5.RELEASE
+ 2.9.0
+
+
+
+ repo.spring.io-milestone
+ Spring Framework Milestone Repository
+ https://repo.spring.io/libs-milestone-local
+
+
+ repo.spring.io-snapshot
+ Spring Framework Maven Snapshot Repository
+ https://repo.spring.io/libs-snapshot-local
+ true
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-checkstyle-plugin
+ 3.1.1
+
+
+ com.puppycrawl.tools
+ checkstyle
+ 8.31
+
+
+ io.spring.nohttp
+ nohttp-checkstyle
+ 0.0.3.RELEASE
+
+
+
+ ${maven.multiModuleProjectDirectory}/etc/nohttp/checkstyle.xml
+ src/**/*,*
+
+ ./
+
+
+
+
+
+ check
+
+
+
+
+
+
+
+
+ default
+
+ true
+
+
+
+
+ org.codehaus.mojo
+ animal-sniffer-maven-plugin
+ 1.6
+
+
+ org.codehaus.mojo.signature
+ java16
+ 1.0
+
+
+
+
+ enforce-java-6
+ test
+
+ check
+
+
+
+
+ sun.net.www.protocol.http.*
+ sun.net.www.protocol.https.*
+
+
+
+
+
+
+
+
+
+ tests-exclude-redis
+
+
+
+ org.apache.maven.plugins
+ maven-surefire-plugin
+
+ ${skipTests}
+
+ **/*Tests.java
+
+
+ **/RedisTokenStorePrefixTests.java
+ **/RedisTokenStoreTests.java
+
+
+
+
+
+
+
+
+
+ org.springframework
+ spring-beans
+ ${spring.version}
+
+
+
+ org.springframework
+ spring-core
+ ${spring.version}
+
+
+
+ org.springframework
+ spring-context
+ ${spring.version}
+
+
+
+ org.springframework
+ spring-expression
+ ${spring.version}
+
+
+
+ org.springframework
+ spring-aop
+ ${spring.version}
+
+
+
+ org.springframework
+ spring-jdbc
+ ${spring.version}
+ true
+
+
+
+ org.springframework
+ spring-tx
+ ${spring.version}
+
+
+
+ org.springframework
+ spring-web
+ ${spring.version}
+
+
+
+ org.springframework
+ spring-webmvc
+ ${spring.version}
+
+
+
+ org.springframework
+ spring-test
+ ${spring.version}
+ test
+
+
+
+ org.springframework.security
+ spring-security-core
+ ${spring.security.version}
+
+
+
+ org.springframework.security
+ spring-security-config
+ ${spring.security.version}
+
+
+
+ org.springframework.security
+ spring-security-jwt
+ ${spring.security.jwt.version}
+ true
+
+
+
+ org.springframework.security
+ spring-security-web
+ ${spring.security.version}
+
+
+ org.springframework
+ spring-tx
+
+
+
+
+
+ org.springframework.security
+ spring-security-taglibs
+ ${spring.security.version}
+
+
+
+ commons-codec
+ commons-codec
+ ${commons-codec.version}
+
+
+
+
+
@@ -159,18 +401,8 @@
maven-compiler-plugin2.3.2
- 1.5
- 1.5
-
-
-
- org.apache.maven.plugins
- maven-idea-plugin
- 2.3-atlassian-1
-
- true
- true
- target/tomcat,target/war
+ ${java.version}
+ ${java.version}
@@ -188,39 +420,28 @@
- org.codehaus.mojo
- animal-sniffer-maven-plugin
- 1.6
+ maven-javadoc-plugin
+ 2.9.1
-
- org.codehaus.mojo.signature
- java16
- 1.0
-
+ true
- enforce-java-6
- test
+ javadoc
+ package
- check
+ jar
-
-
-
- sun.net.www.protocol.http.*
- sun.net.www.protocol.https.*
-
-
-
org.apache.maven.pluginsmaven-eclipse-plugin
+ 2.10org.springframework.ide.eclipse.core.springnature
@@ -234,70 +455,19 @@
-
- com.springsource.bundlor
- com.springsource.bundlor.maven
- 1.0.0.RELEASE
-
-
- bundlor
-
- bundlor
-
-
-
-
- true
-
-
-
- maven-jar-plugin
-
-
- target/classes/META-INF/MANIFEST.MF
-
-
-
-
-
- org.eclipse.m2e
- lifecycle-mapping
- 1.0.0
-
-
-
-
-
- com.springsource.bundlor
- com.springsource.bundlor.maven
- [1.0,)
-
- bundlor
-
-
-
-
-
-
-
-
-
-
+ org.apache.tomcat.maven
+ tomcat7-maven-plugin
+ 2.2
+ org.apache.maven.pluginsmaven-release-plugin
- 2.3
+ 2.5org.apache.maven.pluginsmaven-site-plugin
- 3.1
+ 3.3org.apache.maven.wagon
@@ -305,14 +475,28 @@
1.0
+
+
+ org.apache.maven.plugins
+ maven-surefire-plugin
+ 2.20
+
+ ${skipTests}
+
+ **/*Tests.java
+
+ 3
+ true
+ -Xmx1024m -XX:MaxPermSize=256m
+
- org.springframework.build.aws
- org.springframework.build.aws.maven
- 3.0.0.RELEASE
+ org.springframework.build
+ aws-maven
+ 5.0.0.RELEASE
@@ -348,19 +532,19 @@
truetrue
- http://java.sun.com/j2ee/1.4/docs/api
- http://java.sun.com/j2se/1.5.0/docs/api
- http://jakarta.apache.org/commons/collections/apidocs-COLLECTIONS_3_0/
- http://jakarta.apache.org/commons/dbcp/apidocs/
- http://jakarta.apache.org/commons/fileupload/apidocs/
- http://jakarta.apache.org/commons/httpclient/apidocs/
- http://jakarta.apache.org/commons/pool/apidocs/
- http://jakarta.apache.org/commons/logging/apidocs/
+ https://java.sun.com/j2ee/1.4/docs/api
+ https://java.sun.com/j2se/1.5.0/docs/api
+ https://jakarta.apache.org/commons/collections/apidocs-COLLECTIONS_3_0/
+ https://jakarta.apache.org/commons/dbcp/apidocs/
+ https://jakarta.apache.org/commons/fileupload/apidocs/
+ https://jakarta.apache.org/commons/httpclient/apidocs/
+ https://jakarta.apache.org/commons/pool/apidocs/
+ https://jakarta.apache.org/commons/logging/apidocs/
http://junit.sourceforge.net/javadoc/
- http://logging.apache.org/log4j/docs/api/
- http://jakarta.apache.org/regexp/apidocs/
- http://jakarta.apache.org/velocity/api/
- http://static.springframework.org/spring/docs/2.5.x/api/
+ https://logging.apache.org/log4j/docs/api/
+ https://jakarta.apache.org/regexp/apidocs/
+ https://jakarta.apache.org/velocity/api/
+ https://docs.spring.io/spring/docs/2.5.x/api/
example
@@ -368,40 +552,28 @@
org.apache.maven.pluginsmaven-jxr-plugin
+ 2.4
-
-
- atlassian
- https://maven.atlassian.com/repository/public
-
-
-
- repository.plugin.springsource.release
- SpringSource Maven Repository
- http://repository.springsource.com/maven/bundles/release
-
-
-
- static.springframework.org
- scp://static.springframework.org/var/www/domains/springframework.org/static/htdocs/spring-security/oauth
+ static.spring.io
+ scp://docs-ip.spring.io/var/www/domains/spring.io/docs/htdocs/spring-security/oauth/site/docs/${project.version}
- spring-release
+ repo.spring.ioSpring Release Repository
- s3://maven.springframework.org/release
+ https://repo.spring.io/libs-release-local
- spring-snapshot
+ repo.spring.ioSpring Snapshot Repository
- s3://maven.springframework.org/snapshot
+ https://repo.spring.io/libs-snapshot-local
diff --git a/samples/README.md b/samples/README.md
old mode 100755
new mode 100644
index 992ff7aa7..9140c388e
--- a/samples/README.md
+++ b/samples/README.md
@@ -1,3 +1,9 @@
+### Deprecation Notice
+
+The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. See the [OAuth 2.0 Migration Guide](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide) for further details.
+
+---
+
These are the Spring Security OAuth sample apps and integration tests.
They are split into OAuth (1a) and OAuth2 samples. Look in the
subdirectory `oauth` and `oauth2` respectively for components of the
@@ -19,7 +25,7 @@ to read his photos for the purpose of printing them.
To run the apps the easiest thing is to first install all the
artifacts using `mvn install` and then go to the `tonr` directory (in
-`oauth` or `oauth2`) and run `mvn tomcat:run`. You can also use the
+`oauth` or `oauth2`) and run `mvn tomcat7:run`. You can also use the
command line to build war files with `mvn package` and drop them in
your favourite server, or you can run them directly from an IDE.
@@ -59,7 +65,7 @@ To deploy the apps in Eclipse you will need the Maven plugin (`m2e`)
and the Web Tools Project (WTP) plugins. If you have SpringSource
Toolsuite (STS) you should already have those, aso you can deploy the
apps very simply. (Update the WTP plugin to at least version 0.12 at
-http://m2eclipse.sonatype.org/sites/m2e-extras if you have an older
+https://download.eclipse.org/technology/m2e/releases if you have an older
one, or the context roots for the apps will be wrong.)
* Ensure the Spring Security OAuth dependencies are available locally
diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml
index 854d11474..7d4bca68c 100644
--- a/samples/oauth/sparklr/pom.xml
+++ b/samples/oauth/sparklr/pom.xml
@@ -1,11 +1,11 @@
-
+4.0.0org.springframework.security.oauthspring-security-oauth-parent
- 1.0.1.BUILD-SNAPSHOT
+ 2.5.3.BUILD-SNAPSHOT../../..
@@ -32,8 +32,8 @@
- org.codehaus.mojo
- tomcat-maven-plugin
+ org.apache.tomcat.maven
+ tomcat7-maven-plugin/sparklrtrue
@@ -45,14 +45,9 @@
- spring-milestone
- Spring Framework Milestone Repository
- http://maven.springframework.org/milestone
-
-
- spring-release
- Spring Framework Release Repository
- http://maven.springframework.org/release
+ spring
+ Spring Framework Repository
+ https://repo.spring.io/libs-snapshot
@@ -101,7 +96,8 @@
-
+
diff --git a/samples/oauth/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/impl/PhotoServiceImpl.java b/samples/oauth/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/impl/PhotoServiceImpl.java
index f803497ed..6b96f61e3 100644
--- a/samples/oauth/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/impl/PhotoServiceImpl.java
+++ b/samples/oauth/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/impl/PhotoServiceImpl.java
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/samples/oauth/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/oauth/SparklrConsumerDetails.java b/samples/oauth/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/oauth/SparklrConsumerDetails.java
index de896aa9b..6cc144fb1 100644
--- a/samples/oauth/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/oauth/SparklrConsumerDetails.java
+++ b/samples/oauth/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/oauth/SparklrConsumerDetails.java
@@ -5,6 +5,7 @@
/**
* @author Ryan Heaton
*/
+@SuppressWarnings("serial")
public class SparklrConsumerDetails extends BaseConsumerDetails {
private String displayName;
diff --git a/samples/oauth/sparklr/src/main/resources/simplelog.properties b/samples/oauth/sparklr/src/main/resources/simplelog.properties
index dfba30062..cba65bf4c 100644
--- a/samples/oauth/sparklr/src/main/resources/simplelog.properties
+++ b/samples/oauth/sparklr/src/main/resources/simplelog.properties
@@ -1,2 +1,2 @@
-org.apache.commons.logging.simplelog.defaultlog=info
-org.apache.commons.logging.simplelog.log.org.springframework.security=debug
+org.apache.commons.logging.simplelog.defaultlog=warn
+#org.apache.commons.logging.simplelog.log.org.springframework.security=debug
diff --git a/samples/oauth/sparklr/src/main/webapp/LICENSE.txt b/samples/oauth/sparklr/src/main/webapp/LICENSE.txt
deleted file mode 100644
index 5c83a364b..000000000
--- a/samples/oauth/sparklr/src/main/webapp/LICENSE.txt
+++ /dev/null
@@ -1,211 +0,0 @@
-THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE
-("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE
-OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED.
-
-BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS
-OF THIS LICENSE. THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE
-OF SUCH TERMS AND CONDITIONS.
-
-1. Definitions
-
- a. "Collective Work" means a work, such as a periodical issue, anthology or encyclopedia,
- in which the Work in its entirety in unmodified form, along with a number of other
- contributions, constituting separate and independent works in themselves, are assembled
- into a collective whole. A work that constitutes a Collective Work will not be
- considered a Derivative Work (as defined below) for the purposes of this License.
-
- b. "Derivative Work" means a work based upon the Work or upon the Work and other
- pre-existing works, such as a translation, musical arrangement, dramatization,
- fictionalization, motion picture version, sound recording, art reproduction, abridgment,
- condensation, or any other form in which the Work may be recast, transformed, or adapted,
- except that a work that constitutes a Collective Work will not be considered a Derivative
- Work for the purpose of this License. For the avoidance of doubt, where the Work is a
- musical composition or sound recording, the synchronization of the Work in timed-relation
- with a moving image ("synching") will be considered a Derivative Work for the purpose of
- this License.
-
- c. "Licensor" means the individual or entity that offers the Work under the terms of this
- License.
-
- d. "Original Author" means the individual or entity who created the Work.
-
- e. "Work" means the copyrightable work of authorship offered under the terms of this
- License.
-
- f. "You" means an individual or entity exercising rights under this License who has not
- previously violated the terms of this License with respect to the Work, or who has
- received express permission from the Licensor to exercise rights under this License
- despite a previous violation.
-
- g. "License Elements" means the following high-level license attributes as selected by
- Licensor and indicated in the title of this License: Attribution, ShareAlike.
-
-2. Fair Use Rights. Nothing in this license is intended to reduce, limit, or restrict any rights
-arising from fair use, first sale or other limitations on the exclusive rights of the copyright
-owner under copyright law or other applicable laws.
-
-3. License Grant. Subject to the terms and conditions of this License, Licensor hereby grants
-You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable
-copyright) license to exercise the rights in the Work as stated below:
-
- a. to reproduce the Work, to incorporate the Work into one or more Collective Works, and to
- reproduce the Work as incorporated in the Collective Works;
-
- b. to create and reproduce Derivative Works;
-
- c. to distribute copies or phonorecords of, display publicly, perform publicly, and perform
- publicly by means of a digital audio transmission the Work including as incorporated in
- Collective Works;
-
- d. to distribute copies or phonorecords of, display publicly, perform publicly, and perform
- publicly by means of a digital audio transmission Derivative Works.
-
- e. For the avoidance of doubt, where the work is a musical composition:
-
- i. Performance Royalties Under Blanket Licenses. Licensor waives the exclusive right to
- collect, whether individually or via a performance rights society (e.g. ASCAP, BMI,
- SESAC), royalties for the public performance or public digital performance (e.g.
- webcast) of the Work.
-
- ii. Mechanical Rights and Statutory Royalties. Licensor waives the exclusive right to
- collect, whether individually or via a music rights society or designated agent (e.g.
- Harry Fox Agency), royalties for any phonorecord You create from the Work ("cover
- version") and distribute, subject to the compulsory license created by 17 USC Section
- 115 of the US Copyright Act (or the equivalent in other jurisdictions).
-
- f. Webcasting Rights and Statutory Royalties. For the avoidance of doubt, where the Work is
- a sound recording, Licensor waives the exclusive right to collect, whether individually
- or via a performance-rights society (e.g. SoundExchange), royalties for the public
- digital performance (e.g. webcast) of the Work, subject to the compulsory license created
- by 17 USC Section 114 of the US Copyright Act (or the equivalent in other jurisdictions).
-
-The above rights may be exercised in all media and formats whether now known or hereafter devised.
-The above rights include the right to make such modifications as are technically necessary to
-exercise the rights in other media and formats. All rights not expressly granted by Licensor are
-hereby reserved.
-
-4. Restrictions.The license granted in Section 3 above is expressly made subject to and limited by
-the following restrictions:
-
- a. You may distribute, publicly display, publicly perform, or publicly digitally perform the
- Work only under the terms of this License, and You must include a copy of, or the Uniform
- Resource Identifier for, this License with every copy or phonorecord of the Work You
- distribute, publicly display, publicly perform, or publicly digitally perform. You may
- not offer or impose any terms on the Work that alter or restrict the terms of this
- License or the recipients' exercise of the rights granted hereunder. You may not
- sublicense the Work. You must keep intact all notices that refer to this License and to
- the disclaimer of warranties. You may not distribute, publicly display, publicly perform,
- or publicly digitally perform the Work with any technological measures that control
- access or use of the Work in a manner inconsistent with the terms of this License
- Agreement. The above applies to the Work as incorporated in a Collective Work, but this
- does not require the Collective Work apart from the Work itself to be made subject to the
- terms of this License. If You create a Collective Work, upon notice from any Licensor You
- must, to the extent practicable, remove from the Collective Work any reference to such
- Licensor or the Original Author, as requested. If You create a Derivative Work, upon
- notice from any Licensor You must, to the extent practicable, remove from the Derivative
- Work any reference to such Licensor or the Original Author, as requested.
-
- b. You may distribute, publicly display, publicly perform, or publicly digitally perform a
- Derivative Work only under the terms of this License, a later version of this License
- with the same License Elements as this License, or a Creative Commons iCommons license
- that contains the same License Elements as this License (e.g. Attribution-ShareAlike 2.0
- Japan). You must include a copy of, or the Uniform Resource Identifier for, this License
- or other license specified in the previous sentence with every copy or phonorecord of
- each Derivative Work You distribute, publicly display, publicly perform, or publicly
- digitally perform. You may not offer or impose any terms on the Derivative Works that
- alter or restrict the terms of this License or the recipients' exercise of the rights
- granted hereunder, and You must keep intact all notices that refer to this License and to
-
- the disclaimer of warranties. You may not distribute, publicly display, publicly perform,
- or publicly digitally perform the Derivative Work with any technological measures that
- control access or use of the Work in a manner inconsistent with the terms of this License
- Agreement. The above applies to the Derivative Work as incorporated in a Collective Work,
- but this does not require the Collective Work apart from the Derivative Work itself to be
- made subject to the terms of this License.
-
- c. If you distribute, publicly display, publicly perform, or publicly digitally perform the
- Work or any Derivative Works or Collective Works, You must keep intact all copyright
- notices for the Work and give the Original Author credit reasonable to the medium or
- means You are utilizing by conveying the name (or pseudonym if applicable) of the
- Original Author if supplied; the title of the Work if supplied; to the extent reasonably
- practicable, the Uniform Resource Identifier, if any, that Licensor specifies to be
- associated with the Work, unless such URI does not refer to the copyright notice or
- licensing information for the Work; and in the case of a Derivative Work, a credit
- identifying the use of the Work in the Derivative Work (e.g., "French translation of the
- Work by Original Author," or "Screenplay based on original Work by Original Author").
- Such credit may be implemented in any reasonable manner; provided, however, that in the
- case of a Derivative Work or Collective Work, at a minimum such credit will appear where
- any other comparable authorship credit appears and in a manner at least as prominent as
- such other comparable authorship credit.
-
-5. Representations, Warranties and Disclaimer
-
-UNLESS OTHERWISE AGREED TO BY THE PARTIES IN WRITING, LICENSOR OFFERS THE WORK AS-IS AND MAKES NO
-REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE MATERIALS, EXPRESS, IMPLIED, STATUTORY OR
-OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, FITNESS FOR A
-PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE
-PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE
-EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU.
-
-6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL
-LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE
-OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN
-ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
-
-7. Termination
-
- a. This License and the rights granted hereunder will terminate automatically upon any
- breach by You of the terms of this License. Individuals or entities who have received
- Derivative Works or Collective Works from You under this License, however, will not have
- their licenses terminated provided such individuals or entities remain in full compliance
- with those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of this
- License.
-
- b. Subject to the above terms and conditions, the license granted here is perpetual (for the
- duration of the applicable copyright in the Work). Notwithstanding the above, Licensor
- reserves the right to release the Work under different license terms or to stop
- distributing the Work at any time; provided, however that any such election will not
- serve to withdraw this License (or any other license that has been, or is required to be,
- granted under the terms of this License), and this License will continue in full force
- and effect unless terminated as stated above.
-
-8. Miscellaneous
-
- a. Each time You distribute or publicly digitally perform the Work or a Collective Work, the
- Licensor offers to the recipient a license to the Work on the same terms and conditions
- as the license granted to You under this License.
-
- b. Each time You distribute or publicly digitally perform a Derivative Work, Licensor offers
- to the recipient a license to the original Work on the same terms and conditions as the
- license granted to You under this License.
-
- c. If any provision of this License is invalid or unenforceable under applicable law, it
- shall not affect the validity or enforceability of the remainder of the terms of this
- License, and without further action by the parties to this agreement, such provision
- shall be reformed to the minimum extent necessary to make such provision valid and
- enforceable.
-
- d. No term or provision of this License shall be deemed waived and no breach consented to
- unless such waiver or consent shall be in writing and signed by the party to be charged
- with such waiver or consent.
-
- e. This License constitutes the entire agreement between the parties with respect to the
- Work licensed here. There are no understandings, agreements or representations with
- respect to the Work not specified here. Licensor shall not be bound by any additional
- provisions that may appear in any communication from You. This License may not be
- modified without the mutual written agreement of the Licensor and You.
-
-Creative Commons is not a party to this License, and makes no warranty whatsoever in connection
-with the Work. Creative Commons will not be liable to You or any party on any legal theory for
-any damages whatsoever, including without limitation any general, special, incidental or
-consequential damages arising in connection to this license. Notwithstanding the foregoing two
-(2) sentences, if Creative Commons has expressly identified itself as the Licensor hereunder,
-it shall have all rights and obligations of Licensor.
-
-Except for the limited purpose of indicating to the public that the Work is licensed under the
-CCPL, neither party will use the trademark "Creative Commons" or any related trademark or logo
-of Creative Commons without the prior written consent of Creative Commons. Any permitted use will
-be in compliance with Creative Commons' then-current trademark usage guidelines, as may be
-published on its website or otherwise made available upon request from time to time.
-
-Creative Commons may be contacted at http://creativecommons.org/.
\ No newline at end of file
diff --git a/samples/oauth/sparklr/src/main/webapp/WEB-INF/applicationContext.xml b/samples/oauth/sparklr/src/main/webapp/WEB-INF/applicationContext.xml
index 43349aa77..f33670c75 100644
--- a/samples/oauth/sparklr/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/samples/oauth/sparklr/src/main/webapp/WEB-INF/applicationContext.xml
@@ -4,9 +4,9 @@
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:oauth="http://www.springframework.org/schema/security/oauth"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans%20http://www.springframework.org/schema/beans/spring-beans-3.0.xsd-%20%20%20%20%20%20%20%20%20%20%20%20%20%20http://www.springframework.org/schema/security%20http://www.springframework.org/schema/security/spring-security-3.1.xsd-%20%20%20%20%20%20%20%20%20%20%20%20%20%20http://www.springframework.org/schema/security/oauth%20http://www.springframework.org/schema/security/spring-security-oauth-1.0.xsd">
+ xsi:schemaLocation="http://www.springframework.org/schema/beans%20https://www.springframework.org/schema/beans/spring-beans.xsd+%20%20%20%20%20%20%20%20%20%20%20%20%20%20http://www.springframework.org/schema/security%20https://www.springframework.org/schema/security/spring-security.xsd+%20%20%20%20%20%20%20%20%20%20%20%20%20%20http://www.springframework.org/schema/security/oauth%20https://www.springframework.org/schema/security/spring-security-oauth-1.0.xsd">
diff --git a/samples/oauth/sparklr/src/main/webapp/WEB-INF/jsp/access_confirmation.jsp b/samples/oauth/sparklr/src/main/webapp/WEB-INF/jsp/access_confirmation.jsp
index f88681b83..0937858eb 100644
--- a/samples/oauth/sparklr/src/main/webapp/WEB-INF/jsp/access_confirmation.jsp
+++ b/samples/oauth/sparklr/src/main/webapp/WEB-INF/jsp/access_confirmation.jsp
@@ -1,8 +1,8 @@
<%@ page import="org.springframework.security.core.AuthenticationException" %>
-<%@ page import="org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter" %>
+<%@ page import="org.springframework.security.web.WebAttributes" %>
<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
-
+
@@ -20,12 +20,12 @@
Woops!
-
Access could not be granted. (<%= ((AuthenticationException) session.getAttribute(AbstractAuthenticationProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>)
+
Access could not be granted. (<%= ((AuthenticationException) session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).getMessage() %>)
-
+
Please Confirm
You hereby authorize "" to access the following resource:
-