From 8ea639f4afd7c6ff1fb514f49af2fb4a7781d653 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Wed, 30 Oct 2019 10:09:51 -0400 Subject: [PATCH 01/94] Next Minor Version --- pom.xml | 2 +- samples/oauth/sparklr/pom.xml | 2 +- samples/oauth/tonr/pom.xml | 2 +- samples/oauth2/sparklr/pom.xml | 2 +- samples/oauth2/tonr/pom.xml | 2 +- samples/pom.xml | 2 +- spring-security-oauth/pom.xml | 2 +- spring-security-oauth2/pom.xml | 2 +- tests/annotation/approval/pom.xml | 2 +- tests/annotation/client/pom.xml | 2 +- tests/annotation/common/pom.xml | 2 +- tests/annotation/custom-authentication/pom.xml | 2 +- tests/annotation/custom-grant/pom.xml | 2 +- tests/annotation/form/pom.xml | 2 +- tests/annotation/jaxb/pom.xml | 2 +- tests/annotation/jdbc/pom.xml | 2 +- tests/annotation/jpa/pom.xml | 2 +- tests/annotation/jwt/pom.xml | 2 +- tests/annotation/mappings/pom.xml | 2 +- tests/annotation/multi/pom.xml | 2 +- tests/annotation/pom.xml | 10 ++-------- tests/annotation/resource/pom.xml | 2 +- tests/annotation/ssl/pom.xml | 2 +- tests/annotation/vanilla/pom.xml | 2 +- tests/pom.xml | 2 +- tests/xml/approval/pom.xml | 2 +- tests/xml/client/pom.xml | 2 +- tests/xml/common/pom.xml | 2 +- tests/xml/form/pom.xml | 2 +- tests/xml/jdbc/pom.xml | 2 +- tests/xml/jwt/pom.xml | 2 +- tests/xml/mappings/pom.xml | 2 +- tests/xml/pom.xml | 10 ++-------- tests/xml/vanilla/pom.xml | 2 +- 34 files changed, 36 insertions(+), 48 deletions(-) diff --git a/pom.xml b/pom.xml index 47bfdc29f..fa8ca7d16 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ OAuth for Spring Security Parent Project for OAuth Support for Spring Security pom - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT https://docs.spring.io/spring-security/oauth diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml index 1df6df27b..405b197e5 100644 --- a/samples/oauth/sparklr/pom.xml +++ b/samples/oauth/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml index 885fe7659..b250c2609 100644 --- a/samples/oauth/tonr/pom.xml +++ b/samples/oauth/tonr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml index 31462d785..8d31518fd 100644 --- a/samples/oauth2/sparklr/pom.xml +++ b/samples/oauth2/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml index 92ed654be..d20cf2bc0 100644 --- a/samples/oauth2/tonr/pom.xml +++ b/samples/oauth2/tonr/pom.xml @@ -6,7 +6,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT ../../.. diff --git a/samples/pom.xml b/samples/pom.xml index d1ed6c75c..1608ba31a 100755 --- a/samples/pom.xml +++ b/samples/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT spring-security-oauth-samples diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml index 2adee4f91..e6ef3d1c4 100644 --- a/spring-security-oauth/pom.xml +++ b/spring-security-oauth/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT spring-security-oauth diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml index d499e47de..8792eb992 100644 --- a/spring-security-oauth2/pom.xml +++ b/spring-security-oauth2/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT spring-security-oauth2 diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml index c336fa806..6e4ca4cfa 100644 --- a/tests/annotation/approval/pom.xml +++ b/tests/annotation/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml index 732ce4d2d..d8643fa39 100644 --- a/tests/annotation/client/pom.xml +++ b/tests/annotation/client/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml index 9346b8508..cd3abbe3a 100644 --- a/tests/annotation/common/pom.xml +++ b/tests/annotation/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml index ded96d35d..7b4082207 100644 --- a/tests/annotation/custom-authentication/pom.xml +++ b/tests/annotation/custom-authentication/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml index faf3e8def..fe501886d 100644 --- a/tests/annotation/custom-grant/pom.xml +++ b/tests/annotation/custom-grant/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml index 454ae497b..31f0fa2d0 100644 --- a/tests/annotation/form/pom.xml +++ b/tests/annotation/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml index 506901b32..0b3934458 100644 --- a/tests/annotation/jaxb/pom.xml +++ b/tests/annotation/jaxb/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml index be1481b1a..29f5e4cb8 100644 --- a/tests/annotation/jdbc/pom.xml +++ b/tests/annotation/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml index e0e777234..01635d8ac 100644 --- a/tests/annotation/jpa/pom.xml +++ b/tests/annotation/jpa/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml index 3ac138b71..b06ba1740 100644 --- a/tests/annotation/jwt/pom.xml +++ b/tests/annotation/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml index f50323ea3..989923dc2 100644 --- a/tests/annotation/mappings/pom.xml +++ b/tests/annotation/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml index d69932108..868792996 100644 --- a/tests/annotation/multi/pom.xml +++ b/tests/annotation/multi/pom.xml @@ -9,7 +9,7 @@ org.demo spring-oauth2-tests-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml index cbb2fdb17..d1b16e13d 100644 --- a/tests/annotation/pom.xml +++ b/tests/annotation/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT pom @@ -45,13 +45,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.3.8.BUILD-SNAPSHOT - - - jackson-mapper-asl - org.codehaus.jackson - - + 2.4.0.BUILD-SNAPSHOT org.springframework.security diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml index db64ee194..a6d9078f7 100644 --- a/tests/annotation/resource/pom.xml +++ b/tests/annotation/resource/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml index 04c5af087..e0faaf1d7 100644 --- a/tests/annotation/ssl/pom.xml +++ b/tests/annotation/ssl/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml index c498bf342..6a35cb7fe 100644 --- a/tests/annotation/vanilla/pom.xml +++ b/tests/annotation/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/pom.xml b/tests/pom.xml index f68efa6e6..2c9851595 100644 --- a/tests/pom.xml +++ b/tests/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT spring-security-oauth-tests diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml index 9670361f7..36577db07 100644 --- a/tests/xml/approval/pom.xml +++ b/tests/xml/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml index ba328b9a6..3c171b6da 100644 --- a/tests/xml/client/pom.xml +++ b/tests/xml/client/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml index d27ee217c..98363b412 100644 --- a/tests/xml/common/pom.xml +++ b/tests/xml/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml index ddbf2c629..587c2ef3a 100644 --- a/tests/xml/form/pom.xml +++ b/tests/xml/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml index 7d8534555..a78d2e5e0 100644 --- a/tests/xml/jdbc/pom.xml +++ b/tests/xml/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml index b01a89398..a1557954f 100644 --- a/tests/xml/jwt/pom.xml +++ b/tests/xml/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml index 446740d23..0d22a82b5 100644 --- a/tests/xml/mappings/pom.xml +++ b/tests/xml/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml index 7afbc4dde..74fe90040 100644 --- a/tests/xml/pom.xml +++ b/tests/xml/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT pom @@ -39,13 +39,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.3.8.BUILD-SNAPSHOT - - - jackson-mapper-asl - org.codehaus.jackson - - + 2.4.0.BUILD-SNAPSHOT org.springframework.security diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml index cc733d5a1..6cd654e3c 100644 --- a/tests/xml/vanilla/pom.xml +++ b/tests/xml/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.3.8.BUILD-SNAPSHOT + 2.4.0.BUILD-SNAPSHOT From 21d14d9ec490f341fea34f6acafbbb9c6c784c24 Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Tue, 15 Oct 2019 16:43:46 -0600 Subject: [PATCH 02/94] Remove Jackson 1 Support Fixes gh-996 --- samples/oauth2/tonr/pom.xml | 6 - spring-security-oauth2/pom.xml | 7 - .../common/DefaultOAuth2RefreshToken.java | 4 +- .../oauth2/common/OAuth2AccessToken.java | 3 - ...OAuth2AccessTokenJackson1Deserializer.java | 104 -------------- .../OAuth2AccessTokenJackson1Serializer.java | 72 ---------- .../OAuth2AccessTokenJackson2Serializer.java | 3 +- .../oauth2/common/OAuth2RefreshToken.java | 2 +- .../common/exceptions/OAuth2Exception.java | 2 - .../OAuth2ExceptionJackson1Deserializer.java | 130 ------------------ .../OAuth2ExceptionJackson1Serializer.java | 45 ------ .../oauth2/common/util/JacksonJsonParser.java | 49 ------- .../common/util/JsonDateDeserializer.java | 34 ++--- .../common/util/JsonDateSerializer.java | 30 ++-- .../oauth2/common/util/JsonParserFactory.java | 5 +- .../oauth2/provider/approval/Approval.java | 7 +- .../provider/client/BaseClientDetails.java | 33 ----- .../JacksonArrayOrStringDeserializer.java | 41 ------ .../client/JdbcClientDetailsService.java | 26 +--- .../token/OAuth2AccessTokenSupportTests.java | 7 +- ...ccessTokenProviderWithConversionTests.java | 9 +- .../oauth2/common/JsonSerializationTests.java | 9 +- ...2AccessTokenJackson1DeserializerTests.java | 125 ----------------- ...th2AccessTokenJackson1SerializerTests.java | 118 ---------------- .../OAuth2ExceptionDeserializerTests.java | 19 ++- .../OAuth2ExceptionSerializerTests.java | 18 ++- .../provider/OAuth2AuthenticationTests.java | 11 +- .../client/BaseClientDetailsTests.java | 12 +- 28 files changed, 105 insertions(+), 826 deletions(-) delete mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1Deserializer.java delete mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1Serializer.java delete mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Deserializer.java delete mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Serializer.java delete mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JacksonJsonParser.java delete mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/JacksonArrayOrStringDeserializer.java delete mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1DeserializerTests.java delete mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1SerializerTests.java diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml index d20cf2bc0..ac428bd19 100644 --- a/samples/oauth2/tonr/pom.xml +++ b/samples/oauth2/tonr/pom.xml @@ -129,12 +129,6 @@ ${project.groupId} spring-security-oauth2 ${project.version} - - - org.codehaus.jackson - jackson-mapper-asl - - diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml index 8792eb992..ddd738d7f 100644 --- a/spring-security-oauth2/pom.xml +++ b/spring-security-oauth2/pom.xml @@ -13,7 +13,6 @@ Module for providing OAuth2 support to Spring Security - 1.9.13 2.9.10 3.0.1 1.0.11.RELEASE @@ -150,12 +149,6 @@ commons-codec - - org.codehaus.jackson - jackson-mapper-asl - ${jackson1.version} - - org.springframework.data spring-data-redis diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/DefaultOAuth2RefreshToken.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/DefaultOAuth2RefreshToken.java index c8df418d1..d3c1b4792 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/DefaultOAuth2RefreshToken.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/DefaultOAuth2RefreshToken.java @@ -2,8 +2,8 @@ import java.io.Serializable; -import org.codehaus.jackson.annotate.JsonCreator; -import org.codehaus.jackson.annotate.JsonValue; +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonValue; /** * An OAuth 2 refresh token. diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessToken.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessToken.java index 4176cf8b4..a756c154b 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessToken.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessToken.java @@ -20,11 +20,8 @@ * @author Dave Syer * */ -@org.codehaus.jackson.map.annotate.JsonSerialize(using = OAuth2AccessTokenJackson1Serializer.class) -@org.codehaus.jackson.map.annotate.JsonDeserialize(using = OAuth2AccessTokenJackson1Deserializer.class) @com.fasterxml.jackson.databind.annotation.JsonSerialize(using = OAuth2AccessTokenJackson2Serializer.class) @com.fasterxml.jackson.databind.annotation.JsonDeserialize(using = OAuth2AccessTokenJackson2Deserializer.class) - public interface OAuth2AccessToken { public static String BEARER_TYPE = "Bearer"; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1Deserializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1Deserializer.java deleted file mode 100644 index f5288bde7..000000000 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1Deserializer.java +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright 2006-2010 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on - * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the - * specific language governing permissions and limitations under the License. - */ -package org.springframework.security.oauth2.common; - -import java.io.IOException; -import java.util.Date; -import java.util.LinkedHashMap; -import java.util.Map; -import java.util.Set; - -import org.codehaus.jackson.JsonParseException; -import org.codehaus.jackson.JsonParser; -import org.codehaus.jackson.JsonProcessingException; -import org.codehaus.jackson.JsonToken; -import org.codehaus.jackson.map.DeserializationContext; -import org.codehaus.jackson.map.JsonDeserializer; -import org.codehaus.jackson.map.deser.StdDeserializer; -import org.springframework.security.oauth2.common.util.OAuth2Utils; - -/** - *

- * Provides the ability to deserialize JSON response into an {@link OAuth2AccessToken} with jackson by implementing - * {@link JsonDeserializer}. - *

- *

- * The expected format of the access token is defined by Successful Response. - *

- * - * @author Rob Winch - * @see OAuth2AccessTokenJackson1Serializer - */ -@SuppressWarnings("deprecation") -public final class OAuth2AccessTokenJackson1Deserializer extends StdDeserializer { - - public OAuth2AccessTokenJackson1Deserializer() { - super(OAuth2AccessToken.class); - } - - @Override - public OAuth2AccessToken deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, - JsonProcessingException { - - String tokenValue = null; - String tokenType = null; - String refreshToken = null; - Long expiresIn = null; - Set scope = null; - Map additionalInformation = new LinkedHashMap(); - - // TODO What should occur if a parameter exists twice - while (jp.nextToken() != JsonToken.END_OBJECT) { - String name = jp.getCurrentName(); - jp.nextToken(); - if (OAuth2AccessToken.ACCESS_TOKEN.equals(name)) { - tokenValue = jp.getText(); - } - else if (OAuth2AccessToken.TOKEN_TYPE.equals(name)) { - tokenType = jp.getText(); - } - else if (OAuth2AccessToken.REFRESH_TOKEN.equals(name)) { - refreshToken = jp.getText(); - } - else if (OAuth2AccessToken.EXPIRES_IN.equals(name)) { - try { - expiresIn = jp.getLongValue(); - } catch (JsonParseException e) { - expiresIn = Long.valueOf(jp.getText()); - } - } - else if (OAuth2AccessToken.SCOPE.equals(name)) { - String text = jp.getText(); - scope = OAuth2Utils.parseParameterList(text); - } else { - additionalInformation.put(name, jp.readValueAs(Object.class)); - } - } - - // TODO What should occur if a required parameter (tokenValue or tokenType) is missing? - - DefaultOAuth2AccessToken accessToken = new DefaultOAuth2AccessToken(tokenValue); - accessToken.setTokenType(tokenType); - if (expiresIn != null) { - accessToken.setExpiration(new Date(System.currentTimeMillis() + (expiresIn * 1000))); - } - if (refreshToken != null) { - accessToken.setRefreshToken(new DefaultOAuth2RefreshToken(refreshToken)); - } - accessToken.setScope(scope); - accessToken.setAdditionalInformation(additionalInformation); - - return accessToken; - } -} \ No newline at end of file diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1Serializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1Serializer.java deleted file mode 100644 index 1fd3fe777..000000000 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1Serializer.java +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright 2006-2010 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on - * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the - * specific language governing permissions and limitations under the License. - */ -package org.springframework.security.oauth2.common; - -import java.io.IOException; -import java.util.Date; -import java.util.Map; -import java.util.Set; - -import org.codehaus.jackson.JsonGenerationException; -import org.codehaus.jackson.JsonGenerator; -import org.codehaus.jackson.map.JsonSerializer; -import org.codehaus.jackson.map.SerializerProvider; -import org.codehaus.jackson.map.ser.SerializerBase; -import org.springframework.util.Assert; - -/** - * Provides the ability to serialize an {@link OAuth2AccessToken} with jackson by implementing {@link JsonSerializer}. - * Refer to {@link OAuth2AccessTokenJackson1Deserializer} to learn more about the JSON format that is used. - * - * @author Rob Winch - * @see OAuth2AccessTokenJackson1Deserializer - */ -@SuppressWarnings("deprecation") -public final class OAuth2AccessTokenJackson1Serializer extends SerializerBase { - - public OAuth2AccessTokenJackson1Serializer() { - super(OAuth2AccessToken.class); - } - - @Override - public void serialize(OAuth2AccessToken token, JsonGenerator jgen, SerializerProvider provider) throws IOException, - JsonGenerationException { - jgen.writeStartObject(); - jgen.writeStringField(OAuth2AccessToken.ACCESS_TOKEN, token.getValue()); - jgen.writeStringField(OAuth2AccessToken.TOKEN_TYPE, token.getTokenType()); - OAuth2RefreshToken refreshToken = token.getRefreshToken(); - if (refreshToken != null) { - jgen.writeStringField(OAuth2AccessToken.REFRESH_TOKEN, refreshToken.getValue()); - } - Date expiration = token.getExpiration(); - if (expiration != null) { - long now = System.currentTimeMillis(); - jgen.writeNumberField(OAuth2AccessToken.EXPIRES_IN, (expiration.getTime() - now) / 1000); - } - Set scope = token.getScope(); - if (scope != null && !scope.isEmpty()) { - StringBuffer scopes = new StringBuffer(); - for (String s : scope) { - Assert.hasLength(s, "Scopes cannot be null or empty. Got " + scope + ""); - scopes.append(s); - scopes.append(" "); - } - jgen.writeStringField(OAuth2AccessToken.SCOPE, scopes.substring(0, scopes.length() - 1)); - } - Map additionalInformation = token.getAdditionalInformation(); - for (String key : additionalInformation.keySet()) { - jgen.writeObjectField(key, additionalInformation.get(key)); - } - jgen.writeEndObject(); - } -} \ No newline at end of file diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Serializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Serializer.java index 60632949b..e3a140955 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Serializer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Serializer.java @@ -26,7 +26,8 @@ /** * Provides the ability to serialize an {@link org.springframework.security.oauth2.common.OAuth2AccessToken} with jackson2 by implementing {@link com.fasterxml.jackson.databind.JsonDeserializer}. - * Refer to {@link org.springframework.security.oauth2.common.OAuth2AccessTokenJackson1Deserializer} to learn more about the JSON format that is used. + * + * The expected format of the access token is defined by Successful Response. * * @author Rob Winch * @author Brian Clozel diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2RefreshToken.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2RefreshToken.java index 2caf151e7..a666b6494 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2RefreshToken.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2RefreshToken.java @@ -12,7 +12,7 @@ */ package org.springframework.security.oauth2.common; -import org.codehaus.jackson.annotate.JsonValue; +import com.fasterxml.jackson.annotation.JsonValue; /** * @author Dave Syer diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2Exception.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2Exception.java index 17819a1e3..c3e8f9229 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2Exception.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2Exception.java @@ -12,8 +12,6 @@ * @author Dave Syer */ @SuppressWarnings("serial") -@org.codehaus.jackson.map.annotate.JsonSerialize(using = OAuth2ExceptionJackson1Serializer.class) -@org.codehaus.jackson.map.annotate.JsonDeserialize(using = OAuth2ExceptionJackson1Deserializer.class) @com.fasterxml.jackson.databind.annotation.JsonSerialize(using = OAuth2ExceptionJackson2Serializer.class) @com.fasterxml.jackson.databind.annotation.JsonDeserialize(using = OAuth2ExceptionJackson2Deserializer.class) public class OAuth2Exception extends RuntimeException { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Deserializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Deserializer.java deleted file mode 100644 index a32e4e521..000000000 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Deserializer.java +++ /dev/null @@ -1,130 +0,0 @@ -/* - * Copyright 2006-2011 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on - * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the - * specific language governing permissions and limitations under the License. - */ -package org.springframework.security.oauth2.common.exceptions; - -import java.io.IOException; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import org.codehaus.jackson.JsonParser; -import org.codehaus.jackson.JsonProcessingException; -import org.codehaus.jackson.JsonToken; -import org.codehaus.jackson.map.DeserializationContext; -import org.codehaus.jackson.map.JsonDeserializer; -import org.springframework.security.oauth2.common.util.OAuth2Utils; - -/** - * @author Dave Syer - * - */ -public class OAuth2ExceptionJackson1Deserializer extends JsonDeserializer { - - @Override - public OAuth2Exception deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, - JsonProcessingException { - - JsonToken t = jp.getCurrentToken(); - if (t == JsonToken.START_OBJECT) { - t = jp.nextToken(); - } - Map errorParams = new HashMap(); - for (; t == JsonToken.FIELD_NAME; t = jp.nextToken()) { - // Must point to field name - String fieldName = jp.getCurrentName(); - // And then the value... - t = jp.nextToken(); - // Note: must handle null explicitly here; value deserializers won't - Object value; - if (t == JsonToken.VALUE_NULL) { - value = null; - } - // Some servers might send back complex content - else if (t == JsonToken.START_ARRAY) { - value = jp.readValueAs(List.class); - } - else if (t == JsonToken.START_OBJECT) { - value = jp.readValueAs(Map.class); - } - else { - value = jp.getText(); - } - errorParams.put(fieldName, value); - } - - Object errorCode = errorParams.get("error"); - String errorMessage = errorParams.containsKey("error_description") ? errorParams.get("error_description") - .toString() : null; - if (errorMessage == null) { - errorMessage = errorCode == null ? "OAuth Error" : errorCode.toString(); - } - - OAuth2Exception ex; - if ("invalid_client".equals(errorCode)) { - ex = new InvalidClientException(errorMessage); - } - else if ("unauthorized_client".equals(errorCode)) { - ex = new UnauthorizedClientException(errorMessage); - } - else if ("invalid_grant".equals(errorCode)) { - if (errorMessage.toLowerCase().contains("redirect") && errorMessage.toLowerCase().contains("match")) { - ex = new RedirectMismatchException(errorMessage); - } - else { - ex = new InvalidGrantException(errorMessage); - } - } - else if ("invalid_scope".equals(errorCode)) { - ex = new InvalidScopeException(errorMessage); - } - else if ("invalid_token".equals(errorCode)) { - ex = new InvalidTokenException(errorMessage); - } - else if ("invalid_request".equals(errorCode)) { - ex = new InvalidRequestException(errorMessage); - } - else if ("redirect_uri_mismatch".equals(errorCode)) { - ex = new RedirectMismatchException(errorMessage); - } - else if ("unsupported_grant_type".equals(errorCode)) { - ex = new UnsupportedGrantTypeException(errorMessage); - } - else if ("unsupported_response_type".equals(errorCode)) { - ex = new UnsupportedResponseTypeException(errorMessage); - } - else if ("access_denied".equals(errorCode)) { - ex = new UserDeniedAuthorizationException(errorMessage); - } - else if ("insufficient_scope".equals(errorCode)) { - ex = new InsufficientScopeException(errorMessage, OAuth2Utils.parseParameterList((String) errorParams - .get("scope"))); - } - else { - ex = new OAuth2Exception(errorMessage); - } - - Set> entries = errorParams.entrySet(); - for (Map.Entry entry : entries) { - String key = entry.getKey(); - if (!"error".equals(key) && !"error_description".equals(key)) { - Object value = entry.getValue(); - ex.addAdditionalInformation(key, value == null ? null : value.toString()); - } - } - - return ex; - - } - -} diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Serializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Serializer.java deleted file mode 100644 index 6ebeb13a6..000000000 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Serializer.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright 2006-2011 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on - * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the - * specific language governing permissions and limitations under the License. - */ -package org.springframework.security.oauth2.common.exceptions; - -import java.io.IOException; -import java.util.Map.Entry; - -import org.codehaus.jackson.JsonGenerator; -import org.codehaus.jackson.JsonProcessingException; -import org.codehaus.jackson.map.JsonSerializer; -import org.codehaus.jackson.map.SerializerProvider; - -/** - * @author Dave Syer - * - */ -public class OAuth2ExceptionJackson1Serializer extends JsonSerializer { - - @Override - public void serialize(OAuth2Exception value, JsonGenerator jgen, SerializerProvider provider) throws IOException, - JsonProcessingException { - jgen.writeStartObject(); - jgen.writeStringField("error", value.getOAuth2ErrorCode()); - jgen.writeStringField("error_description", value.getMessage()); - if (value.getAdditionalInformation()!=null) { - for (Entry entry : value.getAdditionalInformation().entrySet()) { - String key = entry.getKey(); - String add = entry.getValue(); - jgen.writeStringField(key, add); - } - } - jgen.writeEndObject(); - } - -} diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JacksonJsonParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JacksonJsonParser.java deleted file mode 100644 index a79502e52..000000000 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JacksonJsonParser.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright 2013-2014 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on - * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the - * specific language governing permissions and limitations under the License. - */ - -package org.springframework.security.oauth2.common.util; - -import java.util.Map; - -import org.codehaus.jackson.map.ObjectMapper; - -/** - * @author Dave Syer - * - */ -public class JacksonJsonParser implements JsonParser { - - private ObjectMapper mapper = new ObjectMapper(); - - @SuppressWarnings("unchecked") - @Override - public Map parseMap(String json) { - try { - return mapper.readValue(json, Map.class); - } - catch (Exception e) { - throw new IllegalArgumentException("Cannot parse json", e); - } - } - - @Override - public String formatMap(Map map) { - try { - return mapper.writeValueAsString(map); - } - catch (Exception e) { - throw new IllegalArgumentException("Cannot format json", e); - } - } - -} diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonDateDeserializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonDateDeserializer.java index c17125c7d..07e516aca 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonDateDeserializer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonDateDeserializer.java @@ -1,28 +1,31 @@ /* - * Cloud Foundry 2012.02.03 Beta - * Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved. + * Copyright 2002-2019 the original author or authors. * - * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at * - * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ -package org.springframework.security.oauth2.common.util; -import org.codehaus.jackson.JsonParseException; -import org.codehaus.jackson.JsonParser; -import org.codehaus.jackson.JsonProcessingException; -import org.codehaus.jackson.map.DeserializationContext; -import org.codehaus.jackson.map.JsonDeserializer; +package org.springframework.security.oauth2.common.util; import java.io.IOException; import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Date; +import com.fasterxml.jackson.core.JsonParseException; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; + /** * JSON deserializer for Jackson to handle regular date instances as timestamps in ISO format. * @@ -34,7 +37,7 @@ public class JsonDateDeserializer extends JsonDeserializer { private static final SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"); @Override - public Date deserialize(JsonParser parser, DeserializationContext context) throws IOException, JsonProcessingException { + public Date deserialize(com.fasterxml.jackson.core.JsonParser parser, DeserializationContext context) throws IOException, JsonProcessingException { try { synchronized (dateFormat) { return dateFormat.parse(parser.getText()); @@ -44,5 +47,4 @@ public Date deserialize(JsonParser parser, DeserializationContext context) throw throw new JsonParseException("Could not parse date", parser.getCurrentLocation(), e); } } - } \ No newline at end of file diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonDateSerializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonDateSerializer.java index d4df5c793..a8c88b7e1 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonDateSerializer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonDateSerializer.java @@ -1,26 +1,30 @@ /* - * Cloud Foundry 2012.02.03 Beta - * Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved. + * Copyright 2002-2019 the original author or authors. * - * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at * - * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ -package org.springframework.security.oauth2.common.util; -import org.codehaus.jackson.JsonGenerator; -import org.codehaus.jackson.JsonProcessingException; -import org.codehaus.jackson.map.JsonSerializer; -import org.codehaus.jackson.map.SerializerProvider; +package org.springframework.security.oauth2.common.util; import java.io.IOException; import java.text.SimpleDateFormat; import java.util.Date; +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.JsonSerializer; +import com.fasterxml.jackson.databind.SerializerProvider; + /** * JSON serializer for Jackson to handle regular date instances as timestamps in ISO format. * diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParserFactory.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParserFactory.java index 2ec9aa2da..ad3e574c5 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParserFactory.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParserFactory.java @@ -25,10 +25,7 @@ public static JsonParser create() { if (ClassUtils.isPresent("com.fasterxml.jackson.databind.ObjectMapper", null)) { return new Jackson2JsonParser(); } - if (ClassUtils.isPresent("org.codehaus.jackson.map.ObjectMapper", null)) { - return new JacksonJsonParser(); - } - throw new IllegalStateException("No Jackson parser found. Please add Jackson to your classpath."); + throw new IllegalStateException("No Jackson 2 parser found. Please add Jackson 2 to your classpath."); } } diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/Approval.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/Approval.java index 27bbf8262..22a368284 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/Approval.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/Approval.java @@ -19,9 +19,10 @@ import java.util.Calendar; import java.util.Date; -import org.codehaus.jackson.annotate.JsonIgnore; -import org.codehaus.jackson.map.annotate.JsonDeserialize; -import org.codehaus.jackson.map.annotate.JsonSerialize; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import com.fasterxml.jackson.databind.annotation.JsonSerialize; + import org.springframework.security.oauth2.common.util.JsonDateDeserializer; import org.springframework.security.oauth2.common.util.JsonDateSerializer; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/BaseClientDetails.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/BaseClientDetails.java index 0dccf8230..97995b88b 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/BaseClientDetails.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/BaseClientDetails.java @@ -24,59 +24,43 @@ * @author Dave Syer */ @SuppressWarnings("serial") -@org.codehaus.jackson.map.annotate.JsonSerialize(include = org.codehaus.jackson.map.annotate.JsonSerialize.Inclusion.NON_DEFAULT) -@org.codehaus.jackson.annotate.JsonIgnoreProperties(ignoreUnknown = true) @com.fasterxml.jackson.annotation.JsonInclude(com.fasterxml.jackson.annotation.JsonInclude.Include.NON_DEFAULT) @com.fasterxml.jackson.annotation.JsonIgnoreProperties(ignoreUnknown = true) public class BaseClientDetails implements ClientDetails { - @org.codehaus.jackson.annotate.JsonProperty("client_id") @com.fasterxml.jackson.annotation.JsonProperty("client_id") private String clientId; - @org.codehaus.jackson.annotate.JsonProperty("client_secret") @com.fasterxml.jackson.annotation.JsonProperty("client_secret") private String clientSecret; - @org.codehaus.jackson.map.annotate.JsonDeserialize(using = JacksonArrayOrStringDeserializer.class) @com.fasterxml.jackson.databind.annotation.JsonDeserialize(using = Jackson2ArrayOrStringDeserializer.class) private Set scope = Collections.emptySet(); - @org.codehaus.jackson.annotate.JsonProperty("resource_ids") - @org.codehaus.jackson.map.annotate.JsonDeserialize(using = JacksonArrayOrStringDeserializer.class) @com.fasterxml.jackson.annotation.JsonProperty("resource_ids") @com.fasterxml.jackson.databind.annotation.JsonDeserialize(using = Jackson2ArrayOrStringDeserializer.class) private Set resourceIds = Collections.emptySet(); - @org.codehaus.jackson.annotate.JsonProperty("authorized_grant_types") - @org.codehaus.jackson.map.annotate.JsonDeserialize(using = JacksonArrayOrStringDeserializer.class) @com.fasterxml.jackson.annotation.JsonProperty("authorized_grant_types") @com.fasterxml.jackson.databind.annotation.JsonDeserialize(using = Jackson2ArrayOrStringDeserializer.class) private Set authorizedGrantTypes = Collections.emptySet(); - @org.codehaus.jackson.annotate.JsonProperty("redirect_uri") - @org.codehaus.jackson.map.annotate.JsonDeserialize(using = JacksonArrayOrStringDeserializer.class) @com.fasterxml.jackson.annotation.JsonProperty("redirect_uri") @com.fasterxml.jackson.databind.annotation.JsonDeserialize(using = Jackson2ArrayOrStringDeserializer.class) private Set registeredRedirectUris; - @org.codehaus.jackson.annotate.JsonProperty("autoapprove") - @org.codehaus.jackson.map.annotate.JsonDeserialize(using = JacksonArrayOrStringDeserializer.class) @com.fasterxml.jackson.annotation.JsonProperty("autoapprove") @com.fasterxml.jackson.databind.annotation.JsonDeserialize(using = Jackson2ArrayOrStringDeserializer.class) private Set autoApproveScopes; private List authorities = Collections.emptyList(); - @org.codehaus.jackson.annotate.JsonProperty("access_token_validity") @com.fasterxml.jackson.annotation.JsonProperty("access_token_validity") private Integer accessTokenValiditySeconds; - @org.codehaus.jackson.annotate.JsonProperty("refresh_token_validity") @com.fasterxml.jackson.annotation.JsonProperty("refresh_token_validity") private Integer refreshTokenValiditySeconds; - @org.codehaus.jackson.annotate.JsonIgnore @com.fasterxml.jackson.annotation.JsonIgnore private Map additionalInformation = new LinkedHashMap(); @@ -142,7 +126,6 @@ public BaseClientDetails(String clientId, String resourceIds, } } - @org.codehaus.jackson.annotate.JsonIgnore @com.fasterxml.jackson.annotation.JsonIgnore public String getClientId() { return clientId; @@ -169,19 +152,16 @@ public boolean isAutoApprove(String scope) { return false; } - @org.codehaus.jackson.annotate.JsonIgnore @com.fasterxml.jackson.annotation.JsonIgnore public Set getAutoApproveScopes() { return autoApproveScopes; } - @org.codehaus.jackson.annotate.JsonIgnore @com.fasterxml.jackson.annotation.JsonIgnore public boolean isSecretRequired() { return this.clientSecret != null; } - @org.codehaus.jackson.annotate.JsonIgnore @com.fasterxml.jackson.annotation.JsonIgnore public String getClientSecret() { return clientSecret; @@ -191,7 +171,6 @@ public void setClientSecret(String clientSecret) { this.clientSecret = clientSecret; } - @org.codehaus.jackson.annotate.JsonIgnore @com.fasterxml.jackson.annotation.JsonIgnore public boolean isScoped() { return this.scope != null && !this.scope.isEmpty(); @@ -206,7 +185,6 @@ public void setScope(Collection scope) { : new LinkedHashSet(scope); } - @org.codehaus.jackson.annotate.JsonIgnore @com.fasterxml.jackson.annotation.JsonIgnore public Set getResourceIds() { return resourceIds; @@ -217,7 +195,6 @@ public void setResourceIds(Collection resourceIds) { . emptySet() : new LinkedHashSet(resourceIds); } - @org.codehaus.jackson.annotate.JsonIgnore @com.fasterxml.jackson.annotation.JsonIgnore public Set getAuthorizedGrantTypes() { return authorizedGrantTypes; @@ -228,7 +205,6 @@ public void setAuthorizedGrantTypes(Collection authorizedGrantTypes) { authorizedGrantTypes); } - @org.codehaus.jackson.annotate.JsonIgnore @com.fasterxml.jackson.annotation.JsonIgnore public Set getRegisteredRedirectUri() { return registeredRedirectUris; @@ -239,15 +215,12 @@ public void setRegisteredRedirectUri(Set registeredRedirectUris) { : new LinkedHashSet(registeredRedirectUris); } - @org.codehaus.jackson.annotate.JsonProperty("authorities") @com.fasterxml.jackson.annotation.JsonProperty("authorities") private List getAuthoritiesAsStrings() { return new ArrayList( AuthorityUtils.authorityListToSet(authorities)); } - @org.codehaus.jackson.annotate.JsonProperty("authorities") - @org.codehaus.jackson.map.annotate.JsonDeserialize(using = JacksonArrayOrStringDeserializer.class) @com.fasterxml.jackson.annotation.JsonProperty("authorities") @com.fasterxml.jackson.databind.annotation.JsonDeserialize(using = Jackson2ArrayOrStringDeserializer.class) private void setAuthoritiesAsStrings(Set values) { @@ -255,20 +228,17 @@ private void setAuthoritiesAsStrings(Set values) { .toArray(new String[values.size()]))); } - @org.codehaus.jackson.annotate.JsonIgnore @com.fasterxml.jackson.annotation.JsonIgnore public Collection getAuthorities() { return authorities; } - @org.codehaus.jackson.annotate.JsonIgnore @com.fasterxml.jackson.annotation.JsonIgnore public void setAuthorities( Collection authorities) { this.authorities = new ArrayList(authorities); } - @org.codehaus.jackson.annotate.JsonIgnore @com.fasterxml.jackson.annotation.JsonIgnore public Integer getAccessTokenValiditySeconds() { return accessTokenValiditySeconds; @@ -278,7 +248,6 @@ public void setAccessTokenValiditySeconds(Integer accessTokenValiditySeconds) { this.accessTokenValiditySeconds = accessTokenValiditySeconds; } - @org.codehaus.jackson.annotate.JsonIgnore @com.fasterxml.jackson.annotation.JsonIgnore public Integer getRefreshTokenValiditySeconds() { return refreshTokenValiditySeconds; @@ -294,13 +263,11 @@ public void setAdditionalInformation(Map additionalInformation) { additionalInformation); } - @org.codehaus.jackson.annotate.JsonAnyGetter @com.fasterxml.jackson.annotation.JsonAnyGetter public Map getAdditionalInformation() { return Collections.unmodifiableMap(this.additionalInformation); } - @org.codehaus.jackson.annotate.JsonAnySetter @com.fasterxml.jackson.annotation.JsonAnySetter public void addAdditionalInformation(String key, Object value) { this.additionalInformation.put(key, value); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/JacksonArrayOrStringDeserializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/JacksonArrayOrStringDeserializer.java deleted file mode 100644 index 18677562a..000000000 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/JacksonArrayOrStringDeserializer.java +++ /dev/null @@ -1,41 +0,0 @@ -package org.springframework.security.oauth2.provider.client; - -import java.io.IOException; -import java.util.Arrays; -import java.util.LinkedHashSet; -import java.util.Set; - -import org.codehaus.jackson.JsonParser; -import org.codehaus.jackson.JsonProcessingException; -import org.codehaus.jackson.JsonToken; -import org.codehaus.jackson.map.DeserializationContext; -import org.codehaus.jackson.map.deser.std.StdDeserializer; -import org.codehaus.jackson.map.type.SimpleType; -import org.codehaus.jackson.type.JavaType; -import org.codehaus.jackson.type.TypeReference; -import org.springframework.util.StringUtils; - -public class JacksonArrayOrStringDeserializer extends StdDeserializer> { - - public JacksonArrayOrStringDeserializer() { - super(Set.class); - } - - @Override - public JavaType getValueType() { - return SimpleType.construct(String.class); - } - - @Override - public Set deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, - JsonProcessingException { - JsonToken token = jp.getCurrentToken(); - if (token.isScalarValue()) { - String list = jp.getText(); - list = list.replaceAll("\\s+", ","); - return new LinkedHashSet(Arrays.asList(StringUtils.commaDelimitedListToStringArray(list))); - } - return jp.readValueAs(new TypeReference>() { - }); - } -} \ No newline at end of file diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/JdbcClientDetailsService.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/JdbcClientDetailsService.java index d4a4ef465..49244d5d1 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/JdbcClientDetailsService.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/JdbcClientDetailsService.java @@ -23,11 +23,12 @@ import java.util.List; import java.util.Map; import java.util.Set; - import javax.sql.DataSource; +import com.fasterxml.jackson.databind.ObjectMapper; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; + import org.springframework.dao.DuplicateKeyException; import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.jdbc.core.JdbcTemplate; @@ -287,29 +288,12 @@ interface JsonMapper { } private static JsonMapper createJsonMapper() { - if (ClassUtils.isPresent("org.codehaus.jackson.map.ObjectMapper", null)) { - return new JacksonMapper(); - } - else if (ClassUtils.isPresent("com.fasterxml.jackson.databind.ObjectMapper", null)) { + if (ClassUtils.isPresent("com.fasterxml.jackson.databind.ObjectMapper", null)) { return new Jackson2Mapper(); } return new NotSupportedJsonMapper(); } - private static class JacksonMapper implements JsonMapper { - private org.codehaus.jackson.map.ObjectMapper mapper = new org.codehaus.jackson.map.ObjectMapper(); - - @Override - public String write(Object input) throws Exception { - return mapper.writeValueAsString(input); - } - - @Override - public T read(String input, Class type) throws Exception { - return mapper.readValue(input, type); - } - } - private static class Jackson2Mapper implements JsonMapper { private com.fasterxml.jackson.databind.ObjectMapper mapper = new com.fasterxml.jackson.databind.ObjectMapper(); @@ -328,13 +312,13 @@ private static class NotSupportedJsonMapper implements JsonMapper { @Override public String write(Object input) throws Exception { throw new UnsupportedOperationException( - "Neither Jackson 1 nor 2 is available so JSON conversion cannot be done"); + "Jackson 2 is not available so JSON conversion cannot be done"); } @Override public T read(String input, Class type) throws Exception { throw new UnsupportedOperationException( - "Neither Jackson 1 nor 2 is available so JSON conversion cannot be done"); + "Jackson 2 is not available so JSON conversion cannot be done"); } } diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupportTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupportTests.java index 3a0430d3d..c5a0c66af 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupportTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupportTests.java @@ -16,8 +16,6 @@ package org.springframework.security.oauth2.client.token; -import static org.junit.Assert.assertEquals; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -26,9 +24,10 @@ import java.net.URI; import java.util.Arrays; -import org.codehaus.jackson.map.ObjectMapper; +import com.fasterxml.jackson.databind.ObjectMapper; import org.junit.Before; import org.junit.Test; + import org.springframework.http.HttpHeaders; import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; @@ -45,6 +44,8 @@ import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; +import static org.junit.Assert.assertEquals; + /** * @author Dave Syer * diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProviderWithConversionTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProviderWithConversionTests.java index c4593439d..61a645551 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProviderWithConversionTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProviderWithConversionTests.java @@ -12,9 +12,6 @@ */ package org.springframework.security.oauth2.client.token.grant.code; -import static org.hamcrest.CoreMatchers.instanceOf; -import static org.junit.Assert.assertEquals; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -23,13 +20,14 @@ import java.net.URI; import java.net.URISyntaxException; -import org.codehaus.jackson.map.ObjectMapper; +import com.fasterxml.jackson.databind.ObjectMapper; import org.hamcrest.Description; import org.hamcrest.Matcher; import org.hamcrest.TypeSafeMatcher; import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; + import org.springframework.http.HttpHeaders; import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; @@ -44,6 +42,9 @@ import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.exceptions.InvalidClientException; +import static org.hamcrest.CoreMatchers.instanceOf; +import static org.junit.Assert.assertEquals; + /** * @author Dave Syer * diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/JsonSerializationTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/JsonSerializationTests.java index 15168df0b..c51fcc367 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/JsonSerializationTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/JsonSerializationTests.java @@ -16,16 +16,17 @@ package org.springframework.security.oauth2.common; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; - import java.util.Date; -import org.codehaus.jackson.map.ObjectMapper; +import com.fasterxml.jackson.databind.ObjectMapper; import org.junit.Test; + import org.springframework.security.oauth2.common.exceptions.InvalidClientException; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + /** * @author Dave Syer * diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1DeserializerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1DeserializerTests.java deleted file mode 100644 index ff855f5d3..000000000 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1DeserializerTests.java +++ /dev/null @@ -1,125 +0,0 @@ -/* - * Copyright 2011 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on - * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the - * specific language governing permissions and limitations under the License. - */ -package org.springframework.security.oauth2.common; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNull; - -import java.io.IOException; -import java.util.Date; -import java.util.HashSet; - -import org.codehaus.jackson.JsonGenerationException; -import org.codehaus.jackson.map.JsonMappingException; -import org.codehaus.jackson.map.ObjectMapper; -import org.junit.Before; -import org.junit.Test; -import org.powermock.core.classloader.annotations.PrepareForTest; - -/** - * Tests deserialization of an {@link OAuth2AccessToken} using jackson. - * - * @author Rob Winch - */ -@PrepareForTest(OAuth2AccessTokenJackson1Deserializer.class) -public class OAuth2AccessTokenJackson1DeserializerTests extends BaseOAuth2AccessTokenJacksonTest { - - protected ObjectMapper mapper; - - @Before - public void createObjectMapper() { - mapper = new ObjectMapper(); - } - - @Test - public void readValueNoRefresh() throws JsonGenerationException, JsonMappingException, IOException { - accessToken.setRefreshToken(null); - accessToken.setScope(null); - OAuth2AccessToken actual = mapper.readValue(ACCESS_TOKEN_NOREFRESH, OAuth2AccessToken.class); - assertTokenEquals(accessToken,actual); - } - - @Test - public void readValueWithRefresh() throws JsonGenerationException, JsonMappingException, IOException { - accessToken.setScope(null); - OAuth2AccessToken actual = mapper.readValue(ACCESS_TOKEN_NOSCOPE, OAuth2AccessToken.class); - assertTokenEquals(accessToken,actual); - } - - @Test - public void readValueWithSingleScopes() throws JsonGenerationException, JsonMappingException, IOException { - accessToken.getScope().remove(accessToken.getScope().iterator().next()); - OAuth2AccessToken actual = mapper.readValue(ACCESS_TOKEN_SINGLESCOPE, OAuth2AccessToken.class); - assertTokenEquals(accessToken,actual); - } - - @Test - public void readValueWithEmptyStringScope() throws JsonGenerationException, JsonMappingException, IOException { - accessToken.setScope(new HashSet()); - OAuth2AccessToken actual = mapper.readValue(ACCESS_TOKEN_EMPTYSCOPE, OAuth2AccessToken.class); - assertTokenEquals(accessToken, actual); - } - - @Test - public void readValueWithBrokenExpiresIn() throws JsonGenerationException, JsonMappingException, IOException { - accessToken.setScope(new HashSet()); - OAuth2AccessToken actual = mapper.readValue(ACCESS_TOKEN_BROKENEXPIRES, OAuth2AccessToken.class); - assertTokenEquals(accessToken, actual); - } - - @Test - public void readValueWithMultiScopes() throws Exception { - OAuth2AccessToken actual = mapper.readValue(ACCESS_TOKEN_MULTISCOPE, OAuth2AccessToken.class); - assertTokenEquals(accessToken,actual); - } - - @Test - public void readValueWithMac() throws Exception { - accessToken.setTokenType("mac"); - String encodedToken = ACCESS_TOKEN_MULTISCOPE.replace("bearer", accessToken.getTokenType()); - OAuth2AccessToken actual = mapper.readValue(encodedToken, OAuth2AccessToken.class); - assertTokenEquals(accessToken,actual); - } - - @Test - public void readValueWithAdditionalInformation() throws Exception { - OAuth2AccessToken actual = mapper.readValue(ACCESS_TOKEN_ADDITIONAL_INFO, OAuth2AccessToken.class); - accessToken.setAdditionalInformation(additionalInformation); - accessToken.setRefreshToken(null); - accessToken.setScope(null); - accessToken.setExpiration(null); - assertTokenEquals(accessToken,actual); - } - - private static void assertTokenEquals(OAuth2AccessToken expected, OAuth2AccessToken actual) { - assertEquals(expected.getTokenType(), actual.getTokenType()); - assertEquals(expected.getValue(), actual.getValue()); - - OAuth2RefreshToken expectedRefreshToken = expected.getRefreshToken(); - if (expectedRefreshToken == null) { - assertNull(actual.getRefreshToken()); - } - else { - assertEquals(expectedRefreshToken.getValue(), actual.getRefreshToken().getValue()); - } - assertEquals(expected.getScope(), actual.getScope()); - Date expectedExpiration = expected.getExpiration(); - if (expectedExpiration == null) { - assertNull(actual.getExpiration()); - } - else { - assertEquals(expectedExpiration.getTime(), actual.getExpiration().getTime()); - } - assertEquals(expected.getAdditionalInformation(), actual.getAdditionalInformation()); - } -} \ No newline at end of file diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1SerializerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1SerializerTests.java deleted file mode 100644 index 609c2fa3c..000000000 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1SerializerTests.java +++ /dev/null @@ -1,118 +0,0 @@ -package org.springframework.security.oauth2.common; - -import static org.junit.Assert.assertEquals; - -import java.io.IOException; - -import org.codehaus.jackson.JsonGenerationException; -import org.codehaus.jackson.map.JsonMappingException; -import org.codehaus.jackson.map.ObjectMapper; -import org.junit.Before; -import org.junit.Test; -import org.powermock.core.classloader.annotations.PrepareForTest; - -/** - * Tests serialization of an {@link OAuth2AccessToken} using jackson. - * - * @author Rob Winch - */ -@PrepareForTest(OAuth2AccessTokenJackson1Serializer.class) -public class OAuth2AccessTokenJackson1SerializerTests extends BaseOAuth2AccessTokenJacksonTest { - - protected ObjectMapper mapper; - - @Before - public void createObjectMapper() { - mapper = new ObjectMapper(); - } - - @Test - public void writeValueAsStringNoRefresh() throws JsonGenerationException, JsonMappingException, IOException { - accessToken.setRefreshToken(null); - accessToken.setScope(null); - String encodedAccessToken = mapper.writeValueAsString(accessToken); - assertEquals(BaseOAuth2AccessTokenJacksonTest.ACCESS_TOKEN_NOREFRESH, encodedAccessToken); - } - - @Test - public void writeValueAsStringWithRefresh() throws JsonGenerationException, JsonMappingException, IOException { - accessToken.setScope(null); - String encodedAccessToken = mapper.writeValueAsString(accessToken); - assertEquals(BaseOAuth2AccessTokenJacksonTest.ACCESS_TOKEN_NOSCOPE, encodedAccessToken); - } - - @Test - public void writeValueAsStringWithEmptyScope() throws JsonGenerationException, JsonMappingException, IOException { - accessToken.getScope().clear(); - String encodedAccessToken = mapper.writeValueAsString(accessToken); - assertEquals(BaseOAuth2AccessTokenJacksonTest.ACCESS_TOKEN_NOSCOPE, encodedAccessToken); - } - - @Test - public void writeValueAsStringWithSingleScopes() throws JsonGenerationException, JsonMappingException, IOException { - accessToken.getScope().remove(accessToken.getScope().iterator().next()); - String encodedAccessToken = mapper.writeValueAsString(accessToken); - assertEquals(BaseOAuth2AccessTokenJacksonTest.ACCESS_TOKEN_SINGLESCOPE, encodedAccessToken); - } - - @Test - public void writeValueAsStringWithNullScope() throws JsonGenerationException, JsonMappingException, IOException { - thrown.expect(JsonMappingException.class); - thrown.expectMessage("Scopes cannot be null or empty. Got [null]"); - - accessToken.getScope().clear(); - try { - accessToken.getScope().add(null); - } - catch (NullPointerException e) { - // short circuit NPE from Java 7 (which is correct but only relevant for this test) - throw new JsonMappingException("Scopes cannot be null or empty. Got [null]"); - } - mapper.writeValueAsString(accessToken); - } - - @Test - public void writeValueAsStringWithEmptyStringScope() throws JsonGenerationException, JsonMappingException, - IOException { - thrown.expect(JsonMappingException.class); - thrown.expectMessage("Scopes cannot be null or empty. Got []"); - - accessToken.getScope().clear(); - accessToken.getScope().add(""); - mapper.writeValueAsString(accessToken); - } - - @Test - public void writeValueAsStringWithQuoteInScope() throws JsonGenerationException, JsonMappingException, IOException { - accessToken.getScope().add("\""); - String encodedAccessToken = mapper.writeValueAsString(accessToken); - assertEquals( - "{\"access_token\":\"token-value\",\"token_type\":\"bearer\",\"refresh_token\":\"refresh-value\",\"expires_in\":10,\"scope\":\"\\\" read write\"}", - encodedAccessToken); - } - - @Test - public void writeValueAsStringWithMultiScopes() throws JsonGenerationException, JsonMappingException, IOException { - String encodedAccessToken = mapper.writeValueAsString(accessToken); - assertEquals(ACCESS_TOKEN_MULTISCOPE, encodedAccessToken); - } - - @Test - public void writeValueAsStringWithMac() throws Exception { - accessToken.setTokenType("mac"); - String expectedEncodedAccessToken = ACCESS_TOKEN_MULTISCOPE.replace("bearer", accessToken.getTokenType()); - String encodedAccessToken = mapper.writeValueAsString(accessToken); - assertEquals(expectedEncodedAccessToken, encodedAccessToken); - } - - @Test - public void writeValueWithAdditionalInformation() throws JsonGenerationException, JsonMappingException, IOException { - accessToken.setRefreshToken(null); - accessToken.setScope(null); - accessToken.setExpiration(null); - accessToken.setAdditionalInformation(additionalInformation); - String encodedAccessToken = mapper.writeValueAsString(accessToken); - assertEquals(BaseOAuth2AccessTokenJacksonTest.ACCESS_TOKEN_ADDITIONAL_INFO, encodedAccessToken); - } - -} \ No newline at end of file diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionDeserializerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionDeserializerTests.java index 573e38fc7..5fe77127e 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionDeserializerTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionDeserializerTests.java @@ -12,12 +12,23 @@ */ package org.springframework.security.oauth2.common.exception; -import static org.junit.Assert.assertEquals; - -import org.codehaus.jackson.map.ObjectMapper; +import com.fasterxml.jackson.databind.ObjectMapper; import org.junit.BeforeClass; import org.junit.Test; -import org.springframework.security.oauth2.common.exceptions.*; + +import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException; +import org.springframework.security.oauth2.common.exceptions.InvalidClientException; +import org.springframework.security.oauth2.common.exceptions.InvalidGrantException; +import org.springframework.security.oauth2.common.exceptions.InvalidRequestException; +import org.springframework.security.oauth2.common.exceptions.InvalidScopeException; +import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; +import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; +import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException; +import org.springframework.security.oauth2.common.exceptions.UnauthorizedClientException; +import org.springframework.security.oauth2.common.exceptions.UnsupportedGrantTypeException; +import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException; + +import static org.junit.Assert.assertEquals; /** * diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionSerializerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionSerializerTests.java index 0e88364ea..59ed4f755 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionSerializerTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionSerializerTests.java @@ -12,13 +12,23 @@ */ package org.springframework.security.oauth2.common.exception; -import static org.junit.Assert.assertEquals; - -import org.codehaus.jackson.map.ObjectMapper; +import com.fasterxml.jackson.databind.ObjectMapper; import org.junit.After; import org.junit.BeforeClass; import org.junit.Test; -import org.springframework.security.oauth2.common.exceptions.*; + +import org.springframework.security.oauth2.common.exceptions.InvalidClientException; +import org.springframework.security.oauth2.common.exceptions.InvalidGrantException; +import org.springframework.security.oauth2.common.exceptions.InvalidRequestException; +import org.springframework.security.oauth2.common.exceptions.InvalidScopeException; +import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; +import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; +import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException; +import org.springframework.security.oauth2.common.exceptions.UnauthorizedClientException; +import org.springframework.security.oauth2.common.exceptions.UnsupportedGrantTypeException; +import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException; + +import static org.junit.Assert.assertEquals; /** * diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/OAuth2AuthenticationTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/OAuth2AuthenticationTests.java index 068d68ac3..e2c0aadbd 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/OAuth2AuthenticationTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/OAuth2AuthenticationTests.java @@ -1,14 +1,11 @@ package org.springframework.security.oauth2.provider; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertTrue; - import java.util.Arrays; import java.util.Collections; -import org.codehaus.jackson.map.ObjectMapper; +import com.fasterxml.jackson.databind.ObjectMapper; import org.junit.Test; + import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.authority.SimpleGrantedAuthority; @@ -16,6 +13,10 @@ import org.springframework.test.annotation.Rollback; import org.springframework.util.SerializationUtils; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; + public class OAuth2AuthenticationTests { private OAuth2Request request = RequestTokenFactory.createOAuth2Request(null, "id", null, false, diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/client/BaseClientDetailsTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/client/BaseClientDetailsTests.java index 6e215a8cf..9ab738793 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/client/BaseClientDetailsTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/client/BaseClientDetailsTests.java @@ -16,18 +16,18 @@ package org.springframework.security.oauth2.provider.client; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; - import java.util.Collections; import java.util.TreeSet; -import org.codehaus.jackson.map.ObjectMapper; +import com.fasterxml.jackson.databind.ObjectMapper; import org.junit.Test; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; + import org.springframework.util.StringUtils; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + /** * @author Dave Syer * From 3427991dd08c6cc04651f62ed50487bbcc15d93a Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Wed, 30 Oct 2019 11:02:43 -0400 Subject: [PATCH 03/94] Improve docs for client scope(s) --- docs/oauth2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/oauth2.md b/docs/oauth2.md index 79fc5cea8..cf634bba3 100644 --- a/docs/oauth2.md +++ b/docs/oauth2.md @@ -50,7 +50,7 @@ The `ClientDetailsServiceConfigurer` (a callback from your `AuthorizationServerC * `clientId`: (required) the client id. * `secret`: (required for trusted clients) the client secret, if any. -* `scope`: The scope to which the client is limited. If scope is undefined or empty (the default) the client is not limited by scope. +* `scope`: The scope to which the client is limited. If scope is undefined or empty (the default) the client is not limited by scope and instead limited by some other authority information associated in the token. * `authorizedGrantTypes`: Grant types that are authorized for the client to use. Default value is empty. * `authorities`: Authorities that are granted to the client (regular Spring Security authorities). From a5f67e209007b94e30a591fb624e05235a5daeda Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Tue, 5 Nov 2019 15:22:10 -0500 Subject: [PATCH 04/94] Next minor version spring-security-jwt --- spring-security-jwt/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spring-security-jwt/pom.xml b/spring-security-jwt/pom.xml index 001707e6c..6c6195c9f 100755 --- a/spring-security-jwt/pom.xml +++ b/spring-security-jwt/pom.xml @@ -5,7 +5,7 @@ org.springframework.security spring-security-jwt - 1.0.12.BUILD-SNAPSHOT + 1.1.0.BUILD-SNAPSHOT jar Spring Security JWT Library From 788a0846a3b6b7af4df59eebcd259d6fba661e9e Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Wed, 6 Nov 2019 15:55:44 -0500 Subject: [PATCH 05/94] Revert "Validate OAuth2Exception error_description" This reverts commit 36de7876499aa2f47c1d29673d5263c0e561b58f. --- .../common/exceptions/OAuth2Exception.java | 29 +------------- .../exceptions/OAuth2ExceptionTests.java | 40 ------------------- 2 files changed, 2 insertions(+), 67 deletions(-) delete mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionTests.java diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2Exception.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2Exception.java index c3e8f9229..8c1a47801 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2Exception.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2Exception.java @@ -34,36 +34,11 @@ public class OAuth2Exception extends RuntimeException { private Map additionalInformation = null; public OAuth2Exception(String msg, Throwable t) { - super(assertErrorDescription(msg), t); + super(msg, t); } public OAuth2Exception(String msg) { - super(assertErrorDescription(msg)); - } - - private static String assertErrorDescription(String description) { - if (!isErrorDescriptionValid(description)) { - throw new IllegalArgumentException("error_description contains invalid ASCII characters, it must conform to RFC 6749"); - } - return description; - } - - private static boolean isErrorDescriptionValid(String description) { - if (description == null) { - return true; - } - for (char c : description.toCharArray()) { - if (withinTheRangeOf(c, 0x20, 0x21) || - withinTheRangeOf(c, 0x23, 0x5B) || - withinTheRangeOf(c, 0x5D, 0x7E)) { - return true; - } - } - return false; - } - - private static boolean withinTheRangeOf(int c, int min, int max) { - return c >= min && c <= max; + super(msg); } /** diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionTests.java deleted file mode 100644 index 434b11337..000000000 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionTests.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright 2002-2019 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.springframework.security.oauth2.common.exceptions; - -import org.junit.Test; - -import static org.junit.Assert.fail; - -/** - * @author Joe Grandja - */ -public class OAuth2ExceptionTests { - - // gh-889 gh-997 - @Test - public void constructorWhenDescriptionIsInvalidThenThrowException() { - assertConstructorException("\""); - assertConstructorException("\\"); - } - - private void assertConstructorException(String errorDescription) { - try { - new OAuth2Exception(errorDescription); - fail(); - } catch (Exception ex) { } - } -} \ No newline at end of file From 9e32274ad163b56c362fa523d7e64f41a755e07a Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 7 Nov 2019 13:56:05 -0500 Subject: [PATCH 06/94] Configure maven-site-plugin Issue #1689 --- pom.xml | 6 +++--- samples/pom.xml | 4 ++-- spring-security-jwt/pom.xml | 4 ++-- tests/pom.xml | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/pom.xml b/pom.xml index fa8ca7d16..37b7f2a68 100644 --- a/pom.xml +++ b/pom.xml @@ -446,7 +446,7 @@ org.apache.maven.plugins maven-site-plugin - 3.1 + 3.3 org.apache.maven.wagon @@ -534,8 +534,8 @@ - static.springframework.org - scp://static.springframework.org/var/www/domains/springframework.org/static/htdocs/spring-security/oauth + static.spring.io + scp://docs.af.pivotal.io/var/www/domains/spring.io/static/htdocs/spring-security/oauth diff --git a/samples/pom.xml b/samples/pom.xml index 1608ba31a..e565cf357 100755 --- a/samples/pom.xml +++ b/samples/pom.xml @@ -37,8 +37,8 @@ - static.springframework.org - scp://static.springframework.org/var/www/domains/springframework.org/static/htdocs/spring-security/oauth/samples + static.spring.io + scp://docs.af.pivotal.io/var/www/domains/spring.io/static/htdocs/spring-security/oauth diff --git a/spring-security-jwt/pom.xml b/spring-security-jwt/pom.xml index 6c6195c9f..fbc64691b 100755 --- a/spring-security-jwt/pom.xml +++ b/spring-security-jwt/pom.xml @@ -124,8 +124,8 @@ - static.springframework.org - scp://static.springframework.org/var/www/domains/springframework.org/static/htdocs/spring-security/oauth + static.spring.io + scp://docs.af.pivotal.io/var/www/domains/spring.io/static/htdocs/spring-security/oauth diff --git a/tests/pom.xml b/tests/pom.xml index 2c9851595..0a1f3c06e 100644 --- a/tests/pom.xml +++ b/tests/pom.xml @@ -35,8 +35,8 @@ - static.springframework.org - scp://static.springframework.org/var/www/domains/springframework.org/static/htdocs/spring-security/oauth/tests + static.spring.io + scp://docs.af.pivotal.io/var/www/domains/spring.io/static/htdocs/spring-security/oauth From 33422eefa7336e22c3cfbcced64cfbfbd6847e78 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 7 Nov 2019 16:59:15 -0500 Subject: [PATCH 07/94] Update site-url for maven-site-plugin Issue #1689 --- pom.xml | 2 +- samples/pom.xml | 2 +- spring-security-jwt/pom.xml | 2 +- tests/pom.xml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index 37b7f2a68..1dbb7ce96 100644 --- a/pom.xml +++ b/pom.xml @@ -535,7 +535,7 @@ static.spring.io - scp://docs.af.pivotal.io/var/www/domains/spring.io/static/htdocs/spring-security/oauth + scp://docs.af.pivotal.io/var/www/domains/spring.io/docs/htdocs/spring-security/oauth diff --git a/samples/pom.xml b/samples/pom.xml index e565cf357..f49e03771 100755 --- a/samples/pom.xml +++ b/samples/pom.xml @@ -38,7 +38,7 @@ static.spring.io - scp://docs.af.pivotal.io/var/www/domains/spring.io/static/htdocs/spring-security/oauth + scp://docs.af.pivotal.io/var/www/domains/spring.io/docs/htdocs/spring-security/oauth diff --git a/spring-security-jwt/pom.xml b/spring-security-jwt/pom.xml index fbc64691b..7a2a7226f 100755 --- a/spring-security-jwt/pom.xml +++ b/spring-security-jwt/pom.xml @@ -125,7 +125,7 @@ static.spring.io - scp://docs.af.pivotal.io/var/www/domains/spring.io/static/htdocs/spring-security/oauth + scp://docs.af.pivotal.io/var/www/domains/spring.io/docs/htdocs/spring-security/oauth diff --git a/tests/pom.xml b/tests/pom.xml index 0a1f3c06e..3d57e517c 100644 --- a/tests/pom.xml +++ b/tests/pom.xml @@ -36,7 +36,7 @@ static.spring.io - scp://docs.af.pivotal.io/var/www/domains/spring.io/static/htdocs/spring-security/oauth + scp://docs.af.pivotal.io/var/www/domains/spring.io/docs/htdocs/spring-security/oauth From 820aab4bca4b3de3dc680d615b54a96352e91bec Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 7 Nov 2019 17:17:05 -0500 Subject: [PATCH 08/94] Add version to site-url for maven-site-plugin Issue #1689 --- pom.xml | 2 +- samples/pom.xml | 2 +- spring-security-jwt/pom.xml | 2 +- tests/pom.xml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index 1dbb7ce96..4935f35ab 100644 --- a/pom.xml +++ b/pom.xml @@ -535,7 +535,7 @@ static.spring.io - scp://docs.af.pivotal.io/var/www/domains/spring.io/docs/htdocs/spring-security/oauth + scp://docs.af.pivotal.io/var/www/domains/spring.io/docs/htdocs/spring-security/oauth/site/docs/${project.version} diff --git a/samples/pom.xml b/samples/pom.xml index f49e03771..8d8c7fc26 100755 --- a/samples/pom.xml +++ b/samples/pom.xml @@ -38,7 +38,7 @@ static.spring.io - scp://docs.af.pivotal.io/var/www/domains/spring.io/docs/htdocs/spring-security/oauth + scp://docs.af.pivotal.io/var/www/domains/spring.io/docs/htdocs/spring-security/oauth/site/docs/${project.version} diff --git a/spring-security-jwt/pom.xml b/spring-security-jwt/pom.xml index 7a2a7226f..8698cbc1e 100755 --- a/spring-security-jwt/pom.xml +++ b/spring-security-jwt/pom.xml @@ -125,7 +125,7 @@ static.spring.io - scp://docs.af.pivotal.io/var/www/domains/spring.io/docs/htdocs/spring-security/oauth + scp://docs.af.pivotal.io/var/www/domains/spring.io/docs/htdocs/spring-security/oauth/site/docs/${project.version} diff --git a/tests/pom.xml b/tests/pom.xml index 3d57e517c..3ddd1f134 100644 --- a/tests/pom.xml +++ b/tests/pom.xml @@ -36,7 +36,7 @@ static.spring.io - scp://docs.af.pivotal.io/var/www/domains/spring.io/docs/htdocs/spring-security/oauth + scp://docs.af.pivotal.io/var/www/domains/spring.io/docs/htdocs/spring-security/oauth/site/docs/${project.version} From f277db8f75577b9b2e125e439f3e537827439319 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Fri, 8 Nov 2019 13:04:51 -0500 Subject: [PATCH 09/94] Add maven profile for excluding Redis tests --- pom.xml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/pom.xml b/pom.xml index 4935f35ab..360058359 100644 --- a/pom.xml +++ b/pom.xml @@ -261,6 +261,27 @@ + + tests-exclude-redis + + + + org.apache.maven.plugins + maven-surefire-plugin + + ${skipTests} + + **/*Tests.java + + + **/RedisTokenStorePrefixTests.java + **/RedisTokenStoreTests.java + + + + + + From 269bc935d974a31ac608eb96e304dd48cf096912 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Fri, 8 Nov 2019 15:34:41 -0500 Subject: [PATCH 10/94] Update maven-surefire-plugin to 2.20 --- pom.xml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pom.xml b/pom.xml index 360058359..8f8b2c2aa 100644 --- a/pom.xml +++ b/pom.xml @@ -479,11 +479,15 @@ org.apache.maven.plugins maven-surefire-plugin + 2.20 ${skipTests} **/*Tests.java + 3 + true + -Xmx1024m -XX:MaxPermSize=256m From 51e69359ffb6f3a2b319e651a8ce8322dc46a92d Mon Sep 17 00:00:00 2001 From: Artem Smotrakov Date: Mon, 21 Oct 2019 16:14:59 +0200 Subject: [PATCH 11/94] Allow specifying allowed classes for deserialization Fixes gh-1783 --- .../util/DefaultSerializationStrategy.java | 88 +++++++++++ .../common/util/SerializationStrategy.java | 44 ++++++ .../common/util/SerializationUtils.java | 123 ++++++++------- .../WhitelistedSerializationStrategy.java | 143 ++++++++++++++++++ .../store/redis/JdkSerializationStrategy.java | 66 ++++++-- .../company/oauth2/CustomAuthentication.java | 40 +++++ .../oauth2/CustomOAuth2AccessToken.java | 26 ++++ .../oauth2/CustomOAuth2Authentication.java | 30 ++++ .../token/JdbcClientTokenServicesTests.java | 67 +++++++- .../CustomSerializationStrategyTests.java | 103 +++++++++++++ .../common/util/SerializationUtilsTests.java | 96 ++++++++++++ .../provider/AuthorizationRequestTests.java | 6 +- .../JdbcAuthorizationCodeServicesTests.java | 70 +++++++++ .../token/store/JdbcTokenStoreTests.java | 80 +++++++++- .../RedisTokenStoreCustomTokenTests.java | 141 +++++++++++++++++ 15 files changed, 1044 insertions(+), 79 deletions(-) create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/DefaultSerializationStrategy.java create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/SerializationStrategy.java create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/WhitelistedSerializationStrategy.java create mode 100644 spring-security-oauth2/src/test/java/org/company/oauth2/CustomAuthentication.java create mode 100644 spring-security-oauth2/src/test/java/org/company/oauth2/CustomOAuth2AccessToken.java create mode 100644 spring-security-oauth2/src/test/java/org/company/oauth2/CustomOAuth2Authentication.java create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/util/CustomSerializationStrategyTests.java create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/util/SerializationUtilsTests.java create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreCustomTokenTests.java diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/DefaultSerializationStrategy.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/DefaultSerializationStrategy.java new file mode 100644 index 000000000..4668f6629 --- /dev/null +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/DefaultSerializationStrategy.java @@ -0,0 +1,88 @@ +/* + * Copyright 2012-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.oauth2.common.util; + +import org.springframework.core.ConfigurableObjectInputStream; + +import java.io.*; + +/** + * The default {@link SerializationStrategy} which uses the built-in Java serialization mechanism. + *

+ * Note that this class should not be used if data for deserialization comes from an untrusted source. + * Instead, please use {@link WhitelistedSerializationStrategy} with a list of allowed classes for deserialization. + * + * @author Artem Smotrakov + * @since 2.4 + */ +public class DefaultSerializationStrategy implements SerializationStrategy { + + public byte[] serialize(Object state) { + ObjectOutputStream oos = null; + try { + ByteArrayOutputStream bos = new ByteArrayOutputStream(512); + oos = new ObjectOutputStream(bos); + oos.writeObject(state); + oos.flush(); + return bos.toByteArray(); + } catch (IOException e) { + throw new IllegalArgumentException(e); + } finally { + if (oos != null) { + try { + oos.close(); + } catch (IOException e) { + // eat it + } + } + } + } + + public T deserialize(byte[] byteArray) { + ObjectInputStream oip = null; + try { + oip = createObjectInputStream(byteArray); + @SuppressWarnings("unchecked") + T result = (T) oip.readObject(); + return result; + } catch (IOException e) { + throw new IllegalArgumentException(e); + } catch (ClassNotFoundException e) { + throw new IllegalArgumentException(e); + } finally { + if (oip != null) { + try { + oip.close(); + } catch (IOException e) { + // eat it + } + } + } + } + + /** + * Creates an {@link ObjectInputStream} for deserialization. + * + * @param byteArray Data to be deserialized. + * @return An instance of {@link ObjectInputStream} which should be used for deserialization. + * @throws IOException If something went wrong. + */ + protected ObjectInputStream createObjectInputStream(byte[] byteArray) throws IOException { + return new ConfigurableObjectInputStream(new ByteArrayInputStream(byteArray), + Thread.currentThread().getContextClassLoader()); + } +} diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/SerializationStrategy.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/SerializationStrategy.java new file mode 100644 index 000000000..52fe117ae --- /dev/null +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/SerializationStrategy.java @@ -0,0 +1,44 @@ +/* + * Copyright 2012-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.oauth2.common.util; + +/** + * Defines how objects are serialized and deserialized. + * + * @author Artem Smotrakov + * @since 2.4 + */ +public interface SerializationStrategy { + + /** + * Serializes an object. + * + * @param object The object to be serialized. + * @return A byte array. + */ + byte[] serialize(Object object); + + /** + * Deserializes an object from a byte array. + * + * @param byteArray The byte array. + * @param The type of the object. + * @return The deserialized object. + */ + T deserialize(byte[] byteArray); + +} diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/SerializationUtils.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/SerializationUtils.java index e622c6797..15d860056 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/SerializationUtils.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/SerializationUtils.java @@ -1,64 +1,75 @@ +/* + * Copyright 2012-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.springframework.security.oauth2.common.util; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; +import org.springframework.core.io.support.SpringFactoriesLoader; +import org.springframework.util.Assert; -import org.springframework.core.ConfigurableObjectInputStream; +import java.util.List; +/** + * This is a helper class for serializing and deserializing objects with a {@link SerializationStrategy}. + * The class looks for the strategy in {@code META-INF/spring.factories}, + * or the strategy can also be set by calling {@link #setSerializationStrategy(SerializationStrategy)}. + * If no strategy is specified, the default is {@link DefaultSerializationStrategy}. + *

+ * Note that the default strategy allows deserializing arbitrary classes which may result in security problems + * if data comes from an untrusted source. To prevent possible issues, use {@link WhitelistedSerializationStrategy} + * with a list of allowed classes for deserialization. + */ public class SerializationUtils { - public static byte[] serialize(Object state) { - ObjectOutputStream oos = null; - try { - ByteArrayOutputStream bos = new ByteArrayOutputStream(512); - oos = new ObjectOutputStream(bos); - oos.writeObject(state); - oos.flush(); - return bos.toByteArray(); - } - catch (IOException e) { - throw new IllegalArgumentException(e); - } - finally { - if (oos != null) { - try { - oos.close(); - } - catch (IOException e) { - // eat it - } - } - } - } + private static SerializationStrategy strategy = new DefaultSerializationStrategy(); + + static { + List strategies = SpringFactoriesLoader.loadFactories( + SerializationStrategy.class, SerializationUtils.class.getClassLoader()); + if (strategies.size() > 1) { + throw new IllegalArgumentException( + "Too many serialization strategies in META-INF/spring.factories"); + } + if (strategies.size() == 1) { + strategy = strategies.get(0); + } + } + + /** + * @return The current serialization strategy. + */ + public static SerializationStrategy getSerializationStrategy() { + return strategy; + } + + /** + * Sets a new serialization strategy. + * + * @param serializationStrategy The serialization strategy. + */ + public static void setSerializationStrategy(SerializationStrategy serializationStrategy) { + Assert.notNull(serializationStrategy, "serializationStrategy cannot be null"); + strategy = serializationStrategy; + } + + public static byte[] serialize(Object object) { + return strategy.serialize(object); + } - public static T deserialize(byte[] byteArray) { - ObjectInputStream oip = null; - try { - oip = new ConfigurableObjectInputStream(new ByteArrayInputStream(byteArray), - Thread.currentThread().getContextClassLoader()); - @SuppressWarnings("unchecked") - T result = (T) oip.readObject(); - return result; - } - catch (IOException e) { - throw new IllegalArgumentException(e); - } - catch (ClassNotFoundException e) { - throw new IllegalArgumentException(e); - } - finally { - if (oip != null) { - try { - oip.close(); - } - catch (IOException e) { - // eat it - } - } - } - } + public static T deserialize(byte[] byteArray) { + return strategy.deserialize(byteArray); + } -} +} \ No newline at end of file diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/WhitelistedSerializationStrategy.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/WhitelistedSerializationStrategy.java new file mode 100644 index 000000000..42089411c --- /dev/null +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/WhitelistedSerializationStrategy.java @@ -0,0 +1,143 @@ +/* + * Copyright 2012-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.oauth2.common.util; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.NotSerializableException; +import java.io.ObjectInputStream; +import java.io.ObjectStreamClass; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import org.springframework.util.ClassUtils; + +/** + * A {@link SerializationStrategy} which uses a whitelist of allowed classes for deserialization. + * + * @author Artem Smotrakov + * @since 2.4 + */ +public class WhitelistedSerializationStrategy extends DefaultSerializationStrategy { + + /** + * A list of classes which are allowed to deserialize by default. + */ + private static final List DEFAULT_ALLOWED_CLASSES; + + static { + List classes = new ArrayList(); + classes.add("java.lang."); + classes.add("java.util."); + classes.add("org.springframework.security."); + DEFAULT_ALLOWED_CLASSES = Collections.unmodifiableList(classes); + } + + /** + * A list of classes which are allowed to deserialize. + */ + private final List allowedClasses; + + /** + * Initializes {@link WhitelistedSerializationStrategy} with the list of classes + * which are allowed to deserialize by default. + */ + public WhitelistedSerializationStrategy() { + this(DEFAULT_ALLOWED_CLASSES); + } + + /** + * Initializes {@link WhitelistedSerializationStrategy} with specified allowed classes. + * + * @param allowedClasses The allowed classes for deserialization. + */ + public WhitelistedSerializationStrategy(List allowedClasses) { + this.allowedClasses = Collections.unmodifiableList(allowedClasses); + } + + protected ObjectInputStream createObjectInputStream(byte[] byteArray) throws IOException { + return new WhitelistedObjectInputStream(new ByteArrayInputStream(byteArray), + Thread.currentThread().getContextClassLoader(), allowedClasses); + } + + /** + * Special ObjectInputStream subclass that checks if classes are allowed to deserialize. The class + * should be configured with a whitelist of only allowed (safe) classes to deserialize. + */ + private static class WhitelistedObjectInputStream extends ObjectInputStream { + + /** + * The list of classes which are allowed for deserialization. + */ + private final List allowedClasses; + + /** + * The class loader to use for loading local classes. + */ + private final ClassLoader classLoader; + + /** + * Create a new WhitelistedObjectInputStream for the given InputStream, class loader and + * allowed class names. + * + * @param in The InputStream to read from. + * @param classLoader The ClassLoader to use for loading local classes. + * @param allowedClasses The list of allowed classes for deserialization. + * @throws IOException If something went wrong. + */ + private WhitelistedObjectInputStream(InputStream in, ClassLoader classLoader, List allowedClasses) + throws IOException { + super(in); + this.classLoader = classLoader; + this.allowedClasses = Collections.unmodifiableList(allowedClasses); + } + + /** + * Resolve the class only if it's allowed to deserialize. + * + * @see ObjectInputStream#resolveClass(ObjectStreamClass) + */ + @Override + protected Class resolveClass(ObjectStreamClass classDesc) + throws IOException, ClassNotFoundException { + if (isProhibited(classDesc.getName())) { + throw new NotSerializableException("Not allowed to deserialize " + classDesc.getName()); + } + if (this.classLoader != null) { + return ClassUtils.forName(classDesc.getName(), this.classLoader); + } + return super.resolveClass(classDesc); + } + + /** + * Check if the class is allowed to be deserialized. + * + * @param className The class to check. + * @return True if the class is not allowed to be deserialized, false otherwise. + */ + private boolean isProhibited(String className) { + for (String allowedClass : this.allowedClasses) { + if (className.startsWith(allowedClass)) { + return false; + } + } + return true; + } + } +} diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/JdkSerializationStrategy.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/JdkSerializationStrategy.java index aae1d7b5e..e2a0088c1 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/JdkSerializationStrategy.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/JdkSerializationStrategy.java @@ -1,26 +1,66 @@ +/* + * Copyright 2012-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.springframework.security.oauth2.provider.token.store.redis; -import org.springframework.data.redis.serializer.JdkSerializationRedisSerializer; +import org.springframework.core.serializer.support.SerializationFailedException; + +import java.io.Serializable; + +import org.springframework.security.oauth2.common.util.SerializationUtils; /** - * Serializes objects using {@link JdkSerializationRedisSerializer} + * Serializes and deserializes allowed objects using {@link SerializationUtils}. * * @author efenderbosch - * + * @author Artem Smotrakov */ public class JdkSerializationStrategy extends StandardStringSerializationStrategy { - private static final JdkSerializationRedisSerializer OBJECT_SERIALIZER = new JdkSerializationRedisSerializer(); + private static final byte[] EMPTY_ARRAY = new byte[0]; + + @Override + @SuppressWarnings("unchecked") + protected T deserializeInternal(byte[] bytes, Class clazz) { + if (bytes == null || bytes.length == 0) { + return null; + } + try { + return (T) SerializationUtils.deserialize(bytes); + } catch (Exception e) { + throw new SerializationFailedException("Failed to deserialize payload", e); + } + } - @Override - @SuppressWarnings("unchecked") - protected T deserializeInternal(byte[] bytes, Class clazz) { - return (T) OBJECT_SERIALIZER.deserialize(bytes); - } + @Override + protected byte[] serializeInternal(Object object) { + if (object == null) { + return EMPTY_ARRAY; + } + if (!(object instanceof Serializable)) { + throw new IllegalArgumentException(this.getClass().getSimpleName() + + " requires a Serializable payload but received an object of type [" + + object.getClass().getName() + "]"); + } - @Override - protected byte[] serializeInternal(Object object) { - return OBJECT_SERIALIZER.serialize(object); - } + try { + return SerializationUtils.serialize(object); + } catch (Exception e) { + throw new SerializationFailedException("Failed to serialize object", e); + } + } } diff --git a/spring-security-oauth2/src/test/java/org/company/oauth2/CustomAuthentication.java b/spring-security-oauth2/src/test/java/org/company/oauth2/CustomAuthentication.java new file mode 100644 index 000000000..d974c5a8f --- /dev/null +++ b/spring-security-oauth2/src/test/java/org/company/oauth2/CustomAuthentication.java @@ -0,0 +1,40 @@ +/* + * Copyright 2012-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.company.oauth2; + +import org.springframework.security.authentication.AbstractAuthenticationToken; + +public class CustomAuthentication extends AbstractAuthenticationToken { + + private static final long serialVersionUID = 1L; + + private String principal; + + public CustomAuthentication(String name, boolean authenticated) { + super(null); + setAuthenticated(authenticated); + this.principal = name; + } + + public Object getCredentials() { + return null; + } + + public Object getPrincipal() { + return this.principal; + } +} diff --git a/spring-security-oauth2/src/test/java/org/company/oauth2/CustomOAuth2AccessToken.java b/spring-security-oauth2/src/test/java/org/company/oauth2/CustomOAuth2AccessToken.java new file mode 100644 index 000000000..06e6f678f --- /dev/null +++ b/spring-security-oauth2/src/test/java/org/company/oauth2/CustomOAuth2AccessToken.java @@ -0,0 +1,26 @@ +/* + * Copyright 2012-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.company.oauth2; + +import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; + +public class CustomOAuth2AccessToken extends DefaultOAuth2AccessToken { + + public CustomOAuth2AccessToken(String value) { + super(value); + } +} diff --git a/spring-security-oauth2/src/test/java/org/company/oauth2/CustomOAuth2Authentication.java b/spring-security-oauth2/src/test/java/org/company/oauth2/CustomOAuth2Authentication.java new file mode 100644 index 000000000..95f6cb897 --- /dev/null +++ b/spring-security-oauth2/src/test/java/org/company/oauth2/CustomOAuth2Authentication.java @@ -0,0 +1,30 @@ +/* + * Copyright 2012-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.company.oauth2; + +import org.springframework.security.core.Authentication; +import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.OAuth2Request; + +public class CustomOAuth2Authentication extends OAuth2Authentication { + + public CustomOAuth2Authentication( + OAuth2Request storedRequest, + Authentication userAuthentication) { + super(storedRequest, userAuthentication); + } +} diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/JdbcClientTokenServicesTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/JdbcClientTokenServicesTests.java index b3548aee5..2195f326a 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/JdbcClientTokenServicesTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/JdbcClientTokenServicesTests.java @@ -1,10 +1,10 @@ package org.springframework.security.oauth2.client.token; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNull; - +import java.util.ArrayList; import java.util.Arrays; +import java.util.List; +import org.company.oauth2.CustomOAuth2AccessToken; import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -15,10 +15,15 @@ import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails; import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2AccessToken; +import org.springframework.security.oauth2.common.util.SerializationStrategy; +import org.springframework.security.oauth2.common.util.SerializationUtils; +import org.springframework.security.oauth2.common.util.WhitelistedSerializationStrategy; + +import static org.junit.Assert.*; /** * @author Dave Syer - * + * @author Artem Smotrakov */ public class JdbcClientTokenServicesTests { @@ -79,4 +84,58 @@ public void testSaveAndRemoveToken() throws Exception { assertNull(result); } + @Test + public void testSaveAndRetrieveCustomToken() { + OAuth2AccessToken accessToken = new CustomOAuth2AccessToken("FOO"); + Authentication authentication = new UsernamePasswordAuthenticationToken("marissa", "koala"); + AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails(); + resource.setClientId("client"); + resource.setScope(Arrays.asList("foo", "bar")); + tokenStore.saveAccessToken(resource, authentication, accessToken); + OAuth2AccessToken result = tokenStore.getAccessToken(resource, authentication); + assertNotNull(result); + assertEquals(accessToken, result); + } + + @Test(expected = IllegalArgumentException.class) + public void testSaveAndRetrieveNotAllowedCustomToken() { + OAuth2AccessToken accessToken = new CustomOAuth2AccessToken("FOO"); + Authentication authentication = new UsernamePasswordAuthenticationToken("marissa", "koala"); + AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails(); + resource.setClientId("client"); + resource.setScope(Arrays.asList("foo", "bar")); + WhitelistedSerializationStrategy newStrategy = new WhitelistedSerializationStrategy(); + SerializationStrategy oldStrategy = SerializationUtils.getSerializationStrategy(); + try { + SerializationUtils.setSerializationStrategy(newStrategy); + tokenStore.saveAccessToken(resource, authentication, accessToken); + tokenStore.getAccessToken(resource, authentication); + } finally { + SerializationUtils.setSerializationStrategy(oldStrategy); + } + } + + @Test + public void testSaveAndRetrieveCustomTokenWithCustomSerializationStrategy() { + List allowedClasses = new ArrayList(); + allowedClasses.add("java.util."); + allowedClasses.add("org.springframework.security."); + allowedClasses.add("org.company.oauth2.CustomOAuth2AccessToken"); + WhitelistedSerializationStrategy newStrategy = new WhitelistedSerializationStrategy(allowedClasses); + SerializationStrategy oldStrategy = SerializationUtils.getSerializationStrategy(); + try { + SerializationUtils.setSerializationStrategy(newStrategy); + OAuth2AccessToken accessToken = new CustomOAuth2AccessToken("FOO"); + Authentication authentication = new UsernamePasswordAuthenticationToken("marissa", "koala"); + AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails(); + resource.setClientId("client"); + resource.setScope(Arrays.asList("foo", "bar")); + tokenStore.saveAccessToken(resource, authentication, accessToken); + OAuth2AccessToken result = tokenStore.getAccessToken(resource, authentication); + assertNotNull(result); + assertEquals(accessToken, result); + } finally { + SerializationUtils.setSerializationStrategy(oldStrategy); + } + } } diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/util/CustomSerializationStrategyTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/util/CustomSerializationStrategyTests.java new file mode 100644 index 000000000..cbe70acc6 --- /dev/null +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/util/CustomSerializationStrategyTests.java @@ -0,0 +1,103 @@ +/* + * Copyright 2012-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.oauth2.common.util; + + +import org.company.oauth2.CustomAuthentication; +import org.company.oauth2.CustomOAuth2AccessToken; +import org.company.oauth2.CustomOAuth2Authentication; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.powermock.modules.junit4.PowerMockRunner; +import org.springframework.core.io.support.SpringFactoriesLoader; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken; +import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; +import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.OAuth2Request; +import org.springframework.security.oauth2.provider.RequestTokenFactory; + +import java.io.Serializable; +import java.util.*; + +import static org.junit.Assert.*; +import static org.powermock.api.mockito.PowerMockito.spy; +import static org.powermock.api.mockito.PowerMockito.when; + +@RunWith(PowerMockRunner.class) +@PrepareForTest({ SpringFactoriesLoader.class }) +public class CustomSerializationStrategyTests { + + @Test + public void loadCustomSerializationStrategy() { + spy(SpringFactoriesLoader.class); + when(SpringFactoriesLoader + .loadFactories(SerializationStrategy.class, SerializationUtils.class.getClassLoader())) + .thenReturn(Arrays.asList(new CustomSerializationStrategy())); + + deserialize(new DefaultOAuth2AccessToken("access-token-" + UUID.randomUUID())); + + deserialize(new OAuth2Authentication( + new OAuth2Request(Collections.emptyMap(), "clientId", Collections.emptyList(), + false, Collections.emptySet(), + new HashSet(Arrays.asList("resourceId-1", "resourceId-2")), "redirectUri", + Collections.emptySet(), Collections.emptyMap()), + new UsernamePasswordAuthenticationToken("test", "N/A"))); + + deserialize(new DefaultExpiringOAuth2RefreshToken( + "access-token-" + UUID.randomUUID(), new Date())); + + deserialize("xyz"); + deserialize(new HashMap()); + + deserialize(new CustomOAuth2AccessToken("xyz")); + + deserialize( + new CustomOAuth2Authentication( + RequestTokenFactory.createOAuth2Request("id", false), + new CustomAuthentication("test", false))); + } + + private void deserialize(Object object) { + byte[] bytes = SerializationUtils.serialize(object); + assertNotNull(bytes); + assertTrue(bytes.length > 0); + + Object clone = SerializationUtils.deserialize(bytes); + assertNotNull(clone); + assertEquals(object, clone); + } + + private static class CustomSerializationStrategy extends WhitelistedSerializationStrategy { + + private static final List ALLOWED_CLASSES = new ArrayList(); + static { + ALLOWED_CLASSES.add("java.lang."); + ALLOWED_CLASSES.add("java.util."); + ALLOWED_CLASSES.add("org.springframework.security."); + ALLOWED_CLASSES.add("org.company.oauth2."); + } + + CustomSerializationStrategy() { + super(ALLOWED_CLASSES); + } + + } + +} diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/util/SerializationUtilsTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/util/SerializationUtilsTests.java new file mode 100644 index 000000000..fd73714f4 --- /dev/null +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/util/SerializationUtilsTests.java @@ -0,0 +1,96 @@ +/* + * Copyright 2012-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.oauth2.common.util; + +import org.company.oauth2.CustomOAuth2AccessToken; +import org.junit.Test; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken; +import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; +import org.springframework.security.oauth2.common.OAuth2AccessToken; +import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.OAuth2Request; + +import java.io.Serializable; +import java.util.Arrays; +import java.util.Collections; +import java.util.Date; +import java.util.HashMap; +import java.util.HashSet; +import java.util.UUID; + +import static org.junit.Assert.*; + +/** + * @author Artem Smotrakov + */ +public class SerializationUtilsTests { + + @Test + public void deserializeAllowedClasses() { + deserializeAllowedClasses(new DefaultOAuth2AccessToken("access-token-" + UUID.randomUUID())); + + deserializeAllowedClasses(new OAuth2Authentication( + new OAuth2Request(Collections.emptyMap(), "clientId", Collections.emptyList(), + false, Collections.emptySet(), + new HashSet(Arrays.asList("resourceId-1", "resourceId-2")), "redirectUri", + Collections.emptySet(), Collections.emptyMap()), + new UsernamePasswordAuthenticationToken("test", "N/A"))); + + deserializeAllowedClasses(new DefaultExpiringOAuth2RefreshToken( + "access-token-" + UUID.randomUUID(), new Date())); + + deserializeAllowedClasses("xyz"); + deserializeAllowedClasses(new HashMap()); + } + + private void deserializeAllowedClasses(Object object) { + byte[] bytes = SerializationUtils.serialize(object); + assertNotNull(bytes); + assertTrue(bytes.length > 0); + + Object clone = SerializationUtils.deserialize(bytes); + assertNotNull(clone); + assertEquals(object, clone); + } + + @Test + public void deserializeCustomClasses() { + OAuth2AccessToken accessToken = new CustomOAuth2AccessToken("FOO"); + byte[] bytes = SerializationUtils.serialize(accessToken); + OAuth2AccessToken clone = SerializationUtils.deserialize(bytes); + assertNotNull(clone); + assertEquals(accessToken, clone); + } + + @Test(expected = IllegalArgumentException.class) + public void deserializeNotAllowedCustomClasses() { + OAuth2AccessToken accessToken = new CustomOAuth2AccessToken("FOO"); + WhitelistedSerializationStrategy newStrategy = new WhitelistedSerializationStrategy(); + SerializationStrategy oldStrategy = SerializationUtils.getSerializationStrategy(); + try { + SerializationUtils.setSerializationStrategy(newStrategy); + byte[] bytes = SerializationUtils.serialize(accessToken); + OAuth2AccessToken clone = SerializationUtils.deserialize(bytes); + assertNotNull(clone); + assertEquals(accessToken, clone); + } finally { + SerializationUtils.setSerializationStrategy(oldStrategy); + } + } +} \ No newline at end of file diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/AuthorizationRequestTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/AuthorizationRequestTests.java index 41f31daae..5f9ea7a82 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/AuthorizationRequestTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/AuthorizationRequestTests.java @@ -30,7 +30,7 @@ import org.junit.Before; import org.junit.Test; import org.springframework.security.oauth2.common.util.OAuth2Utils; -import org.springframework.util.SerializationUtils; +import org.springframework.security.oauth2.common.util.SerializationUtils; import org.springframework.util.StringUtils; /** @@ -161,8 +161,8 @@ public void testRedirectUriDefaultsToMap() { @Test public void testSerialization() { AuthorizationRequest authorizationRequest = createFromParameters(parameters); - AuthorizationRequest other = (AuthorizationRequest) SerializationUtils.deserialize(SerializationUtils - .serialize(authorizationRequest)); + AuthorizationRequest other = SerializationUtils.deserialize( + SerializationUtils.serialize(authorizationRequest)); assertEquals(authorizationRequest, other); } diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/code/JdbcAuthorizationCodeServicesTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/code/JdbcAuthorizationCodeServicesTests.java index b58b58d96..76a5e34c8 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/code/JdbcAuthorizationCodeServicesTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/code/JdbcAuthorizationCodeServicesTests.java @@ -1,9 +1,24 @@ package org.springframework.security.oauth2.provider.code; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; + +import java.util.ArrayList; +import java.util.List; + +import org.company.oauth2.CustomAuthentication; +import org.company.oauth2.CustomOAuth2Authentication; import org.junit.After; import org.junit.Before; +import org.junit.Test; import org.springframework.jdbc.datasource.embedded.EmbeddedDatabase; import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseBuilder; +import org.springframework.security.oauth2.common.util.SerializationStrategy; +import org.springframework.security.oauth2.common.util.SerializationUtils; +import org.springframework.security.oauth2.common.util.WhitelistedSerializationStrategy; +import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.OAuth2Request; +import org.springframework.security.oauth2.provider.RequestTokenFactory; public class JdbcAuthorizationCodeServicesTests extends AuthorizationCodeServicesBaseTests { private JdbcAuthorizationCodeServices authorizationCodeServices; @@ -26,4 +41,59 @@ public void tearDown() throws Exception { AuthorizationCodeServices getAuthorizationCodeServices() { return authorizationCodeServices; } + + @Test + public void testCustomImplementation() { + OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request("id", false); + OAuth2Authentication expectedAuthentication = new CustomOAuth2Authentication(storedOAuth2Request, + new CustomAuthentication("test2", false)); + String code = getAuthorizationCodeServices().createAuthorizationCode(expectedAuthentication); + assertNotNull(code); + OAuth2Authentication actualAuthentication = getAuthorizationCodeServices().consumeAuthorizationCode(code); + assertEquals(expectedAuthentication, actualAuthentication); + } + + @Test(expected = IllegalArgumentException.class) + public void testNotAllowedCustomImplementation() { + OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request("id", false); + OAuth2Authentication expectedAuthentication = new CustomOAuth2Authentication(storedOAuth2Request, + new CustomAuthentication("test2", false)); + WhitelistedSerializationStrategy newStrategy = new WhitelistedSerializationStrategy(); + SerializationStrategy oldStrategy = SerializationUtils.getSerializationStrategy(); + try { + SerializationUtils.setSerializationStrategy(newStrategy); + String code = getAuthorizationCodeServices().createAuthorizationCode(expectedAuthentication); + assertNotNull(code); + getAuthorizationCodeServices().consumeAuthorizationCode(code); + } finally { + SerializationUtils.setSerializationStrategy(oldStrategy); + } + } + + @Test + public void testCustomImplementationWithCustomStrategy() { + OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request("id", false); + OAuth2Authentication expectedAuthentication = new CustomOAuth2Authentication(storedOAuth2Request, + new CustomAuthentication("test3", false)); + + AuthorizationCodeServices jdbcAuthorizationCodeServices = getAuthorizationCodeServices(); + List allowedClasses = new ArrayList(); + allowedClasses.add("java.util."); + allowedClasses.add("org.springframework.security."); + allowedClasses.add("org.company.oauth2.CustomOAuth2AccessToken"); + allowedClasses.add("org.company.oauth2.CustomOAuth2Authentication"); + allowedClasses.add("org.company.oauth2.CustomAuthentication"); + WhitelistedSerializationStrategy newStrategy = new WhitelistedSerializationStrategy(allowedClasses); + SerializationStrategy oldStrategy = SerializationUtils.getSerializationStrategy(); + try { + SerializationUtils.setSerializationStrategy(newStrategy); + String code = jdbcAuthorizationCodeServices.createAuthorizationCode(expectedAuthentication); + assertNotNull(code); + + OAuth2Authentication actualAuthentication = getAuthorizationCodeServices().consumeAuthorizationCode(code); + assertEquals(expectedAuthentication, actualAuthentication); + } finally { + SerializationUtils.setSerializationStrategy(oldStrategy); + } + } } diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/JdbcTokenStoreTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/JdbcTokenStoreTests.java index ffd13fb83..ba7a549c2 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/JdbcTokenStoreTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/JdbcTokenStoreTests.java @@ -1,9 +1,13 @@ package org.springframework.security.oauth2.provider.token.store; -import static org.junit.Assert.assertEquals; - +import java.util.ArrayList; import java.util.Collection; +import java.util.List; + +import org.company.oauth2.CustomAuthentication; +import org.company.oauth2.CustomOAuth2AccessToken; +import org.company.oauth2.CustomOAuth2Authentication; import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -11,12 +15,17 @@ import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseBuilder; import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2AccessToken; +import org.springframework.security.oauth2.common.util.SerializationStrategy; +import org.springframework.security.oauth2.common.util.SerializationUtils; +import org.springframework.security.oauth2.common.util.WhitelistedSerializationStrategy; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.RequestTokenFactory; +import static org.junit.Assert.*; + /** * @author Dave Syer - * + * @author Artem Smotrakov */ public class JdbcTokenStoreTests extends TokenStoreBaseTests { @@ -46,6 +55,71 @@ public void testFindAccessTokensByUserName() { assertEquals(1, actualOAuth2AccessTokens.size()); } + @Test + public void testCustomToken() { + OAuth2Authentication expectedAuthentication = new CustomOAuth2Authentication( + RequestTokenFactory.createOAuth2Request("id", false), + new TestAuthentication("test2", false)); + OAuth2AccessToken expectedOAuth2AccessToken = new CustomOAuth2AccessToken("customToken"); + getTokenStore().storeAccessToken(expectedOAuth2AccessToken, expectedAuthentication); + + Collection actualOAuth2AccessTokens = getTokenStore().findTokensByUserName("test2"); + assertFalse(actualOAuth2AccessTokens.isEmpty()); + for (OAuth2AccessToken token : actualOAuth2AccessTokens) { + if (expectedOAuth2AccessToken.equals(token)) { + return; + } + } + fail("No token found!"); + } + + @Test + public void testAllowedCustomTokenWithCustomStrategy() { + OAuth2Authentication expectedAuthentication = new CustomOAuth2Authentication( + RequestTokenFactory.createOAuth2Request("id", false), + new TestAuthentication("test3", false)); + OAuth2AccessToken expectedOAuth2AccessToken = new CustomOAuth2AccessToken("customToken"); + JdbcTokenStore tokenStore = getTokenStore(); + List allowedClasses = new ArrayList(); + allowedClasses.add("java.util."); + allowedClasses.add("org.springframework.security."); + allowedClasses.add("org.company.oauth2.CustomOAuth2AccessToken"); + allowedClasses.add("org.company.oauth2.CustomOAuth2Authentication"); + WhitelistedSerializationStrategy newStrategy = new WhitelistedSerializationStrategy(allowedClasses); + SerializationStrategy oldStrategy = SerializationUtils.getSerializationStrategy(); + try { + SerializationUtils.setSerializationStrategy(newStrategy); + tokenStore.storeAccessToken(expectedOAuth2AccessToken, expectedAuthentication); + + Collection actualOAuth2AccessTokens = getTokenStore().findTokensByUserName("test3"); + assertEquals(1, actualOAuth2AccessTokens.size()); + + OAuth2AccessToken actualToken = actualOAuth2AccessTokens.iterator().next(); + assertEquals(expectedOAuth2AccessToken, actualToken); + } finally { + SerializationUtils.setSerializationStrategy(oldStrategy); + } + } + + @Test + public void testNotAllowedCustomTokenWithCustomStrategy() { + OAuth2Authentication authentication = new CustomOAuth2Authentication( + RequestTokenFactory.createOAuth2Request("id", false), + new CustomAuthentication("test4", false)); + OAuth2AccessToken accessToken = new CustomOAuth2AccessToken("customToken"); + JdbcTokenStore tokenStore = getTokenStore(); + WhitelistedSerializationStrategy newStrategy = new WhitelistedSerializationStrategy(); + SerializationStrategy oldStrategy = SerializationUtils.getSerializationStrategy(); + try { + SerializationUtils.setSerializationStrategy(newStrategy); + tokenStore.storeAccessToken(accessToken, authentication); + Collection tokens = tokenStore.findTokensByUserName("test4"); + assertTrue(tokens.isEmpty()); + } finally { + SerializationUtils.setSerializationStrategy(oldStrategy); + } + } + @After public void tearDown() throws Exception { db.shutdown(); diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreCustomTokenTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreCustomTokenTests.java new file mode 100644 index 000000000..946955c26 --- /dev/null +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreCustomTokenTests.java @@ -0,0 +1,141 @@ +/* + * Copyright 2012-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.oauth2.provider.token.store.redis; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; +import java.util.UUID; + +import org.company.oauth2.CustomOAuth2AccessToken; +import org.company.oauth2.CustomOAuth2Authentication; +import org.junit.Before; +import org.junit.Test; +import org.springframework.core.serializer.support.SerializationFailedException; +import org.springframework.data.redis.connection.jedis.JedisConnectionFactory; +import org.springframework.security.authentication.TestingAuthenticationToken; +import org.springframework.security.oauth2.common.OAuth2AccessToken; +import org.springframework.security.oauth2.common.util.SerializationStrategy; +import org.springframework.security.oauth2.common.util.SerializationUtils; +import org.springframework.security.oauth2.common.util.WhitelistedSerializationStrategy; +import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.OAuth2Request; +import org.springframework.security.oauth2.provider.RequestTokenFactory; +import org.springframework.util.ClassUtils; +import redis.clients.jedis.JedisShardInfo; + +import static org.junit.Assert.*; + +/** + * @author Artem Smotrakov + */ +public class RedisTokenStoreCustomTokenTests { + + private static final String CLIENT_ID = "customClient"; + + private static final List ALLOWED_CLASSES = new ArrayList(); + + static { + ALLOWED_CLASSES.add("java.util."); + ALLOWED_CLASSES.add("org.springframework.security."); + ALLOWED_CLASSES.add("org.company.oauth2.CustomOAuth2AccessToken"); + ALLOWED_CLASSES.add("org.company.oauth2.CustomOAuth2Authentication"); + } + + private RedisTokenStore tokenStore; + + @Before + public void setup() { + boolean springDataRedis_2_0 = ClassUtils.isPresent( + "org.springframework.data.redis.connection.RedisStandaloneConfiguration", + this.getClass().getClassLoader()); + + JedisConnectionFactory connectionFactory; + if (springDataRedis_2_0) { + connectionFactory = new JedisConnectionFactory(); + } else { + JedisShardInfo shardInfo = new JedisShardInfo("localhost"); + connectionFactory = new JedisConnectionFactory(shardInfo); + } + + tokenStore = new RedisTokenStore(connectionFactory); + } + + @Test + public void testCustomToken() { + OAuth2Request request = RequestTokenFactory.createOAuth2Request(CLIENT_ID, false); + TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password"); + + String token = "access-token-" + UUID.randomUUID(); + OAuth2AccessToken oauth2AccessToken = new CustomOAuth2AccessToken(token); + OAuth2Authentication oauth2Authentication = new OAuth2Authentication(request, authentication); + + tokenStore.storeAccessToken(oauth2AccessToken, oauth2Authentication); + Collection tokens = tokenStore.findTokensByClientId(request.getClientId()); + assertNotNull(tokens); + assertFalse(tokens.isEmpty()); + for (OAuth2AccessToken oAuth2AccessToken : tokens) { + if (token.equals(oAuth2AccessToken.getValue())) { + return; + } + } + fail("No token found!"); + } + + @Test(expected = SerializationFailedException.class) + public void testNotAllowedCustomToken() { + OAuth2Request request = RequestTokenFactory.createOAuth2Request(CLIENT_ID, false); + TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password"); + + String token = "access-token-" + UUID.randomUUID(); + OAuth2AccessToken oauth2AccessToken = new CustomOAuth2AccessToken(token); + OAuth2Authentication oauth2Authentication = new OAuth2Authentication(request, authentication); + + WhitelistedSerializationStrategy newStrategy = new WhitelistedSerializationStrategy(); + SerializationStrategy oldStrategy = SerializationUtils.getSerializationStrategy(); + try { + SerializationUtils.setSerializationStrategy(newStrategy); + tokenStore.storeAccessToken(oauth2AccessToken, oauth2Authentication); + tokenStore.findTokensByClientId(request.getClientId()); + } finally { + SerializationUtils.setSerializationStrategy(oldStrategy); + } + } + + @Test + public void testCustomTokenWithCustomSerializationStrategy() { + OAuth2Request request = RequestTokenFactory.createOAuth2Request(CLIENT_ID, false); + TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password"); + + OAuth2AccessToken oauth2AccessToken = new CustomOAuth2AccessToken("access-token-" + UUID.randomUUID()); + OAuth2Authentication oauth2Authentication = new CustomOAuth2Authentication(request, authentication); + + WhitelistedSerializationStrategy newStrategy = new WhitelistedSerializationStrategy(ALLOWED_CLASSES); + SerializationStrategy oldStrategy = SerializationUtils.getSerializationStrategy(); + try { + SerializationUtils.setSerializationStrategy(newStrategy); + tokenStore.storeAccessToken(oauth2AccessToken, oauth2Authentication); + + OAuth2AccessToken token = tokenStore.getAccessToken(oauth2Authentication); + assertNotNull(token); + assertEquals(oauth2AccessToken, token); + } finally { + SerializationUtils.setSerializationStrategy(oldStrategy); + } + } + +} \ No newline at end of file From 3e64c4d67958fc8e95d9a2fb5008448699a17ee5 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Mon, 11 Nov 2019 20:25:22 -0500 Subject: [PATCH 12/94] Update to Boot 1.5.22 Fixes gh-1807 --- tests/annotation/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml index d1b16e13d..88ec66a98 100644 --- a/tests/annotation/pom.xml +++ b/tests/annotation/pom.xml @@ -36,7 +36,7 @@ org.springframework.boot spring-boot-starter-parent - 1.5.1.RELEASE + 1.5.22.RELEASE From d81fc2948631c4bbc29d2f0140a854bc197ab064 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Tue, 12 Nov 2019 04:55:17 -0500 Subject: [PATCH 13/94] Update to jackson 2.10.1 Fixes gh-1810 --- samples/oauth2/sparklr/pom.xml | 4 ++-- samples/oauth2/tonr/pom.xml | 4 ++-- spring-security-oauth2/pom.xml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml index 8d31518fd..7a721d4bc 100644 --- a/samples/oauth2/sparklr/pom.xml +++ b/samples/oauth2/sparklr/pom.xml @@ -15,7 +15,7 @@ /sparklr2 - 2.9.10 + 2.10.1 3.0.1 @@ -23,7 +23,7 @@ spring5 - 2.9.10 + 2.10.1 3.1.0 diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml index ac428bd19..b44fe2bf2 100644 --- a/samples/oauth2/tonr/pom.xml +++ b/samples/oauth2/tonr/pom.xml @@ -16,7 +16,7 @@ /tonr2 - 2.9.10 + 2.10.1 3.0.1 @@ -24,7 +24,7 @@ spring5 - 2.9.10 + 2.10.1 3.1.0 diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml index ddd738d7f..644288fba 100644 --- a/spring-security-oauth2/pom.xml +++ b/spring-security-oauth2/pom.xml @@ -13,7 +13,7 @@ Module for providing OAuth2 support to Spring Security - 2.9.10 + 2.10.1 3.0.1 1.0.11.RELEASE 1.7.4 @@ -23,7 +23,7 @@ spring5 - 2.9.10 + 2.10.1 3.1.0 1.6.1 From 62345538028c9eb3cf2617decef43001dafd77a3 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Wed, 6 Nov 2019 19:16:16 -0500 Subject: [PATCH 14/94] Deprecate classes in spring-security-jwt Fixes gh-1806 --- .../org/springframework/security/jwt/AlgorithmMetadata.java | 4 ++++ .../java/org/springframework/security/jwt/BinaryFormat.java | 4 ++++ .../src/main/java/org/springframework/security/jwt/Jwt.java | 4 ++++ .../java/org/springframework/security/jwt/JwtAlgorithms.java | 4 ++++ .../main/java/org/springframework/security/jwt/JwtHelper.java | 4 ++++ .../java/org/springframework/security/jwt/codec/Codecs.java | 4 ++++ .../security/jwt/crypto/cipher/CipherMetadata.java | 4 ++++ .../security/jwt/crypto/sign/EllipticCurveVerifier.java | 4 ++++ .../security/jwt/crypto/sign/InvalidSignatureException.java | 4 ++++ .../springframework/security/jwt/crypto/sign/MacSigner.java | 4 ++++ .../springframework/security/jwt/crypto/sign/RsaSigner.java | 4 ++++ .../springframework/security/jwt/crypto/sign/RsaVerifier.java | 4 ++++ .../security/jwt/crypto/sign/SignatureVerifier.java | 4 ++++ .../org/springframework/security/jwt/crypto/sign/Signer.java | 4 ++++ .../security/jwt/crypto/sign/SignerVerifier.java | 4 ++++ 15 files changed, 60 insertions(+) diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/AlgorithmMetadata.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/AlgorithmMetadata.java index 029e563f3..da7775c2c 100644 --- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/AlgorithmMetadata.java +++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/AlgorithmMetadata.java @@ -13,8 +13,12 @@ package org.springframework.security.jwt; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Luke Taylor */ +@Deprecated public interface AlgorithmMetadata { /** * @return the JCA/JCE algorithm name. diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/BinaryFormat.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/BinaryFormat.java index 1ca933a7f..c570c6599 100644 --- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/BinaryFormat.java +++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/BinaryFormat.java @@ -13,8 +13,12 @@ package org.springframework.security.jwt; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Luke Taylor */ +@Deprecated public interface BinaryFormat { byte[] bytes(); } diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/Jwt.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/Jwt.java index 97b67af47..1e1542a03 100644 --- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/Jwt.java +++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/Jwt.java @@ -15,8 +15,12 @@ import org.springframework.security.jwt.crypto.sign.SignatureVerifier; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Luke Taylor */ +@Deprecated public interface Jwt extends BinaryFormat { String getClaims(); diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtAlgorithms.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtAlgorithms.java index cba16c5d0..4ea77b416 100644 --- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtAlgorithms.java +++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtAlgorithms.java @@ -18,8 +18,12 @@ import org.springframework.security.jwt.crypto.cipher.CipherMetadata; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Luke Taylor */ +@Deprecated public class JwtAlgorithms { private static final Map sigAlgs = new HashMap(); private static final Map javaToSigAlgs = new HashMap(); diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtHelper.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtHelper.java index b2d192155..04e743efb 100644 --- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtHelper.java +++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtHelper.java @@ -29,9 +29,13 @@ import org.springframework.security.jwt.crypto.sign.Signer; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Luke Taylor * @author Dave Syer */ +@Deprecated public class JwtHelper { static byte[] PERIOD = utf8Encode("."); diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/codec/Codecs.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/codec/Codecs.java index d2f63894e..28f31c527 100644 --- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/codec/Codecs.java +++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/codec/Codecs.java @@ -20,8 +20,12 @@ /** * Functions for Hex, Base64 and Utf8 encoding/decoding * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Luke Taylor */ +@Deprecated public class Codecs { private static Charset UTF8 = Charset.forName("UTF-8"); diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/cipher/CipherMetadata.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/cipher/CipherMetadata.java index 5e9d107f7..d65e6c2eb 100644 --- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/cipher/CipherMetadata.java +++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/cipher/CipherMetadata.java @@ -15,8 +15,12 @@ import org.springframework.security.jwt.AlgorithmMetadata; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Luke Taylor */ +@Deprecated public interface CipherMetadata extends AlgorithmMetadata { /** * @return Size of the key in bits. diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/EllipticCurveVerifier.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/EllipticCurveVerifier.java index 38c7bffb9..505d6dafb 100644 --- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/EllipticCurveVerifier.java +++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/EllipticCurveVerifier.java @@ -23,9 +23,13 @@ /** * Verifies signatures using an Elliptic Curve public key. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Michael Duergner * @since 2.3 */ +@Deprecated public class EllipticCurveVerifier implements SignatureVerifier { private final ECPublicKey key; private final String algorithm; diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/InvalidSignatureException.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/InvalidSignatureException.java index be63ca705..6c7ef3e3c 100644 --- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/InvalidSignatureException.java +++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/InvalidSignatureException.java @@ -13,8 +13,12 @@ package org.springframework.security.jwt.crypto.sign; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Luke Taylor */ +@Deprecated public class InvalidSignatureException extends RuntimeException { public InvalidSignatureException(String message) { super(message); diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/MacSigner.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/MacSigner.java index 2f6c0add2..1aabb2f42 100644 --- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/MacSigner.java +++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/MacSigner.java @@ -18,8 +18,12 @@ import javax.crypto.spec.SecretKeySpec; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Luke Taylor */ +@Deprecated public class MacSigner implements SignerVerifier { private static final String DEFAULT_ALGORITHM = "HMACSHA256"; diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaSigner.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaSigner.java index 04ed3cff5..6439fed67 100644 --- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaSigner.java +++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaSigner.java @@ -23,8 +23,12 @@ * The key can be supplied directly, or as an SSH private key string (in * the standard format produced by ssh-keygen) * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Luke Taylor */ +@Deprecated public class RsaSigner implements Signer { static final String DEFAULT_ALGORITHM = "SHA256withRSA"; diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaVerifier.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaVerifier.java index dc3944d21..0e7cede4c 100644 --- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaVerifier.java +++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaVerifier.java @@ -22,8 +22,12 @@ * The key can be supplied directly, or as an SSH public or private key string (in * the standard format produced by ssh-keygen). * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Luke Taylor */ +@Deprecated public class RsaVerifier implements SignatureVerifier { private final RSAPublicKey key; private final String algorithm; diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/SignatureVerifier.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/SignatureVerifier.java index a74fc6c88..41253fbae 100644 --- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/SignatureVerifier.java +++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/SignatureVerifier.java @@ -15,8 +15,12 @@ import org.springframework.security.jwt.AlgorithmMetadata; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Luke Taylor */ +@Deprecated public interface SignatureVerifier extends AlgorithmMetadata { void verify(byte[] content, byte[] signature); } diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/Signer.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/Signer.java index 5067e8b6f..ca675671f 100644 --- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/Signer.java +++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/Signer.java @@ -15,8 +15,12 @@ import org.springframework.security.jwt.AlgorithmMetadata; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Luke Taylor */ +@Deprecated public interface Signer extends AlgorithmMetadata { byte[] sign(byte[] bytes); } diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/SignerVerifier.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/SignerVerifier.java index 3e5307438..d75dd5f7e 100644 --- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/SignerVerifier.java +++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/SignerVerifier.java @@ -13,7 +13,11 @@ package org.springframework.security.jwt.crypto.sign; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Luke Taylor */ +@Deprecated public interface SignerVerifier extends Signer, SignatureVerifier { } From 11998caad790be005a8415d49fde772bbfd2be85 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Wed, 13 Nov 2019 14:20:17 -0500 Subject: [PATCH 15/94] Release spring-security-jwt.1.1.0.RELEASE --- spring-security-jwt/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spring-security-jwt/pom.xml b/spring-security-jwt/pom.xml index 8698cbc1e..77d8947e4 100755 --- a/spring-security-jwt/pom.xml +++ b/spring-security-jwt/pom.xml @@ -5,7 +5,7 @@ org.springframework.security spring-security-jwt - 1.1.0.BUILD-SNAPSHOT + 1.1.0.RELEASE jar Spring Security JWT Library From 78cfc5e7a856ceaab6ced9e6a493d5e78ef6a3bf Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Wed, 13 Nov 2019 14:41:21 -0500 Subject: [PATCH 16/94] Next development version spring-security-jwt --- spring-security-jwt/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spring-security-jwt/pom.xml b/spring-security-jwt/pom.xml index 77d8947e4..91e87cdae 100755 --- a/spring-security-jwt/pom.xml +++ b/spring-security-jwt/pom.xml @@ -5,7 +5,7 @@ org.springframework.security spring-security-jwt - 1.1.0.RELEASE + 1.1.1.BUILD-SNAPSHOT jar Spring Security JWT Library From 3bdc22d2e1ec4f1e54a129c7230e4ec9c017c2cc Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Wed, 13 Nov 2019 14:58:16 -0500 Subject: [PATCH 17/94] Update to spring-security-jwt:1.1.0 Fixes gh-1809 --- spring-security-oauth2/pom.xml | 2 +- tests/annotation/pom.xml | 2 +- tests/xml/pom.xml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml index 644288fba..07521956f 100644 --- a/spring-security-oauth2/pom.xml +++ b/spring-security-oauth2/pom.xml @@ -15,7 +15,7 @@ 2.10.1 3.0.1 - 1.0.11.RELEASE + 1.1.0.RELEASE 1.7.4 diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml index 88ec66a98..93f5fa962 100644 --- a/tests/annotation/pom.xml +++ b/tests/annotation/pom.xml @@ -50,7 +50,7 @@ org.springframework.security spring-security-jwt - 1.0.11.RELEASE + 1.1.0.RELEASE diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml index 74fe90040..be7108716 100644 --- a/tests/xml/pom.xml +++ b/tests/xml/pom.xml @@ -44,7 +44,7 @@ org.springframework.security spring-security-jwt - 1.0.11.RELEASE + 1.1.0.RELEASE From 0e7baf7e91e145d8eb738d4a5e1cda94153b7b3d Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Tue, 5 Nov 2019 15:44:32 -0500 Subject: [PATCH 18/94] Deprecate classes in spring-security-oauth Fixes gh-1804 --- .../springframework/security/oauth/common/OAuthCodec.java | 4 ++++ .../security/oauth/common/OAuthConsumerParameter.java | 4 ++++ .../security/oauth/common/OAuthException.java | 6 +++++- .../security/oauth/common/OAuthProviderParameter.java | 4 ++++ .../security/oauth/common/StringSplitUtils.java | 5 +++++ .../common/signature/CoreOAuthSignatureMethodFactory.java | 4 ++++ .../oauth/common/signature/HMAC_SHA1SignatureMethod.java | 4 ++++ .../oauth/common/signature/InvalidSignatureException.java | 4 ++++ .../oauth/common/signature/OAuthSignatureMethod.java | 4 ++++ .../oauth/common/signature/OAuthSignatureMethodFactory.java | 4 ++++ .../oauth/common/signature/PlainTextSignatureMethod.java | 4 ++++ .../security/oauth/common/signature/RSAKeySecret.java | 4 ++++ .../oauth/common/signature/RSA_SHA1SignatureMethod.java | 4 ++++ .../oauth/common/signature/SaltedConsumerSecret.java | 4 ++++ .../oauth/common/signature/SharedConsumerSecret.java | 4 ++++ .../oauth/common/signature/SharedConsumerSecretImpl.java | 4 ++++ .../security/oauth/common/signature/SignatureSecret.java | 6 +++++- .../oauth/common/signature/SignatureSecretEditor.java | 6 +++++- .../signature/UnsupportedSignatureMethodException.java | 4 ++++ .../springframework/security/oauth/config/ConfigUtils.java | 4 ++++ .../security/oauth/config/ConsumerDetailsFactoryBean.java | 4 ++++ .../oauth/config/ConsumerServiceBeanDefinitionParser.java | 4 ++++ .../oauth/config/ExpressionHandlerBeanDefinitionParser.java | 4 ++++ .../oauth/config/OAuthConsumerBeanDefinitionParser.java | 4 ++++ .../oauth/config/OAuthProviderBeanDefinitionParser.java | 4 ++++ .../oauth/config/OAuthSecurityNamespaceHandler.java | 4 ++++ .../ProtectedResourceDetailsBeanDefinitionParser.java | 4 ++++ .../config/ProtectedResourceDetailsServiceFactoryBean.java | 4 ++++ .../oauth/config/TokenServiceBeanDefinitionParser.java | 4 ++++ .../oauth/config/VerifierServiceBeanDefinitionParser.java | 4 ++++ .../oauth/consumer/AccessTokenRequiredException.java | 4 ++++ .../oauth/consumer/BaseProtectedResourceDetails.java | 4 ++++ .../consumer/InMemoryProtectedResourceDetailsService.java | 4 ++++ .../security/oauth/consumer/InvalidOAuthRealmException.java | 6 +++++- .../security/oauth/consumer/OAuthConsumerSupport.java | 4 ++++ .../security/oauth/consumer/OAuthConsumerToken.java | 6 +++++- .../oauth/consumer/OAuthRequestFailedException.java | 4 ++++ .../security/oauth/consumer/OAuthSecurityContext.java | 4 ++++ .../security/oauth/consumer/OAuthSecurityContextHolder.java | 4 ++++ .../security/oauth/consumer/OAuthSecurityContextImpl.java | 4 ++++ .../security/oauth/consumer/ProtectedResourceDetails.java | 4 ++++ .../oauth/consumer/ProtectedResourceDetailsService.java | 4 ++++ .../oauth/consumer/UnverifiedRequestTokenException.java | 4 ++++ .../oauth/consumer/client/CoreOAuthConsumerSupport.java | 4 ++++ .../consumer/client/OAuthClientHttpRequestFactory.java | 4 ++++ .../security/oauth/consumer/client/OAuthRestTemplate.java | 4 ++++ .../oauth/consumer/filter/OAuthConsumerContextFilter.java | 4 ++++ .../consumer/filter/OAuthConsumerProcessingFilter.java | 4 ++++ .../consumer/net/DefaultOAuthURLStreamHandlerFactory.java | 4 ++++ .../oauth/consumer/net/OAuthOverHttpURLStreamHandler.java | 4 ++++ .../oauth/consumer/net/OAuthOverHttpsURLStreamHandler.java | 4 ++++ .../oauth/consumer/net/OAuthURLStreamHandlerFactory.java | 4 ++++ .../security/oauth/consumer/nonce/NonceFactory.java | 4 ++++ .../security/oauth/consumer/nonce/UUIDNonceFactory.java | 4 ++++ .../rememberme/HttpSessionOAuthRememberMeServices.java | 6 +++++- .../consumer/rememberme/NoOpOAuthRememberMeServices.java | 6 +++++- .../oauth/consumer/rememberme/OAuthRememberMeServices.java | 4 ++++ .../oauth/consumer/token/HttpSessionBasedTokenServices.java | 4 ++++ .../oauth/consumer/token/OAuthConsumerTokenServices.java | 6 +++++- .../security/oauth/provider/BaseConsumerDetails.java | 4 ++++ .../security/oauth/provider/ConsumerAuthentication.java | 6 +++++- .../security/oauth/provider/ConsumerCredentials.java | 4 ++++ .../security/oauth/provider/ConsumerDetails.java | 4 ++++ .../security/oauth/provider/ConsumerDetailsService.java | 4 ++++ .../oauth/provider/DefaultAuthenticationHandler.java | 4 ++++ .../security/oauth/provider/ExtraTrustConsumerDetails.java | 4 ++++ .../oauth/provider/InMemoryConsumerDetailsService.java | 4 ++++ .../oauth/provider/InvalidOAuthParametersException.java | 4 ++++ .../security/oauth/provider/OAuthAuthenticationDetails.java | 6 +++++- .../security/oauth/provider/OAuthAuthenticationHandler.java | 4 ++++ .../oauth/provider/OAuthProcessingFilterEntryPoint.java | 4 ++++ .../security/oauth/provider/OAuthProviderSupport.java | 6 +++++- .../oauth/provider/OAuthVersionUnsupportedException.java | 4 ++++ .../oauth/provider/ResourceSpecificConsumerDetails.java | 4 ++++ .../oauth/provider/attributes/ConsumerKeysAllowed.java | 4 ++++ .../oauth/provider/attributes/ConsumerRolesAllowed.java | 4 ++++ .../oauth/provider/attributes/ConsumerSecurityConfig.java | 6 +++++- .../provider/attributes/ConsumerSecurityMetadataSource.java | 4 ++++ .../oauth/provider/attributes/ConsumerSecurityVoter.java | 4 ++++ .../oauth/provider/attributes/DenyAllConsumers.java | 4 ++++ .../oauth/provider/attributes/PermitAllConsumers.java | 4 ++++ .../expression/OAuthMethodSecurityExpressionHandler.java | 4 ++++ .../oauth/provider/filter/AccessTokenProcessingFilter.java | 4 ++++ .../oauth/provider/filter/CoreOAuthProviderSupport.java | 4 ++++ .../provider/filter/OAuthProviderProcessingFilter.java | 4 ++++ .../provider/filter/ProtectedResourceProcessingFilter.java | 4 ++++ .../filter/UnauthenticatedRequestTokenProcessingFilter.java | 4 ++++ .../provider/filter/UserAuthorizationProcessingFilter.java | 4 ++++ .../UserAuthorizationSuccessfulAuthenticationHandler.java | 4 ++++ .../provider/nonce/ExpiringTimestampNonceServices.java | 4 ++++ .../oauth/provider/nonce/InMemoryNonceServices.java | 4 ++++ .../oauth/provider/nonce/NonceAlreadyUsedException.java | 4 ++++ .../security/oauth/provider/nonce/NullNonceServices.java | 4 ++++ .../security/oauth/provider/nonce/OAuthNonceServices.java | 4 ++++ .../oauth/provider/token/ExpiredOAuthTokenException.java | 4 ++++ .../oauth/provider/token/InMemoryProviderTokenServices.java | 4 ++++ .../token/InMemorySelfCleaningProviderTokenServices.java | 4 ++++ .../oauth/provider/token/InvalidOAuthTokenException.java | 4 ++++ .../oauth/provider/token/OAuthAccessProviderToken.java | 4 ++++ .../security/oauth/provider/token/OAuthProviderToken.java | 4 ++++ .../oauth/provider/token/OAuthProviderTokenImpl.java | 4 ++++ .../oauth/provider/token/OAuthProviderTokenServices.java | 4 ++++ .../oauth/provider/token/OAuthTokenLifecycleListener.java | 4 ++++ .../oauth/provider/token/OAuthTokenLifecycleRegistry.java | 4 ++++ .../provider/token/RandomValueProviderTokenServices.java | 4 ++++ .../oauth/provider/verifier/OAuthVerifierServices.java | 4 ++++ .../provider/verifier/RandomValueVerifierServices.java | 4 ++++ .../provider/verifier/VerificationFailedException.java | 4 ++++ 108 files changed, 445 insertions(+), 12 deletions(-) diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthCodec.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthCodec.java index 0e917b772..393f6c3e2 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthCodec.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthCodec.java @@ -25,8 +25,12 @@ /** * Utility for parameter encoding according to the OAuth spec. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class OAuthCodec extends URLCodec { protected static final BitSet SAFE_CHARACTERS = (BitSet) URLCodec.WWW_FORM_URL.clone(); diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthConsumerParameter.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthConsumerParameter.java index 91127a909..66e6bc1f5 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthConsumerParameter.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthConsumerParameter.java @@ -19,8 +19,12 @@ /** * Enumeration for consumer parameters. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public enum OAuthConsumerParameter { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthException.java index fc6e727a5..9c8b44a6a 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthException.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthException.java @@ -20,10 +20,14 @@ /** * Base exception for OAuth processing. - * + * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class OAuthException extends AuthenticationException { public OAuthException(String message) { diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthProviderParameter.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthProviderParameter.java index fdcd0ceae..af5c8be4d 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthProviderParameter.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthProviderParameter.java @@ -19,8 +19,12 @@ /** * Parameters that can be used by the provider. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public enum OAuthProviderParameter { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/StringSplitUtils.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/StringSplitUtils.java index 87ed8e914..e2a2045c9 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/StringSplitUtils.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/StringSplitUtils.java @@ -10,7 +10,12 @@ /** * Provides several String manipulation methods. Copied from deleted org.springframework.security.util.StringSplitUtils + * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * */ +@Deprecated public class StringSplitUtils { private static final String[] EMPTY_STRING_ARRAY = new String[0]; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/CoreOAuthSignatureMethodFactory.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/CoreOAuthSignatureMethodFactory.java index 0e736d7b1..b8abb0940 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/CoreOAuthSignatureMethodFactory.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/CoreOAuthSignatureMethodFactory.java @@ -30,8 +30,12 @@ /** * Implements the signatures defined in OAuth Core 1.0. By default, PLAINTEXT signatures are not supported * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class CoreOAuthSignatureMethodFactory implements OAuthSignatureMethodFactory { private boolean supportPlainText = false; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/HMAC_SHA1SignatureMethod.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/HMAC_SHA1SignatureMethod.java index 6fb680f6b..baf4c0b52 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/HMAC_SHA1SignatureMethod.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/HMAC_SHA1SignatureMethod.java @@ -29,8 +29,12 @@ /** * HMAC-SHA1 signature method. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class HMAC_SHA1SignatureMethod implements OAuthSignatureMethod { private static final Log LOG = LogFactory.getLog(HMAC_SHA1SignatureMethod.class); diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/InvalidSignatureException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/InvalidSignatureException.java index 260bee365..0ff6d2cb5 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/InvalidSignatureException.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/InvalidSignatureException.java @@ -21,9 +21,13 @@ /** * Thrown when a signature is invalid. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class InvalidSignatureException extends OAuthException { public InvalidSignatureException(String msg) { diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/OAuthSignatureMethod.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/OAuthSignatureMethod.java index 348684003..883439681 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/OAuthSignatureMethod.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/OAuthSignatureMethod.java @@ -17,8 +17,12 @@ package org.springframework.security.oauth.common.signature; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface OAuthSignatureMethod { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/OAuthSignatureMethodFactory.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/OAuthSignatureMethodFactory.java index 00f015391..7aed490ca 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/OAuthSignatureMethodFactory.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/OAuthSignatureMethodFactory.java @@ -19,8 +19,12 @@ /** * Factory for signature methods. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface OAuthSignatureMethodFactory { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/PlainTextSignatureMethod.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/PlainTextSignatureMethod.java index 31e6eae7d..673b24f60 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/PlainTextSignatureMethod.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/PlainTextSignatureMethod.java @@ -21,8 +21,12 @@ /** * Plain text signature method. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class PlainTextSignatureMethod implements OAuthSignatureMethod { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/RSAKeySecret.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/RSAKeySecret.java index 21b49bcd1..e4c1d8a68 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/RSAKeySecret.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/RSAKeySecret.java @@ -32,9 +32,13 @@ /** * Signature secret for RSA. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class RSAKeySecret implements SignatureSecret { private final PrivateKey privateKey; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/RSA_SHA1SignatureMethod.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/RSA_SHA1SignatureMethod.java index 0c6a6cec9..f027f84df 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/RSA_SHA1SignatureMethod.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/RSA_SHA1SignatureMethod.java @@ -25,8 +25,12 @@ * RSA-SHA1 signature method. The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in RFC3447 * section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for EMSA-PKCS1-v1_5. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class RSA_SHA1SignatureMethod implements OAuthSignatureMethod { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SaltedConsumerSecret.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SaltedConsumerSecret.java index 7b5250506..ad433b5f5 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SaltedConsumerSecret.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SaltedConsumerSecret.java @@ -3,8 +3,12 @@ /** * Marker interface for indicating that a consumer secret has some salt. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface SaltedConsumerSecret { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SharedConsumerSecret.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SharedConsumerSecret.java index e2b4accdc..ef627ccf3 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SharedConsumerSecret.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SharedConsumerSecret.java @@ -19,9 +19,13 @@ /** * A signature secret that consists of a consumer secret and a token secret. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton * @author Aliaksandr Autayeu */ +@Deprecated public interface SharedConsumerSecret extends SignatureSecret { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SharedConsumerSecretImpl.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SharedConsumerSecretImpl.java index dff207c00..6eb66901f 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SharedConsumerSecretImpl.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SharedConsumerSecretImpl.java @@ -19,9 +19,13 @@ /** * Default implementation of a signature secret. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class SharedConsumerSecretImpl implements SharedConsumerSecret { private final String consumerSecret; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SignatureSecret.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SignatureSecret.java index 8110de2a9..44cde648b 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SignatureSecret.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SignatureSecret.java @@ -20,9 +20,13 @@ /** * Marker interface for OAuth signature secrets. - * + * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public interface SignatureSecret extends Serializable { } diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SignatureSecretEditor.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SignatureSecretEditor.java index 7702c508d..874e3624b 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SignatureSecretEditor.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SignatureSecretEditor.java @@ -20,9 +20,13 @@ /** * A signature secret that consists of a consumer secret and a tokent secret. - * + * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class SignatureSecretEditor extends PropertyEditorSupport { public void setAsText(String text) throws IllegalArgumentException { diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/UnsupportedSignatureMethodException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/UnsupportedSignatureMethodException.java index 88f1a4782..be7852485 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/UnsupportedSignatureMethodException.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/UnsupportedSignatureMethodException.java @@ -17,9 +17,13 @@ package org.springframework.security.oauth.common.signature; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class UnsupportedSignatureMethodException extends RuntimeException { public UnsupportedSignatureMethodException(String msg) { diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConfigUtils.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConfigUtils.java index 7d5e17c96..2922fad7e 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConfigUtils.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConfigUtils.java @@ -23,8 +23,12 @@ /** * Common place for OAuth namespace configuration utils. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class ConfigUtils { private static final Method createMatcherMethod3x = ReflectionUtils.findMethod( MatcherType.class, "createMatcher", String.class, String.class); diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConsumerDetailsFactoryBean.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConsumerDetailsFactoryBean.java index 50f29b4ac..b8e685ae8 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConsumerDetailsFactoryBean.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConsumerDetailsFactoryBean.java @@ -32,9 +32,13 @@ import org.springframework.security.oauth.provider.ConsumerDetails; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Dave Syer * */ +@Deprecated public class ConsumerDetailsFactoryBean implements FactoryBean, ResourceLoaderAware { private static final Log logger = LogFactory.getLog(ConsumerDetailsFactoryBean.class); diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConsumerServiceBeanDefinitionParser.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConsumerServiceBeanDefinitionParser.java index d8cfba0d1..3f03de13c 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConsumerServiceBeanDefinitionParser.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConsumerServiceBeanDefinitionParser.java @@ -29,10 +29,14 @@ import org.w3c.dom.Element; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton * @author Andrew McCall * @author Dave Syer */ +@Deprecated public class ConsumerServiceBeanDefinitionParser extends AbstractSingleBeanDefinitionParser { @Override diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ExpressionHandlerBeanDefinitionParser.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ExpressionHandlerBeanDefinitionParser.java index 30e4118ac..0bc457f54 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ExpressionHandlerBeanDefinitionParser.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ExpressionHandlerBeanDefinitionParser.java @@ -21,9 +21,13 @@ import org.w3c.dom.Element; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public class ExpressionHandlerBeanDefinitionParser extends AbstractSingleBeanDefinitionParser { @Override diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthConsumerBeanDefinitionParser.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthConsumerBeanDefinitionParser.java index 004fc87d5..c984e495a 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthConsumerBeanDefinitionParser.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthConsumerBeanDefinitionParser.java @@ -34,10 +34,14 @@ /** * Parser for the OAuth "consumer" element. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton * @author Andrew McCall * @author Luke Taylor */ +@Deprecated public class OAuthConsumerBeanDefinitionParser implements BeanDefinitionParser { public BeanDefinition parse(Element element, ParserContext parserContext) { diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthProviderBeanDefinitionParser.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthProviderBeanDefinitionParser.java index 5a1873e8c..568219c90 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthProviderBeanDefinitionParser.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthProviderBeanDefinitionParser.java @@ -39,9 +39,13 @@ /** * Parser for the OAuth "provider" element. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton * @author Andrew McCall */ +@Deprecated public class OAuthProviderBeanDefinitionParser implements BeanDefinitionParser { public BeanDefinition parse(Element element, ParserContext parserContext) { diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthSecurityNamespaceHandler.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthSecurityNamespaceHandler.java index 91cdaba92..f45565316 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthSecurityNamespaceHandler.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthSecurityNamespaceHandler.java @@ -19,8 +19,12 @@ import org.springframework.beans.factory.xml.NamespaceHandlerSupport; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class OAuthSecurityNamespaceHandler extends NamespaceHandlerSupport { public void init() { diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ProtectedResourceDetailsBeanDefinitionParser.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ProtectedResourceDetailsBeanDefinitionParser.java index ac4cdb905..4e77bbc56 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ProtectedResourceDetailsBeanDefinitionParser.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ProtectedResourceDetailsBeanDefinitionParser.java @@ -31,8 +31,12 @@ import java.util.Map; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class ProtectedResourceDetailsBeanDefinitionParser extends AbstractSingleBeanDefinitionParser { @Override diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ProtectedResourceDetailsServiceFactoryBean.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ProtectedResourceDetailsServiceFactoryBean.java index 81fe4856f..e10b20015 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ProtectedResourceDetailsServiceFactoryBean.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ProtectedResourceDetailsServiceFactoryBean.java @@ -12,8 +12,12 @@ /** * Factory bean for the resource details service. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class ProtectedResourceDetailsServiceFactoryBean extends AbstractFactoryBean { @Override diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/TokenServiceBeanDefinitionParser.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/TokenServiceBeanDefinitionParser.java index 784a69790..a63e08ade 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/TokenServiceBeanDefinitionParser.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/TokenServiceBeanDefinitionParser.java @@ -24,8 +24,12 @@ import org.w3c.dom.Element; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class TokenServiceBeanDefinitionParser extends AbstractSingleBeanDefinitionParser { @Override diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/VerifierServiceBeanDefinitionParser.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/VerifierServiceBeanDefinitionParser.java index 8f85b150a..d280e5c3d 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/VerifierServiceBeanDefinitionParser.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/VerifierServiceBeanDefinitionParser.java @@ -24,8 +24,12 @@ import org.w3c.dom.Element; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class VerifierServiceBeanDefinitionParser extends AbstractSingleBeanDefinitionParser { @Override diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/AccessTokenRequiredException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/AccessTokenRequiredException.java index c93385391..715973b2d 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/AccessTokenRequiredException.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/AccessTokenRequiredException.java @@ -3,9 +3,13 @@ import org.springframework.security.authentication.InsufficientAuthenticationException; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class AccessTokenRequiredException extends InsufficientAuthenticationException { private final ProtectedResourceDetails resource; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/BaseProtectedResourceDetails.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/BaseProtectedResourceDetails.java index 7a35df339..53059dda2 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/BaseProtectedResourceDetails.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/BaseProtectedResourceDetails.java @@ -24,8 +24,12 @@ /** * Basic implementation of protected resource details. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class BaseProtectedResourceDetails implements ProtectedResourceDetails { private String id; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/InMemoryProtectedResourceDetailsService.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/InMemoryProtectedResourceDetailsService.java index 3d50987c2..a0c188114 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/InMemoryProtectedResourceDetailsService.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/InMemoryProtectedResourceDetailsService.java @@ -22,8 +22,12 @@ /** * Basic, in-memory implementation of a protected resource details service. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class InMemoryProtectedResourceDetailsService implements ProtectedResourceDetailsService { private Map resourceDetailsStore = new HashMap(); diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/InvalidOAuthRealmException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/InvalidOAuthRealmException.java index 4dfd1c010..8da4d544d 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/InvalidOAuthRealmException.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/InvalidOAuthRealmException.java @@ -18,10 +18,14 @@ /** * Thrown when a different realm appears to be the cause of the authorization failure. - * + * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class InvalidOAuthRealmException extends OAuthRequestFailedException { private final String requiredRealm; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthConsumerSupport.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthConsumerSupport.java index fda9d13b5..4ae98786f 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthConsumerSupport.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthConsumerSupport.java @@ -24,8 +24,12 @@ /** * Consumer-side support for OAuth. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface OAuthConsumerSupport { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthConsumerToken.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthConsumerToken.java index 6472e24f5..1e93577b5 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthConsumerToken.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthConsumerToken.java @@ -21,9 +21,13 @@ /** * Interface for a consumer-side OAuth token. - * + * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class OAuthConsumerToken implements Serializable { private static final long serialVersionUID = -4057986970456346647L; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthRequestFailedException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthRequestFailedException.java index 1e914cb36..60c735d05 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthRequestFailedException.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthRequestFailedException.java @@ -21,9 +21,13 @@ /** * Thrown when an OAuth request fails. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class OAuthRequestFailedException extends AccessDeniedException { public OAuthRequestFailedException(String msg) { diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthSecurityContext.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthSecurityContext.java index 3a5ce0789..7e2a5e34e 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthSecurityContext.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthSecurityContext.java @@ -6,8 +6,12 @@ /** * The OAuth 2 security context (for a specific user). * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface OAuthSecurityContext { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthSecurityContextHolder.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthSecurityContextHolder.java index 6ed43ad66..f61b05497 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthSecurityContextHolder.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthSecurityContextHolder.java @@ -3,8 +3,12 @@ /** * Holder for the current OAuth security context. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class OAuthSecurityContextHolder { private static final ThreadLocal CURRENT_CONTEXT = new ThreadLocal(); diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthSecurityContextImpl.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthSecurityContextImpl.java index 176240897..9a05d76b3 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthSecurityContextImpl.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthSecurityContextImpl.java @@ -4,8 +4,12 @@ import java.util.Map; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class OAuthSecurityContextImpl implements OAuthSecurityContext { private Map accessTokens; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/ProtectedResourceDetails.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/ProtectedResourceDetails.java index 9e8ac672d..901137d4a 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/ProtectedResourceDetails.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/ProtectedResourceDetails.java @@ -23,9 +23,13 @@ /** * Details about a protected resource. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton * @author Andrew McCall */ +@Deprecated public interface ProtectedResourceDetails { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/ProtectedResourceDetailsService.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/ProtectedResourceDetailsService.java index f690fc042..a6c6037aa 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/ProtectedResourceDetailsService.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/ProtectedResourceDetailsService.java @@ -19,8 +19,12 @@ /** * Service for loading protected resource details. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface ProtectedResourceDetailsService { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/UnverifiedRequestTokenException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/UnverifiedRequestTokenException.java index 876f8c674..68cd47791 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/UnverifiedRequestTokenException.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/UnverifiedRequestTokenException.java @@ -19,9 +19,13 @@ /** * Thrown when an attempt is made to use an unverified request token. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class UnverifiedRequestTokenException extends OAuthRequestFailedException { public UnverifiedRequestTokenException(String msg) { diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/client/CoreOAuthConsumerSupport.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/client/CoreOAuthConsumerSupport.java index 65703bab5..0da26cc88 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/client/CoreOAuthConsumerSupport.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/client/CoreOAuthConsumerSupport.java @@ -52,9 +52,13 @@ * OAuth provider. A proxy will be selected, but it is assumed that the {@link javax.net.ssl.TrustManager}s * and other connection-related environment variables are already set up. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton * @author Andrew McCall */ +@Deprecated public class CoreOAuthConsumerSupport implements OAuthConsumerSupport, InitializingBean { private static final Log logger = LogFactory.getLog(CoreOAuthConsumerSupport.class); diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/client/OAuthClientHttpRequestFactory.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/client/OAuthClientHttpRequestFactory.java index 1f00bf42d..d7015365c 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/client/OAuthClientHttpRequestFactory.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/client/OAuthClientHttpRequestFactory.java @@ -20,8 +20,12 @@ /** * Request factory that extends all http requests with the OAuth credentials for a specific protected resource. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class OAuthClientHttpRequestFactory implements ClientHttpRequestFactory { private final ClientHttpRequestFactory delegate; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/client/OAuthRestTemplate.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/client/OAuthRestTemplate.java index 0d2e6b1fe..59d323394 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/client/OAuthRestTemplate.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/client/OAuthRestTemplate.java @@ -9,8 +9,12 @@ /** * Rest template that is able to make OAuth-authenticated REST requests with the credentials of the provided resource. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class OAuthRestTemplate extends RestTemplate { private final ProtectedResourceDetails resource; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/filter/OAuthConsumerContextFilter.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/filter/OAuthConsumerContextFilter.java index 776750baa..5d8612fa0 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/filter/OAuthConsumerContextFilter.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/filter/OAuthConsumerContextFilter.java @@ -65,8 +65,12 @@ /** * OAuth filter that establishes an OAuth security context. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class OAuthConsumerContextFilter implements Filter, InitializingBean, MessageSourceAware { public static final String ACCESS_TOKENS_DEFAULT_ATTRIBUTE = "OAUTH_ACCESS_TOKENS"; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/filter/OAuthConsumerProcessingFilter.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/filter/OAuthConsumerProcessingFilter.java index 4a38aeecb..29674ce68 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/filter/OAuthConsumerProcessingFilter.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/filter/OAuthConsumerProcessingFilter.java @@ -53,9 +53,13 @@ * When servicing a request that requires protected resources, this filter sets a request attribute (default "OAUTH_ACCESS_TOKENS") that contains * the list of {@link org.springframework.security.oauth.consumer.OAuthConsumerToken}s. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton * @author Andrew McCall */ +@Deprecated public class OAuthConsumerProcessingFilter implements Filter, InitializingBean, MessageSourceAware { private static final Log LOG = LogFactory.getLog(OAuthConsumerProcessingFilter.class); diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/DefaultOAuthURLStreamHandlerFactory.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/DefaultOAuthURLStreamHandlerFactory.java index b7b242900..db424e879 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/DefaultOAuthURLStreamHandlerFactory.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/DefaultOAuthURLStreamHandlerFactory.java @@ -26,8 +26,12 @@ /** * Default implementation. Assumes we're running on Sun's JVM. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class DefaultOAuthURLStreamHandlerFactory implements OAuthURLStreamHandlerFactory { public URLStreamHandler getHttpStreamHandler(ProtectedResourceDetails resourceDetails, OAuthConsumerToken accessToken, OAuthConsumerSupport support, String httpMethod, Map additionalParameters) { diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthOverHttpURLStreamHandler.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthOverHttpURLStreamHandler.java index 321d27fea..055981f69 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthOverHttpURLStreamHandler.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthOverHttpURLStreamHandler.java @@ -30,9 +30,13 @@ /** * Stream handler to handle the request stream to a protected resource over HTTP. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("restriction") +@Deprecated public class OAuthOverHttpURLStreamHandler extends sun.net.www.protocol.http.Handler { private final ProtectedResourceDetails resourceDetails; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthOverHttpsURLStreamHandler.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthOverHttpsURLStreamHandler.java index 1f1dc3159..7646b0f5b 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthOverHttpsURLStreamHandler.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthOverHttpsURLStreamHandler.java @@ -30,9 +30,13 @@ /** * Stream handler to handle the request stream to a protected resource over HTTP. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("restriction") +@Deprecated public class OAuthOverHttpsURLStreamHandler extends sun.net.www.protocol.https.Handler { private final ProtectedResourceDetails resourceDetails; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthURLStreamHandlerFactory.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthURLStreamHandlerFactory.java index 022d4719b..b34172184 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthURLStreamHandlerFactory.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthURLStreamHandlerFactory.java @@ -26,8 +26,12 @@ /** * Factory for a OAuth URL stream handlers. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface OAuthURLStreamHandlerFactory { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/nonce/NonceFactory.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/nonce/NonceFactory.java index fa8315175..208190451 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/nonce/NonceFactory.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/nonce/NonceFactory.java @@ -19,8 +19,12 @@ /** * A nonce factory. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface NonceFactory { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/nonce/UUIDNonceFactory.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/nonce/UUIDNonceFactory.java index ca22d5dca..af5906ad3 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/nonce/UUIDNonceFactory.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/nonce/UUIDNonceFactory.java @@ -21,8 +21,12 @@ /** * Nonce factory that uses a UUID to generate the nonce. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class UUIDNonceFactory implements NonceFactory { public String generateNonce() { diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/rememberme/HttpSessionOAuthRememberMeServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/rememberme/HttpSessionOAuthRememberMeServices.java index bc218993d..b7b8a5fc1 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/rememberme/HttpSessionOAuthRememberMeServices.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/rememberme/HttpSessionOAuthRememberMeServices.java @@ -12,10 +12,14 @@ /** * Default implementation of the OAuth2 rememberme services. Just stores everything in the session by default. Storing * access token can be suppressed to reduce long-term expose of these tokens in the underlying HTTP session. - * + * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton * @author Alex Rau */ +@Deprecated public class HttpSessionOAuthRememberMeServices implements OAuthRememberMeServices { public static final String REMEMBERED_TOKENS_KEY = HttpSessionOAuthRememberMeServices.class.getName() diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/rememberme/NoOpOAuthRememberMeServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/rememberme/NoOpOAuthRememberMeServices.java index 0d08b2513..4eb6e8e9a 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/rememberme/NoOpOAuthRememberMeServices.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/rememberme/NoOpOAuthRememberMeServices.java @@ -10,9 +10,13 @@ * Basic, no-op implementation of the remember-me services. Not very useful in a 3-legged OAuth flow, but for a 2-legged * system where there are no request tokens to store in between requests it keeps the consumer stateless at the price of * obtaining a new access token for every request. - * + * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class NoOpOAuthRememberMeServices implements OAuthRememberMeServices { public Map loadRememberedTokens(HttpServletRequest request, HttpServletResponse response) { diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/rememberme/OAuthRememberMeServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/rememberme/OAuthRememberMeServices.java index 905367c14..f68e45448 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/rememberme/OAuthRememberMeServices.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/rememberme/OAuthRememberMeServices.java @@ -9,8 +9,12 @@ /** * Services for "remembering" the access tokens that have been obtained. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface OAuthRememberMeServices { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/token/HttpSessionBasedTokenServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/token/HttpSessionBasedTokenServices.java index 9f488a0c8..847a212c3 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/token/HttpSessionBasedTokenServices.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/token/HttpSessionBasedTokenServices.java @@ -27,8 +27,12 @@ /** * Stores the tokens in an HTTP session. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class HttpSessionBasedTokenServices implements OAuthConsumerTokenServices { public static final String KEY_PREFIX = "OAUTH_TOKEN"; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/token/OAuthConsumerTokenServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/token/OAuthConsumerTokenServices.java index a97c11a8b..40422998f 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/token/OAuthConsumerTokenServices.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/token/OAuthConsumerTokenServices.java @@ -21,9 +21,13 @@ /** * Token services for an OAuth consumer. - * + * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface OAuthConsumerTokenServices { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/BaseConsumerDetails.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/BaseConsumerDetails.java index 2f4a402ef..003bfb096 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/BaseConsumerDetails.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/BaseConsumerDetails.java @@ -25,10 +25,14 @@ /** * Base implementation for consumer details. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton * @author Andrew McCall */ @SuppressWarnings("serial") +@Deprecated public class BaseConsumerDetails implements ResourceSpecificConsumerDetails, ExtraTrustConsumerDetails { private String consumerKey; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerAuthentication.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerAuthentication.java index 3246e7e63..42597b46a 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerAuthentication.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerAuthentication.java @@ -22,10 +22,14 @@ /** * Authentication for an OAuth consumer. - * + * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class ConsumerAuthentication extends AbstractAuthenticationToken { private final ConsumerDetails consumerDetails; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerCredentials.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerCredentials.java index 48b983954..8c09f2926 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerCredentials.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerCredentials.java @@ -21,9 +21,13 @@ /** * The credentials for an OAuth consumer request. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class ConsumerCredentials implements Serializable { private final String consumerKey; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerDetails.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerDetails.java index 9756f19fa..a72b18fb5 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerDetails.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerDetails.java @@ -25,8 +25,12 @@ /** * Provides core OAuth consumer information. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface ConsumerDetails extends Serializable { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerDetailsService.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerDetailsService.java index 41c52a421..76031a77f 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerDetailsService.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerDetailsService.java @@ -21,8 +21,12 @@ /** * A service that provides the details about an oauth consumer. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface ConsumerDetailsService { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/DefaultAuthenticationHandler.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/DefaultAuthenticationHandler.java index d1ad40eda..dfda4d254 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/DefaultAuthenticationHandler.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/DefaultAuthenticationHandler.java @@ -9,8 +9,12 @@ /** * The default authentication handler. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class DefaultAuthenticationHandler implements OAuthAuthenticationHandler { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ExtraTrustConsumerDetails.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ExtraTrustConsumerDetails.java index 4e5cd0d4c..7ec33d13b 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ExtraTrustConsumerDetails.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ExtraTrustConsumerDetails.java @@ -19,8 +19,12 @@ /** * Consumer details for a specific resource. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface ExtraTrustConsumerDetails extends ConsumerDetails { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/InMemoryConsumerDetailsService.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/InMemoryConsumerDetailsService.java index f8dc7cbd0..0e902837e 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/InMemoryConsumerDetailsService.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/InMemoryConsumerDetailsService.java @@ -24,8 +24,12 @@ /** * Basic, in-memory implementation of the consumer details service. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class InMemoryConsumerDetailsService implements ConsumerDetailsService { private Map consumerDetailsStore = new HashMap(); diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/InvalidOAuthParametersException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/InvalidOAuthParametersException.java index de4753471..c26d3e776 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/InvalidOAuthParametersException.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/InvalidOAuthParametersException.java @@ -19,9 +19,13 @@ import org.springframework.security.oauth.common.OAuthException; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class InvalidOAuthParametersException extends OAuthException { public InvalidOAuthParametersException(String msg) { diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthAuthenticationDetails.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthAuthenticationDetails.java index 58ee7ee59..c7a9d4de0 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthAuthenticationDetails.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthAuthenticationDetails.java @@ -22,10 +22,14 @@ /** * Authentication details and includes the details of the OAuth consumer. - * + * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class OAuthAuthenticationDetails extends WebAuthenticationDetails { private final ConsumerDetails consumerDetails; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthAuthenticationHandler.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthAuthenticationHandler.java index d0c277bb6..408a4b9c9 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthAuthenticationHandler.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthAuthenticationHandler.java @@ -8,8 +8,12 @@ /** * Callback interface for handing authentication details that are used when an authenticated request for a protected resource is received. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface OAuthAuthenticationHandler { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthProcessingFilterEntryPoint.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthProcessingFilterEntryPoint.java index 8125ad077..9ce9becc1 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthProcessingFilterEntryPoint.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthProcessingFilterEntryPoint.java @@ -28,8 +28,12 @@ /** * Entry point for OAuth authentication requests. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class OAuthProcessingFilterEntryPoint implements AuthenticationEntryPoint { private String realmName; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthProviderSupport.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthProviderSupport.java index c44e0a177..6817bea5c 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthProviderSupport.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthProviderSupport.java @@ -21,9 +21,13 @@ /** * Support logic for OAuth providers. - * + * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface OAuthProviderSupport { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthVersionUnsupportedException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthVersionUnsupportedException.java index ea6a20eca..aabf1722b 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthVersionUnsupportedException.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthVersionUnsupportedException.java @@ -17,9 +17,13 @@ package org.springframework.security.oauth.provider; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class OAuthVersionUnsupportedException extends InvalidOAuthParametersException { public OAuthVersionUnsupportedException(String msg) { diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ResourceSpecificConsumerDetails.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ResourceSpecificConsumerDetails.java index 0622281dc..474a5126a 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ResourceSpecificConsumerDetails.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ResourceSpecificConsumerDetails.java @@ -19,8 +19,12 @@ /** * Consumer details for a specific resource. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface ResourceSpecificConsumerDetails extends ConsumerDetails { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerKeysAllowed.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerKeysAllowed.java index 8d77626bf..5f70c138e 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerKeysAllowed.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerKeysAllowed.java @@ -24,10 +24,14 @@ /** * The consumer keys that are allowed to access the specified method. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @Target ( { ElementType.TYPE, ElementType.METHOD } ) @Retention ( RetentionPolicy.RUNTIME ) +@Deprecated public @interface ConsumerKeysAllowed { String[] value(); diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerRolesAllowed.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerRolesAllowed.java index 31ffbb298..9e727afc3 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerRolesAllowed.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerRolesAllowed.java @@ -24,10 +24,14 @@ /** * The consumer roles that are allowed to access the specified method. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @Target ( { ElementType.TYPE, ElementType.METHOD } ) @Retention ( RetentionPolicy.RUNTIME ) +@Deprecated public @interface ConsumerRolesAllowed { String[] value(); diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityConfig.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityConfig.java index e6ad3e9b1..8d56db062 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityConfig.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityConfig.java @@ -20,10 +20,14 @@ /** * Security config for consumer authorization of a method. - * + * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class ConsumerSecurityConfig extends SecurityConfig { public static final ConsumerSecurityConfig DENY_ALL_ATTRIBUTE = new ConsumerSecurityConfig(DenyAllConsumers.class.getName(), null); diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityMetadataSource.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityMetadataSource.java index 8fcd6fe40..16d3d5e13 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityMetadataSource.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityMetadataSource.java @@ -27,9 +27,13 @@ import java.lang.annotation.Annotation; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton * @author Andrew McCall */ +@Deprecated public class ConsumerSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource { protected List findAttributes(Class clazz) { diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityVoter.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityVoter.java index fc26ba7c1..94ee09b8e 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityVoter.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityVoter.java @@ -26,9 +26,13 @@ import java.util.Collection; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton * @author Andrew McCall */ +@Deprecated public class ConsumerSecurityVoter implements AccessDecisionVoter { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/DenyAllConsumers.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/DenyAllConsumers.java index 667c097ab..9387c3c4b 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/DenyAllConsumers.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/DenyAllConsumers.java @@ -24,9 +24,13 @@ /** * Annotation used to specify that a method is to be denied to all OAuth consumers. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @Target ( { ElementType.TYPE, ElementType.METHOD } ) @Retention ( RetentionPolicy.RUNTIME ) +@Deprecated public @interface DenyAllConsumers { } diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/PermitAllConsumers.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/PermitAllConsumers.java index 859c105ee..11e705dba 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/PermitAllConsumers.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/PermitAllConsumers.java @@ -25,9 +25,13 @@ * Annotation used to specify that a method is to be permitted to all OAuth consumers. Note that just because * a consumer is permitted, that doesn't mean that the user that the consumer is representing is permitted. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @Target ( { ElementType.TYPE, ElementType.METHOD } ) @Retention ( RetentionPolicy.RUNTIME ) +@Deprecated public @interface PermitAllConsumers { } \ No newline at end of file diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/expression/OAuthMethodSecurityExpressionHandler.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/expression/OAuthMethodSecurityExpressionHandler.java index 44d20e173..0f6c2e14f 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/expression/OAuthMethodSecurityExpressionHandler.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/expression/OAuthMethodSecurityExpressionHandler.java @@ -19,9 +19,13 @@ import org.springframework.security.oauth.provider.OAuthAuthenticationDetails; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public class OAuthMethodSecurityExpressionHandler extends DefaultMethodSecurityExpressionHandler { @Override diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/AccessTokenProcessingFilter.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/AccessTokenProcessingFilter.java index a35eddd76..52bc18003 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/AccessTokenProcessingFilter.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/AccessTokenProcessingFilter.java @@ -35,9 +35,13 @@ /** * Processing filter for handling a request for an OAuth access token. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton * @author Andrew McCall */ +@Deprecated public class AccessTokenProcessingFilter extends OAuthProviderProcessingFilter { // The OAuth spec doesn't specify a content-type of the response. However, it's NOT diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/CoreOAuthProviderSupport.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/CoreOAuthProviderSupport.java index 93cbb612b..90ca0488b 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/CoreOAuthProviderSupport.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/CoreOAuthProviderSupport.java @@ -31,8 +31,12 @@ /** * Utility for common logic for supporting an OAuth provider. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class CoreOAuthProviderSupport implements OAuthProviderSupport { private final Set supportedOAuthParameters; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/OAuthProviderProcessingFilter.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/OAuthProviderProcessingFilter.java index e317593c8..aac199e34 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/OAuthProviderProcessingFilter.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/OAuthProviderProcessingFilter.java @@ -57,8 +57,12 @@ /** * OAuth processing filter. This filter should be applied to requests for OAuth protected resources (see OAuth Core 1.0). * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public abstract class OAuthProviderProcessingFilter implements Filter, InitializingBean, MessageSourceAware { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/ProtectedResourceProcessingFilter.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/ProtectedResourceProcessingFilter.java index 9c75e1aa6..6d6252192 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/ProtectedResourceProcessingFilter.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/ProtectedResourceProcessingFilter.java @@ -41,9 +41,13 @@ * load a different authentication request into the security context). If the protected resource is available * ONLY via OAuth access token, set ignoreMissingCredentials to false. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton * @author Andrew McCall */ +@Deprecated public class ProtectedResourceProcessingFilter extends OAuthProviderProcessingFilter { private boolean allowAllMethods = true; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UnauthenticatedRequestTokenProcessingFilter.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UnauthenticatedRequestTokenProcessingFilter.java index f8df77f16..9128a4cb8 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UnauthenticatedRequestTokenProcessingFilter.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UnauthenticatedRequestTokenProcessingFilter.java @@ -36,9 +36,13 @@ * Processing filter for handling a request for an OAuth token. The default implementation assumes a request for a new * unauthenticated request token. The default {@link #setFilterProcessesUrl(String) processes URL} is "/oauth_request_token". * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton * @author Andrew McCall */ +@Deprecated public class UnauthenticatedRequestTokenProcessingFilter extends OAuthProviderProcessingFilter { // The OAuth spec doesn't specify a content-type of the response. However, it's NOT diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UserAuthorizationProcessingFilter.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UserAuthorizationProcessingFilter.java index ecff6e192..9cff91e67 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UserAuthorizationProcessingFilter.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UserAuthorizationProcessingFilter.java @@ -39,9 +39,13 @@ * This filter looks for one request parameter for the token id that is being authorized. The * default name of the paramaters is "requestToken", but this can be configured. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton * @author Andrew McCall */ +@Deprecated public class UserAuthorizationProcessingFilter extends AbstractAuthenticationProcessingFilter { protected static final String CALLBACK_ATTRIBUTE = UserAuthorizationProcessingFilter.class.getName() + "#CALLBACK"; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UserAuthorizationSuccessfulAuthenticationHandler.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UserAuthorizationSuccessfulAuthenticationHandler.java index c5558783f..0b228ad7b 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UserAuthorizationSuccessfulAuthenticationHandler.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UserAuthorizationSuccessfulAuthenticationHandler.java @@ -37,8 +37,12 @@ * success URL. Otherwise, the oauth_verifier and oauth_token parmeters are appended to the callback URL and the user * is redirected. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Andrew McCall */ +@Deprecated public class UserAuthorizationSuccessfulAuthenticationHandler extends SimpleUrlAuthenticationSuccessHandler { private static Log LOG = LogFactory.getLog(UserAuthorizationSuccessfulAuthenticationHandler.class); diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/ExpiringTimestampNonceServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/ExpiringTimestampNonceServices.java index 8e3cf38e1..ed53dfd64 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/ExpiringTimestampNonceServices.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/ExpiringTimestampNonceServices.java @@ -28,8 +28,12 @@ * is older than the configured validity window, the nonce is not valid. The default validity window is * 12 hours. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class ExpiringTimestampNonceServices implements OAuthNonceServices { private long validityWindowSeconds = 60 * 60 * 12; //we'll default to a 12-hour validity window. diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/InMemoryNonceServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/InMemoryNonceServices.java index a4e726949..5e26994e0 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/InMemoryNonceServices.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/InMemoryNonceServices.java @@ -37,9 +37,13 @@ * this class has a per request memory overhead. Keeping the validity window short helps prevent wasting a lot of * memory. 10 minutes that allows for minor variations in time between servers. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton * @author Jilles van Gurp */ +@Deprecated public class InMemoryNonceServices implements OAuthNonceServices { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/NonceAlreadyUsedException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/NonceAlreadyUsedException.java index 0a8d7845c..d728bbfe7 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/NonceAlreadyUsedException.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/NonceAlreadyUsedException.java @@ -19,9 +19,13 @@ import org.springframework.security.oauth.common.OAuthException; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class NonceAlreadyUsedException extends OAuthException { public NonceAlreadyUsedException(String msg) { super(msg); diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/NullNonceServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/NullNonceServices.java index 084ad767c..6e8d86a03 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/NullNonceServices.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/NullNonceServices.java @@ -23,8 +23,12 @@ * No-op nonce services. Assumes all nonces are valid. This leaves the provider exposed to the dangers * of an unlimited timestamp validity window and OAuth request replay attacks. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class NullNonceServices implements OAuthNonceServices { public void validateNonce(ConsumerDetails consumerDetails, long timestamp, String nonce) throws AuthenticationException { diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/OAuthNonceServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/OAuthNonceServices.java index 2c5710bf6..62de9e723 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/OAuthNonceServices.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/OAuthNonceServices.java @@ -20,8 +20,12 @@ import org.springframework.security.oauth.provider.ConsumerDetails; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface OAuthNonceServices { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/ExpiredOAuthTokenException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/ExpiredOAuthTokenException.java index c29acbff0..0eaa0a9c7 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/ExpiredOAuthTokenException.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/ExpiredOAuthTokenException.java @@ -19,9 +19,13 @@ import org.springframework.security.oauth.common.OAuthException; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class ExpiredOAuthTokenException extends OAuthException { public ExpiredOAuthTokenException(String msg) { diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InMemoryProviderTokenServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InMemoryProviderTokenServices.java index f35ced78c..d73132a5d 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InMemoryProviderTokenServices.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InMemoryProviderTokenServices.java @@ -21,8 +21,12 @@ /** * Implementation of TokenServices that stores tokens in memory. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class InMemoryProviderTokenServices extends RandomValueProviderTokenServices { protected final ConcurrentHashMap tokenStore = new ConcurrentHashMap(); diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InMemorySelfCleaningProviderTokenServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InMemorySelfCleaningProviderTokenServices.java index 7a8ce4bf6..45e9c3baf 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InMemorySelfCleaningProviderTokenServices.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InMemorySelfCleaningProviderTokenServices.java @@ -27,8 +27,12 @@ /** * Implementation of TokenServices that stores tokens in memory. The token services will schedule a thread to do cleaning up of expired tokens. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class InMemorySelfCleaningProviderTokenServices extends InMemoryProviderTokenServices implements DisposableBean { private ScheduledExecutorService scheduler; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InvalidOAuthTokenException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InvalidOAuthTokenException.java index b9984615a..7874c8b14 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InvalidOAuthTokenException.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InvalidOAuthTokenException.java @@ -19,9 +19,13 @@ import org.springframework.security.oauth.common.OAuthException; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class InvalidOAuthTokenException extends OAuthException { public InvalidOAuthTokenException(String msg) { diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthAccessProviderToken.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthAccessProviderToken.java index c37038a8d..b8cbc9858 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthAccessProviderToken.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthAccessProviderToken.java @@ -19,8 +19,12 @@ import org.springframework.security.core.Authentication; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface OAuthAccessProviderToken extends OAuthProviderToken { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderToken.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderToken.java index 71cf6596b..375761ad5 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderToken.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderToken.java @@ -19,8 +19,12 @@ import java.io.Serializable; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface OAuthProviderToken extends Serializable { /** * The value of the token. diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderTokenImpl.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderTokenImpl.java index b8244dc39..3a9916897 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderTokenImpl.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderTokenImpl.java @@ -21,8 +21,12 @@ /** * Basic implementation for an OAuth token. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class OAuthProviderTokenImpl implements OAuthAccessProviderToken { private static final long serialVersionUID = -1794426591002744140L; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderTokenServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderTokenServices.java index 4dff7d643..db8f42a6b 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderTokenServices.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderTokenServices.java @@ -20,8 +20,12 @@ import org.springframework.security.core.AuthenticationException; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface OAuthProviderTokenServices { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthTokenLifecycleListener.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthTokenLifecycleListener.java index a09738624..375ba701c 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthTokenLifecycleListener.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthTokenLifecycleListener.java @@ -3,8 +3,12 @@ /** * Interface for listening to the lifecycle of a token. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface OAuthTokenLifecycleListener { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthTokenLifecycleRegistry.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthTokenLifecycleRegistry.java index 16a46a7bb..f5906a084 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthTokenLifecycleRegistry.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthTokenLifecycleRegistry.java @@ -7,8 +7,12 @@ /** * Interface for a registry of token lifecycle listeners. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface OAuthTokenLifecycleRegistry { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/RandomValueProviderTokenServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/RandomValueProviderTokenServices.java index 6d8e4df96..3c1342cbd 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/RandomValueProviderTokenServices.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/RandomValueProviderTokenServices.java @@ -32,8 +32,12 @@ * This base implementation creates tokens that have an expiration. For request tokens, the default validity is * 10 minutes. For access tokens, the default validity is 12 hours. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public abstract class RandomValueProviderTokenServices implements OAuthProviderTokenServices, InitializingBean, OAuthTokenLifecycleRegistry { private Random random; diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/verifier/OAuthVerifierServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/verifier/OAuthVerifierServices.java index a775b9449..020ba3a5d 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/verifier/OAuthVerifierServices.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/verifier/OAuthVerifierServices.java @@ -3,8 +3,12 @@ /** * Service for generating a verifier. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public interface OAuthVerifierServices { /** diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/verifier/RandomValueVerifierServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/verifier/RandomValueVerifierServices.java index db3f26040..a163cec47 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/verifier/RandomValueVerifierServices.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/verifier/RandomValueVerifierServices.java @@ -8,8 +8,12 @@ /** * Basic implementation of the verifier services that creates a random-value verifier and stores it in an in-memory map. * + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ +@Deprecated public class RandomValueVerifierServices implements OAuthVerifierServices, InitializingBean { private static final char[] DEFAULT_CODEC = "1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz".toCharArray(); diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/verifier/VerificationFailedException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/verifier/VerificationFailedException.java index 2c8a04a88..986218f40 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/verifier/VerificationFailedException.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/verifier/VerificationFailedException.java @@ -19,9 +19,13 @@ import org.springframework.security.oauth.common.OAuthException; /** + *

+ * @deprecated The OAuth 1.0 Protocol RFC 5849 is obsoleted by the OAuth 2.0 Authorization Framework RFC 6749. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class VerificationFailedException extends OAuthException { public VerificationFailedException(String msg) { super(msg); From 6234826671d75632d84c524da1dd8818cee1b4c2 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Tue, 5 Nov 2019 17:09:49 -0500 Subject: [PATCH 19/94] Deprecate classes in spring-security-oauth2 Fixes gh-1805 --- .../oauth2/client/DefaultOAuth2ClientContext.java | 6 +++++- .../oauth2/client/DefaultOAuth2RequestAuthenticator.java | 4 ++++ .../security/oauth2/client/OAuth2ClientContext.java | 4 ++++ .../oauth2/client/OAuth2RequestAuthenticator.java | 4 ++++ .../security/oauth2/client/OAuth2RestOperations.java | 4 ++++ .../security/oauth2/client/OAuth2RestTemplate.java | 6 +++++- .../oauth2/client/discovery/ProviderConfiguration.java | 4 ++++ .../oauth2/client/discovery/ProviderDiscoveryClient.java | 4 ++++ .../client/filter/OAuth2AuthenticationFailureEvent.java | 6 ++++++ .../OAuth2ClientAuthenticationProcessingFilter.java | 6 +++++- .../oauth2/client/filter/OAuth2ClientContextFilter.java | 6 +++++- .../client/filter/state/DefaultStateKeyGenerator.java | 4 ++++ .../oauth2/client/filter/state/StateKeyGenerator.java | 6 +++++- .../oauth2/client/http/AccessTokenRequiredException.java | 4 ++++ .../security/oauth2/client/http/OAuth2ErrorHandler.java | 5 +++++ .../security/oauth2/client/http/StringSplitUtils.java | 5 +++++ .../resource/BaseOAuth2ProtectedResourceDetails.java | 4 ++++ .../client/resource/OAuth2AccessDeniedException.java | 6 +++++- .../client/resource/OAuth2ProtectedResourceDetails.java | 6 +++++- .../client/resource/UserApprovalRequiredException.java | 6 +++++- .../client/resource/UserRedirectRequiredException.java | 6 +++++- .../security/oauth2/client/test/BeforeOAuth2Context.java | 6 +++++- .../oauth2/client/test/OAuth2ContextConfiguration.java | 6 +++++- .../security/oauth2/client/test/OAuth2ContextSetup.java | 6 +++++- .../security/oauth2/client/test/RestTemplateHolder.java | 6 +++++- .../security/oauth2/client/test/TestAccounts.java | 4 ++++ .../security/oauth2/client/token/AccessTokenProvider.java | 6 +++++- .../oauth2/client/token/AccessTokenProviderChain.java | 4 ++++ .../security/oauth2/client/token/AccessTokenRequest.java | 6 ++++++ .../security/oauth2/client/token/ClientKeyGenerator.java | 4 ++++ .../security/oauth2/client/token/ClientTokenServices.java | 4 ++++ .../oauth2/client/token/DefaultAccessTokenRequest.java | 6 +++++- .../oauth2/client/token/DefaultClientKeyGenerator.java | 6 +++++- .../oauth2/client/token/DefaultRequestEnhancer.java | 6 ++++++ .../oauth2/client/token/JdbcClientTokenServices.java | 6 +++++- .../oauth2/client/token/OAuth2AccessTokenSupport.java | 6 +++++- .../security/oauth2/client/token/RequestEnhancer.java | 6 ++++++ .../client/token/auth/ClientAuthenticationHandler.java | 6 +++++- .../token/auth/DefaultClientAuthenticationHandler.java | 6 +++++- .../client/ClientCredentialsAccessTokenProvider.java | 6 +++++- .../grant/client/ClientCredentialsResourceDetails.java | 4 ++++ .../grant/code/AuthorizationCodeAccessTokenProvider.java | 6 +++++- .../grant/code/AuthorizationCodeResourceDetails.java | 4 ++++ .../token/grant/implicit/ImplicitAccessTokenProvider.java | 6 +++++- .../token/grant/implicit/ImplicitResourceDetails.java | 4 ++++ .../ResourceOwnerPasswordAccessTokenProvider.java | 6 +++++- .../password/ResourceOwnerPasswordResourceDetails.java | 4 ++++ .../grant/redirect/AbstractRedirectResourceDetails.java | 4 ++++ .../security/oauth2/common/AuthenticationScheme.java | 4 ++++ .../oauth2/common/DefaultExpiringOAuth2RefreshToken.java | 4 ++++ .../security/oauth2/common/DefaultOAuth2AccessToken.java | 6 +++++- .../security/oauth2/common/DefaultOAuth2RefreshToken.java | 6 +++++- .../security/oauth2/common/DefaultThrowableAnalyzer.java | 4 ++++ .../oauth2/common/ExpiringOAuth2RefreshToken.java | 4 ++++ .../security/oauth2/common/OAuth2AccessToken.java | 4 ++++ .../common/OAuth2AccessTokenJackson2Deserializer.java | 4 ++++ .../common/OAuth2AccessTokenJackson2Serializer.java | 4 ++++ .../security/oauth2/common/OAuth2RefreshToken.java | 4 ++++ .../common/exceptions/BadClientCredentialsException.java | 4 ++++ .../common/exceptions/ClientAuthenticationException.java | 6 +++++- .../common/exceptions/InsufficientScopeException.java | 6 +++++- .../oauth2/common/exceptions/InvalidClientException.java | 4 ++++ .../oauth2/common/exceptions/InvalidGrantException.java | 4 ++++ .../oauth2/common/exceptions/InvalidRequestException.java | 4 ++++ .../oauth2/common/exceptions/InvalidScopeException.java | 6 +++++- .../oauth2/common/exceptions/InvalidTokenException.java | 4 ++++ .../oauth2/common/exceptions/OAuth2Exception.java | 6 +++++- .../exceptions/OAuth2ExceptionJackson2Deserializer.java | 4 ++++ .../exceptions/OAuth2ExceptionJackson2Serializer.java | 4 ++++ .../common/exceptions/RedirectMismatchException.java | 4 ++++ .../oauth2/common/exceptions/SerializationException.java | 4 ++++ .../UnapprovedClientAuthenticationException.java | 4 ++++ .../common/exceptions/UnauthorizedClientException.java | 6 +++++- .../common/exceptions/UnauthorizedUserException.java | 6 +++++- .../common/exceptions/UnsupportedGrantTypeException.java | 4 ++++ .../exceptions/UnsupportedResponseTypeException.java | 4 ++++ .../exceptions/UserDeniedAuthorizationException.java | 4 ++++ .../oauth2/common/util/DefaultJdbcListFactory.java | 4 ++++ .../oauth2/common/util/DefaultSerializationStrategy.java | 4 ++++ .../security/oauth2/common/util/Jackson2JsonParser.java | 4 ++++ .../security/oauth2/common/util/JdbcListFactory.java | 4 ++++ .../security/oauth2/common/util/JsonDateDeserializer.java | 6 +++++- .../security/oauth2/common/util/JsonDateSerializer.java | 6 +++++- .../security/oauth2/common/util/JsonParser.java | 4 ++++ .../security/oauth2/common/util/JsonParserFactory.java | 4 ++++ .../security/oauth2/common/util/OAuth2Utils.java | 4 ++++ .../security/oauth2/common/util/ProxyCreator.java | 4 ++++ .../oauth2/common/util/RandomValueStringGenerator.java | 6 +++++- .../oauth2/common/util/SerializationStrategy.java | 4 ++++ .../security/oauth2/common/util/SerializationUtils.java | 5 +++++ .../common/util/WhitelistedSerializationStrategy.java | 4 ++++ .../annotation/builders/ClientDetailsServiceBuilder.java | 6 +++++- .../builders/InMemoryClientDetailsServiceBuilder.java | 4 ++++ .../builders/JdbcClientDetailsServiceBuilder.java | 4 ++++ .../configuration/ClientDetailsServiceConfiguration.java | 4 ++++ .../configurers/ClientDetailsServiceConfigurer.java | 4 ++++ .../web/configuration/AuthorizationServerConfigurer.java | 6 +++++- .../AuthorizationServerConfigurerAdapter.java | 4 ++++ .../AuthorizationServerEndpointsConfiguration.java | 4 ++++ .../AuthorizationServerSecurityConfiguration.java | 4 ++++ .../web/configuration/EnableAuthorizationServer.java | 6 +++++- .../annotation/web/configuration/EnableOAuth2Client.java | 6 +++++- .../web/configuration/EnableResourceServer.java | 6 +++++- .../web/configuration/OAuth2ClientConfiguration.java | 4 ++++ .../web/configuration/ResourceServerConfiguration.java | 4 ++++ .../web/configuration/ResourceServerConfigurer.java | 6 +++++- .../configuration/ResourceServerConfigurerAdapter.java | 4 ++++ .../AuthorizationServerEndpointsConfigurer.java | 6 +++++- .../AuthorizationServerSecurityConfigurer.java | 6 +++++- .../web/configurers/ResourceServerSecurityConfigurer.java | 3 +++ .../xml/AuthorizationServerBeanDefinitionParser.java | 6 +++++- .../oauth2/config/xml/ClientBeanDefinitionParser.java | 6 +++++- .../xml/ClientDetailsServiceBeanDefinitionParser.java | 4 ++++ .../security/oauth2/config/xml/ConfigUtils.java | 4 ++++ .../config/xml/ExpressionHandlerBeanDefinitionParser.java | 4 ++++ .../oauth2/config/xml/OAuth2ClientContextFactoryBean.java | 6 +++++- .../oauth2/config/xml/OAuth2SecurityNamespaceHandler.java | 4 ++++ .../oauth2/config/xml/ProviderBeanDefinitionParser.java | 4 ++++ .../oauth2/config/xml/ResourceBeanDefinitionParser.java | 4 ++++ .../config/xml/ResourceServerBeanDefinitionParser.java | 6 +++++- .../config/xml/RestTemplateBeanDefinitionParser.java | 4 ++++ .../xml/WebExpressionHandlerBeanDefinitionParser.java | 4 ++++ .../converter/FormOAuth2AccessTokenMessageConverter.java | 6 +++++- .../FormOAuth2ExceptionHttpMessageConverter.java | 8 ++++++-- .../jaxb/JaxbOAuth2AccessTokenMessageConverter.java | 6 ++++++ .../jaxb/JaxbOAuth2ExceptionMessageConverter.java | 6 ++++++ .../security/oauth2/provider/AuthorizationRequest.java | 6 +++++- .../oauth2/provider/ClientAlreadyExistsException.java | 6 +++++- .../security/oauth2/provider/ClientDetails.java | 6 +++++- .../security/oauth2/provider/ClientDetailsService.java | 4 ++++ .../oauth2/provider/ClientRegistrationException.java | 4 ++++ .../oauth2/provider/ClientRegistrationService.java | 6 +++++- .../security/oauth2/provider/CompositeTokenGranter.java | 4 ++++ .../oauth2/provider/DefaultSecurityContextAccessor.java | 6 +++++- .../security/oauth2/provider/NoSuchClientException.java | 4 ++++ .../security/oauth2/provider/OAuth2Authentication.java | 6 +++++- .../security/oauth2/provider/OAuth2Request.java | 6 +++++- .../security/oauth2/provider/OAuth2RequestFactory.java | 6 +++++- .../security/oauth2/provider/OAuth2RequestValidator.java | 6 +++++- .../security/oauth2/provider/SecurityContextAccessor.java | 6 +++++- .../security/oauth2/provider/TokenGranter.java | 6 +++++- .../security/oauth2/provider/TokenRequest.java | 6 +++++- .../security/oauth2/provider/approval/Approval.java | 4 ++++ .../security/oauth2/provider/approval/ApprovalStore.java | 6 +++++- .../approval/ApprovalStoreUserApprovalHandler.java | 6 +++++- .../provider/approval/DefaultUserApprovalHandler.java | 6 +++++- .../oauth2/provider/approval/InMemoryApprovalStore.java | 4 ++++ .../oauth2/provider/approval/JdbcApprovalStore.java | 4 ++++ .../oauth2/provider/approval/TokenApprovalStore.java | 6 +++++- .../provider/approval/TokenStoreUserApprovalHandler.java | 6 +++++- .../oauth2/provider/approval/UserApprovalHandler.java | 6 +++++- .../provider/authentication/BearerTokenExtractor.java | 6 +++++- .../authentication/OAuth2AuthenticationDetails.java | 6 +++++- .../authentication/OAuth2AuthenticationDetailsSource.java | 6 +++++- .../authentication/OAuth2AuthenticationManager.java | 6 +++++- .../OAuth2AuthenticationProcessingFilter.java | 6 +++++- .../oauth2/provider/authentication/TokenExtractor.java | 4 ++++ .../oauth2/provider/client/BaseClientDetails.java | 6 +++++- .../client/ClientCredentialsTokenEndpointFilter.java | 6 +++++- .../provider/client/ClientCredentialsTokenGranter.java | 4 ++++ .../provider/client/ClientDetailsUserDetailsService.java | 4 ++++ .../provider/client/InMemoryClientDetailsService.java | 4 ++++ .../client/Jackson2ArrayOrStringDeserializer.java | 6 ++++++ .../oauth2/provider/client/JdbcClientDetailsService.java | 5 +++++ .../oauth2/provider/code/AuthorizationCodeServices.java | 6 +++++- .../provider/code/AuthorizationCodeTokenGranter.java | 6 +++++- .../provider/code/InMemoryAuthorizationCodeServices.java | 6 +++++- .../provider/code/JdbcAuthorizationCodeServices.java | 6 +++++- .../code/RandomValueAuthorizationCodeServices.java | 6 +++++- .../oauth2/provider/endpoint/AbstractEndpoint.java | 4 ++++ .../oauth2/provider/endpoint/AuthorizationEndpoint.java | 6 +++++- .../oauth2/provider/endpoint/CheckTokenEndpoint.java | 6 +++++- .../oauth2/provider/endpoint/DefaultRedirectResolver.java | 6 +++++- .../provider/endpoint/ExactMatchRedirectResolver.java | 4 ++++ .../oauth2/provider/endpoint/FrameworkEndpoint.java | 6 +++++- .../endpoint/FrameworkEndpointHandlerMapping.java | 6 +++++- .../oauth2/provider/endpoint/RedirectResolver.java | 6 +++++- .../security/oauth2/provider/endpoint/TokenEndpoint.java | 6 +++++- .../endpoint/TokenEndpointAuthenticationFilter.java | 6 +++++- .../oauth2/provider/endpoint/TokenKeyEndpoint.java | 6 +++++- .../provider/endpoint/WhitelabelApprovalEndpoint.java | 6 +++++- .../oauth2/provider/endpoint/WhitelabelErrorEndpoint.java | 4 ++++ .../error/AbstractOAuth2SecurityExceptionHandler.java | 6 +++++- .../provider/error/DefaultOAuth2ExceptionRenderer.java | 6 +++++- .../error/DefaultWebResponseExceptionTranslator.java | 6 +++++- .../oauth2/provider/error/OAuth2AccessDeniedHandler.java | 6 +++++- .../provider/error/OAuth2AuthenticationEntryPoint.java | 6 +++++- .../oauth2/provider/error/OAuth2ExceptionRenderer.java | 6 +++++- .../provider/error/WebResponseExceptionTranslator.java | 7 ++++++- .../provider/expression/OAuth2ExpressionParser.java | 6 +++++- .../oauth2/provider/expression/OAuth2ExpressionUtils.java | 4 ++++ .../expression/OAuth2MethodSecurityExpressionHandler.java | 6 +++++- .../expression/OAuth2SecurityExpressionMethods.java | 6 +++++- .../expression/OAuth2WebSecurityExpressionHandler.java | 6 +++++- .../oauth2/provider/implicit/ImplicitTokenGranter.java | 4 ++++ .../oauth2/provider/implicit/ImplicitTokenRequest.java | 4 ++++ .../provider/implicit/InMemoryImplicitGrantService.java | 6 +++++- .../password/ResourceOwnerPasswordTokenGranter.java | 4 ++++ .../oauth2/provider/refresh/RefreshTokenGranter.java | 4 ++++ .../provider/request/DefaultOAuth2RequestFactory.java | 6 +++++- .../provider/request/DefaultOAuth2RequestValidator.java | 6 +++++- .../oauth2/provider/token/AbstractTokenGranter.java | 4 ++++ .../oauth2/provider/token/AccessTokenConverter.java | 6 +++++- .../oauth2/provider/token/AuthenticationKeyGenerator.java | 6 +++++- .../provider/token/AuthorizationServerTokenServices.java | 4 ++++ .../oauth2/provider/token/ConsumerTokenServices.java | 4 ++++ .../provider/token/DefaultAccessTokenConverter.java | 6 +++++- .../provider/token/DefaultAuthenticationKeyGenerator.java | 4 ++++ .../oauth2/provider/token/DefaultTokenServices.java | 6 +++++- .../token/DefaultUserAuthenticationConverter.java | 6 +++++- .../oauth2/provider/token/RemoteTokenServices.java | 4 ++++ .../provider/token/ResourceServerTokenServices.java | 6 ++++++ .../security/oauth2/provider/token/TokenEnhancer.java | 6 +++++- .../oauth2/provider/token/TokenEnhancerChain.java | 6 +++++- .../security/oauth2/provider/token/TokenStore.java | 5 +++++ .../provider/token/UserAuthenticationConverter.java | 6 +++++- .../token/store/DelegatingJwtClaimsSetVerifier.java | 4 ++++ .../oauth2/provider/token/store/InMemoryTokenStore.java | 6 +++++- .../oauth2/provider/token/store/IssuerClaimVerifier.java | 4 ++++ .../oauth2/provider/token/store/JdbcTokenStore.java | 4 ++++ .../provider/token/store/JwtAccessTokenConverter.java | 4 ++++ .../oauth2/provider/token/store/JwtClaimsSetVerifier.java | 4 ++++ .../oauth2/provider/token/store/JwtTokenStore.java | 6 +++++- .../oauth2/provider/token/store/KeyStoreKeyFactory.java | 6 +++++- .../oauth2/provider/token/store/jwk/JwkException.java | 4 ++++ .../oauth2/provider/token/store/jwk/JwkTokenStore.java | 4 ++++ .../redis/BaseRedisTokenStoreSerializationStrategy.java | 4 ++++ .../token/store/redis/JdkSerializationStrategy.java | 4 ++++ .../provider/token/store/redis/RedisTokenStore.java | 4 ++++ .../store/redis/RedisTokenStoreSerializationStrategy.java | 4 ++++ .../store/redis/StandardStringSerializationStrategy.java | 6 +++++- .../security/oauth2/provider/vote/ClientScopeVoter.java | 6 +++++- .../security/oauth2/provider/vote/ScopeVoter.java | 6 +++++- 233 files changed, 1071 insertions(+), 118 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/DefaultOAuth2ClientContext.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/DefaultOAuth2ClientContext.java index dc4657c2e..a4ab6e0a2 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/DefaultOAuth2ClientContext.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/DefaultOAuth2ClientContext.java @@ -10,9 +10,13 @@ /** * The OAuth 2 security context (for a specific user or client or combination thereof). - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer */ +@Deprecated public class DefaultOAuth2ClientContext implements OAuth2ClientContext, Serializable { private static final long serialVersionUID = 914967629530462926L; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/DefaultOAuth2RequestAuthenticator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/DefaultOAuth2RequestAuthenticator.java index a6114b9fe..c6b8d5a26 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/DefaultOAuth2RequestAuthenticator.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/DefaultOAuth2RequestAuthenticator.java @@ -20,9 +20,13 @@ import org.springframework.util.StringUtils; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class DefaultOAuth2RequestAuthenticator implements OAuth2RequestAuthenticator { @Override diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2ClientContext.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2ClientContext.java index 9af13b874..dc02aaf3a 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2ClientContext.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2ClientContext.java @@ -16,9 +16,13 @@ import org.springframework.security.oauth2.common.OAuth2AccessToken; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface OAuth2ClientContext { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RequestAuthenticator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RequestAuthenticator.java index 6b668bd6b..4cbed416d 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RequestAuthenticator.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RequestAuthenticator.java @@ -17,9 +17,13 @@ import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface OAuth2RequestAuthenticator { void authenticate(OAuth2ProtectedResourceDetails resource, OAuth2ClientContext clientContext, ClientHttpRequest request); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestOperations.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestOperations.java index 8a3967f7e..839f5fd77 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestOperations.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestOperations.java @@ -22,9 +22,13 @@ import org.springframework.web.client.RestOperations; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface OAuth2RestOperations extends RestOperations { OAuth2AccessToken getAccessToken() throws UserRedirectRequiredException; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestTemplate.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestTemplate.java index e44efd15b..e6f3380bf 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestTemplate.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestTemplate.java @@ -32,10 +32,14 @@ /** * Rest template that is able to make OAuth2-authenticated REST requests with the credentials of the provided resource. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public class OAuth2RestTemplate extends RestTemplate implements OAuth2RestOperations { private final OAuth2ProtectedResourceDetails resource; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/discovery/ProviderConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/discovery/ProviderConfiguration.java index 2ec7938e2..43caf5989 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/discovery/ProviderConfiguration.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/discovery/ProviderConfiguration.java @@ -21,11 +21,15 @@ /** * Configuration information for an OAuth 2.0 Provider. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Joe Grandja * @since 2.2 * @see ProviderDiscoveryClient * @see OpenID Connect Discovery 1.0 */ +@Deprecated public class ProviderConfiguration { private URL issuer; private URL authorizationEndpoint; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/discovery/ProviderDiscoveryClient.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/discovery/ProviderDiscoveryClient.java index 7f456a6d5..d33fa7c97 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/discovery/ProviderDiscoveryClient.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/discovery/ProviderDiscoveryClient.java @@ -31,11 +31,15 @@ * NOTE: This is a partial implementation that only discovers a small subset * of the available provider configuration information. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Joe Grandja * @since 2.2 * @see ProviderConfiguration * @see OpenID Connect Discovery 1.0 */ +@Deprecated public class ProviderDiscoveryClient { private static final String PROVIDER_END_PATH = "/.well-known/openid-configuration"; private static final String ISSUER_ATTR_NAME = "issuer"; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2AuthenticationFailureEvent.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2AuthenticationFailureEvent.java index 9d3c4f0ed..a32ccd1cc 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2AuthenticationFailureEvent.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2AuthenticationFailureEvent.java @@ -4,7 +4,13 @@ import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent; import org.springframework.security.core.AuthenticationException; +/** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * + */ @SuppressWarnings("serial") +@Deprecated public class OAuth2AuthenticationFailureEvent extends AbstractAuthenticationFailureEvent { public OAuth2AuthenticationFailureEvent(AuthenticationException exception) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2ClientAuthenticationProcessingFilter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2ClientAuthenticationProcessingFilter.java index aeb8f477e..39e693bb0 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2ClientAuthenticationProcessingFilter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2ClientAuthenticationProcessingFilter.java @@ -46,10 +46,14 @@ /** * An OAuth2 client filter that can be used to acquire an OAuth2 access token from an authorization server, and load an * authentication object into the SecurityContext - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Vidya Valmikinathan * */ +@Deprecated public class OAuth2ClientAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter { public OAuth2RestOperations restTemplate; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2ClientContextFilter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2ClientContextFilter.java index 2aa69c30c..42ce00370 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2ClientContextFilter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2ClientContextFilter.java @@ -27,10 +27,14 @@ /** * Security filter for an OAuth2 client. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public class OAuth2ClientContextFilter implements Filter, InitializingBean { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/state/DefaultStateKeyGenerator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/state/DefaultStateKeyGenerator.java index 94af21a2c..7bf3bb131 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/state/DefaultStateKeyGenerator.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/state/DefaultStateKeyGenerator.java @@ -16,9 +16,13 @@ import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class DefaultStateKeyGenerator implements StateKeyGenerator { private RandomValueStringGenerator generator = new RandomValueStringGenerator(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/state/StateKeyGenerator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/state/StateKeyGenerator.java index 81cbd9511..bb904f7e0 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/state/StateKeyGenerator.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/state/StateKeyGenerator.java @@ -17,10 +17,14 @@ /** * Stategy for generating random keys for state. The state key is important protection for client apps against * cross-site request forgery. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface StateKeyGenerator { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/AccessTokenRequiredException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/AccessTokenRequiredException.java index fc4d42f72..e8509a6f9 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/AccessTokenRequiredException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/AccessTokenRequiredException.java @@ -4,9 +4,13 @@ import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class AccessTokenRequiredException extends InsufficientAuthenticationException { private final OAuth2ProtectedResourceDetails resource; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandler.java index 8b2b42038..cfb495cfd 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandler.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandler.java @@ -37,8 +37,13 @@ /** * Error handler specifically for an oauth 2 response. + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton */ +@Deprecated public class OAuth2ErrorHandler implements ResponseErrorHandler { private final ResponseErrorHandler errorHandler; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/StringSplitUtils.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/StringSplitUtils.java index 6eab12a45..e2c592e73 100755 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/StringSplitUtils.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/StringSplitUtils.java @@ -10,7 +10,12 @@ /** * Provides several String manipulation methods. Copied from deleted org.springframework.security.util.StringSplitUtils + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * */ +@Deprecated public class StringSplitUtils { private static final String[] EMPTY_STRING_ARRAY = new String[0]; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/BaseOAuth2ProtectedResourceDetails.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/BaseOAuth2ProtectedResourceDetails.java index 3608eb1f4..788b0b45e 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/BaseOAuth2ProtectedResourceDetails.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/BaseOAuth2ProtectedResourceDetails.java @@ -7,9 +7,13 @@ import org.springframework.util.StringUtils; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public class BaseOAuth2ProtectedResourceDetails implements OAuth2ProtectedResourceDetails { private String id; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/OAuth2AccessDeniedException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/OAuth2AccessDeniedException.java index 072748cb6..0037c7d40 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/OAuth2AccessDeniedException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/OAuth2AccessDeniedException.java @@ -5,11 +5,15 @@ /** * When access is denied we usually want a 403, but we want the same treatment as all the other OAuth2Exception types, * so this is not a Spring Security AccessDeniedException. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ @SuppressWarnings("serial") +@Deprecated public class OAuth2AccessDeniedException extends OAuth2Exception { private OAuth2ProtectedResourceDetails resource; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/OAuth2ProtectedResourceDetails.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/OAuth2ProtectedResourceDetails.java index a539f758d..145ae383d 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/OAuth2ProtectedResourceDetails.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/OAuth2ProtectedResourceDetails.java @@ -6,10 +6,14 @@ /** * Details for an OAuth2-protected resource. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public interface OAuth2ProtectedResourceDetails { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/UserApprovalRequiredException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/UserApprovalRequiredException.java index f885264d8..d7505f946 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/UserApprovalRequiredException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/UserApprovalRequiredException.java @@ -20,11 +20,15 @@ /** * Exception indicating that user approval is required, with some indication of how to signal the approval. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ @SuppressWarnings("serial") +@Deprecated public class UserApprovalRequiredException extends RuntimeException { private final String approvalUri; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/UserRedirectRequiredException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/UserRedirectRequiredException.java index 3146d9199..6b8a60b9b 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/UserRedirectRequiredException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/UserRedirectRequiredException.java @@ -4,10 +4,14 @@ /** * Special exception thrown when a user redirect is required in order to obtain an OAuth2 access token. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class UserRedirectRequiredException extends RuntimeException { private final String redirectUri; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/BeforeOAuth2Context.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/BeforeOAuth2Context.java index 1fa2fbdd3..a289eb6ee 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/BeforeOAuth2Context.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/BeforeOAuth2Context.java @@ -21,11 +21,15 @@ * Marker annotation for methods to be run before the OAuth2Context is setup by the {@link OAuth2ContextSetup} rule, and * consequently before the regular JUnit @Before methods, which are executed only after the * OAuth2Context is setup. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ @Retention(RetentionPolicy.RUNTIME) @Target(ElementType.METHOD) +@Deprecated public @interface BeforeOAuth2Context { } \ No newline at end of file diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/OAuth2ContextConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/OAuth2ContextConfiguration.java index e4bf56ed4..06a68b5db 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/OAuth2ContextConfiguration.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/OAuth2ContextConfiguration.java @@ -30,12 +30,16 @@ * Annotation to signal that an OAuth2 authentication should be created and and provided to the enclosing scope (method * or class). Used at the class level it will apply to all test methods (and {@link BeforeOAuth2Context} initializers). * Used at the method level it will apply only to the method, overriding any value found on the enclosing class. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ @Retention(RetentionPolicy.RUNTIME) @Target({ ElementType.TYPE, ElementType.METHOD }) +@Deprecated public @interface OAuth2ContextConfiguration { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/OAuth2ContextSetup.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/OAuth2ContextSetup.java index 1f0db2cbc..9633ef9cf 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/OAuth2ContextSetup.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/OAuth2ContextSetup.java @@ -92,11 +92,15 @@ * * @see OAuth2ContextConfiguration * @see BeforeOAuth2Context - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ @SuppressWarnings("deprecation") +@Deprecated public class OAuth2ContextSetup extends TestWatchman { private static Log logger = LogFactory.getLog(OAuth2ContextSetup.class); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/RestTemplateHolder.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/RestTemplateHolder.java index c14aabf5f..db8f9b513 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/RestTemplateHolder.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/RestTemplateHolder.java @@ -16,10 +16,14 @@ /** * Marker interface for an object that has a getter and setter for a {@link RestOperations}. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface RestTemplateHolder { void setRestTemplate(RestOperations restTemplate); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/TestAccounts.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/TestAccounts.java index 782532ce7..8d9706e53 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/TestAccounts.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/TestAccounts.java @@ -17,9 +17,13 @@ import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordResourceDetails; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface TestAccounts { String getUserName(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProvider.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProvider.java index bd3e3a382..a803c3df6 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProvider.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProvider.java @@ -24,10 +24,14 @@ /** * A strategy which knows how to obtain an access token for a specific resource. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public interface AccessTokenProvider { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java index 86e5abc0e..0070b6123 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java @@ -36,9 +36,13 @@ * chain to find the first provider that supports the resource and use it to obtain the * access token. Note that the order of the chain is relevant. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public class AccessTokenProviderChain extends OAuth2AccessTokenSupport implements AccessTokenProvider { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenRequest.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenRequest.java index 85d0c2a67..02c23baf8 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenRequest.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenRequest.java @@ -21,6 +21,12 @@ import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.util.MultiValueMap; +/** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * + */ +@Deprecated public interface AccessTokenRequest extends MultiValueMap { OAuth2AccessToken getExistingToken(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/ClientKeyGenerator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/ClientKeyGenerator.java index 58f376277..cdc58adf2 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/ClientKeyGenerator.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/ClientKeyGenerator.java @@ -18,9 +18,13 @@ import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface ClientKeyGenerator { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/ClientTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/ClientTokenServices.java index 0aef5cc19..2f3937b58 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/ClientTokenServices.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/ClientTokenServices.java @@ -19,9 +19,13 @@ import org.springframework.security.oauth2.common.OAuth2AccessToken; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface ClientTokenServices { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultAccessTokenRequest.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultAccessTokenRequest.java index 72a8f21af..3136fd6b4 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultAccessTokenRequest.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultAccessTokenRequest.java @@ -25,10 +25,14 @@ /** * Local context for an access token request encapsulating the parameters that are sent by the client requesting the * token, as opposed to the more static variables representing the client itself and the resource being targeted. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class DefaultAccessTokenRequest implements AccessTokenRequest, Serializable { private static final long serialVersionUID = 914967629530462926L; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultClientKeyGenerator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultClientKeyGenerator.java index b473d77c2..a083ceacf 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultClientKeyGenerator.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultClientKeyGenerator.java @@ -25,10 +25,14 @@ /** * Basic key generator taking into account the client id, scope and username (principal name) if they exist. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class DefaultClientKeyGenerator implements ClientKeyGenerator { private static final String CLIENT_ID = "client_id"; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultRequestEnhancer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultRequestEnhancer.java index 09ca76bd7..322d58ec7 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultRequestEnhancer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultRequestEnhancer.java @@ -21,6 +21,12 @@ import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails; import org.springframework.util.MultiValueMap; +/** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * + */ +@Deprecated public class DefaultRequestEnhancer implements RequestEnhancer { private Set parameterIncludes = Collections.emptySet(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/JdbcClientTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/JdbcClientTokenServices.java index fbc8c9d45..4f4474541 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/JdbcClientTokenServices.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/JdbcClientTokenServices.java @@ -20,9 +20,13 @@ /** * Implementation of token services that stores tokens in a database for retrieval by client applications. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer */ +@Deprecated public class JdbcClientTokenServices implements ClientTokenServices { private static final Log LOG = LogFactory.getLog(JdbcClientTokenServices.class); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupport.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupport.java index 0cf556a34..0b4b30f69 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupport.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupport.java @@ -39,10 +39,14 @@ /** * Base support logic for obtaining access tokens. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public abstract class OAuth2AccessTokenSupport { protected final Log logger = LogFactory.getLog(getClass()); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/RequestEnhancer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/RequestEnhancer.java index b6442bb1b..c49d1a841 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/RequestEnhancer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/RequestEnhancer.java @@ -16,6 +16,12 @@ import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails; import org.springframework.util.MultiValueMap; +/** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * + */ +@Deprecated public interface RequestEnhancer { void enhance(AccessTokenRequest request, OAuth2ProtectedResourceDetails resource, MultiValueMap form, diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/auth/ClientAuthenticationHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/auth/ClientAuthenticationHandler.java index b62669fda..91b625653 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/auth/ClientAuthenticationHandler.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/auth/ClientAuthenticationHandler.java @@ -18,10 +18,14 @@ /** * Logic for handling client authentication. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public interface ClientAuthenticationHandler { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/auth/DefaultClientAuthenticationHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/auth/DefaultClientAuthenticationHandler.java index 88a0a6fa0..331c26f4c 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/auth/DefaultClientAuthenticationHandler.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/auth/DefaultClientAuthenticationHandler.java @@ -11,10 +11,14 @@ /** * Default implementation of the client authentication handler. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public class DefaultClientAuthenticationHandler implements ClientAuthenticationHandler { public void authenticateTokenRequest(OAuth2ProtectedResourceDetails resource, MultiValueMap form, diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/client/ClientCredentialsAccessTokenProvider.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/client/ClientCredentialsAccessTokenProvider.java index b7adaecb5..0560e46a9 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/client/ClientCredentialsAccessTokenProvider.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/client/ClientCredentialsAccessTokenProvider.java @@ -18,9 +18,13 @@ /** * Provider for obtaining an oauth2 access token by using client credentials. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer */ +@Deprecated public class ClientCredentialsAccessTokenProvider extends OAuth2AccessTokenSupport implements AccessTokenProvider { public boolean supportsResource(OAuth2ProtectedResourceDetails resource) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/client/ClientCredentialsResourceDetails.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/client/ClientCredentialsResourceDetails.java index 9ddc01b8d..fe2e1a001 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/client/ClientCredentialsResourceDetails.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/client/ClientCredentialsResourceDetails.java @@ -3,8 +3,12 @@ import org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer */ +@Deprecated public class ClientCredentialsResourceDetails extends BaseOAuth2ProtectedResourceDetails { public ClientCredentialsResourceDetails() { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProvider.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProvider.java index 8a6ea6390..682b7c67e 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProvider.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProvider.java @@ -65,10 +65,14 @@ /** * Provider for obtaining an oauth2 access token by using an authorization code. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public class AuthorizationCodeAccessTokenProvider extends OAuth2AccessTokenSupport implements AccessTokenProvider { private StateKeyGenerator stateKeyGenerator = new DefaultStateKeyGenerator(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeResourceDetails.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeResourceDetails.java index 1e445c178..790b6b966 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeResourceDetails.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeResourceDetails.java @@ -3,9 +3,13 @@ import org.springframework.security.oauth2.client.token.grant.redirect.AbstractRedirectResourceDetails; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public class AuthorizationCodeResourceDetails extends AbstractRedirectResourceDetails { public AuthorizationCodeResourceDetails() { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/implicit/ImplicitAccessTokenProvider.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/implicit/ImplicitAccessTokenProvider.java index 664de42d4..35b451ebe 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/implicit/ImplicitAccessTokenProvider.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/implicit/ImplicitAccessTokenProvider.java @@ -34,9 +34,13 @@ * parameters, together with any other information available (e.g. from a cookie), and decide if a user can be * authenticated and if the user has approved the grant of the access token. Only if those two conditions are met should * an access token be available through this provider. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer */ +@Deprecated public class ImplicitAccessTokenProvider extends OAuth2AccessTokenSupport implements AccessTokenProvider { public boolean supportsResource(OAuth2ProtectedResourceDetails resource) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/implicit/ImplicitResourceDetails.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/implicit/ImplicitResourceDetails.java index 6acb5ba47..9593b63a7 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/implicit/ImplicitResourceDetails.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/implicit/ImplicitResourceDetails.java @@ -3,8 +3,12 @@ import org.springframework.security.oauth2.client.token.grant.redirect.AbstractRedirectResourceDetails; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer */ +@Deprecated public class ImplicitResourceDetails extends AbstractRedirectResourceDetails { public ImplicitResourceDetails() { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/password/ResourceOwnerPasswordAccessTokenProvider.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/password/ResourceOwnerPasswordAccessTokenProvider.java index 3fa397bcb..db85f4e40 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/password/ResourceOwnerPasswordAccessTokenProvider.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/password/ResourceOwnerPasswordAccessTokenProvider.java @@ -18,9 +18,13 @@ /** * Provider for obtaining an oauth2 access token by using resource owner password. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer */ +@Deprecated public class ResourceOwnerPasswordAccessTokenProvider extends OAuth2AccessTokenSupport implements AccessTokenProvider { public boolean supportsResource(OAuth2ProtectedResourceDetails resource) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/password/ResourceOwnerPasswordResourceDetails.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/password/ResourceOwnerPasswordResourceDetails.java index 54fde4247..21ac5338f 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/password/ResourceOwnerPasswordResourceDetails.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/password/ResourceOwnerPasswordResourceDetails.java @@ -18,8 +18,12 @@ import org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer */ +@Deprecated public class ResourceOwnerPasswordResourceDetails extends BaseOAuth2ProtectedResourceDetails { private String username; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/redirect/AbstractRedirectResourceDetails.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/redirect/AbstractRedirectResourceDetails.java index 8b43a2cd4..15805dbf5 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/redirect/AbstractRedirectResourceDetails.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/redirect/AbstractRedirectResourceDetails.java @@ -5,8 +5,12 @@ import org.springframework.security.oauth2.client.token.DefaultAccessTokenRequest; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer */ +@Deprecated public abstract class AbstractRedirectResourceDetails extends BaseOAuth2ProtectedResourceDetails { private String preEstablishedRedirectUri; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/AuthenticationScheme.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/AuthenticationScheme.java index 86b6e30e6..0ed5d6b67 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/AuthenticationScheme.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/AuthenticationScheme.java @@ -14,7 +14,11 @@ /** * Enumeration of possible methods for transmitting authentication credentials. + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. */ +@Deprecated public enum AuthenticationScheme { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/DefaultExpiringOAuth2RefreshToken.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/DefaultExpiringOAuth2RefreshToken.java index 841480d52..4806e2a4c 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/DefaultExpiringOAuth2RefreshToken.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/DefaultExpiringOAuth2RefreshToken.java @@ -3,8 +3,12 @@ import java.util.Date; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton */ +@Deprecated public class DefaultExpiringOAuth2RefreshToken extends DefaultOAuth2RefreshToken implements ExpiringOAuth2RefreshToken { private static final long serialVersionUID = 3449554332764129719L; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/DefaultOAuth2AccessToken.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/DefaultOAuth2AccessToken.java index 4ecf4a186..eeb5b6527 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/DefaultOAuth2AccessToken.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/DefaultOAuth2AccessToken.java @@ -11,11 +11,15 @@ /** * Basic access token for OAuth 2. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer * @author Rob Winch */ +@Deprecated public class DefaultOAuth2AccessToken implements Serializable, OAuth2AccessToken { private static final long serialVersionUID = 914967629530462926L; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/DefaultOAuth2RefreshToken.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/DefaultOAuth2RefreshToken.java index d3c1b4792..c78bb5410 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/DefaultOAuth2RefreshToken.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/DefaultOAuth2RefreshToken.java @@ -7,10 +7,14 @@ /** * An OAuth 2 refresh token. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public class DefaultOAuth2RefreshToken implements Serializable, OAuth2RefreshToken { private static final long serialVersionUID = 8349970621900575838L; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/DefaultThrowableAnalyzer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/DefaultThrowableAnalyzer.java index 72ba20a09..2f341c2f2 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/DefaultThrowableAnalyzer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/DefaultThrowableAnalyzer.java @@ -8,7 +8,11 @@ /** * Default implementation of ThrowableAnalyzer which is capable of also unwrapping * ServletExceptions. + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. */ +@Deprecated public final class DefaultThrowableAnalyzer extends ThrowableAnalyzer { /** * @see org.springframework.security.web.util.ThrowableAnalyzer#initExtractorMap() diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/ExpiringOAuth2RefreshToken.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/ExpiringOAuth2RefreshToken.java index d69672935..eb5fd46fe 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/ExpiringOAuth2RefreshToken.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/ExpiringOAuth2RefreshToken.java @@ -15,9 +15,13 @@ import java.util.Date; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface ExpiringOAuth2RefreshToken extends OAuth2RefreshToken { Date getExpiration(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessToken.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessToken.java index a756c154b..de4b0ada0 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessToken.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessToken.java @@ -17,11 +17,15 @@ import java.util.Set; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ @com.fasterxml.jackson.databind.annotation.JsonSerialize(using = OAuth2AccessTokenJackson2Serializer.class) @com.fasterxml.jackson.databind.annotation.JsonDeserialize(using = OAuth2AccessTokenJackson2Deserializer.class) +@Deprecated public interface OAuth2AccessToken { public static String BEARER_TYPE = "Bearer"; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Deserializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Deserializer.java index a9294e74b..1753bda04 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Deserializer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Deserializer.java @@ -39,11 +39,15 @@ * href="https://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-5.1">Successful Response. *

* + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Rob Winch * @author Brian Clozel * @see org.springframework.security.oauth2.common.OAuth2AccessTokenJackson2Serializer */ @SuppressWarnings("serial") +@Deprecated public final class OAuth2AccessTokenJackson2Deserializer extends StdDeserializer { public OAuth2AccessTokenJackson2Deserializer() { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Serializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Serializer.java index e3a140955..01fcb0921 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Serializer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Serializer.java @@ -29,10 +29,14 @@ * * The expected format of the access token is defined by Successful Response. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Rob Winch * @author Brian Clozel * @see org.springframework.security.oauth2.common.OAuth2AccessTokenJackson2Deserializer */ +@Deprecated public final class OAuth2AccessTokenJackson2Serializer extends StdSerializer { public OAuth2AccessTokenJackson2Serializer() { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2RefreshToken.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2RefreshToken.java index a666b6494..495fda30d 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2RefreshToken.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2RefreshToken.java @@ -15,9 +15,13 @@ import com.fasterxml.jackson.annotation.JsonValue; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface OAuth2RefreshToken { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/BadClientCredentialsException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/BadClientCredentialsException.java index e928185f5..522af2175 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/BadClientCredentialsException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/BadClientCredentialsException.java @@ -3,10 +3,14 @@ /** * Exception thrown when a client was unable to authenticate. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ @SuppressWarnings("serial") +@Deprecated public class BadClientCredentialsException extends ClientAuthenticationException { public BadClientCredentialsException() { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/ClientAuthenticationException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/ClientAuthenticationException.java index 5c0eb31d6..42d8dfe24 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/ClientAuthenticationException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/ClientAuthenticationException.java @@ -2,11 +2,15 @@ /** * Base exception - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ @SuppressWarnings("serial") +@Deprecated public abstract class ClientAuthenticationException extends OAuth2Exception { public ClientAuthenticationException(String msg, Throwable t) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InsufficientScopeException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InsufficientScopeException.java index c512f60aa..ff80461a2 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InsufficientScopeException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InsufficientScopeException.java @@ -8,10 +8,14 @@ /** * Exception representing insufficient scope in a token when a request is handled by a Resource Server. It is akin to an * {@link AccessDeniedException} and should result in a 403 (FORBIDDEN) HTTP status. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer */ @SuppressWarnings("serial") +@Deprecated public class InsufficientScopeException extends OAuth2Exception { public InsufficientScopeException(String msg, Set validScope) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidClientException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidClientException.java index fd10e7b26..6aefe7d37 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidClientException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidClientException.java @@ -3,10 +3,14 @@ /** * Exception thrown when a client was unable to authenticate. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ @SuppressWarnings("serial") +@Deprecated public class InvalidClientException extends ClientAuthenticationException { public InvalidClientException(String msg) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidGrantException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidGrantException.java index b492d9452..2294cdffa 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidGrantException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidGrantException.java @@ -1,10 +1,14 @@ package org.springframework.security.oauth2.common.exceptions; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ @SuppressWarnings("serial") +@Deprecated public class InvalidGrantException extends ClientAuthenticationException { public InvalidGrantException(String msg, Throwable t) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidRequestException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidRequestException.java index 32b14681e..7b18897f4 100755 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidRequestException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidRequestException.java @@ -1,9 +1,13 @@ package org.springframework.security.oauth2.common.exceptions; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer */ @SuppressWarnings("serial") +@Deprecated public class InvalidRequestException extends ClientAuthenticationException { public InvalidRequestException(String msg, Throwable t) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidScopeException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidScopeException.java index f5989edd1..4a8f4b3b1 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidScopeException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidScopeException.java @@ -8,11 +8,15 @@ * Exception representing an invalid scope in a token or authorization request (i.e. from an Authorization Server). Note * that this is not the same as an access denied exception if the scope presented to a Resource Server is insufficient. * The spec in this case mandates a 400 status code. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ @SuppressWarnings("serial") +@Deprecated public class InvalidScopeException extends OAuth2Exception { public InvalidScopeException(String msg, Set validScope) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidTokenException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidTokenException.java index 555cc4a7c..e8cb37507 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidTokenException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidTokenException.java @@ -16,10 +16,14 @@ package org.springframework.security.oauth2.common.exceptions; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ @SuppressWarnings("serial") +@Deprecated public class InvalidTokenException extends ClientAuthenticationException { public InvalidTokenException(String msg, Throwable t) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2Exception.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2Exception.java index 8c1a47801..4b4e9a802 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2Exception.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2Exception.java @@ -6,7 +6,10 @@ /** * Base exception for OAuth 2 exceptions. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Rob Winch * @author Dave Syer @@ -14,6 +17,7 @@ @SuppressWarnings("serial") @com.fasterxml.jackson.databind.annotation.JsonSerialize(using = OAuth2ExceptionJackson2Serializer.class) @com.fasterxml.jackson.databind.annotation.JsonDeserialize(using = OAuth2ExceptionJackson2Deserializer.class) +@Deprecated public class OAuth2Exception extends RuntimeException { public static final String ERROR = "error"; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Deserializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Deserializer.java index 516f39f41..0cd8dbba1 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Deserializer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Deserializer.java @@ -27,10 +27,14 @@ import org.springframework.security.oauth2.common.util.OAuth2Utils; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Brian Clozel * */ @SuppressWarnings("serial") +@Deprecated public class OAuth2ExceptionJackson2Deserializer extends StdDeserializer { public OAuth2ExceptionJackson2Deserializer() { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Serializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Serializer.java index 2ab32c8cc..0ed45881d 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Serializer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Serializer.java @@ -21,9 +21,13 @@ import com.fasterxml.jackson.databind.ser.std.StdSerializer; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Brian Clozel * */ +@Deprecated public class OAuth2ExceptionJackson2Serializer extends StdSerializer { public OAuth2ExceptionJackson2Serializer() { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/RedirectMismatchException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/RedirectMismatchException.java index 4e66b52f2..989980291 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/RedirectMismatchException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/RedirectMismatchException.java @@ -1,9 +1,13 @@ package org.springframework.security.oauth2.common.exceptions; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class RedirectMismatchException extends ClientAuthenticationException { public RedirectMismatchException(String msg, Throwable t) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/SerializationException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/SerializationException.java index 2b46c26eb..14d41a53f 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/SerializationException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/SerializationException.java @@ -3,9 +3,13 @@ /** * Thrown during a problem serialization/deserialization. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class SerializationException extends RuntimeException { public SerializationException() { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UnapprovedClientAuthenticationException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UnapprovedClientAuthenticationException.java index f288bc679..1a787bffd 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UnapprovedClientAuthenticationException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UnapprovedClientAuthenticationException.java @@ -3,9 +3,13 @@ import org.springframework.security.authentication.InsufficientAuthenticationException; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class UnapprovedClientAuthenticationException extends InsufficientAuthenticationException { public UnapprovedClientAuthenticationException(String msg) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UnauthorizedClientException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UnauthorizedClientException.java index cb25b01d5..595fe52eb 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UnauthorizedClientException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UnauthorizedClientException.java @@ -2,10 +2,14 @@ /** * Exception thrown when a client was unable to authenticate. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class UnauthorizedClientException extends ClientAuthenticationException { public UnauthorizedClientException(String msg, Throwable t) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UnauthorizedUserException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UnauthorizedUserException.java index 795fe2d1a..ba0ebf466 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UnauthorizedUserException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UnauthorizedUserException.java @@ -2,10 +2,14 @@ /** * Exception thrown when a user was unable to authenticate. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer */ @SuppressWarnings("serial") +@Deprecated public class UnauthorizedUserException extends OAuth2Exception { public UnauthorizedUserException(String msg, Throwable t) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UnsupportedGrantTypeException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UnsupportedGrantTypeException.java index 113c7fefb..4fba4ff0a 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UnsupportedGrantTypeException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UnsupportedGrantTypeException.java @@ -1,9 +1,13 @@ package org.springframework.security.oauth2.common.exceptions; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class UnsupportedGrantTypeException extends OAuth2Exception { public UnsupportedGrantTypeException(String msg, Throwable t) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UnsupportedResponseTypeException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UnsupportedResponseTypeException.java index 8129964ac..588600f88 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UnsupportedResponseTypeException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UnsupportedResponseTypeException.java @@ -1,9 +1,13 @@ package org.springframework.security.oauth2.common.exceptions; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class UnsupportedResponseTypeException extends OAuth2Exception { public UnsupportedResponseTypeException(String msg, Throwable t) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UserDeniedAuthorizationException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UserDeniedAuthorizationException.java index 0ec3cc75c..94715b6e7 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UserDeniedAuthorizationException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/UserDeniedAuthorizationException.java @@ -1,9 +1,13 @@ package org.springframework.security.oauth2.common.exceptions; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton */ @SuppressWarnings("serial") +@Deprecated public class UserDeniedAuthorizationException extends OAuth2Exception { public UserDeniedAuthorizationException(String msg, Throwable t) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/DefaultJdbcListFactory.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/DefaultJdbcListFactory.java index 37347befe..61a397fbc 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/DefaultJdbcListFactory.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/DefaultJdbcListFactory.java @@ -23,9 +23,13 @@ import org.springframework.jdbc.core.namedparam.NamedParameterJdbcOperations; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class DefaultJdbcListFactory implements JdbcListFactory { private final NamedParameterJdbcOperations jdbcTemplate; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/DefaultSerializationStrategy.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/DefaultSerializationStrategy.java index 4668f6629..f8ade4824 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/DefaultSerializationStrategy.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/DefaultSerializationStrategy.java @@ -26,9 +26,13 @@ * Note that this class should not be used if data for deserialization comes from an untrusted source. * Instead, please use {@link WhitelistedSerializationStrategy} with a list of allowed classes for deserialization. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Artem Smotrakov * @since 2.4 */ +@Deprecated public class DefaultSerializationStrategy implements SerializationStrategy { public byte[] serialize(Object state) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/Jackson2JsonParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/Jackson2JsonParser.java index e8ca0adfb..6537d0304 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/Jackson2JsonParser.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/Jackson2JsonParser.java @@ -20,9 +20,13 @@ /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class Jackson2JsonParser implements JsonParser { private ObjectMapper mapper = new ObjectMapper(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JdbcListFactory.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JdbcListFactory.java index fb7492b60..9c5b11cfe 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JdbcListFactory.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JdbcListFactory.java @@ -22,9 +22,13 @@ import org.springframework.jdbc.core.RowMapper; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface JdbcListFactory { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonDateDeserializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonDateDeserializer.java index 07e516aca..a2b1a9705 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonDateDeserializer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonDateDeserializer.java @@ -28,10 +28,14 @@ /** * JSON deserializer for Jackson to handle regular date instances as timestamps in ISO format. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class JsonDateDeserializer extends JsonDeserializer { private static final SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonDateSerializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonDateSerializer.java index a8c88b7e1..11fea8daf 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonDateSerializer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonDateSerializer.java @@ -27,10 +27,14 @@ /** * JSON serializer for Jackson to handle regular date instances as timestamps in ISO format. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class JsonDateSerializer extends JsonSerializer { private static final SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParser.java index c2905ca5c..be1e0cc58 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParser.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParser.java @@ -16,9 +16,13 @@ import java.util.Map; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface JsonParser { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParserFactory.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParserFactory.java index ad3e574c5..aeadcbd7d 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParserFactory.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParserFactory.java @@ -16,9 +16,13 @@ import org.springframework.util.ClassUtils; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class JsonParserFactory { public static JsonParser create() { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/OAuth2Utils.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/OAuth2Utils.java index 4c22f34b3..ba9988362 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/OAuth2Utils.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/OAuth2Utils.java @@ -27,9 +27,13 @@ import org.springframework.util.StringUtils; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public abstract class OAuth2Utils { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/ProxyCreator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/ProxyCreator.java index b842648c7..c3562bf52 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/ProxyCreator.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/ProxyCreator.java @@ -21,9 +21,13 @@ import org.springframework.beans.factory.ObjectFactory; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class ProxyCreator { @SuppressWarnings("unchecked") diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/RandomValueStringGenerator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/RandomValueStringGenerator.java index 6dd551d42..b6aadb8c2 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/RandomValueStringGenerator.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/RandomValueStringGenerator.java @@ -5,10 +5,14 @@ /** * Utility that generates a random-value ASCII string. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public class RandomValueStringGenerator { private static final char[] DEFAULT_CODEC = "1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/SerializationStrategy.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/SerializationStrategy.java index 52fe117ae..72f9f6060 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/SerializationStrategy.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/SerializationStrategy.java @@ -19,9 +19,13 @@ /** * Defines how objects are serialized and deserialized. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Artem Smotrakov * @since 2.4 */ +@Deprecated public interface SerializationStrategy { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/SerializationUtils.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/SerializationUtils.java index 15d860056..fe554e88e 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/SerializationUtils.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/SerializationUtils.java @@ -30,7 +30,12 @@ * Note that the default strategy allows deserializing arbitrary classes which may result in security problems * if data comes from an untrusted source. To prevent possible issues, use {@link WhitelistedSerializationStrategy} * with a list of allowed classes for deserialization. + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * */ +@Deprecated public class SerializationUtils { private static SerializationStrategy strategy = new DefaultSerializationStrategy(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/WhitelistedSerializationStrategy.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/WhitelistedSerializationStrategy.java index 42089411c..f4a32ba3b 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/WhitelistedSerializationStrategy.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/WhitelistedSerializationStrategy.java @@ -31,9 +31,13 @@ /** * A {@link SerializationStrategy} which uses a whitelist of allowed classes for deserialization. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Artem Smotrakov * @since 2.4 */ +@Deprecated public class WhitelistedSerializationStrategy extends DefaultSerializationStrategy { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/ClientDetailsServiceBuilder.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/ClientDetailsServiceBuilder.java index a47b3608c..5296f1a55 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/ClientDetailsServiceBuilder.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/ClientDetailsServiceBuilder.java @@ -34,10 +34,14 @@ /** * Builder for OAuth2 client details service. Can be used to construct either an in-memory or a JDBC implementation of * the {@link ClientDetailsService} and populate it with data. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class ClientDetailsServiceBuilder> extends SecurityConfigurerAdapter implements SecurityBuilder { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/InMemoryClientDetailsServiceBuilder.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/InMemoryClientDetailsServiceBuilder.java index 8c6f37c3a..f5ff55989 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/InMemoryClientDetailsServiceBuilder.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/InMemoryClientDetailsServiceBuilder.java @@ -23,9 +23,13 @@ import org.springframework.security.oauth2.provider.client.InMemoryClientDetailsService; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class InMemoryClientDetailsServiceBuilder extends ClientDetailsServiceBuilder { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/JdbcClientDetailsServiceBuilder.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/JdbcClientDetailsServiceBuilder.java index 4a9d26a87..af9d2cc8a 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/JdbcClientDetailsServiceBuilder.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/JdbcClientDetailsServiceBuilder.java @@ -27,9 +27,13 @@ import org.springframework.util.Assert; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class JdbcClientDetailsServiceBuilder extends ClientDetailsServiceBuilder { private Set clientDetails = new HashSet(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/configuration/ClientDetailsServiceConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/configuration/ClientDetailsServiceConfiguration.java index d7ad2e699..da4f0a251 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/configuration/ClientDetailsServiceConfiguration.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/configuration/ClientDetailsServiceConfiguration.java @@ -25,10 +25,14 @@ import org.springframework.security.oauth2.provider.ClientDetailsService; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Rob Winch * */ @Configuration +@Deprecated public class ClientDetailsServiceConfiguration { @SuppressWarnings("rawtypes") diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/configurers/ClientDetailsServiceConfigurer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/configurers/ClientDetailsServiceConfigurer.java index e1ec33053..84a080b08 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/configurers/ClientDetailsServiceConfigurer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/configurers/ClientDetailsServiceConfigurer.java @@ -24,9 +24,13 @@ import org.springframework.security.oauth2.provider.ClientDetailsService; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Rob Winch * */ +@Deprecated public class ClientDetailsServiceConfigurer extends SecurityConfigurerAdapter> { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerConfigurer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerConfigurer.java index f81dfc06c..3e01c32ce 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerConfigurer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerConfigurer.java @@ -22,10 +22,14 @@ /** * Convenient strategy for configuring an OAUth2 Authorization Server. Beans of this type are applied to the Spring * context automatically if you {@link EnableAuthorizationServer @EnableAuthorizationServer}. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface AuthorizationServerConfigurer { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerConfigurerAdapter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerConfigurerAdapter.java index 4e8342ac1..9e5e3d537 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerConfigurerAdapter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerConfigurerAdapter.java @@ -18,9 +18,13 @@ import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class AuthorizationServerConfigurerAdapter implements AuthorizationServerConfigurer { @Override diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java index aa32758a5..042e28cc7 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java @@ -57,11 +57,15 @@ import org.springframework.stereotype.Component; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ @Configuration @Import(TokenKeyEndpointRegistrar.class) +@Deprecated public class AuthorizationServerEndpointsConfiguration { private AuthorizationServerEndpointsConfigurer endpoints = new AuthorizationServerEndpointsConfigurer(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerSecurityConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerSecurityConfiguration.java index cc7601d03..a95b4bcf3 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerSecurityConfiguration.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerSecurityConfiguration.java @@ -34,6 +34,9 @@ import java.util.List; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Rob Winch * @author Dave Syer * @@ -41,6 +44,7 @@ @Configuration @Order(0) @Import({ ClientDetailsServiceConfiguration.class, AuthorizationServerEndpointsConfiguration.class }) +@Deprecated public class AuthorizationServerSecurityConfiguration extends WebSecurityConfigurerAdapter { @Autowired diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableAuthorizationServer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableAuthorizationServer.java index 1b4415269..68ce85496 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableAuthorizationServer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableAuthorizationServer.java @@ -35,7 +35,10 @@ * @EnableWebSecurity} etc.), but the Token Endpoint (/oauth/token) will be automatically secured using HTTP Basic * authentication on the client's credentials. Clients must be registered by providing a * {@link ClientDetailsService} through one or more AuthorizationServerConfigurers. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ @@ -43,6 +46,7 @@ @Retention(RetentionPolicy.RUNTIME) @Documented @Import({AuthorizationServerEndpointsConfiguration.class, AuthorizationServerSecurityConfiguration.class}) +@Deprecated public @interface EnableAuthorizationServer { } diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableOAuth2Client.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableOAuth2Client.java index 3bac72c3c..2b6a2c933 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableOAuth2Client.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableOAuth2Client.java @@ -49,7 +49,10 @@ * token when necessary. Apps that use password grants need to set the authentication properties in the * OAuth2ProtectedResourceDetails before using the RestOperations, and this means the resource details themselves also * have to be per session (assuming there are multiple users in the system). - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ @@ -57,6 +60,7 @@ @Retention(RetentionPolicy.RUNTIME) @Documented @Import(OAuth2ClientConfiguration.class) +@Deprecated public @interface EnableOAuth2Client { } diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableResourceServer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableResourceServer.java index 52c532833..7ceef0307 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableResourceServer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableResourceServer.java @@ -36,7 +36,10 @@ * The annotation creates a {@link WebSecurityConfigurerAdapter} with a hard-coded {@link Order} (of 3). It's not * possible to change the order right now owing to technical limitations in Spring, so you must avoid using order=3 in * other WebSecurityConfigurerAdapters in your application (Spring Security will let you know if you forget). - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ @@ -44,6 +47,7 @@ @Retention(RetentionPolicy.RUNTIME) @Documented @Import(ResourceServerConfiguration.class) +@Deprecated public @interface EnableResourceServer { } diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/OAuth2ClientConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/OAuth2ClientConfiguration.java index b79985202..a618d95ba 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/OAuth2ClientConfiguration.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/OAuth2ClientConfiguration.java @@ -30,10 +30,14 @@ import org.springframework.security.oauth2.client.token.DefaultAccessTokenRequest; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ @Configuration +@Deprecated public class OAuth2ClientConfiguration { @Bean diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfiguration.java index 1833fab9f..9e1224846 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfiguration.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfiguration.java @@ -40,10 +40,14 @@ import org.springframework.util.ReflectionUtils; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ @Configuration +@Deprecated public class ResourceServerConfiguration extends WebSecurityConfigurerAdapter implements Ordered { private int order = 3; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfigurer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfigurer.java index d2a60f747..490e01562 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfigurer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfigurer.java @@ -23,10 +23,14 @@ * rules and paths that are protected by OAuth2 security. Applications may provide multiple instances of this interface, * and in general (like with other Security configurers), if more than one configures the same property, then the last * one wins. The configurers are sorted by {@link Order} before being applied. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface ResourceServerConfigurer { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfigurerAdapter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfigurerAdapter.java index 2cf23e139..cea39d37b 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfigurerAdapter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfigurerAdapter.java @@ -16,9 +16,13 @@ import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class ResourceServerConfigurerAdapter implements ResourceServerConfigurer { @Override diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerEndpointsConfigurer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerEndpointsConfigurer.java index 9bb56fa2a..6785fb430 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerEndpointsConfigurer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerEndpointsConfigurer.java @@ -81,11 +81,15 @@ /** * Configure the properties and enhanced functionality of the Authorization Server endpoints. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Rob Winch * @author Dave Syer * @since 2.0 */ +@Deprecated public final class AuthorizationServerEndpointsConfigurer { private AuthorizationServerTokenServices tokenServices; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java index 80b5d9cd3..6c8a2df84 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java @@ -47,11 +47,15 @@ import org.springframework.web.accept.HeaderContentNegotiationStrategy; /** - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Rob Winch * @author Dave Syer * @since 2.0 */ +@Deprecated public final class AuthorizationServerSecurityConfigurer extends SecurityConfigurerAdapter { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/ResourceServerSecurityConfigurer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/ResourceServerSecurityConfigurer.java index 7251e85da..e6b6d36b6 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/ResourceServerSecurityConfigurer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/ResourceServerSecurityConfigurer.java @@ -50,12 +50,15 @@ import javax.servlet.http.HttpServletRequest; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. * * @author Rob Winch * @author Dave Syer * * @since 2.0.0 */ +@Deprecated public final class ResourceServerSecurityConfigurer extends SecurityConfigurerAdapter { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/AuthorizationServerBeanDefinitionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/AuthorizationServerBeanDefinitionParser.java index 61047191d..78b15f304 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/AuthorizationServerBeanDefinitionParser.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/AuthorizationServerBeanDefinitionParser.java @@ -41,10 +41,14 @@ /** * Parser for the OAuth "provider" element. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public class AuthorizationServerBeanDefinitionParser extends ProviderBeanDefinitionParser { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ClientBeanDefinitionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ClientBeanDefinitionParser.java index d8034750c..a8796ec2f 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ClientBeanDefinitionParser.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ClientBeanDefinitionParser.java @@ -24,10 +24,14 @@ /** * Parser for the OAuth "client" element supporting client apps using {@link OAuth2RestTemplate}. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public class ClientBeanDefinitionParser extends AbstractBeanDefinitionParser { @Override diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ClientDetailsServiceBeanDefinitionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ClientDetailsServiceBeanDefinitionParser.java index 21fe53fe6..e67945547 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ClientDetailsServiceBeanDefinitionParser.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ClientDetailsServiceBeanDefinitionParser.java @@ -30,9 +30,13 @@ import org.w3c.dom.Element; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Andrew McCall */ +@Deprecated public class ClientDetailsServiceBeanDefinitionParser extends AbstractSingleBeanDefinitionParser { @Override diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ConfigUtils.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ConfigUtils.java index 77fde32c3..fc11e3d9e 100755 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ConfigUtils.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ConfigUtils.java @@ -22,8 +22,12 @@ /** * Common place for OAuth namespace configuration utils. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton */ +@Deprecated public class ConfigUtils { private static final Method createMatcherMethod3x = ReflectionUtils.findMethod( MatcherType.class, "createMatcher", String.class, String.class); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ExpressionHandlerBeanDefinitionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ExpressionHandlerBeanDefinitionParser.java index 9b8f9e7f7..fc7880107 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ExpressionHandlerBeanDefinitionParser.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ExpressionHandlerBeanDefinitionParser.java @@ -21,9 +21,13 @@ import org.w3c.dom.Element; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public class ExpressionHandlerBeanDefinitionParser extends AbstractSingleBeanDefinitionParser { @Override diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/OAuth2ClientContextFactoryBean.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/OAuth2ClientContextFactoryBean.java index 8b8d702c9..dc865ffc0 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/OAuth2ClientContextFactoryBean.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/OAuth2ClientContextFactoryBean.java @@ -23,10 +23,14 @@ * Convenience factory for OAuth2ClientContext that is aware of the need for a different context if the resource is for a * client credentials grant. Client credentials grants will always have the same credentials for all requests, so * there's no point protecting the context with session and request scopes. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class OAuth2ClientContextFactoryBean implements FactoryBean { private OAuth2ProtectedResourceDetails resource; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/OAuth2SecurityNamespaceHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/OAuth2SecurityNamespaceHandler.java index 01210ba8b..b92184402 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/OAuth2SecurityNamespaceHandler.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/OAuth2SecurityNamespaceHandler.java @@ -16,9 +16,13 @@ import org.springframework.beans.factory.xml.NamespaceHandlerSupport; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public class OAuth2SecurityNamespaceHandler extends NamespaceHandlerSupport { public void init() { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ProviderBeanDefinitionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ProviderBeanDefinitionParser.java index 364c16013..93b16525e 100755 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ProviderBeanDefinitionParser.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ProviderBeanDefinitionParser.java @@ -25,9 +25,13 @@ /** * Parser for the OAuth "provider" element. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public abstract class ProviderBeanDefinitionParser extends AbstractBeanDefinitionParser { @Override diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ResourceBeanDefinitionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ResourceBeanDefinitionParser.java index 23c9fc62b..23c76ee29 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ResourceBeanDefinitionParser.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ResourceBeanDefinitionParser.java @@ -36,8 +36,12 @@ import org.w3c.dom.Element; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton */ +@Deprecated public class ResourceBeanDefinitionParser extends AbstractSingleBeanDefinitionParser { @Override diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ResourceServerBeanDefinitionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ResourceServerBeanDefinitionParser.java index d7d261e1e..d6d8d7403 100755 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ResourceServerBeanDefinitionParser.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ResourceServerBeanDefinitionParser.java @@ -24,10 +24,14 @@ /** * Parser for the OAuth "resource-server" element. Creates a filter that can be added to the standard Spring Security * filter chain. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public class ResourceServerBeanDefinitionParser extends ProviderBeanDefinitionParser { @Override diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/RestTemplateBeanDefinitionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/RestTemplateBeanDefinitionParser.java index c4aeca280..7054d99df 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/RestTemplateBeanDefinitionParser.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/RestTemplateBeanDefinitionParser.java @@ -25,9 +25,13 @@ import org.w3c.dom.Element; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class RestTemplateBeanDefinitionParser extends AbstractSingleBeanDefinitionParser { @Override diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/WebExpressionHandlerBeanDefinitionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/WebExpressionHandlerBeanDefinitionParser.java index dff530bb3..def339b0d 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/WebExpressionHandlerBeanDefinitionParser.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/WebExpressionHandlerBeanDefinitionParser.java @@ -21,9 +21,13 @@ import org.w3c.dom.Element; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public class WebExpressionHandlerBeanDefinitionParser extends AbstractSingleBeanDefinitionParser { @Override diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/FormOAuth2AccessTokenMessageConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/FormOAuth2AccessTokenMessageConverter.java index f64ea48b0..6bdf83f2f 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/FormOAuth2AccessTokenMessageConverter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/FormOAuth2AccessTokenMessageConverter.java @@ -28,11 +28,15 @@ /** * Converter that can handle inbound form data and convert it to an access token. Needed to support external servers, * like Facebook that might not send JSON token data. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Rob Winch * @author Dave Syer * */ +@Deprecated public class FormOAuth2AccessTokenMessageConverter extends AbstractHttpMessageConverter { private final FormHttpMessageConverter delegateMessageConverter; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/FormOAuth2ExceptionHttpMessageConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/FormOAuth2ExceptionHttpMessageConverter.java index d81a0ecf7..264a528d5 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/FormOAuth2ExceptionHttpMessageConverter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/FormOAuth2ExceptionHttpMessageConverter.java @@ -31,11 +31,15 @@ /** * Converter that can handle inbound form data and convert it to an OAuth2 exception. Needed to support external servers, * like Facebook that might not send JSON data. - * -@author Rob Winch + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * + * @author Rob Winch * @author Dave Syer * */ +@Deprecated public final class FormOAuth2ExceptionHttpMessageConverter implements HttpMessageConverter { private static final List SUPPORTED_MEDIA = Collections.singletonList(MediaType.APPLICATION_FORM_URLENCODED); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2AccessTokenMessageConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2AccessTokenMessageConverter.java index be71dafae..ac4e45724 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2AccessTokenMessageConverter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2AccessTokenMessageConverter.java @@ -19,6 +19,12 @@ import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken; +/** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * + */ +@Deprecated public final class JaxbOAuth2AccessTokenMessageConverter extends AbstractJaxbMessageConverter { public JaxbOAuth2AccessTokenMessageConverter() { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2ExceptionMessageConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2ExceptionMessageConverter.java index 72ae1cd6f..3b2f1146b 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2ExceptionMessageConverter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2ExceptionMessageConverter.java @@ -14,6 +14,12 @@ import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; +/** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * + */ +@Deprecated public final class JaxbOAuth2ExceptionMessageConverter extends AbstractJaxbMessageConverter { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/AuthorizationRequest.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/AuthorizationRequest.java index ddb90e808..520f66960 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/AuthorizationRequest.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/AuthorizationRequest.java @@ -30,12 +30,16 @@ * authorization request as a {@link SessionAttributes} member while the end * user through the authorization process (which may span several page * requests). - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer * @author Amanda Anganes */ @SuppressWarnings("serial") +@Deprecated public class AuthorizationRequest extends BaseRequest implements Serializable { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientAlreadyExistsException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientAlreadyExistsException.java index b7875f603..2459ccd2d 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientAlreadyExistsException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientAlreadyExistsException.java @@ -17,11 +17,15 @@ /** * Exception indicating that a client registration already exists (e.g. if someone tries to create a duplicate). - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ @SuppressWarnings("serial") +@Deprecated public class ClientAlreadyExistsException extends ClientRegistrationException { public ClientAlreadyExistsException(String msg) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientDetails.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientDetails.java index f9e8d1c2f..5aacd8917 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientDetails.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientDetails.java @@ -9,9 +9,13 @@ /** * Client details for OAuth 2 - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton */ +@Deprecated public interface ClientDetails extends Serializable { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientDetailsService.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientDetailsService.java index f9e4166b9..2137fe459 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientDetailsService.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientDetailsService.java @@ -20,8 +20,12 @@ /** * A service that provides the details about an OAuth2 client. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton */ +@Deprecated public interface ClientDetailsService { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientRegistrationException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientRegistrationException.java index 731577ee5..29d1b6975 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientRegistrationException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientRegistrationException.java @@ -16,10 +16,14 @@ package org.springframework.security.oauth2.provider; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ @SuppressWarnings("serial") +@Deprecated public class ClientRegistrationException extends RuntimeException { public ClientRegistrationException(String msg) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientRegistrationService.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientRegistrationService.java index a388c1b5b..d032db2c4 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientRegistrationService.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientRegistrationService.java @@ -20,10 +20,14 @@ /** * Interface for client registration, handling add, update and remove of {@link ClientDetails} from an Authorization * Server. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface ClientRegistrationService { void addClientDetails(ClientDetails clientDetails) throws ClientAlreadyExistsException; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/CompositeTokenGranter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/CompositeTokenGranter.java index fab6fbf89..a880d581d 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/CompositeTokenGranter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/CompositeTokenGranter.java @@ -22,9 +22,13 @@ import org.springframework.security.oauth2.common.OAuth2AccessToken; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class CompositeTokenGranter implements TokenGranter { private final List tokenGranters; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/DefaultSecurityContextAccessor.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/DefaultSecurityContextAccessor.java index 46915dc66..deb892923 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/DefaultSecurityContextAccessor.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/DefaultSecurityContextAccessor.java @@ -23,10 +23,14 @@ /** * Strategy for accessing useful information about the current security context. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class DefaultSecurityContextAccessor implements SecurityContextAccessor { @Override diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/NoSuchClientException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/NoSuchClientException.java index 0083d4d51..3712afaeb 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/NoSuchClientException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/NoSuchClientException.java @@ -16,10 +16,14 @@ package org.springframework.security.oauth2.provider; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ @SuppressWarnings("serial") +@Deprecated public class NoSuchClientException extends ClientRegistrationException { public NoSuchClientException(String msg) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2Authentication.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2Authentication.java index d2f3cf045..d4543c853 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2Authentication.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2Authentication.java @@ -7,9 +7,13 @@ /** * An OAuth 2 authentication token can contain two authentications: one for the client and one for the user. Since some * OAuth authorization grants don't require user authentication, the user authentication may be null. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton */ +@Deprecated public class OAuth2Authentication extends AbstractAuthenticationToken { private static final long serialVersionUID = -4809832298438307309L; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2Request.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2Request.java index 61dcd5660..a3d2fbae3 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2Request.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2Request.java @@ -14,11 +14,15 @@ * Represents a stored authorization or token request. Used as part of the OAuth2Authentication object to store a * request's authentication information. Does not expose public setters so that clients can not mutate state if they * respect the declared type of the request. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Amanda Anganes * @author Dave Syer * */ +@Deprecated public class OAuth2Request extends BaseRequest implements Serializable { private static final long serialVersionUID = 1L; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2RequestFactory.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2RequestFactory.java index 278b25b0c..22762e649 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2RequestFactory.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2RequestFactory.java @@ -17,11 +17,15 @@ /** * Strategy for managing OAuth2 requests: {@link AuthorizationRequest}, {@link TokenRequest}, {@link OAuth2Request}. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * @author Amanda Anganes * */ +@Deprecated public interface OAuth2RequestFactory { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2RequestValidator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2RequestValidator.java index b88a765bf..548ab4a6d 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2RequestValidator.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2RequestValidator.java @@ -6,10 +6,14 @@ /** * Validation interface for OAuth2 requests to the {@link AuthorizationEndpoint} and {@link TokenEndpoint}. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Amanda Anganes * */ +@Deprecated public interface OAuth2RequestValidator { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/SecurityContextAccessor.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/SecurityContextAccessor.java index cd6522724..c051179f4 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/SecurityContextAccessor.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/SecurityContextAccessor.java @@ -19,10 +19,14 @@ /** * Strategy for accessing useful information about the current security context. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface SecurityContextAccessor { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/TokenGranter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/TokenGranter.java index fcd9ef1f8..7c31f571c 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/TokenGranter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/TokenGranter.java @@ -21,10 +21,14 @@ /** * Interface for granters of access tokens. Various grant types are defined in the specification, and each of those has * an implementation, leaving room for extensions to the specification as needed. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface TokenGranter { OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/TokenRequest.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/TokenRequest.java index ebc13a56d..6fb2dbc69 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/TokenRequest.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/TokenRequest.java @@ -15,12 +15,16 @@ * In the implicit flow, a token is requested through the {@link AuthorizationEndpoint} directly, and in that case the * {@link AuthorizationRequest} is converted into a {@link TokenRequest} for processing through the token granting * chain. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Amanda Anganes * @author Dave Syer * */ @SuppressWarnings("serial") +@Deprecated public class TokenRequest extends BaseRequest { private String grantType; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/Approval.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/Approval.java index 22a368284..c9a2503f9 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/Approval.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/Approval.java @@ -27,11 +27,15 @@ import org.springframework.security.oauth2.common.util.JsonDateSerializer; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * @author Vidya Val * */ @JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL) +@Deprecated public class Approval { private String userId; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStore.java index 88209e612..85a67f4d3 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStore.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStore.java @@ -19,10 +19,14 @@ /** * Interface for saving, retrieving and revoking user approvals (per client, per scope). - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface ApprovalStore { public boolean addApprovals(Collection approvals); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandler.java index 33804a776..38eba30fe 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandler.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandler.java @@ -40,10 +40,14 @@ /** * A user approval handler that remembers approval decisions by consulting existing approvals. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class ApprovalStoreUserApprovalHandler implements UserApprovalHandler, InitializingBean { private static Log logger = LogFactory.getLog(ApprovalStoreUserApprovalHandler.class); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/DefaultUserApprovalHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/DefaultUserApprovalHandler.java index 2344627f5..5aa3813b1 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/DefaultUserApprovalHandler.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/DefaultUserApprovalHandler.java @@ -25,10 +25,14 @@ /** * A default user approval handler that doesn't remember any decisions. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class DefaultUserApprovalHandler implements UserApprovalHandler { private String approvalParameter = OAuth2Utils.USER_OAUTH_APPROVAL; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/InMemoryApprovalStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/InMemoryApprovalStore.java index b70818196..51b765905 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/InMemoryApprovalStore.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/InMemoryApprovalStore.java @@ -23,9 +23,13 @@ import java.util.concurrent.ConcurrentMap; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class InMemoryApprovalStore implements ApprovalStore { private ConcurrentMap> map = new ConcurrentHashMap>(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/JdbcApprovalStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/JdbcApprovalStore.java index d200e22ee..11e5bfb7f 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/JdbcApprovalStore.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/JdbcApprovalStore.java @@ -37,9 +37,13 @@ import org.springframework.util.Assert; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class JdbcApprovalStore implements ApprovalStore { private final JdbcTemplate jdbcTemplate; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/TokenApprovalStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/TokenApprovalStore.java index e9f0ebb30..2a45946f6 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/TokenApprovalStore.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/TokenApprovalStore.java @@ -32,10 +32,14 @@ * approvals even if they are not really represented in such a way internally. For full fine-grained control of user * approvals don't use a TokenStore at all, and don't use this ApprovalStore with Approval-based * {@link AuthorizationServerTokenServices} implementations. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class TokenApprovalStore implements ApprovalStore { private TokenStore store; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/TokenStoreUserApprovalHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/TokenStoreUserApprovalHandler.java index ad69f0d10..8c60bea7f 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/TokenStoreUserApprovalHandler.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/TokenStoreUserApprovalHandler.java @@ -38,10 +38,14 @@ /** * A user approval handler that remembers approval decisions by consulting existing tokens. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class TokenStoreUserApprovalHandler implements UserApprovalHandler, InitializingBean { private static Log logger = LogFactory.getLog(TokenStoreUserApprovalHandler.class); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/UserApprovalHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/UserApprovalHandler.java index ab741bb2e..e57ebba3d 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/UserApprovalHandler.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/UserApprovalHandler.java @@ -8,11 +8,15 @@ /** * Basic interface for determining whether a given client authentication request has been * approved by the current user. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer * @author Amanda Anganes */ +@Deprecated public interface UserApprovalHandler { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/BearerTokenExtractor.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/BearerTokenExtractor.java index 4d224556d..a11c6fae9 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/BearerTokenExtractor.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/BearerTokenExtractor.java @@ -27,10 +27,14 @@ * {@link TokenExtractor} that strips the authenticator from a bearer token request (with an Authorization header in the * form "Bearer <TOKEN>", or as a request parameter if that fails). The access token is the principal in * the authentication token that is extracted. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class BearerTokenExtractor implements TokenExtractor { private final static Log logger = LogFactory.getLog(BearerTokenExtractor.class); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetails.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetails.java index d7a14ce8e..7ff8dc19c 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetails.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetails.java @@ -21,10 +21,14 @@ /** * A holder of selected HTTP details related to an OAuth2 authentication request. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class OAuth2AuthenticationDetails implements Serializable { private static final long serialVersionUID = -4809832298438307309L; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetailsSource.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetailsSource.java index 880c374e0..8358c77f3 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetailsSource.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetailsSource.java @@ -20,10 +20,14 @@ /** * A source for authentication details in an OAuth2 protected Resource. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class OAuth2AuthenticationDetailsSource implements AuthenticationDetailsSource { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationManager.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationManager.java index f81470cda..1644e9bd5 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationManager.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationManager.java @@ -31,10 +31,14 @@ /** * An {@link AuthenticationManager} for OAuth2 protected resources. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class OAuth2AuthenticationManager implements AuthenticationManager, InitializingBean { private ResourceServerTokenServices tokenServices; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilter.java index cc27d8d26..d2ba671ba 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilter.java @@ -47,10 +47,14 @@ * A pre-authentication filter for OAuth2 protected resources. Extracts an OAuth2 token from the incoming request and * uses it to populate the Spring Security context with an {@link OAuth2Authentication} (if used in conjunction with an * {@link OAuth2AuthenticationManager}). - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class OAuth2AuthenticationProcessingFilter implements Filter, InitializingBean { private final static Log logger = LogFactory.getLog(OAuth2AuthenticationProcessingFilter.class); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/TokenExtractor.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/TokenExtractor.java index d0864e6c4..2537b1eb2 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/TokenExtractor.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/TokenExtractor.java @@ -18,9 +18,13 @@ import org.springframework.security.core.Authentication; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface TokenExtractor { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/BaseClientDetails.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/BaseClientDetails.java index 97995b88b..e1a82439e 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/BaseClientDetails.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/BaseClientDetails.java @@ -19,13 +19,17 @@ /** * Base implementation of * {@link org.springframework.security.oauth2.provider.ClientDetails}. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ @SuppressWarnings("serial") @com.fasterxml.jackson.annotation.JsonInclude(com.fasterxml.jackson.annotation.JsonInclude.Include.NON_DEFAULT) @com.fasterxml.jackson.annotation.JsonIgnoreProperties(ignoreUnknown = true) +@Deprecated public class BaseClientDetails implements ClientDetails { @com.fasterxml.jackson.annotation.JsonProperty("client_id") diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientCredentialsTokenEndpointFilter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientCredentialsTokenEndpointFilter.java index 22d3d57b9..f4fb58f33 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientCredentialsTokenEndpointFilter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientCredentialsTokenEndpointFilter.java @@ -38,10 +38,14 @@ * parameters if included as a security filter, as permitted by the specification (but not recommended). It is * recommended by the specification that you permit HTTP basic authentication for clients, and not use this filter at * all. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class ClientCredentialsTokenEndpointFilter extends AbstractAuthenticationProcessingFilter { private AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientCredentialsTokenGranter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientCredentialsTokenGranter.java index 2ddfff51d..e56d1593a 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientCredentialsTokenGranter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientCredentialsTokenGranter.java @@ -25,9 +25,13 @@ import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class ClientCredentialsTokenGranter extends AbstractTokenGranter { private static final String GRANT_TYPE = "client_credentials"; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientDetailsUserDetailsService.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientDetailsUserDetailsService.java index ed49f6845..bcc6c9967 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientDetailsUserDetailsService.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientDetailsUserDetailsService.java @@ -22,9 +22,13 @@ import org.springframework.security.oauth2.provider.NoSuchClientException; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class ClientDetailsUserDetailsService implements UserDetailsService { private final ClientDetailsService clientDetailsService; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/InMemoryClientDetailsService.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/InMemoryClientDetailsService.java index bc519b5bb..502251839 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/InMemoryClientDetailsService.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/InMemoryClientDetailsService.java @@ -27,8 +27,12 @@ /** * Basic, in-memory implementation of the client details service. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton */ +@Deprecated public class InMemoryClientDetailsService implements ClientDetailsService { private Map clientDetailsStore = new HashMap(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/Jackson2ArrayOrStringDeserializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/Jackson2ArrayOrStringDeserializer.java index 20698f491..4e6285c9b 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/Jackson2ArrayOrStringDeserializer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/Jackson2ArrayOrStringDeserializer.java @@ -16,7 +16,13 @@ import com.fasterxml.jackson.databind.deser.std.StdDeserializer; import com.fasterxml.jackson.databind.type.SimpleType; +/** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * + */ @SuppressWarnings("serial") +@Deprecated public class Jackson2ArrayOrStringDeserializer extends StdDeserializer> { public Jackson2ArrayOrStringDeserializer() { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/JdbcClientDetailsService.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/JdbcClientDetailsService.java index 49244d5d1..f3b513813 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/JdbcClientDetailsService.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/JdbcClientDetailsService.java @@ -50,7 +50,12 @@ /** * Basic, JDBC implementation of the client details service. + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * */ +@Deprecated public class JdbcClientDetailsService implements ClientDetailsService, ClientRegistrationService { private static final Log logger = LogFactory.getLog(JdbcClientDetailsService.class); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/AuthorizationCodeServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/AuthorizationCodeServices.java index 3c6ee338a..809823649 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/AuthorizationCodeServices.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/AuthorizationCodeServices.java @@ -5,9 +5,13 @@ /** * Services for issuing and storing authorization codes. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton */ +@Deprecated public interface AuthorizationCodeServices { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/AuthorizationCodeTokenGranter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/AuthorizationCodeTokenGranter.java index c7be47b54..a1ca14e00 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/AuthorizationCodeTokenGranter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/AuthorizationCodeTokenGranter.java @@ -36,10 +36,14 @@ /** * Token granter for the authorization code grant type. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class AuthorizationCodeTokenGranter extends AbstractTokenGranter { private static final String GRANT_TYPE = "authorization_code"; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/InMemoryAuthorizationCodeServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/InMemoryAuthorizationCodeServices.java index d75dfa108..47e0d03be 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/InMemoryAuthorizationCodeServices.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/InMemoryAuthorizationCodeServices.java @@ -6,10 +6,14 @@ /** * Implementation of authorization code services that stores the codes and authentication in memory. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public class InMemoryAuthorizationCodeServices extends RandomValueAuthorizationCodeServices { protected final ConcurrentHashMap authorizationCodeStore = new ConcurrentHashMap(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/JdbcAuthorizationCodeServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/JdbcAuthorizationCodeServices.java index a02fef029..e7c90d42e 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/JdbcAuthorizationCodeServices.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/JdbcAuthorizationCodeServices.java @@ -16,10 +16,14 @@ /** * Implementation of authorization code services that stores the codes and authentication in a database. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ken Dombeck * @author Dave Syer */ +@Deprecated public class JdbcAuthorizationCodeServices extends RandomValueAuthorizationCodeServices { private static final String DEFAULT_SELECT_STATEMENT = "select code, authentication from oauth_code where code = ?"; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/RandomValueAuthorizationCodeServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/RandomValueAuthorizationCodeServices.java index be091bab0..b4ea58665 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/RandomValueAuthorizationCodeServices.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/RandomValueAuthorizationCodeServices.java @@ -6,10 +6,14 @@ /** * Base implementation for authorization code services that generates a random-value authorization code. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public abstract class RandomValueAuthorizationCodeServices implements AuthorizationCodeServices { private RandomValueStringGenerator generator = new RandomValueStringGenerator(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AbstractEndpoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AbstractEndpoint.java index d50da6219..db2b85a5c 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AbstractEndpoint.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AbstractEndpoint.java @@ -29,9 +29,13 @@ import org.springframework.util.Assert; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class AbstractEndpoint implements InitializingBean { protected final Log logger = LogFactory.getLog(getClass()); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpoint.java index ba5d8deca..79449846c 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpoint.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpoint.java @@ -87,13 +87,17 @@ * This endpoint should be secured so that it is only accessible to fully authenticated users (as a minimum requirement) * since it represents a request from a valid user to act on his or her behalf. *

- * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * @author Vladimir Kryachko * */ @FrameworkEndpoint @SessionAttributes({AuthorizationEndpoint.AUTHORIZATION_REQUEST_ATTR_NAME, AuthorizationEndpoint.ORIGINAL_AUTHORIZATION_REQUEST_ATTR_NAME}) +@Deprecated public class AuthorizationEndpoint extends AbstractEndpoint { static final String AUTHORIZATION_REQUEST_ATTR_NAME = "authorizationRequest"; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpoint.java index 8c9f2efdd..218520c06 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpoint.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpoint.java @@ -37,11 +37,15 @@ /** * Controller which decodes access tokens for clients who are not able to do so (or where opaque token values are used). - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Luke Taylor * @author Joel D'sa */ @FrameworkEndpoint +@Deprecated public class CheckTokenEndpoint { private ResourceServerTokenServices resourceServerTokenServices; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java index 1e40e5ce2..ef2a6e631 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java @@ -35,10 +35,14 @@ /** * Default implementation for a redirect resolver. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public class DefaultRedirectResolver implements RedirectResolver { private Collection redirectGrantTypes = Arrays.asList("implicit", "authorization_code"); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/ExactMatchRedirectResolver.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/ExactMatchRedirectResolver.java index 65592dafc..a77dced83 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/ExactMatchRedirectResolver.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/ExactMatchRedirectResolver.java @@ -6,9 +6,13 @@ * Strict implementation for a redirect resolver which requires * an exact match between the registered and requested redirect_uri. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public class ExactMatchRedirectResolver extends DefaultRedirectResolver { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/FrameworkEndpoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/FrameworkEndpoint.java index 17e953f2b..328813117 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/FrameworkEndpoint.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/FrameworkEndpoint.java @@ -30,13 +30,17 @@ * Users of the Spring Security OAuth2 XSD namespace need not use this feature explicitly as the relevant handlers will * be registered by the parsers. *

- * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ @Component @Retention(RetentionPolicy.RUNTIME) @Target(ElementType.TYPE) +@Deprecated public @interface FrameworkEndpoint { } diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/FrameworkEndpointHandlerMapping.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/FrameworkEndpointHandlerMapping.java index a3cebb978..ea82fe2e6 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/FrameworkEndpointHandlerMapping.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/FrameworkEndpointHandlerMapping.java @@ -32,10 +32,14 @@ /** * A handler mapping for framework endpoints (those annotated with @FrameworkEndpoint). - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class FrameworkEndpointHandlerMapping extends RequestMappingHandlerMapping { private static final String REDIRECT = UrlBasedViewResolver.REDIRECT_URL_PREFIX; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/RedirectResolver.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/RedirectResolver.java index b4869f960..c80c4a321 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/RedirectResolver.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/RedirectResolver.java @@ -5,9 +5,13 @@ /** * Basic interface for determining the redirect URI for a user agent. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton */ +@Deprecated public interface RedirectResolver { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java index 5f8f39e29..acc7658b8 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java @@ -63,11 +63,15 @@ * id is extracted from the authentication token. The best way to arrange this (as per the OAuth2 spec) is to use HTTP * basic authentication for this endpoint with standard Spring Security support. *

- * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ @FrameworkEndpoint +@Deprecated public class TokenEndpoint extends AbstractEndpoint { private OAuth2RequestValidator oAuth2RequestValidator = new DefaultOAuth2RequestValidator(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java index 1b7723d59..14b03690a 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java @@ -66,10 +66,14 @@ * client authentication, and the authenticated user token extracted from the request and validated using the * authentication manager. *

- * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class TokenEndpointAuthenticationFilter implements Filter { private static final Log logger = LogFactory.getLog(TokenEndpointAuthenticationFilter.class); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenKeyEndpoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenKeyEndpoint.java index ecd231cfd..f3dd2f500 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenKeyEndpoint.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenKeyEndpoint.java @@ -26,12 +26,16 @@ /** * OAuth2 token services that produces JWT encoded token values. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * @author Luke Taylor * @author Joel D'sa */ @FrameworkEndpoint +@Deprecated public class TokenKeyEndpoint { protected final Log logger = LogFactory.getLog(getClass()); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/WhitelabelApprovalEndpoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/WhitelabelApprovalEndpoint.java index 836b66b16..f05a9b464 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/WhitelabelApprovalEndpoint.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/WhitelabelApprovalEndpoint.java @@ -15,11 +15,15 @@ /** * Controller for displaying the approval page for the authorization server. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer */ @FrameworkEndpoint @SessionAttributes("authorizationRequest") +@Deprecated public class WhitelabelApprovalEndpoint { @RequestMapping("/oauth/confirm_access") diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/WhitelabelErrorEndpoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/WhitelabelErrorEndpoint.java index 83f626cd4..cdf911b87 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/WhitelabelErrorEndpoint.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/WhitelabelErrorEndpoint.java @@ -14,9 +14,13 @@ /** * Controller for displaying the error page for the authorization server. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer */ @FrameworkEndpoint +@Deprecated public class WhitelabelErrorEndpoint { private static final String ERROR = "

OAuth Error

%errorSummary%

"; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/AbstractOAuth2SecurityExceptionHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/AbstractOAuth2SecurityExceptionHandler.java index 748a0af8a..26df70549 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/AbstractOAuth2SecurityExceptionHandler.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/AbstractOAuth2SecurityExceptionHandler.java @@ -28,10 +28,14 @@ /** * Convenient base class containing utility methods and dependency setters for security error handling concerns specific * to OAuth2 resources. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public abstract class AbstractOAuth2SecurityExceptionHandler { /** Logger available to subclasses */ diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/DefaultOAuth2ExceptionRenderer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/DefaultOAuth2ExceptionRenderer.java index 9fca8a568..8c1826a89 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/DefaultOAuth2ExceptionRenderer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/DefaultOAuth2ExceptionRenderer.java @@ -42,10 +42,14 @@ * Default implementation of {@link OAuth2ExceptionRenderer} that can render the exceptions using message converters * (just like regular Spring MVC endpoints). If the caller sends an appropriate Accept header he should get the right * result as long as an appropriate message converter is provided. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class DefaultOAuth2ExceptionRenderer implements OAuth2ExceptionRenderer { private final Log logger = LogFactory.getLog(DefaultOAuth2ExceptionRenderer.class); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/DefaultWebResponseExceptionTranslator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/DefaultWebResponseExceptionTranslator.java index a9327fb0f..af725fa8b 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/DefaultWebResponseExceptionTranslator.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/DefaultWebResponseExceptionTranslator.java @@ -32,10 +32,14 @@ /** * Default translator that converts exceptions into {@link OAuth2Exception}s. The output matches the OAuth 2.0 * specification in terms of error response format and HTTP status code. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class DefaultWebResponseExceptionTranslator implements WebResponseExceptionTranslator { private ThrowableAnalyzer throwableAnalyzer = new DefaultThrowableAnalyzer(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2AccessDeniedHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2AccessDeniedHandler.java index f6867f2e0..0d1682f4d 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2AccessDeniedHandler.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2AccessDeniedHandler.java @@ -25,10 +25,14 @@ * If authorization fails and the caller has asked for a specific content type response, this entry point can send one, * along with a standard 403 status. Add to the Spring Security configuration as an {@link AccessDeniedHandler} in * the usual way. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class OAuth2AccessDeniedHandler extends AbstractOAuth2SecurityExceptionHandler implements AccessDeniedHandler { public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException authException) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2AuthenticationEntryPoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2AuthenticationEntryPoint.java index ce3570d2f..63c760974 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2AuthenticationEntryPoint.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2AuthenticationEntryPoint.java @@ -29,10 +29,14 @@ * If authentication fails and the caller has asked for a specific content type response, this entry point can send one, * along with a standard 401 status. Add to the Spring Security configuration as an {@link AuthenticationEntryPoint} in * the usual way. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class OAuth2AuthenticationEntryPoint extends AbstractOAuth2SecurityExceptionHandler implements AuthenticationEntryPoint { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2ExceptionRenderer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2ExceptionRenderer.java index 72b5bcd95..7f1a967e1 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2ExceptionRenderer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2ExceptionRenderer.java @@ -19,10 +19,14 @@ /** * Strategy for rendering a {@link OAuth2Exception} in cases where they cannot be rendered by the Spring dispatcher * servlet (i.e. usually in a filter chain). - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface OAuth2ExceptionRenderer { void handleHttpEntityResponse(HttpEntity responseEntity, ServletWebRequest webRequest) throws Exception; } diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/WebResponseExceptionTranslator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/WebResponseExceptionTranslator.java index 7b7bc664d..05030335f 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/WebResponseExceptionTranslator.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/WebResponseExceptionTranslator.java @@ -19,9 +19,14 @@ /** * Translates exceptions into HTTP Responses. - * + * * @param The error model that will be used as the HTTP Response body. + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * */ +@Deprecated public interface WebResponseExceptionTranslator { ResponseEntity translate(Exception e) throws Exception; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2ExpressionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2ExpressionParser.java index a1f897fce..f554c7785 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2ExpressionParser.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2ExpressionParser.java @@ -31,10 +31,14 @@ * Note: The implication is that all expressions that are parsed must return a boolean result. This expectation is * already true since Spring Security expects the result to be a boolean. *

- * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Rob Winch * */ +@Deprecated public class OAuth2ExpressionParser implements ExpressionParser { private final ExpressionParser delegate; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2ExpressionUtils.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2ExpressionUtils.java index b516a9b27..c893053a2 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2ExpressionUtils.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2ExpressionUtils.java @@ -22,10 +22,14 @@ import org.springframework.security.oauth2.provider.OAuth2Request; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * @author Radek Ostrowski * */ +@Deprecated public abstract class OAuth2ExpressionUtils { public static boolean clientHasAnyRole(Authentication authentication, String... roles) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2MethodSecurityExpressionHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2MethodSecurityExpressionHandler.java index cf9da9385..29035fa89 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2MethodSecurityExpressionHandler.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2MethodSecurityExpressionHandler.java @@ -16,11 +16,15 @@ * By default the {@link OAuth2ExpressionParser} is used. If this is undesirable one can inject their own * {@link ExpressionParser} using {@link #setExpressionParser(ExpressionParser)}. *

- * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * @author Rob Winch * @see OAuth2ExpressionParser */ +@Deprecated public class OAuth2MethodSecurityExpressionHandler extends DefaultMethodSecurityExpressionHandler { public OAuth2MethodSecurityExpressionHandler() { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2SecurityExpressionMethods.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2SecurityExpressionMethods.java index 0c88491be..83d2bc34a 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2SecurityExpressionMethods.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2SecurityExpressionMethods.java @@ -24,12 +24,16 @@ /** * A convenience object for security expressions in OAuth2 protected resources, providing public methods that act on the * current authentication. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * @author Rob Winch * @author Radek Ostrowski * */ +@Deprecated public class OAuth2SecurityExpressionMethods { private final Authentication authentication; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2WebSecurityExpressionHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2WebSecurityExpressionHandler.java index cea72d5a3..40881dfcc 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2WebSecurityExpressionHandler.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2WebSecurityExpressionHandler.java @@ -28,12 +28,16 @@ * By default the {@link OAuth2ExpressionParser} is used. If this is undesirable one can inject their own * {@link ExpressionParser} using {@link #setExpressionParser(ExpressionParser)}. *

- * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * @author Rob Winch * * @see OAuth2ExpressionParser */ +@Deprecated public class OAuth2WebSecurityExpressionHandler extends DefaultWebSecurityExpressionHandler { public OAuth2WebSecurityExpressionHandler() { setExpressionParser(new OAuth2ExpressionParser(getExpressionParser())); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/ImplicitTokenGranter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/ImplicitTokenGranter.java index 04ab21883..975ed02b8 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/ImplicitTokenGranter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/ImplicitTokenGranter.java @@ -31,9 +31,13 @@ import org.springframework.util.Assert; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class ImplicitTokenGranter extends AbstractTokenGranter { private static final String GRANT_TYPE = "implicit"; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/ImplicitTokenRequest.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/ImplicitTokenRequest.java index 66094ee27..2da7b57fc 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/ImplicitTokenRequest.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/ImplicitTokenRequest.java @@ -17,12 +17,16 @@ import org.springframework.security.oauth2.provider.TokenRequest; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * * @since 2.0.2 * */ @SuppressWarnings("serial") +@Deprecated public class ImplicitTokenRequest extends TokenRequest { private OAuth2Request oauth2Request; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/InMemoryImplicitGrantService.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/InMemoryImplicitGrantService.java index 6156fac1a..d374d144a 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/InMemoryImplicitGrantService.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/InMemoryImplicitGrantService.java @@ -7,11 +7,15 @@ /** * In-memory implementation of the ImplicitGrantService. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Amanda Anganes * */ @SuppressWarnings("deprecation") +@Deprecated public class InMemoryImplicitGrantService implements ImplicitGrantService { protected final ConcurrentHashMap requestStore = new ConcurrentHashMap(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/password/ResourceOwnerPasswordTokenGranter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/password/ResourceOwnerPasswordTokenGranter.java index 34a502ed7..3d58458c4 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/password/ResourceOwnerPasswordTokenGranter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/password/ResourceOwnerPasswordTokenGranter.java @@ -36,9 +36,13 @@ import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class ResourceOwnerPasswordTokenGranter extends AbstractTokenGranter { private static final String GRANT_TYPE = "password"; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/refresh/RefreshTokenGranter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/refresh/RefreshTokenGranter.java index c5081ade7..71e4702f9 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/refresh/RefreshTokenGranter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/refresh/RefreshTokenGranter.java @@ -25,9 +25,13 @@ import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class RefreshTokenGranter extends AbstractTokenGranter { private static final String GRANT_TYPE = "refresh_token"; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/request/DefaultOAuth2RequestFactory.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/request/DefaultOAuth2RequestFactory.java index 8f81294ff..c039aadc0 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/request/DefaultOAuth2RequestFactory.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/request/DefaultOAuth2RequestFactory.java @@ -32,11 +32,15 @@ /** * Default implementation of {@link OAuth2RequestFactory} which initializes fields from the parameters map, validates * grant types and scopes, and fills in scopes with the default values from the client if they are missing. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * @author Amanda Anganes * */ +@Deprecated public class DefaultOAuth2RequestFactory implements OAuth2RequestFactory { private final ClientDetailsService clientDetailsService; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/request/DefaultOAuth2RequestValidator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/request/DefaultOAuth2RequestValidator.java index ea297e336..0db3293fc 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/request/DefaultOAuth2RequestValidator.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/request/DefaultOAuth2RequestValidator.java @@ -10,10 +10,14 @@ /** * Default implementation of {@link OAuth2RequestValidator}. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Amanda Anganes * */ +@Deprecated public class DefaultOAuth2RequestValidator implements OAuth2RequestValidator { public void validateScope(AuthorizationRequest authorizationRequest, ClientDetails client) throws InvalidScopeException { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AbstractTokenGranter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AbstractTokenGranter.java index bbe5b8a30..3cf6c61a1 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AbstractTokenGranter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AbstractTokenGranter.java @@ -27,9 +27,13 @@ import org.springframework.security.oauth2.provider.TokenRequest; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public abstract class AbstractTokenGranter implements TokenGranter { protected final Log logger = LogFactory.getLog(getClass()); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AccessTokenConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AccessTokenConverter.java index e981b6d1d..e3fc2a430 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AccessTokenConverter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AccessTokenConverter.java @@ -19,10 +19,14 @@ /** * Converter interface for token service implementations that store authentication data inside the token. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface AccessTokenConverter { final String AUD = "aud"; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AuthenticationKeyGenerator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AuthenticationKeyGenerator.java index dcb80754e..4b9f515e2 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AuthenticationKeyGenerator.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AuthenticationKeyGenerator.java @@ -16,10 +16,14 @@ /** * Strategy interface for extracting a unique key from an {@link OAuth2Authentication}. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface AuthenticationKeyGenerator { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AuthorizationServerTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AuthorizationServerTokenServices.java index 26e3013d6..7fd9bc359 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AuthorizationServerTokenServices.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AuthorizationServerTokenServices.java @@ -22,9 +22,13 @@ import org.springframework.security.oauth2.provider.TokenRequest; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Dave Syer */ +@Deprecated public interface AuthorizationServerTokenServices { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/ConsumerTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/ConsumerTokenServices.java index 1e3de255d..f9ad8d15c 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/ConsumerTokenServices.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/ConsumerTokenServices.java @@ -14,9 +14,13 @@ /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface ConsumerTokenServices { boolean revokeToken(String tokenValue); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java index e7f5aa62d..dc97af8af 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java @@ -31,10 +31,14 @@ /** * Default implementation of {@link AccessTokenConverter}. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * @author Vedran Pavic */ +@Deprecated public class DefaultAccessTokenConverter implements AccessTokenConverter { private UserAuthenticationConverter userTokenConverter = new DefaultUserAuthenticationConverter(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGenerator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGenerator.java index 3b98fd347..ae79cf2cf 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGenerator.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGenerator.java @@ -28,9 +28,13 @@ * Basic key generator taking into account the client id, scope, resource ids and username (principal name) if they * exist. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class DefaultAuthenticationKeyGenerator implements AuthenticationKeyGenerator { private static final String CLIENT_ID = "client_id"; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java index 16f7a4914..7c22e8674 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java @@ -47,11 +47,15 @@ *

* Persistence is delegated to a {@code TokenStore} implementation and customization of the access token to a * {@link TokenEnhancer}. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Luke Taylor * @author Dave Syer */ +@Deprecated public class DefaultTokenServices implements AuthorizationServerTokenServices, ResourceServerTokenServices, ConsumerTokenServices, InitializingBean { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultUserAuthenticationConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultUserAuthenticationConverter.java index c8891c48c..7302a55c9 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultUserAuthenticationConverter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultUserAuthenticationConverter.java @@ -28,10 +28,14 @@ /** * Default implementation of {@link UserAuthenticationConverter}. Converts to and from an Authentication using only its * name and authorities. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class DefaultUserAuthenticationConverter implements UserAuthenticationConverter { private Collection defaultAuthorities; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java index 7ba183ad1..3ff32839e 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java @@ -39,10 +39,14 @@ * * If the endpoint returns a 400 response, this indicates that the token is invalid. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * @author Luke Taylor * */ +@Deprecated public class RemoteTokenServices implements ResourceServerTokenServices { protected final Log logger = LogFactory.getLog(getClass()); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/ResourceServerTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/ResourceServerTokenServices.java index 23795bc43..6af3f7f21 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/ResourceServerTokenServices.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/ResourceServerTokenServices.java @@ -5,6 +5,12 @@ import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; import org.springframework.security.oauth2.provider.OAuth2Authentication; +/** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * + */ +@Deprecated public interface ResourceServerTokenServices { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/TokenEnhancer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/TokenEnhancer.java index fd248d3ca..e33122fd6 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/TokenEnhancer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/TokenEnhancer.java @@ -18,10 +18,14 @@ /** * Strategy for enhancing an access token before it is stored by an {@link AuthorizationServerTokenServices} * implementation. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface TokenEnhancer { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/TokenEnhancerChain.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/TokenEnhancerChain.java index f34cb76d5..e9fe8b5e1 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/TokenEnhancerChain.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/TokenEnhancerChain.java @@ -20,10 +20,14 @@ /** * A composite token enhancer that loops over its delegate enhancers. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class TokenEnhancerChain implements TokenEnhancer { private List delegates = Collections.emptyList(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/TokenStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/TokenStore.java index 47e5d7c50..8cf2072a8 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/TokenStore.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/TokenStore.java @@ -8,7 +8,12 @@ /** * Persistence interface for OAuth2 tokens. + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * */ +@Deprecated public interface TokenStore { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/UserAuthenticationConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/UserAuthenticationConverter.java index 737bfa500..1403d5bf7 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/UserAuthenticationConverter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/UserAuthenticationConverter.java @@ -19,10 +19,14 @@ /** * Utility interface for converting a user authentication to and from a Map. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public interface UserAuthenticationConverter { final String AUTHORITIES = AccessTokenConverter.AUTHORITIES; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/DelegatingJwtClaimsSetVerifier.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/DelegatingJwtClaimsSetVerifier.java index 3a8fab70c..9d60b24de 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/DelegatingJwtClaimsSetVerifier.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/DelegatingJwtClaimsSetVerifier.java @@ -27,10 +27,14 @@ * A {@link JwtClaimsSetVerifier} that delegates claims verification * to it's internal List of {@link JwtClaimsSetVerifier}'s. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Joe Grandja * @since 2.2 * @see JwtClaimsSetVerifier */ +@Deprecated public class DelegatingJwtClaimsSetVerifier implements JwtClaimsSetVerifier { private final List jwtClaimsSetVerifiers; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/InMemoryTokenStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/InMemoryTokenStore.java index b5ab22ee4..7f30f4d36 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/InMemoryTokenStore.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/InMemoryTokenStore.java @@ -20,11 +20,15 @@ /** * Implementation of token services that stores tokens in memory. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ryan Heaton * @author Luke Taylor * @author Dave Syer */ +@Deprecated public class InMemoryTokenStore implements TokenStore { private static final int DEFAULT_FLUSH_INTERVAL = 1000; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/IssuerClaimVerifier.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/IssuerClaimVerifier.java index 7203283d1..4a206382e 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/IssuerClaimVerifier.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/IssuerClaimVerifier.java @@ -26,10 +26,14 @@ * A {@link JwtClaimsSetVerifier} that verifies the Issuer (iss) claim contained in the * JWT Claims Set against the issuer supplied to the constructor. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Joe Grandja * @since 2.2 * @see JwtClaimsSetVerifier */ +@Deprecated public class IssuerClaimVerifier implements JwtClaimsSetVerifier { private static final String ISS_CLAIM = "iss"; private final URL issuer; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JdbcTokenStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JdbcTokenStore.java index 63bf761bc..f2cafc3c1 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JdbcTokenStore.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JdbcTokenStore.java @@ -31,10 +31,14 @@ /** * Implementation of token services that stores tokens in a database. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Ken Dombeck * @author Luke Taylor * @author Dave Syer */ +@Deprecated public class JdbcTokenStore implements TokenStore { private static final Log LOG = LogFactory.getLog(JdbcTokenStore.class); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtAccessTokenConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtAccessTokenConverter.java index 4a77932c3..6ffc4acf8 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtAccessTokenConverter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtAccessTokenConverter.java @@ -43,12 +43,16 @@ * information (in both directions). Also acts as a {@link TokenEnhancer} when tokens are * granted. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @see TokenEnhancer * @see AccessTokenConverter * * @author Dave Syer * @author Luke Taylor */ +@Deprecated public class JwtAccessTokenConverter implements TokenEnhancer, AccessTokenConverter, InitializingBean { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtClaimsSetVerifier.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtClaimsSetVerifier.java index e686220cd..61d030ba9 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtClaimsSetVerifier.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtClaimsSetVerifier.java @@ -24,10 +24,14 @@ * contained in a JWT Claims Set, for example, expiration time (exp), * not before (nbf), issuer (iss), audience (aud), subject (sub), etc. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Joe Grandja * @since 2.2 * @see JwtAccessTokenConverter */ +@Deprecated public interface JwtClaimsSetVerifier { /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtTokenStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtTokenStore.java index 4f8ddd9c9..9e9c4b93e 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtTokenStore.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtTokenStore.java @@ -33,10 +33,14 @@ * nevertheless a useful tool since it translates access tokens to and from authentications. Use this wherever a * {@link TokenStore} is needed, but remember to use the same {@link JwtAccessTokenConverter} instance (or one with the same * verifier) as was used when the tokens were minted. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class JwtTokenStore implements TokenStore { private JwtAccessTokenConverter jwtTokenEnhancer; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/KeyStoreKeyFactory.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/KeyStoreKeyFactory.java index 854e7aedf..2ca4aa271 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/KeyStoreKeyFactory.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/KeyStoreKeyFactory.java @@ -29,10 +29,14 @@ /** * Factory for RSA key pairs from a JKS keystore file. User provides a {@link Resource} location of a keystore file and * the password to unlock it, and the factory grabs the keypairs from the store by name (and optionally password). - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class KeyStoreKeyFactory { private static final Log logger = LogFactory.getLog(KeyStoreKeyFactory.class); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java index 1e15ae2c8..36d56615c 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java @@ -20,8 +20,12 @@ /** * General exception for JSON Web Key (JWK) related errors. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Joe Grandja */ +@Deprecated public class JwkException extends OAuth2Exception { private static final String SERVER_ERROR_ERROR_CODE = "server_error"; private String errorCode = SERVER_ERROR_ERROR_CODE; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java index 92a8e0f9c..fab93d130 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java @@ -86,8 +86,12 @@ * @see JSON Web Token (JWT) * @see JSON Web Signature (JWS) * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Joe Grandja */ +@Deprecated public final class JwkTokenStore implements TokenStore { private final TokenStore delegate; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/BaseRedisTokenStoreSerializationStrategy.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/BaseRedisTokenStoreSerializationStrategy.java index 4a37506f7..4a1075d8b 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/BaseRedisTokenStoreSerializationStrategy.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/BaseRedisTokenStoreSerializationStrategy.java @@ -3,8 +3,12 @@ /** * Handles null/empty byte arrays on deserialize and null objects on serialize. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author efenderbosch */ +@Deprecated public abstract class BaseRedisTokenStoreSerializationStrategy implements RedisTokenStoreSerializationStrategy { private static final byte[] EMPTY_ARRAY = new byte[0]; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/JdkSerializationStrategy.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/JdkSerializationStrategy.java index e2a0088c1..373eb652e 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/JdkSerializationStrategy.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/JdkSerializationStrategy.java @@ -25,9 +25,13 @@ /** * Serializes and deserializes allowed objects using {@link SerializationUtils}. * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author efenderbosch * @author Artem Smotrakov */ +@Deprecated public class JdkSerializationStrategy extends StandardStringSerializationStrategy { private static final byte[] EMPTY_ARRAY = new byte[0]; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStore.java index 9241570f7..af91a39b7 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStore.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStore.java @@ -22,8 +22,12 @@ import java.util.List; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author efenderbosch */ +@Deprecated public class RedisTokenStore implements TokenStore { private static final String ACCESS = "access:"; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreSerializationStrategy.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreSerializationStrategy.java index 3d48f56f6..cf48c2373 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreSerializationStrategy.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreSerializationStrategy.java @@ -1,8 +1,12 @@ package org.springframework.security.oauth2.provider.token.store.redis; /** + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author efenderbosch */ +@Deprecated public interface RedisTokenStoreSerializationStrategy { T deserialize(byte[] bytes, Class clazz); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/StandardStringSerializationStrategy.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/StandardStringSerializationStrategy.java index 72b8faf18..a50545963 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/StandardStringSerializationStrategy.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/StandardStringSerializationStrategy.java @@ -4,10 +4,14 @@ /** * Serializes Strings using {@link StringRedisSerializer} - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author efenderbosch * */ +@Deprecated public abstract class StandardStringSerializationStrategy extends BaseRedisTokenStoreSerializationStrategy { private static final StringRedisSerializer STRING_SERIALIZER = new StringRedisSerializer(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/vote/ClientScopeVoter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/vote/ClientScopeVoter.java index b843161ca..88f6ccd8f 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/vote/ClientScopeVoter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/vote/ClientScopeVoter.java @@ -18,10 +18,14 @@ * This voter checks scope in request is consistent with that held by the client. If there is no user in the request * (client_credentials grant) it checks against authorities of client instead of scopes by default. Activate by adding * CLIENT_HAS_SCOPE to security attributes. - * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class ClientScopeVoter implements AccessDecisionVoter { private String clientHasScope = "CLIENT_HAS_SCOPE"; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/vote/ScopeVoter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/vote/ScopeVoter.java index c1ec0c847..f98ccf436 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/vote/ScopeVoter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/vote/ScopeVoter.java @@ -52,10 +52,14 @@ * scope=https://my.company.com/scopes/read/ (scopePrefix="scope=") for Google-like URI scope * names. *

- * + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * * @author Dave Syer * */ +@Deprecated public class ScopeVoter implements AccessDecisionVoter { private String scopePrefix = "SCOPE_"; From 0f0f2f823a9cd0332c694ed3502983e206e91a53 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Wed, 6 Nov 2019 20:01:37 -0500 Subject: [PATCH 20/94] Add deprecation notice Fixes gh-1775 --- .github/ISSUE_TEMPLATE.md | 9 +++++++++ .github/PULL_REQUEST_TEMPLATE.md | 9 +++++++++ README.md | 4 ++-- docs/Home.md | 5 +++++ docs/devguide.md | 5 +++++ docs/downloads.md | 5 +++++ docs/oauth1.md | 5 +++++ docs/oauth2.md | 5 +++++ docs/support.md | 5 +++++ docs/tutorial.md | 5 +++++ docs/twolegged.md | 5 +++++ samples/README.md | 6 ++++++ 12 files changed, 66 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index fcf1c76d4..d7639157b 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -1,3 +1,12 @@ + + diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 70c6c946d..a5fcc4da3 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,3 +1,12 @@ + + diff --git a/README.md b/README.md index 3e49c78f0..fe69c3b35 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ [![Build Status](https://travis-ci.org/spring-projects/spring-security-oauth.svg?branch=master)](https://travis-ci.org/spring-projects/spring-security-oauth) -# Maintenance Mode +### ** Deprecation Notice ** -This project is in maintenance mode in favor of the OAuth Support provided by Spring Security. Read more about it in the [blog post](https://spring.io/blog/2018/01/30/next-generation-oauth-2-0-support-with-spring-security). +The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. See the [OAuth 2.0 Migration Guide](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide) for further details. # About diff --git a/docs/Home.md b/docs/Home.md index 4bb73188e..07cde64b3 100644 --- a/docs/Home.md +++ b/docs/Home.md @@ -4,6 +4,11 @@ layout: default home: ../ --- +### Deprecation Notice + +The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. See the [OAuth 2.0 Migration Guide](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide) for further details. + +--- # Welcome diff --git a/docs/devguide.md b/docs/devguide.md index d96e6fbb0..d548da49b 100644 --- a/docs/devguide.md +++ b/docs/devguide.md @@ -4,6 +4,11 @@ layout: default home: ../ --- +### Deprecation Notice + +The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. See the [OAuth 2.0 Migration Guide](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide) for further details. + +--- # Developers Guide diff --git a/docs/downloads.md b/docs/downloads.md index da7a4a2d3..d440d28c2 100644 --- a/docs/downloads.md +++ b/docs/downloads.md @@ -4,6 +4,11 @@ layout: default home: ../ --- +### Deprecation Notice + +The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. See the [OAuth 2.0 Migration Guide](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide) for further details. + +--- # Downloads diff --git a/docs/oauth1.md b/docs/oauth1.md index dac3145fc..3ba5ad8e1 100644 --- a/docs/oauth1.md +++ b/docs/oauth1.md @@ -4,6 +4,11 @@ layout: default home: ../ --- +### Deprecation Notice + +The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. See the [OAuth 2.0 Migration Guide](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide) for further details. + +--- # OAuth 1 Developers Guide diff --git a/docs/oauth2.md b/docs/oauth2.md index cf634bba3..529d936f3 100644 --- a/docs/oauth2.md +++ b/docs/oauth2.md @@ -4,6 +4,11 @@ layout: default home: ../ --- +### Deprecation Notice + +The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. See the [OAuth 2.0 Migration Guide](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide) for further details. + +--- # OAuth 2 Developers Guide diff --git a/docs/support.md b/docs/support.md index a9958ae01..59244d9cd 100644 --- a/docs/support.md +++ b/docs/support.md @@ -4,6 +4,11 @@ layout: default home: ../ --- +### Deprecation Notice + +The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. See the [OAuth 2.0 Migration Guide](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide) for further details. + +--- # Support diff --git a/docs/tutorial.md b/docs/tutorial.md index ce578209d..2f2cd86c8 100644 --- a/docs/tutorial.md +++ b/docs/tutorial.md @@ -4,6 +4,11 @@ layout: default home: ../ --- +### Deprecation Notice + +The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. See the [OAuth 2.0 Migration Guide](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide) for further details. + +--- # Tutorial diff --git a/docs/twolegged.md b/docs/twolegged.md index 6e5042691..1d350d0a9 100644 --- a/docs/twolegged.md +++ b/docs/twolegged.md @@ -4,6 +4,11 @@ layout: default home: ../ --- +### Deprecation Notice + +The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. See the [OAuth 2.0 Migration Guide](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide) for further details. + +--- # 2-Legged OAuth diff --git a/samples/README.md b/samples/README.md index a7e0298a5..9140c388e 100644 --- a/samples/README.md +++ b/samples/README.md @@ -1,3 +1,9 @@ +### Deprecation Notice + +The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. See the [OAuth 2.0 Migration Guide](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide) for further details. + +--- + These are the Spring Security OAuth sample apps and integration tests. They are split into OAuth (1a) and OAuth2 samples. Look in the subdirectory `oauth` and `oauth2` respectively for components of the From d0e52d269f1fd921eb4e2c1d05e598c697386f69 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Wed, 13 Nov 2019 15:08:46 -0500 Subject: [PATCH 21/94] Release 2.4.0.RELEASE --- pom.xml | 2 +- samples/oauth/sparklr/pom.xml | 2 +- samples/oauth/tonr/pom.xml | 2 +- samples/oauth2/sparklr/pom.xml | 2 +- samples/oauth2/tonr/pom.xml | 2 +- samples/pom.xml | 2 +- spring-security-oauth/pom.xml | 2 +- spring-security-oauth2/pom.xml | 2 +- tests/annotation/approval/pom.xml | 2 +- tests/annotation/client/pom.xml | 2 +- tests/annotation/common/pom.xml | 2 +- tests/annotation/custom-authentication/pom.xml | 2 +- tests/annotation/custom-grant/pom.xml | 2 +- tests/annotation/form/pom.xml | 2 +- tests/annotation/jaxb/pom.xml | 2 +- tests/annotation/jdbc/pom.xml | 2 +- tests/annotation/jpa/pom.xml | 2 +- tests/annotation/jwt/pom.xml | 2 +- tests/annotation/mappings/pom.xml | 2 +- tests/annotation/multi/pom.xml | 2 +- tests/annotation/pom.xml | 4 ++-- tests/annotation/resource/pom.xml | 2 +- tests/annotation/ssl/pom.xml | 2 +- tests/annotation/vanilla/pom.xml | 2 +- tests/pom.xml | 2 +- tests/xml/approval/pom.xml | 2 +- tests/xml/client/pom.xml | 2 +- tests/xml/common/pom.xml | 2 +- tests/xml/form/pom.xml | 2 +- tests/xml/jdbc/pom.xml | 2 +- tests/xml/jwt/pom.xml | 2 +- tests/xml/mappings/pom.xml | 2 +- tests/xml/pom.xml | 4 ++-- tests/xml/vanilla/pom.xml | 2 +- 34 files changed, 36 insertions(+), 36 deletions(-) diff --git a/pom.xml b/pom.xml index 8f8b2c2aa..0164fa463 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ OAuth for Spring Security Parent Project for OAuth Support for Spring Security pom - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE https://docs.spring.io/spring-security/oauth diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml index 405b197e5..3652c67d0 100644 --- a/samples/oauth/sparklr/pom.xml +++ b/samples/oauth/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE ../../.. diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml index b250c2609..937d44cea 100644 --- a/samples/oauth/tonr/pom.xml +++ b/samples/oauth/tonr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE ../../.. diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml index 7a721d4bc..09a055ce1 100644 --- a/samples/oauth2/sparklr/pom.xml +++ b/samples/oauth2/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE ../../.. diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml index b44fe2bf2..75d5e43fe 100644 --- a/samples/oauth2/tonr/pom.xml +++ b/samples/oauth2/tonr/pom.xml @@ -6,7 +6,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE ../../.. diff --git a/samples/pom.xml b/samples/pom.xml index 8d8c7fc26..379b345c0 100755 --- a/samples/pom.xml +++ b/samples/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE spring-security-oauth-samples diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml index e6ef3d1c4..6faa4c678 100644 --- a/spring-security-oauth/pom.xml +++ b/spring-security-oauth/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE spring-security-oauth diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml index 07521956f..f3fc09d5c 100644 --- a/spring-security-oauth2/pom.xml +++ b/spring-security-oauth2/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE spring-security-oauth2 diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml index 6e4ca4cfa..768cc62e1 100644 --- a/tests/annotation/approval/pom.xml +++ b/tests/annotation/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml index d8643fa39..afc95c016 100644 --- a/tests/annotation/client/pom.xml +++ b/tests/annotation/client/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml index cd3abbe3a..da81042fe 100644 --- a/tests/annotation/common/pom.xml +++ b/tests/annotation/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml index 7b4082207..c7c389709 100644 --- a/tests/annotation/custom-authentication/pom.xml +++ b/tests/annotation/custom-authentication/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml index fe501886d..bc97a6a53 100644 --- a/tests/annotation/custom-grant/pom.xml +++ b/tests/annotation/custom-grant/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml index 31f0fa2d0..77bd51863 100644 --- a/tests/annotation/form/pom.xml +++ b/tests/annotation/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml index 0b3934458..3d4bf7920 100644 --- a/tests/annotation/jaxb/pom.xml +++ b/tests/annotation/jaxb/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml index 29f5e4cb8..5c7fa90e1 100644 --- a/tests/annotation/jdbc/pom.xml +++ b/tests/annotation/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml index 01635d8ac..e62adb13f 100644 --- a/tests/annotation/jpa/pom.xml +++ b/tests/annotation/jpa/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml index b06ba1740..c81e5c320 100644 --- a/tests/annotation/jwt/pom.xml +++ b/tests/annotation/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml index 989923dc2..52d2ed11e 100644 --- a/tests/annotation/mappings/pom.xml +++ b/tests/annotation/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml index 868792996..a7bf18bdf 100644 --- a/tests/annotation/multi/pom.xml +++ b/tests/annotation/multi/pom.xml @@ -9,7 +9,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml index 93f5fa962..456a4d51e 100644 --- a/tests/annotation/pom.xml +++ b/tests/annotation/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE pom @@ -45,7 +45,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE org.springframework.security diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml index a6d9078f7..458a90357 100644 --- a/tests/annotation/resource/pom.xml +++ b/tests/annotation/resource/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml index e0faaf1d7..c0e6c4d74 100644 --- a/tests/annotation/ssl/pom.xml +++ b/tests/annotation/ssl/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml index 6a35cb7fe..7efa69aa4 100644 --- a/tests/annotation/vanilla/pom.xml +++ b/tests/annotation/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/pom.xml b/tests/pom.xml index 3ddd1f134..83cff17d3 100644 --- a/tests/pom.xml +++ b/tests/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE spring-security-oauth-tests diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml index 36577db07..7e1c8755c 100644 --- a/tests/xml/approval/pom.xml +++ b/tests/xml/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml index 3c171b6da..9cbca0e38 100644 --- a/tests/xml/client/pom.xml +++ b/tests/xml/client/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml index 98363b412..eb8a99829 100644 --- a/tests/xml/common/pom.xml +++ b/tests/xml/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml index 587c2ef3a..1c9a1d6e0 100644 --- a/tests/xml/form/pom.xml +++ b/tests/xml/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml index a78d2e5e0..ecf596e3b 100644 --- a/tests/xml/jdbc/pom.xml +++ b/tests/xml/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml index a1557954f..153510ed3 100644 --- a/tests/xml/jwt/pom.xml +++ b/tests/xml/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml index 0d22a82b5..a0dac87ec 100644 --- a/tests/xml/mappings/pom.xml +++ b/tests/xml/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml index be7108716..737b577fe 100644 --- a/tests/xml/pom.xml +++ b/tests/xml/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE pom @@ -39,7 +39,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE org.springframework.security diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml index 6cd654e3c..d5de678ee 100644 --- a/tests/xml/vanilla/pom.xml +++ b/tests/xml/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.0.BUILD-SNAPSHOT + 2.4.0.RELEASE From c2763adb7202e01d9e87ad9b12cb3692a422caf4 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Wed, 13 Nov 2019 16:19:16 -0500 Subject: [PATCH 22/94] Next development version --- pom.xml | 2 +- samples/oauth/sparklr/pom.xml | 2 +- samples/oauth/tonr/pom.xml | 2 +- samples/oauth2/sparklr/pom.xml | 2 +- samples/oauth2/tonr/pom.xml | 2 +- samples/pom.xml | 2 +- spring-security-oauth/pom.xml | 2 +- spring-security-oauth2/pom.xml | 2 +- tests/annotation/approval/pom.xml | 2 +- tests/annotation/client/pom.xml | 2 +- tests/annotation/common/pom.xml | 2 +- tests/annotation/custom-authentication/pom.xml | 2 +- tests/annotation/custom-grant/pom.xml | 2 +- tests/annotation/form/pom.xml | 2 +- tests/annotation/jaxb/pom.xml | 2 +- tests/annotation/jdbc/pom.xml | 2 +- tests/annotation/jpa/pom.xml | 2 +- tests/annotation/jwt/pom.xml | 2 +- tests/annotation/mappings/pom.xml | 2 +- tests/annotation/multi/pom.xml | 2 +- tests/annotation/pom.xml | 4 ++-- tests/annotation/resource/pom.xml | 2 +- tests/annotation/ssl/pom.xml | 2 +- tests/annotation/vanilla/pom.xml | 2 +- tests/pom.xml | 2 +- tests/xml/approval/pom.xml | 2 +- tests/xml/client/pom.xml | 2 +- tests/xml/common/pom.xml | 2 +- tests/xml/form/pom.xml | 2 +- tests/xml/jdbc/pom.xml | 2 +- tests/xml/jwt/pom.xml | 2 +- tests/xml/mappings/pom.xml | 2 +- tests/xml/pom.xml | 4 ++-- tests/xml/vanilla/pom.xml | 2 +- 34 files changed, 36 insertions(+), 36 deletions(-) diff --git a/pom.xml b/pom.xml index 0164fa463..4b94b3256 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ OAuth for Spring Security Parent Project for OAuth Support for Spring Security pom - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT https://docs.spring.io/spring-security/oauth diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml index 3652c67d0..bb917be02 100644 --- a/samples/oauth/sparklr/pom.xml +++ b/samples/oauth/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml index 937d44cea..33c4686b3 100644 --- a/samples/oauth/tonr/pom.xml +++ b/samples/oauth/tonr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml index 09a055ce1..7d34b19d3 100644 --- a/samples/oauth2/sparklr/pom.xml +++ b/samples/oauth2/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml index 75d5e43fe..8a0c3a62b 100644 --- a/samples/oauth2/tonr/pom.xml +++ b/samples/oauth2/tonr/pom.xml @@ -6,7 +6,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT ../../.. diff --git a/samples/pom.xml b/samples/pom.xml index 379b345c0..92ba10982 100755 --- a/samples/pom.xml +++ b/samples/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT spring-security-oauth-samples diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml index 6faa4c678..e3c83d4d3 100644 --- a/spring-security-oauth/pom.xml +++ b/spring-security-oauth/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT spring-security-oauth diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml index f3fc09d5c..9a06c257f 100644 --- a/spring-security-oauth2/pom.xml +++ b/spring-security-oauth2/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT spring-security-oauth2 diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml index 768cc62e1..f4fb7a4aa 100644 --- a/tests/annotation/approval/pom.xml +++ b/tests/annotation/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml index afc95c016..6386d37bb 100644 --- a/tests/annotation/client/pom.xml +++ b/tests/annotation/client/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml index da81042fe..9e2b8d78f 100644 --- a/tests/annotation/common/pom.xml +++ b/tests/annotation/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml index c7c389709..13926247c 100644 --- a/tests/annotation/custom-authentication/pom.xml +++ b/tests/annotation/custom-authentication/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml index bc97a6a53..43c41e6cb 100644 --- a/tests/annotation/custom-grant/pom.xml +++ b/tests/annotation/custom-grant/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml index 77bd51863..8580ae14d 100644 --- a/tests/annotation/form/pom.xml +++ b/tests/annotation/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml index 3d4bf7920..91e6a6402 100644 --- a/tests/annotation/jaxb/pom.xml +++ b/tests/annotation/jaxb/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml index 5c7fa90e1..d55e18680 100644 --- a/tests/annotation/jdbc/pom.xml +++ b/tests/annotation/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml index e62adb13f..f7ed4c024 100644 --- a/tests/annotation/jpa/pom.xml +++ b/tests/annotation/jpa/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml index c81e5c320..1de68a99f 100644 --- a/tests/annotation/jwt/pom.xml +++ b/tests/annotation/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml index 52d2ed11e..7f62f63d8 100644 --- a/tests/annotation/mappings/pom.xml +++ b/tests/annotation/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml index a7bf18bdf..52689cb94 100644 --- a/tests/annotation/multi/pom.xml +++ b/tests/annotation/multi/pom.xml @@ -9,7 +9,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml index 456a4d51e..10979ef59 100644 --- a/tests/annotation/pom.xml +++ b/tests/annotation/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT pom @@ -45,7 +45,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT org.springframework.security diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml index 458a90357..7cacf9c75 100644 --- a/tests/annotation/resource/pom.xml +++ b/tests/annotation/resource/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml index c0e6c4d74..668eadc5b 100644 --- a/tests/annotation/ssl/pom.xml +++ b/tests/annotation/ssl/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml index 7efa69aa4..e626d443e 100644 --- a/tests/annotation/vanilla/pom.xml +++ b/tests/annotation/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/pom.xml b/tests/pom.xml index 83cff17d3..0e61218e2 100644 --- a/tests/pom.xml +++ b/tests/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT spring-security-oauth-tests diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml index 7e1c8755c..6b1f9049e 100644 --- a/tests/xml/approval/pom.xml +++ b/tests/xml/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml index 9cbca0e38..7c2b07255 100644 --- a/tests/xml/client/pom.xml +++ b/tests/xml/client/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml index eb8a99829..8745be2be 100644 --- a/tests/xml/common/pom.xml +++ b/tests/xml/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml index 1c9a1d6e0..22cd300b4 100644 --- a/tests/xml/form/pom.xml +++ b/tests/xml/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml index ecf596e3b..098fdcb8b 100644 --- a/tests/xml/jdbc/pom.xml +++ b/tests/xml/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml index 153510ed3..63e5b58a9 100644 --- a/tests/xml/jwt/pom.xml +++ b/tests/xml/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml index a0dac87ec..0848a75ef 100644 --- a/tests/xml/mappings/pom.xml +++ b/tests/xml/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml index 737b577fe..cf2a5ef6c 100644 --- a/tests/xml/pom.xml +++ b/tests/xml/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT pom @@ -39,7 +39,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT org.springframework.security diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml index d5de678ee..02a4b6188 100644 --- a/tests/xml/vanilla/pom.xml +++ b/tests/xml/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.0.RELEASE + 2.4.1.BUILD-SNAPSHOT From dfb12eadd91b5c01eba4df7d72ef0a81c4382e8b Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Mon, 18 Nov 2019 09:41:05 -0500 Subject: [PATCH 23/94] Remove redundant docs Fixes gh-1811 --- docs/Home.md | 46 ------- docs/_Sidebar.md | 13 -- docs/devguide.md | 33 ----- docs/downloads.md | 40 ------ docs/oauth1.md | 304 ---------------------------------------------- docs/oauth2.md | 297 -------------------------------------------- docs/support.md | 25 ---- docs/tutorial.md | 101 --------------- docs/twolegged.md | 38 ------ 9 files changed, 897 deletions(-) delete mode 100644 docs/Home.md delete mode 100644 docs/_Sidebar.md delete mode 100644 docs/devguide.md delete mode 100644 docs/downloads.md delete mode 100644 docs/oauth1.md delete mode 100644 docs/oauth2.md delete mode 100644 docs/support.md delete mode 100644 docs/tutorial.md delete mode 100644 docs/twolegged.md diff --git a/docs/Home.md b/docs/Home.md deleted file mode 100644 index 07cde64b3..000000000 --- a/docs/Home.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Docs -layout: default -home: ../ ---- - -### Deprecation Notice - -The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. See the [OAuth 2.0 Migration Guide](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide) for further details. - ---- - -# Welcome - -OAuth for Spring Security provides an [OAuth](https://oauth.net) -implementation for -[Spring Security](https://projects.spring.io/spring-security/). -Support is provided for the implementation of OAuth providers and -OAuth consumers. There is support for [Oauth 1(a)](oauth1.html) (including -[two-legged OAuth](twolegged.html), a.k.a. "Signed Fetch") and for -[OAuth 2.0](oauth2.md). - -Applying security to an application is not for the faint of heart, and OAuth is no exception. Before you get started, -you're going to want to make sure you understand OAuth and the problem it's designed to address. There is good -documentation at [the OAuth site](https://oauth.net). You will also want to make sure you understand how -[Spring](https://springframework.org/) and [Spring Security](https://projects.spring.io/spring-security/) work. - -You're going to want to be quite familiar with both [OAuth](https://oauth.net) (and/or [OAuth2](https://tools.ietf.org/html/draft-ietf-oauth-v2)) -and [Spring Security](https://projects.spring.io/spring-security/), to maximize the effectiveness of this developers guide. OAuth for -Spring Security is tightly tied to both technologies, so the more familiar you are with them, the more likely you'll be to recognize the terminology -and patterns that are used. - -With that, you're ready to get started. Here are some useful links: - -* For access to the binaries, use Maven ([instructions here](downloads.html)) - -* Source code is in github - [at spring-projects/spring-security-oauth](https://github.com/spring-projects/spring-security-oauth). - -* You'll want to see OAuth for Spring Security in action, so here is a -[tutorial](tutorial.html) - -* Read a more detailed explanation in the [developer's guide](devguide.html). - -* For more help and support, checkout the [support links](support.html). - diff --git a/docs/_Sidebar.md b/docs/_Sidebar.md deleted file mode 100644 index 981184225..000000000 --- a/docs/_Sidebar.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -title: Docs -layout: default -home: ../ ---- - - -* [Home](Home.html) -* [Tuturial](tutorial.html) -* [OAuth 1.0](oauth1.html) -* [OAuth 2.0](oauth2.html) -* [Downloads](downloads.html) -* [Support](support.html) diff --git a/docs/devguide.md b/docs/devguide.md deleted file mode 100644 index d548da49b..000000000 --- a/docs/devguide.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -title: Docs -layout: default -home: ../ ---- - -### Deprecation Notice - -The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. See the [OAuth 2.0 Migration Guide](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide) for further details. - ---- - -# Developers Guide - -## Preparation - -You're going to want to be quite familiar with -[OAuth2](https://tools.ietf.org/html/draft-ietf-oauth-v2) (and/or -[OAuth](https://oauth.net) ) and -[Spring Security](https://projects.spring.io/spring-security/), -to maximize the effectiveness of this developers guide. OAuth for -Spring Security is tightly tied to both technologies, so the more -familiar you are with them, the more likely you'll be to recognize the -terminology and patterns that are used. - -## Options - -Your first decision is whether you need to leverage support for OAuth 1.0, OAuth 2.0, or both. - -So pick your poison: - -* [OAuth 1.0](oauth1.html) -* [OAuth 2](oauth2.html) diff --git a/docs/downloads.md b/docs/downloads.md deleted file mode 100644 index d440d28c2..000000000 --- a/docs/downloads.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -title: Docs -layout: default -home: ../ ---- - -### Deprecation Notice - -The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. See the [OAuth 2.0 Migration Guide](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide) for further details. - ---- - -# Downloads - -You can download source code bundles from [Github], or clone the repository using git. OAuth for Spring Security is a Maven-based project. - -* groupId: `org.springframework.security.oauth` -* artifactId: `spring-security-oauth` for OAuth 1.0a and `spring-security-oauth2` for OAuth 2.0 - -To download the jars, just look in the [Maven repository][mavenrepo]. - -Full releases go in Maven [central], and in the SpringSource repository but milestones and snapshots go only in the SpringSource respository. For milestones: - - - spring-milestone - Spring Maven MILESTONE Repository - https://maven.springframework.org/milestone - - -and for snapshots: - - - spring-snnapshot - Spring Maven SNAPSHOT Repository - https://maven.springframework.org/snapshot - - -[mavenrepo]: https://shrub.appspot.com/maven.springframework.org/release/org/springframework/security/oauth/spring-security-oauth/ -[central]: https://repo1.maven.org/maven2/org/springframework/security/oauth/spring-security-oauth/ -[Github]: https://github.com/spring-projects/spring-security-oauth diff --git a/docs/oauth1.md b/docs/oauth1.md deleted file mode 100644 index 3ba5ad8e1..000000000 --- a/docs/oauth1.md +++ /dev/null @@ -1,304 +0,0 @@ ---- -title: Docs -layout: default -home: ../ ---- - -### Deprecation Notice - -The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. See the [OAuth 2.0 Migration Guide](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide) for further details. - ---- - -# OAuth 1 Developers Guide - -## Introduction - -This is the developers guide for the support for OAuth 1.0. For OAuth 2.0, everything is different, so [see it's developers guide](oauth2.html). - -This user guide is divided into two parts, the first for the OAuth 1.0 provider, the second for the OAuth 1.0 consumer. Here's a -TOC for quick navigation: - -## OAuth 1.0 Provider - -The OAuth 1.0 provider is responsible for managing the OAuth 1.0 consumers that can access its protected resources on behalf of -a user. The provider does this by managing and verifying the OAuth 1.0 tokens that can be used to access the protected -resources. Of course, the provider must also supply an interface for the user to confirm that a consumer can be granted -access to the protected resources (i.e. a confirmation page). - -### Managing Consumers - -The entry point into your database of consumers is defined by the [`ConsumerDetailsService`][ConsumerDetailsService]. -You must define your own [`ConsumerDetailsService`][ConsumerDetailsService] that will load [`ConsumerDetails`][ConsumerDetails] -by the _consumer key_. Note the existence of an [in-memory implementation][InMemoryConsumerDetailsService] of -[`ConsumerDetailsService`][ConsumerDetailsService]. - -When implementing your [`ConsumerDetailsService`][ConsumerDetailsService] consider returning instances of -[BaseConsumerDetails][BaseConsumerDetails] which contains additional information about the consumer that may be useful when -displaying a confirmation screen to the user. - -### Managing Tokens - -The [`OAuthProviderTokenServices`][OAuthProviderTokenServices] interface defines the operations that are necessary to manage -OAuth 1.0 tokens. Note the following: - -* When a request token is created, care must be taken to ensure that it is not an access token. -* When a request token is authorized, the authentication must be stored so that the subsequent access token can reference it. -* When an access token is created, it must reference the authentication that was used to authorized the request token that is used - to create the access token. - -When creating your [`OAuthProviderTokenServices`][OAuthProviderTokenServices] implementation, you may want to consider extending -the [`RandomValueProviderTokenServices`][RandomValueProviderTokenServices] which creates tokens via random value and handles -everything except for the persistence of the tokens. There is also an [in-memory implementation][InMemoryProviderTokenServices] -of the [`OAuthProviderTokenServices`][OAuthProviderTokenServices] that may be suitable, but note that when using the in-memory implementation -a separate thread is spawned to take care of the cleanup of expired tokens. - -### OAuth 1.0 Provider Request Filters - -The requests for the tokens and for access to protected resources are handled by standard Spring Security request filters. The following filters -are required in the Spring Security filter chain in order to implement OAuth 1.0: - -* The [`UnauthenticatedRequestTokenProcessingFilter`][UnauthenticatedRequestTokenProcessingFilter] is used to service the request for - an unauthenticated request token. Default URL: `/oauth_request_token`. -* The [`UserAuthorizationProcessingFilter`][UserAuthorizationProcessingFilter] is used authorize a request token. The user must be - authenticated and it is assumed that the user has been presented with the appropriate confirmation page. -* The [`AccessTokenProcessingFilter`][AccessTokenProcessingFilter] is used to service the request for an OAuth 1.0 access token. - Default URL: `/oauth_access_token`. -* The [`ProtectedResourceProcessingFilter`][ProtectedResourceProcessingFilter] is used to load the Authentication for the request given - an authenticated access token. - -### Managing Nonces - -The OAuth 1.0 spec also recommends that the nonce that is supplied on every OAuth 1.0 request be checked to ensure it isn't used twice for the -same timestamp. In order to do this, nonces must be stored and verified on every OAuth 1.0 request. The interface that is used -to validate nonces is [`OAuthNonceServices`][OAuthNonceServices]. The default implementation, [`ExpiringTimestampNonceServices`][ExpiringTimestampNonceServices], -does not adhere to this recommendation, but only validates that the timestamp isn't too old. If further assurance is required, you will need -to supply your own implementation of `OAuthNonceServices`. Note the existence of an [in-memory implementation][InMemoryNonceServices]. - -### Managing Callbacks - -With the 1.0a revision of the OAuth 1.0 specification, the callback URL is provided at the time the request is made for a request token and will be used when -redirecting the user back to the OAuth 1.0 consumer. Therefore, a means must be provided to persist the callback between requests. The interface that is used -to persist callbacks is [`OAuthCallbackServices`][OAuthCallbackServices]. The default implementation, [`InMemoryCallbackServices`][InMemoryCallbackServices] -persists the callbacks in-memory. You must supply your own implementation of `OAuthCallbackServices` if this is inadequate. - -### Managing Verifiers - -With the 1.0a revision of the OAuth 1.0 specification, the a verifier is provided to the consumer via the user that must be passed back -to the provider when requesting the access token. Therefore, a means must be provided to create and persist the verifier. The interface -that is used to this end is [`OAuthVerifierServices`][OAuthVerifierServices]. The default implementation, -[`RandomValueInMemoryVerifierServices`][RandomValueInMemoryVerifierServices], creates a small, user-friendly (6 readable ASCII characters -by default) verifier and persists the verifier in memory. You must supply your own implementation of `OAuthVerifierServices` if this is inadequate. - -### Authorization By Consumer - -It is sometimes required to limit access to a resource to a specific consumer or to a consumer that has specific roles. The classes in the -[`org.springframework.security.oauth.provider.attributes`][attributes-package] package can be used to do this. Methods can be protected using the -annotations in that package, and the [`ConsumerSecurityConfig`][ConsumerSecurityConfig] can be supplied to the standard Spring Security filter -interceptor in order to enable the annotations. Finally, the [`ConsumerSecurityVoter`][ConsumerSecurityVoter] would need to be supplied to the -Spring Security authentication manager. - -### Provider Configuration - -For the OAuth 1.0 provider, configuration is simplified using the custom spring configuration elements. The schema for these elements rests at -[https://www.springframework.org/schema/security/spring-security-oauth.xsd][oauth1.xsd]. The namespace is `http://www.springframework.org/schema/security/oauth`. - -The following configuration elements are used to supply provider configuration: - -#### The "provider" element - -The `provider` element is used to configure the OAuth 1.0 provider mechanism. The following attributes can be applied to the `provider` element: - -* `consumer-details-service-ref`: The reference to the bean that defines the consumer details service. This is required if not autowired. -* `token-services-ref`: The reference to the bean that defines the token services. -* `request-token-url`: The URL at which a request for an unauthenticated request token will be serviced. Default value: "/oauth_request_token" -* `authenticate-token-url`: The URL at which a request to authenticate a request token will be serviced. Default value: "/oauth_authenticate_token" -* `access-token-url`: The URL at which a request for an access token (using an authenticated request token) will be serviced. Default value: "/oauth_access_token" -* `access-granted-url`: The URL to which the user will be redirected upon authenticating a request token, but only if there was no callback URL supplied from the oauth consumer. Default value: "/" -* `user-approval-url`: The URL to which the user will be redirected if for some reason authentication of a request token failed. Default behavior is to just issue a "401: unauthorized" response. -* `nonce-services-ref`: The reference to the bean that defines the nonce services. Default is to supply an instance of `org.springframework.security.oauth.provider.nonce.ExpiringTimestampNonceServices` -* `callback-services-ref`: The reference to the bean that defines the callback services. Default is to supply an instance of `org.springframework.security.oauth.provider.callback.InMemoryCallbackServices` -* `verifier-services-ref`: The reference to the bean that defines the verifier services. Default is to supply an instance of `org.springframework.security.oauth.provider.verifier.RandomValueInMemoryVerifierServices` -* `auth-handler-ref`: The reference to the bean that defines the authentication handler. Default is to supply an instance of `org.springframework.security.oauth.provider.DefaultAuthenticationHandler` -* `support-ref`: The reference to the bean that defines the provider support logic. Default is to supply an instance of `org.springframework.security.oauth.provider.CoreOAuthProviderSupport` -* `token-id-param`: The name of the request parameter that specifies to the 'authenticate-token-url' the id of the token that is to be authenticated. Default value: "requestToken". -* `callback-url-param`: The name of the request parameter that specifies to the 'authenticate-token-url' the callback URL to which the user is to be redirected upon successful authentication. Default value: "callbackURL". - -#### The "consumer-details-service" element - -The `consumer-details-service` element is used to define an in-memory implementation of the consumer details service. It takes an `id` attribute and an -arbitrary number of `consumer` child elements that define the following attributes for each consumer: - -* `key`: (required) The consumer key. -* `secret`: (required) The consumer secret. -* `name`: The (display) name of the consumer. -* `authorities`: Comma-separated list of authorities (e.g. roles) that are granted to the consumer. -* `resourceName`: The name of the resource. -* `resourceDescription`: The description of the resource. -* `requiredToObtainAuthenticatedToken`: Whether this consumer is required to obtain an authenticated oauth token. If _true_, it means that the OAuth 1.0 consumer won't be granted access to the protected resource unless the user is directed to the token authorization page. If _false_, it means that the provider has an additional level of trust with the consumer. Not requiring an authenticated access token is also known as "2-legged" OAuth or "signed fetch". For more information, see [two-legged OAuth](./twolegged.html). - -#### The "token-services" element - -The `token-services` element is a simple element that can be used to provide an in-memory implementation of the provider token services. -It supports an _id_ attribute (bean id) and a _cleanupInterval_ attribute that specifies how often the cleanup thread should wake up (in seconds). - -#### The "verifier-services" element - -The `verifier-services` element is a simple element that can be used to provide an in-memory implementation of the provider verifier services. -It supports an `id` attribute (bean id) and a `verifierLengthBytes` attribute that specifies the length of the verifier. - -### Configuring An OAuth-Aware Expression Handler - -You may want to take advantage of Spring Security's [expression-based access control](https://docs.spring.io/spring-security/site/docs/3.0.x/reference/el-access.html). -You can register a oauth-aware expression handler with the `expression-handler` element. Use the id of the oauth expression handler to add oauth-aware -expressions to the built-in expressions. - -The expressions include _oauthConsumerHasRole_, _oauthConsumerHasAnyRole_, and _denyOAuthConsumer_ which can be used to provide access based on the role of the -oauth consumer. - -## OAuth 1.0 Consumer - -The OAuth 1.0 consumer logic is responsible for (1) obtaining an OAuth 1 access token and (2) signing requests for OAuth 1 -protected resources. OAuth for Spring Security provides a request filter for acquiring the access token, a request filter -for ensuring that access to certain URLs is locked down to a set of acquired access token, and utilities for making a request -for a protected resource. A consumer must be responsible for maintaing a list of protected resources that can be accessed and, -like the provider, a consumer must be responsible for managing the OAuth 1.0 tokens. - -If you were discouraged by the complexity of implementing an OAuth 1.0 provider, take heart. Implementation of an OAuth 1.0 -consumer is easier, partially because OAuth 1.0 for Spring Security provides suitable defaults for most cases. - -### Managing Protected Resources - -A database of protected resources that are accessible by a consumer must be provided through the [`ProtectedResourceDetailsService`][ProtectedResourceDetailsService]. -Each protected resource must provide all information related to obtaining access to it. This includes the URL to obtain a request token, the URL to which to -redirect the user for authorization, the URL at which to obtain an access token, etc. It also contains various properties that describe the provider of the -protected resource. Consider the existence of the [`InMemoryProtectedResourceDetailsService`][InMemoryProtectedResourceDetailsService] -and the [`BaseProtectedResourceDetails`][BaseProtectedResourceDetails] for help in creating the database of protected resources. - -### Managing Provider Tokens - -Like the provider, the consumer must be responsible for managing the OAuth tokens. The necessary interface for managing the consumer tokens is -[`OAuthConsumerTokenServices`][OAuthConsumerTokenServices]. Assuming that the consumer can leverage an active HTTP session, the default -[`HttpSessionBasedTokenServices`][HttpSessionBasedTokenServices] might be adequate, but if you'd like to persist access tokens longer than a user -session, you'll have to implement your own persistent implementation of the token services. - -### OAuth 1.0 Consumer Request Filters - -There are two request filters that are applicable to the OAuth consumer logic. The first filter, [`OAuthConsumerContextFilter`][OAuthConsumerContextFilter], -is responsible for establishing an OAuth-specific security context, very similar to Spring Security's `SecurityContext`. The security -context simply contains a set of access tokens that have been obtained for the current user. This security context is leveraged when making requests -for protected resources. - -There is another request filter, [`OAuthConsumerProcessingFilter`][OAuthConsumerProcessingFilter], that can be applied to specific URLs or -URL patterns that require access to a remote protected resource. Putting this filter in Spring Security's filter chain -will ensure that any access tokens needed for the specified URL patters will be obtained before allowing access to the resources. - -### Requesting Protected Resources - -The [`OAuthRestTemplate`][OAuthRestTemplate] can be used to make REST-like requests to resources protected by OAuth. It's used just like a standard -RestTemplate (new in Spring 3), but is supplied with a specific `ProtectedResourcDetails` so it can sign its requests. - -### Consumer Configuration - -For the OAuth 1.0 consumer, configuration is simplified using the custom spring configuration elements. The schema for these elements rests at -[https://www.springframework.org/schema/security/spring-security-oauth.xsd][oauth1.xsd]. -The namespace is `http://www.springframework.org/schema/security/oauth`. - -Two custom configuration elements are used to supply provider configuration: - -#### The "consumer" element - -The `consumer` element configures the OAuth 1.0 consumer mechanism. This element is used to set up the security filter(s) that will handle -the OAuth consumer logic. The OAuth context filter establishes a context for the OAuth consumer logic. The OAuth access filter is used to -apply OAuth constraints on specified URLs (request paths) in your application. The access filter is applied by specified one or more `url` -child elements to the `consumer` element. - -The `url` element supports the following attributes: - -* `pattern`: (required) The URL pattern. -* `resources`: (required) Comma-separated list of the ids of the protected resources that the URL requires access to. -* `httpMethod`: The HTTP method that requires access. Default is all methods. - -The `consumer` element also supports the following attributes: - -* `resource-details-service-ref`: The reference to the resource details service. This is required if not autowired. -* `oauth-failure-page`: The page to which to redirect the user if a problem happens during OAuth 1.0 authentication. -* `entry-point-ref`: Reference to the entry point to use if a problem happens during OAuth 1.0 authentication (overrides _oauth-failure-page_). -* `path-type`: URL path type. Default value: "ant". -* `lowercase-comparisons`: Whether to use lowercase comparisons. -* `support-ref`: Reference to the OAuth 1.0 consumer support logic. -* `token-services-factory-ref`: Reference to the token services factory. - -#### The "resource-details-service" element - -The `resource-details-service` element configures an in-memory implementation of the resource details. It supports an "id" attribute -and an arbitrary number of `resource` child elements which are used to define the protected resources and support the following attributes: - -* `id`: (required) The resource id. -* `key`: (required) The consumer key. -* `secret`: (required) The shared secret. -* `request-token-url`: (required) The URL to use to get the OAuth 1.0 request token. -* `user-authorization-url`: (required) The URL to which to redirect the user to authorize the request token. -* `access-token-url`: (required) The URL to use to get an OAuth 1.0 access token. -* `signature-method`: The signature method to use (e.g. "HMAC-SHA1", "PLAINTEXT", etc.). Default "HMAC-SHA1". -* `user-authorization-token-param`: Name of the request parameter to use to pass the value of the request token when redirecting the user to the authorization page. Default value: "requestToken" -* `user-authorization-callback-param`: Name of the request parameter to use to pass the value of the callback URL when redirecting the user to the authorization page. Default value: "callbackURL" -* `accepts-authorization-header`: Whether the provider accepts the HTTP authorization header. Default: "true" -* `authorization-header-realm`: The "realm" for the HTTP authorization header. -* `use10a`: Whether the resource is protected using OAuth 1.0a. Default: "true" - -## Customizations Not Explicitly Supported by Namespace - -The XML DSL has extension points for some of the most common use -cases, generally specified through strategies injected through -attributes (e.g. the `token-services-ref` in the ``), but -occasionally you may need to add customizations not supported in this -way. Other cases can be handled locally without losing the benefit of -the namespace because the bean definitions created are all designed to -be easy to override. The namespace parsers create bean definitions -with fixed bean definition names (hopefully easy to guess, but it is -not hard to verify them by reading the source code of the parsers), -and all you need to do to override one part of the namespace support -is create a bean definition with the same name. For instance, the -`` element creates an `OAuthProviderProcessingFilter` which -itself has a default `ProtectedResourceProcessingFilter`, but if you -wanted to replace it you could override the bean definition: - - - - - ... - - -In this example, the explicit bean definition overrides the one created by the `` because of the ordering in the application context declaration (this is a standard Spring bean factory feature). Bean definitions created by the namespace parsers follow the convention that they start with "oauth" and generally they are the class name of the default implementation provided by the framework. - -[ConsumerDetailsService]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/ConsumerDetailsService.html -[ConsumerDetails]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/ConsumerDetails.html -[InMemoryConsumerDetailsService]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/InMemoryConsumerDetailsService.html -[BaseConsumerDetails]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/BaseConsumerDetails.html -[OAuthProviderTokenServices]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/token/OAuthProviderTokenServices.html -[RandomValueProviderTokenServices]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/token/RandomValueProviderTokenServices.html -[InMemoryProviderTokenServices]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/token/InMemoryProviderTokenServices.html -[UnauthenticatedRequestTokenProcessingFilter]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/UnauthenticatedRequestTokenProcessingFilter.html -[UserAuthorizationProcessingFilter]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/UserAuthorizationProcessingFilter.html -[AccessTokenProcessingFilter]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/AccessTokenProcessingFilter.html -[ProtectedResourceProcessingFilter]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/ProtectedResourceProcessingFilter.html -[OAuthNonceServices]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/nonce/OAuthNonceServices.html -[ExpiringTimestampNonceServices]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/nonce/ExpiringTimestampNonceServices.html -[InMemoryNonceServices]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/nonce/InMemoryNonceServices.html -[OAuthCallbackServices]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/callback/OAuthCallbackServices.html -[InMemoryCallbackServices]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/callback/InMemoryCallbackServices.html -[OAuthVerifierServices]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/verifier/OAuthVerifierServices.html -[RandomValueInMemoryVerifierServices]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/verifier/RandomValueInMemoryVerifierServices.html -[attributes-package]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/attributes/package-summary.html -[ConsumerSecurityConfig]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/attributes/ConsumerSecurityConfig.html -[ConsumerSecurityVoter]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/attributes/ConsumerSecurityVoter.html -[ProtectedResourceDetailsService]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/consumer/ProtectedResourceDetailsService.html -[InMemoryProtectedResourceDetailsService]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/consumer/InMemoryProtectedResourceDetailsService.html -[BaseProtectedResourceDetails]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/consumer/BaseProtectedResourceDetails.html -[OAuthConsumerTokenServices]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/consumer/token/OAuthConsumerTokenServices.html -[HttpSessionBasedTokenServices]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/consumer/token/HttpSessionBasedTokenServices.html -[OAuthConsumerContextFilter]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/consumer/OAuthConsumerContextFilter.html -[OAuthConsumerProcessingFilter]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/consumer/OAuthConsumerProcessingFilter.html -[OAuthRestTemplate]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/consumer/OAuthRestTemplate.html -[oauth1.xsd]: https://www.springframework.org/schema/security/spring-security-oauth.xsd "oauth1.xsd" diff --git a/docs/oauth2.md b/docs/oauth2.md deleted file mode 100644 index 529d936f3..000000000 --- a/docs/oauth2.md +++ /dev/null @@ -1,297 +0,0 @@ ---- -title: Docs -layout: default -home: ../ ---- - -### Deprecation Notice - -The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. See the [OAuth 2.0 Migration Guide](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide) for further details. - ---- - -# OAuth 2 Developers Guide - -## Introduction - -This is the user guide for the support for [`OAuth 2.0`](https://tools.ietf.org/html/draft-ietf-oauth-v2). For OAuth 1.0, everything is different, so [see its user guide](oauth1.html). - -This user guide is divided into two parts, the first for the OAuth 2.0 provider, the second for the OAuth 2.0 client. For both the provider and the client, the best source of sample code is the [integration tests](https://github.com/spring-projects/spring-security-oauth/tree/master/tests) and [sample apps](https://github.com/spring-projects/spring-security-oauth/tree/master/samples/oauth2). - -## OAuth 2.0 Provider - -The OAuth 2.0 provider mechanism is responsible for exposing OAuth 2.0 protected resources. The configuration involves establishing the OAuth 2.0 clients that can access its protected resources independently or on behalf of a user. The provider does this by managing and verifying the OAuth 2.0 tokens used to access the protected resources. Where applicable, the provider must also supply an interface for the user to confirm that a client can be granted access to the protected resources (i.e. a confirmation page). - -## OAuth 2.0 Provider Implementation - -The provider role in OAuth 2.0 is actually split between Authorization Service and Resource Service, and while these sometimes reside in the same application, with Spring Security OAuth you have the option to split them across two applications, and also to have multiple Resource Services that share an Authorization Service. The requests for the tokens are handled by Spring MVC controller endpoints, and access to protected resources is handled by standard Spring Security request filters. The following endpoints are required in the Spring Security filter chain in order to implement OAuth 2.0 Authorization Server: - -* [`AuthorizationEndpoint`][AuthorizationEndpoint] is used to service requests for authorization. Default URL: `/oauth/authorize`. -* [`TokenEndpoint`][TokenEndpoint] is used to service requests for access tokens. Default URL: `/oauth/token`. - -The following filter is required to implement an OAuth 2.0 Resource Server: - -* The [`OAuth2AuthenticationProcessingFilter`][OAuth2AuthenticationProcessingFilter] is used to load the Authentication for the request given an authenticated access token. - -For all the OAuth 2.0 provider features, configuration is simplified using special Spring OAuth `@Configuration` adapters. There is also an XML namespace for OAuth configuration, and the schema resides at [https://www.springframework.org/schema/security/spring-security-oauth2.xsd][oauth2.xsd]. The namespace is `http://www.springframework.org/schema/security/oauth2`. - -## Authorization Server Configuration - -As you configure the Authorization Server, you have to consider the grant type that the client is to use to obtain an access token from the end-user (e.g. authorization code, user credentials, refresh token). The configuration of the server is used to provide implementations of the client details service and token services and to enable or disable certain aspects of the mechanism globally. Note, however, that each client can be configured specifically with permissions to be able to use certain authorization mechanisms and access grants. I.e. just because your provider is configured to support the "client credentials" grant type, doesn't mean that a specific client is authorized to use that grant type. - -The `@EnableAuthorizationServer` annotation is used to configure the OAuth 2.0 Authorization Server mechanism, together with any `@Beans` that implement `AuthorizationServerConfigurer` (there is a handy adapter implementation with empty methods). The following features are delegated to separate configurers that are created by Spring and passed into the `AuthorizationServerConfigurer`: - -* `ClientDetailsServiceConfigurer`: a configurer that defines the client details service. Client details can be initialized, or you can just refer to an existing store. -* `AuthorizationServerSecurityConfigurer`: defines the security constraints on the token endpoint. -* `AuthorizationServerEndpointsConfigurer`: defines the authorization and token endpoints and the token services. - -An important aspect of the provider configuration is the way that an authorization code is supplied to an OAuth client (in the authorization code grant). An authorization code is obtained by the OAuth client by directing the end-user to an authorization page where the user can enter her credentials, resulting in a redirection from the provider authorization server back to the OAuth client with the authorization code. Examples of this are elaborated in the OAuth 2 specification. - -In XML there is an `` element that is used in a similar way to configure the OAuth 2.0 Authorization Server. - -### Configuring Client Details - -The `ClientDetailsServiceConfigurer` (a callback from your `AuthorizationServerConfigurer`) can be used to define an in-memory or JDBC implementation of the client details service. Important attributes of a client are - -* `clientId`: (required) the client id. -* `secret`: (required for trusted clients) the client secret, if any. -* `scope`: The scope to which the client is limited. If scope is undefined or empty (the default) the client is not limited by scope and instead limited by some other authority information associated in the token. -* `authorizedGrantTypes`: Grant types that are authorized for the client to use. Default value is empty. -* `authorities`: Authorities that are granted to the client (regular Spring Security authorities). - -Client details can be updated in a running application by access the underlying store directly (e.g. database tables in the case of `JdbcClientDetailsService`) or through the `ClientDetailsManager` interface (which both implementations of `ClientDetailsService` also implement). - -> NOTE: the schema for the JDBC service is not packaged with the library (because there are too many variations you might like to use in practice), but there is an example you can start from in the [test code in github](https://github.com/spring-projects/spring-security-oauth/blob/master/spring-security-oauth2/src/test/resources/schema.sql). - -### Managing Tokens - -The [`AuthorizationServerTokenServices`][AuthorizationServerTokenServices] interface defines the operations that are necessary to manage OAuth 2.0 tokens. Note the following: - -* When an access token is created, the authentication must be stored so that resources accepting the access token can reference it later. -* The access token is used to load the authentication that was used to authorize its creation. - -When creating your `AuthorizationServerTokenServices` implementation, you may want to consider using the [`DefaultTokenServices`][DefaultTokenServices] which has many strategies that can be plugged in to change the format and storage of access tokens. By default it creates tokens via random value and handles everything except for the persistence of the tokens which it delegates to a `TokenStore`. The default store is an [in-memory implementation][InMemoryTokenStore], but there are some other implementations available. Here's a description with some discussion of each of them - -* The default `InMemoryTokenStore` is perfectly fine for a single server (i.e. low traffic and no hot swap to a backup server in the case of failure). Most projects can start here, and maybe operate this way in development mode, to make it easy to start a server with no dependencies. - -* The `JdbcTokenStore` is the [JDBC version](JdbcTokenStore) of the same thing, which stores token data in a relational database. Use the JDBC version if you can share a database between servers, either scaled up instances of the same server if there is only one, or the Authorization and Resources Servers if there are multiple components. To use the `JdbcTokenStore` you need "spring-jdbc" on the classpath. - -* The [JSON Web Token (JWT) version](`JwtTokenStore`) of the store encodes all the data about the grant into the token itself (so no back end store at all which is a significant advantage). One disadvantage is that you can't easily revoke an access token, so they normally are granted with short expiry and the revocation is handled at the refresh token. Another disadvantage is that the tokens can get quite large if you are storing a lot of user credential information in them. The `JwtTokenStore` is not really a "store" in the sense that it doesn't persist any data, but it plays the same role of translating betweeen token values and authentication information in the `DefaultTokenServices`. - -> NOTE: the schema for the JDBC service is not packaged with the library (because there are too many variations you might like to use in practice), but there is an example you can start from in the [test code in github](https://github.com/spring-projects/spring-security-oauth/blob/master/spring-security-oauth2/src/test/resources/schema.sql). Be sure to `@EnableTransactionManagement` to prevent clashes between client apps competing for the same rows when tokens are created. Note also that the sample schema has explicit `PRIMARY KEY` declarations - these are also necessary in a concurrent environment. - -### JWT Tokens - -To use JWT tokens you need a `JwtTokenStore` in your Authorization Server. The Resource Server also needs to be able to decode the tokens so the `JwtTokenStore` has a dependency on a `JwtAccessTokenConverter`, and the same implementation is needed by both the Authorization Server and the Resource Server. The tokens are signed by default, and the Resource Server also has to be able to verify the signature, so it either needs the same symmetric (signing) key as the Authorization Server (shared secret, or symmetric key), or it needs the public key (verifier key) that matches the private key (signing key) in the Authorization Server (public-private or asymmetric key). The public key (if available) is exposed by the Authorization Server on the `/oauth/token_key` endpoint, which is secure by default with access rule "denyAll()". You can open it up by injecting a standard SpEL expression into the `AuthorizationServerSecurityConfigurer` (e.g. "permitAll()" is probably adequate since it is a public key). - -To use the `JwtTokenStore` you need "spring-security-jwt" on your classpath (you can find it in the same github repository as Spring OAuth but with a different release cycle). - -### Grant Types - -The grant types supported by the `AuthorizationEndpoint` can be -configured via the `AuthorizationServerEndpointsConfigurer`. By default -all grant types are supported except password (see below for details of how to switch it on). The -following properties affect grant types: - -* `authenticationManager`: password grants are switched on by injecting an `AuthenticationManager`. -* `userDetailsService`: if you inject a `UserDetailsService` or if one is configured globally anyway (e.g. in a `GlobalAuthenticationManagerConfigurer`) then a refresh token grant will contain a check on the user details, to ensure that the account is still active -* `authorizationCodeServices`: defines the authorization code services (instance of `AuthorizationCodeServices`) for the auth code grant. -* `implicitGrantService`: manages state during the imlpicit grant. -* `tokenGranter`: the `TokenGranter` (taking full control of the granting and ignoring the other properties above) - -In XML grant types are included as child elements of the `authorization-server`. - -### Configuring the Endpoint URLs - -The `AuthorizationServerEndpointsConfigurer` has a `pathMapping()` method. It takes two arguments: - -* The default (framework implementation) URL path for the endpoint -* The custom path required (starting with a "/") - -The URL paths provided by the framework are `/oauth/authorize` (the authorization endpoint), `/oauth/token` (the token endpoint), `/oauth/confirm_access` (user posts approval for grants here), `/oauth/error` (used to render errors in the authorization server), `/oauth/check_token` (used by Resource Servers to decode access tokens), and `/oauth/token_key` (exposes public key for token verification if using JWT tokens). - -N.B. the Authorization endpoint `/oauth/authorize` (or its mapped alternative) should be protected using Spring Security so that it is only accessible to authenticated users. For instance using a standard Spring Security `WebSecurityConfigurer`: - -``` -@Override -protected void configure(HttpSecurity http) throws Exception { - http - .authorizeRequests().antMatchers("/login").permitAll().and() - // default protection for all resources (including /oauth/authorize) - .authorizeRequests() - .anyRequest().hasRole("USER") - // ... more configuration, e.g. for form login -} -``` - -> Note: if your Authorization Server is also a Resource Server then there is another security filter chain with lower priority controlling the API resources. For those requests to be protected by access tokens you need their paths *not* to be matched by the ones in the main user-facing filter chain, so be sure to include a request matcher that picks out only non-API resources in the `WebSecurityConfigurer` above. - -The token endpoint is protected for you by default by Spring OAuth in the `@Configuration` support using HTTP Basic authentication of the client secret. This is not the case in XML (so it should be protected explicitly). - -In XML the `` element has some attributes that can be used to change the default endpoint URLs in a similar way. The `/check_token` endpoint has to be explicitly enabled (with the `check-token-enabled` attribute). - -## Customizing the UI - -Most of the Authorization Server endpoints are used primarily by machines, but there are a couple of resource that need a UI and those are the GET for `/oauth/confirm_access` and the HTML response from `/oauth/error`. They are provided using whitelabel implementations in the framework, so most real-world instances of the Authorization Server will want to provide their own so they can control the styling and content. All you need to do is provide a Spring MVC controller with `@RequestMappings` for those endpoints, and the framework defaults will take a lower priority in the dispatcher. In the `/oauth/confirm_access` endpoint you can expect an `AuthorizationRequest` bound to the session carrying all the data needed to seek approval from the user (the default implementation is `WhitelabelApprovalEndpoint` so look there for a starting point to copy). You can grab all the data from that request and render it however you like, and then all the user needs to do is POST back to `/oauth/authorize` with information about approving or denying the grant. The request parameters are passed directly to a `UserApprovalHandler` in the `AuthorizationEndpoint` so you can interpret the data more or less as you please. The default `UserApprovalHandler` depends on whether or not you have supplied an `ApprovalStore` in your `AuthorizationServerEndpointsConfigurer` (in which case it is an `ApprovalStoreUserApprovalHandler`) or not (in which case it is a `TokenStoreUserApprovalHandler`). The standard approval handlers accept the following: - -* `TokenStoreUserApprovalHandler`: a simple yes/no decision via `user_oauth_approval` equals to "true" or "false". - -* `ApprovalStoreUserApprovalHandler`: a set of `scope.*` parameter keys with "*" equal to the scopes being requested. The value of the parameter can be "true" or "approved" (if the user approved the grant) else the user is deemed to have rejected that scope. A grant is successful if at least one scope is approved. - -> NOTE: don't forget to include CSRF protection in your form that you render for the user. Spring Security is expecting a request parameter called "_csrf" by default (and it provides the value in a request attribute). See the Spring Security user guide for more information on that, or look at the whitelabel implementation for guidance. - -### Enforcing SSL - -Plain HTTP is fine for testing but an Authorization Server should only be used over SSL in production. You can run the app in a secure container or behind a proxy and it should work fine if you set the proxy and the container up correctly (which is nothing to do with OAuth2). You might also want to secure the endpoints using Spring Security `requiresChannel()` constraints. For the `/authorize` endpoint is up to you to do that as part of your normal application security. For the `/token` endpoint there is a flag in the `AuthorizationServerSecurityConfigurer` that you can set using the `sslOnly()` method. In both cases the secure channel setting is optional but will cause Spring Security to redirect to what it thinks is a secure channel if it detects a request on an insecure channel. - -## Customizing the Error Handling - -Error handling in an Authorization Server uses standard Spring MVC features, namely `@ExceptionHandler` methods in the endpoints themselves. Users can also provide a `WebResponseExceptionTranslator` to the endpoints themselves which is the best way to change the content of the responses as opposed to the way they are rendered. The rendering of exceptions delegates to `HttpMesssageConverters` (which can be added to the MVC configuration) in the case of token endpoint and to the OAuth error view (`/oauth/error`) in the case of the authorization endpoint. The whitelabel error endpoint is provided for HTML responses, but users probably need to provide a custom implementation (e.g. just add a `@Controller` with `@RequestMapping("/oauth/error")`). - -## Mapping User Roles to Scopes - -It is sometimes useful to limit the scope of tokens not only by the scopes assigned to the client, but also according to the user's own permissions. If you use a `DefaultOAuth2RequestFactory` in your `AuthorizationEndpoint` you can set a flag `checkUserScopes=true` to restrict permitted scopes to only those that match the user's roles. You can also inject an `OAuth2RequestFactory` into the `TokenEndpoint` but that only works (i.e. with password grants) if you also install a `TokenEndpointAuthenticationFilter` - you just need to add that filter after the HTTP `BasicAuthenticationFilter`. Of course, you can also implement your own rules for mapping scopes to roles and install your own version of the `OAuth2RequestFactory`. The `AuthorizationServerEndpointsConfigurer` allows you to inject a custom `OAuth2RequestFactory` so you can use that feature to set up a factory if you use `@EnableAuthorizationServer`. - -## Resource Server Configuration - -A Resource Server (can be the same as the Authorization Server or a separate application) serves resources that are protected by the OAuth2 token. Spring OAuth provides a Spring Security authentication filter that implements this protection. You can switch it on with `@EnableResourceServer` on an `@Configuration` class, and configure it (as necessary) using a `ResourceServerConfigurer`. The following features can be configured: - -* `tokenServices`: the bean that defines the token services (instance of `ResourceServerTokenServices`). -* `resourceId`: the id for the resource (optional, but recommended and will be validated by the auth server if present). -* other extension points for the resources server (e.g. `tokenExtractor` for extracting the tokens from incoming requests) -* request matchers for protected resources (defaults to all) -* access rules for protected resources (defaults to plain "authenticated") -* other customizations for the protected resources permitted by the `HttpSecurity` configurer in Spring Security - -The `@EnableResourceServer` annotation adds a filter of type `OAuth2AuthenticationProcessingFilter` automatically to the Spring Security filter chain. - -In XML there is a `` element with an `id` attribute - this is the bean id for a servlet `Filter` that can then be added manually to the standard Spring Security chain. - -Your `ResourceServerTokenServices` is the other half of a contract with the Authorization Server. If the Resource Server and Authorization Server are in the same application and you use `DefaultTokenServices` then you don't have to think too hard about this because it implements all the necessary interfaces so it is automatically consistent. If your Resource Server is a separate application then you have to make sure you match the capabilities of the Authorization Server and provide a `ResourceServerTokenServices` that knows how to decode the tokens correctly. As with the Authorization Server, you can often use the `DefaultTokenServices` and the choices are mostly expressed through the `TokenStore` (backend storage or local encoding). An alternative is the `RemoteTokenServices` which is a Spring OAuth features (not part of the spec) allowing Resource Servers to decode tokens through an HTTP resource on the Authorization Server (`/oauth/check_token`). `RemoteTokenServices` are convenient if there is not a huge volume of traffic in the Resource Servers (every request has to be verified with the Authorization Server), or if you can afford to cache the results. To use the `/oauth/check_token` endpoint you need to expose it by changing its access rule (default is "denyAll()") in the `AuthorizationServerSecurityConfigurer`, e.g. - -``` -@Override -public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { - oauthServer.tokenKeyAccess("isAnonymous() || hasAuthority('ROLE_TRUSTED_CLIENT')") - .checkTokenAccess("hasAuthority('ROLE_TRUSTED_CLIENT')"); -} - -``` - -In this example we are configuring both the `/oauth/check_token` endpoint and the `/oauth/token_key` endpoint (so trusted resources can obtain the public key for JWT verification). These two endpoints are protected by HTTP Basic authentication using client credentials. - -### Configuring An OAuth-Aware Expression Handler - -You may want to take advantage of Spring Security's [expression-based access control][expressions]. An expression handler will be registered by default in the `@EnableResourceServer` setup. The expressions include _#oauth2.clientHasRole_, _#oauth2.clientHasAnyRole_, and _#oath2.denyClient_ which can be used to provide access based on the role of the oauth client (see `OAuth2SecurityExpressionMethods` for a comprehensive list). In XML you can register a oauth-aware expression handler with the `expression-handler` element of the regular `` security configuration. - -## OAuth 2.0 Client - -The OAuth 2.0 client mechanism is responsible for access the OAuth 2.0 protected resources of other servers. The configuration involves establishing the relevant protected resources to which users might have access. The client may also need to be supplied with mechanisms for storing authorization codes and access tokens for users. - -### Protected Resource Configuration - -Protected resources (or "remote resources") can be defined using bean definitions of type [`OAuth2ProtectedResourceDetails`][OAuth2ProtectedResourceDetails]. A protected resource has the following properties: - -* `id`: The id of the resource. The id is only used by the client to lookup the resource; it's never used in the OAuth protocol. It's also used as the id of the bean. -* `clientId`: The OAuth client id. This is the id by which the OAuth provider identifies your client. -* `clientSecret`: The secret associated with the resource. By default, no secret is empty. -* `accessTokenUri`: The URI of the provider OAuth endpoint that provides the access token. -* `scope`: Comma-separted list of strings specifying the scope of the access to the resource. By default, no scope will be specified. -* `clientAuthenticationScheme`: The scheme used by your client to authenticate to the access token endpoint. Suggested values: "http\_basic" and "form". Default: "http\_basic". See section 2.1 of the OAuth 2 spec. - -Different grant types have different concrete implementations of `OAuth2ProtectedResourceDetails` (e.g. `ClientCredentialsResource` for "client_credentials" grant type). For grant types that require user authorization there is a further property: - -* `userAuthorizationUri`: The uri to which the user will be redirected if the user is ever needed to authorize access to the resource. Note that this is not always required, depending on which OAuth 2 profiles are supported. - -In XML there is a `` element that can be used to create a bean of type `OAuth2ProtectedResourceDetails`. It has attributes matching all the properties above. - - -### Client Configuration - -For the OAuth 2.0 client, configuration is simplified using `@EnableOAuth2Client`. This does 2 things: - -* Creates a filter bean (with ID `oauth2ClientContextFilter`) to store the current -request and context. In the case of needing to authenticate during a -request it manages the redirection to and from the OAuth -authentication uri. - -* Creates a bean of type `AccessTokenRequest` in request scope. This -can be used by authorization code (or implicit) grant clients to keep -state related to individual users from colliding. - -The filter has to be wired into the application (e.g. using a Servlet -initializer or `web.xml` configuration for a `DelegatingFilterProxy` -with the same name). - -The `AccessTokenRequest` can be used in an -`OAuth2RestTemplate` like this: - -``` -@Autowired -private OAuth2ClientContext oauth2Context; - -@Bean -public OAuth2RestTemplate sparklrRestTemplate() { - return new OAuth2RestTemplate(sparklr(), oauth2Context); -} -``` - -The OAuth2ClientContext is placed (for you) in session scope to keep -the state for different users separate. Without that you would have to -manage the equivalent data structure yourself on the server, mapping -incoming requests to users, and associating each user with a separate -instance of the `OAuth2ClientContext`. - -In XML there is a `` element with an `id` attribute - this is the bean id for a servlet `Filter` that must be mapped as in the `@Configuration` case to a `DelegatingFilterProxy` (with the same name). - - -### Accessing Protected Resources - -Once you've supplied all the configuration for the resources, you can now access those resources. The suggested method for accessing those resources is by using [the `RestTemplate` introduced in Spring 3][restTemplate]. OAuth for Spring Security has provided [an extension of RestTemplate][OAuth2RestTemplate] that only needs to be supplied an instance of [`OAuth2ProtectedResourceDetails`][OAuth2ProtectedResourceDetails]. To use it with user-tokens (authorization code grants) you should consider using the `@EnableOAuth2Client` configuration (or the XML equivalent ``) which creates some request and session scoped context objects so that requests for different users do not collide at runtime. - -As a general rule, a web application should not use password grants, so avoid using `ResourceOwnerPasswordResourceDetails` if you can in favour of `AuthorizationCodeResourceDetails`. If you desparately need password grants to work from a Java client, then use the same mechanism to configure your `OAuth2RestTemplate` and add the credentials to the `AccessTokenRequest` (which is a `Map` and is ephemeral) not the `ResourceOwnerPasswordResourceDetails` (which is shared between all access tokens). - -### Persisting Tokens in a Client - -A client does not *need* to persist tokens, but it can be nice for users to not be required to approve a new token grant every time the client app is restarted. The [`ClientTokenServices`](/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/ClientTokenServices.java) interface defines the operations that are necessary to persist OAuth 2.0 tokens for specific users. There is a JDBC implementation provided, but you can if you prefer implement your own service for storing the access tokens and associated authentication instances in a persistent database. -If you want to use this feature you need provide a specially configured `AccessTokenProvider` to the `OAuth2RestTemplate` e.g. - -```java -@Bean -@Scope(value = "session", proxyMode = ScopedProxyMode.INTERFACES) -public OAuth2RestOperations restTemplate() { - OAuth2RestTemplate template = new OAuth2RestTemplate(resource(), new DefaultOAuth2ClientContext(accessTokenRequest)); - AccessTokenProviderChain provider = new AccessTokenProviderChain(Arrays.asList(new AuthorizationCodeAccessTokenProvider())); - provider.setClientTokenServices(clientTokenServices()); - template.setAccessTokenProvider(provider); - return template; -} -``` - -## Customizations for Clients of External OAuth2 Providers - -Some external OAuth2 providers (e.g. [Facebook][Facebook]) do not quite implement the specification correctly, or else they are just stuck on an older version of the spec than Spring Security OAuth. To use those providers in your client application you might need to adapt various parts of the client-side infrastructure. - -To use Facebook as an example, there is a Facebook feature in the `tonr2` application (you need to change the configuration to add your own, valid, client id and secret - they are easy to generate on the Facebook website). - -Facebook token responses also contain a non-compliant JSON entry for the expiry time of the token (they use `expires` instead of `expires_in`), so if you want to use the expiry time in your application you will have to decode it manually using a custom `OAuth2SerializationService`. - - [AuthorizationEndpoint]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpoint.html "AuthorizationEndpoint" - [TokenEndpoint]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.html "TokenEndpoint" - [DefaultTokenServices]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/token/DefaultTokenServices.html "DefaultTokenServices" - [InMemoryTokenStore]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/token/store/InMemoryTokenStore.html "InMemoryTokenStore" - [JdbcTokenStore]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/token/store/JdbcTokenStore.html "JdbcTokenStore" - [ClientDetailsService]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/ClientDetailsService.html "ClientDetailsService" - [ClientDetails]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/ClientDetails.html "ClientDetails" - [InMemoryClientDetailsService]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/InMemoryClientDetailsService.html "InMemoryClientDetailsService" - [BaseClientDetails]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/BaseClientDetails.html "BaseClientDetails" - [AuthorizationServerTokenServices]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/token/AuthorizationServerTokenServices.html "AuthorizationServerTokenServices" - [OAuth2AuthenticationProcessingFilter]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilter.html "OAuth2AuthenticationProcessingFilter" - [oauth2.xsd]: https://www.springframework.org/schema/security/spring-security-oauth2.xsd "oauth2.xsd" - [expressions]: https://docs.spring.io/spring-security/site/docs/3.2.5.RELEASE/reference/htmlsingle/#el-access "Expression Access Control" - - [AccessTokenProviderChain]: /spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java - [OAuth2RestTemplate]: /spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestTemplate.java - [OAuth2ProtectedResourceDetails]: /spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/OAuth2ProtectedResourceDetails.java - [restTemplate]: https://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/web/client/RestTemplate.html "RestTemplate" - [Facebook]: https://developers.facebook.com/docs/authentication "Facebook" diff --git a/docs/support.md b/docs/support.md deleted file mode 100644 index 59244d9cd..000000000 --- a/docs/support.md +++ /dev/null @@ -1,25 +0,0 @@ ---- -title: Docs -layout: default -home: ../ ---- - -### Deprecation Notice - -The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. See the [OAuth 2.0 Migration Guide](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide) for further details. - ---- - -# Support - -Questions about OAuth for Spring Security can be posed on -[Stackoverflow](https://stackoverflow.com/questions/tagged/spring-security+spring+oauth) -using tags 'spring', 'spring-security' and 'oauth'. (There is also a -[Spring Forum](https://forum.spring.io/forumdisplay.php?f=79) -that might be useful, but most people prefer the interface at -Stackoverflow). To report bugs, submit enchancement requests or add -something to the wish list, use -[Github](https://github.com/spring-projects/spring-security-oauth/issues). - -Commercial support is available from [Pivotal](https://pivotal.io) -or through [Web Cohesion](https://www.webcohesion.com). diff --git a/docs/tutorial.md b/docs/tutorial.md deleted file mode 100644 index 2f2cd86c8..000000000 --- a/docs/tutorial.md +++ /dev/null @@ -1,101 +0,0 @@ ---- -title: Docs -layout: default -home: ../ ---- - -### Deprecation Notice - -The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. See the [OAuth 2.0 Migration Guide](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide) for further details. - ---- - -# Tutorial - -## Introduction - -There's a good [getting started guide](https://www.hueniverse.com/hueniverse/2007/10/beginners-gui-1.html) that illustrates OAuth -1.0 by describing two different (but related) services. One is a photo-sharing application. The other is a photo-printing -application. In OAuth terms, the photo sharing application is the OAuth _provider_ and the photo printing application -is the OAuth _consumer_ or _client_. - -For this tutorial, we will see OAuth for Spring Security in action by deploying a photo-sharing application and a -photo-printing application on our local machine. We'll name the photo-sharing application "Sparklr" and the -photo-printing application "Tonr". A user named "Marissa" (who has an account at both Sparkr and Tonr) will use Tonr -to access her photos on Sparklr without ever giving Tonr her credentials to Sparklr. - -There is a Sparklr application for both OAuth 1.0 and for OAuth 2.0, -likewise Tonr. The best way to run them is to clone or download the -[repo on github](https://github.com/spring-projects/spring-security-oauth) -and run from source code See the -[samples/README.md](https://github.com/spring-projects/spring-security-oauth/tree/master/samples) -for detailed instructions. - -OAuth 1.0|OAuth 2.0 ----------|--------- -Sparklr 1 | Sparklr 2 -Tonr 1 | Tonr 2 - -Each application is a standard [Maven](https://maven.apache.org/) project, so you will need Maven installed. Each -application is also a Spring MVC application with Spring Security integrated. If you are familiar with Spring and Spring -Security, the configuration files will look familiar to you (the OAuth2 samples use a single application context whereas -many MVC applications use a root context and a child for the DispatcherServlet). - -## Setup - -Checkout the Sparklr and Tonr applications, and take a look around. Note especially the Spring configuration files in `src/main/webapp/WEB-INF`. - -For Sparklr, you'll notice the definition of the OAuth provider mechanism and the consumer/client details along with the -[standard spring security configuration](https://docs.spring.io/spring-security/site/docs/4.0.x/reference/html/ns-config.html) elements. For Tonr, -you'll notice the definition of the OAuth consumer/client mechanism and the resource details. For more information about the necessary -components of an OAuth provider and consumer, see the [developers guide](devguide.html). - -You'll also notice the Spring Security filter chain in `applicationContext.xml` and how it's configured for OAuth support. - -### Deploy Sparklr - -{% highlight text %} - mvn install - cd samples/oauth(2)/sparklr - mvn tomcat7:run -{% endhighlight %} - -Sparklr should be started on port 8080. Go ahead and browse to [http://localhost:8080/sparklr](http://localhost:8080/sparklr). Note the basic -login page and the page that can be used to browse Marissa's photos. Logout to ensure Marissa's session is no longer valid. (Of course, -the logout isn't mandatory; an active Sparklr session will simply bypass the step that prompts for Marissa's credentials before -confirming authorization for Marissa's protected resources.) - -### Start Tonr. - -Shutdown sparklr (it will be launched in the same container when tonr runs), then - -{% highlight text %} - mvn install - cd samples/oauth(2)/tonr - mvn tomcat7:run -{% endhighlight %} - -Tonr should be started on port 8080. Browse to [http://localhost:8080/tonr(2)](http://localhost:8080/tonr). Note Tonr's home page has a '2' on the end if it is the oauth2 version. - -### Observe... - -Now that you've got both applications deployed, you're ready to observe OAuth in action. - -1. Login to Tonr. - - Marissa's credentials are already hardcoded into the login form. - -2. Click to view Marissa's Sparklr photos. - - You will be redirected to the Sparklr site where you will be prompted for Marissa's credentials. - -3. Login to Sparklr. - - Upon successful login, you will be prompted with a confirmation screen to authorize access to Tonr - for Marissa's pictures. - -4. Click "authorize". - - Upon authorization, you should be redirected back to Tonr where Marissa's Sparklr photos are displayed - (presumably to be printed). - diff --git a/docs/twolegged.md b/docs/twolegged.md deleted file mode 100644 index 1d350d0a9..000000000 --- a/docs/twolegged.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: Docs -layout: default -home: ../ ---- - -### Deprecation Notice - -The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. See the [OAuth 2.0 Migration Guide](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide) for further details. - ---- - -# 2-Legged OAuth - -Two-legged OAuth (also known as "signed fetch") is basically OAuth without the user. It's a way for a consumer (i.e. client) to make a signed request -to a provider (i.e. server) by leveraging the OAuth signature algorithm. This means that the provider has an extra level of trust with the consumer and will -therefore provide data to the consumer without making an end-user authorize a token. - -This has particular applicability to gadget frameworks. For example, [OpenSocial](https://www.opensocial.org/) platforms often use 2-legged OAuth so gadget -developers can have the gadget (the OAuth consumer) make Web service requests to their remote server (the OAuth provider). Since the gadget developer and -the server developer are often the same entity, the server can trust the gadget without the need for the gadget to obtain special permission from the user to -access the user's data. - -To implement 2-legged OAuth using _OAuth for Spring Security_, all that is needed is for the provider to indicate that a specific consumer has an extra -level of trust. To do this, make sure your implementation of [`ConsumerDetailsService`][ConsumerDetailsService] returns instances of -[`ConsumerDetails`][ConsumerDetails] that implement [`ExtraTrustConsumerDetails`][ExtraTrustConsumerDetails]. Then, for each consumer -that doesn't need to obtain a user-authorized token, make sure [`ExtraTrustConsumerDetails.isRequiredToObtainAuthenticatedToken()`][isRequiredToObtainAuthenticatedToken] -returns `false`. - -In many instances, providers may want to manage the authentication that is set up in the security context. By default for 2-legged OAuth, only the consumer's -authentication will be set up in the context. However, if a user authentication is needed in the context, provide an alternate implementation of -`org.springframework.security.oauth.provider.OAuthAuthenticationHandler` that loads the user authentication, and provide a reference to the alternate -implementation using the "auth-handler-ref" attribute of the "provider" configuration element. - -[ConsumerDetailsService]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/ConsumerDetailsService.html -[ConsumerDetails]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/ConsumerDetails.html -[ExtraTrustConsumerDetails]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/ExtraTrustConsumerDetails.html -[isRequiredToObtainAuthenticatedToken]: https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth/provider/ExtraTrustConsumerDetails.html#isRequiredToObtainAuthenticatedToken() From d72922e395aa9c2fd0fd5b2de2e557790c2b92c5 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 12 Mar 2020 12:16:25 -0400 Subject: [PATCH 24/94] Update spring.version --- pom.xml | 4 ++-- tests/annotation/pom.xml | 2 +- tests/xml/pom.xml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index 4b94b3256..754f3cb8d 100644 --- a/pom.xml +++ b/pom.xml @@ -19,7 +19,7 @@ UTF-8 1.9 - 4.3.25.RELEASE + 4.3.26.RELEASE 4.2.13.RELEASE 1.5.2.RELEASE 2.6.3 @@ -169,7 +169,7 @@ spring5 - 5.0.14.RELEASE + 5.0.16.RELEASE 5.0.3.RELEASE 2.0.5.RELEASE 2.9.0 diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml index 10979ef59..81ea88405 100644 --- a/tests/annotation/pom.xml +++ b/tests/annotation/pom.xml @@ -27,7 +27,7 @@ demo.Application 1.7 - 4.3.25.RELEASE + 4.3.26.RELEASE spring-oauth2-tests diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml index cf2a5ef6c..96f4822a0 100644 --- a/tests/xml/pom.xml +++ b/tests/xml/pom.xml @@ -21,7 +21,7 @@ demo.Application 1.7 - 4.3.25.RELEASE + 4.3.26.RELEASE spring-oauth2-tests-xml From 5f1ce9d31583d80b7b7eb0061f8e413d07b58304 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Wed, 8 Apr 2020 12:17:15 -0400 Subject: [PATCH 25/94] Update to com.puppycrawl.tools:checkstyle:8.31 --- pom.xml | 2 +- tests/annotation/pom.xml | 2 +- tests/xml/pom.xml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 754f3cb8d..420806b42 100644 --- a/pom.xml +++ b/pom.xml @@ -197,7 +197,7 @@ com.puppycrawl.tools checkstyle - 8.18 + 8.31 io.spring.nohttp diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml index 81ea88405..b837085e1 100644 --- a/tests/annotation/pom.xml +++ b/tests/annotation/pom.xml @@ -143,7 +143,7 @@ com.puppycrawl.tools checkstyle - 8.18 + 8.31 io.spring.nohttp diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml index 96f4822a0..97f05ca74 100644 --- a/tests/xml/pom.xml +++ b/tests/xml/pom.xml @@ -92,7 +92,7 @@ com.puppycrawl.tools checkstyle - 8.18 + 8.31 io.spring.nohttp From 7b78687608c180387ad40b9cc2c55a0d4220eab1 Mon Sep 17 00:00:00 2001 From: Andrii Rodionov Date: Fri, 5 Apr 2019 02:39:57 +0300 Subject: [PATCH 26/94] Add volatile keyword for double check locking Fixes gh-1655 --- .../security/oauth2/client/token/OAuth2AccessTokenSupport.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupport.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupport.java index 0b4b30f69..c31822633 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupport.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupport.java @@ -53,7 +53,7 @@ public abstract class OAuth2AccessTokenSupport { private static final FormHttpMessageConverter FORM_MESSAGE_CONVERTER = new FormHttpMessageConverter(); - private RestOperations restTemplate; + private volatile RestOperations restTemplate; private List> messageConverters; From 2dee772cc09539e8d1b9f6a9811949fd3e8aec2d Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Wed, 8 Apr 2020 12:48:33 -0400 Subject: [PATCH 27/94] Update to maven-checkstyle-plugin:3.1.1 --- pom.xml | 2 +- tests/annotation/pom.xml | 2 +- tests/xml/pom.xml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 420806b42..12cc6bcf4 100644 --- a/pom.xml +++ b/pom.xml @@ -192,7 +192,7 @@ org.apache.maven.plugins maven-checkstyle-plugin - 3.1.0 + 3.1.1 com.puppycrawl.tools diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml index b837085e1..575838226 100644 --- a/tests/annotation/pom.xml +++ b/tests/annotation/pom.xml @@ -138,7 +138,7 @@ org.apache.maven.plugins maven-checkstyle-plugin - 3.1.0 + 3.1.1 com.puppycrawl.tools diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml index 97f05ca74..1fd8fea0c 100644 --- a/tests/xml/pom.xml +++ b/tests/xml/pom.xml @@ -87,7 +87,7 @@ org.apache.maven.plugins maven-checkstyle-plugin - 3.1.0 + 3.1.1 com.puppycrawl.tools From 8b9f880831e36646cc7f54cf4b76d84a5ee04cb4 Mon Sep 17 00:00:00 2001 From: KiyoungLee Date: Mon, 30 Apr 2018 00:25:36 +0900 Subject: [PATCH 28/94] Remove unused variable Fixes gh-1350 --- ...uthorizationServerClientCredentialsPasswordValidXmlTests.java | 1 - 1 file changed, 1 deletion(-) diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerClientCredentialsPasswordValidXmlTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerClientCredentialsPasswordValidXmlTests.java index 6008f8d83..f8acdc140 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerClientCredentialsPasswordValidXmlTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerClientCredentialsPasswordValidXmlTests.java @@ -43,7 +43,6 @@ @WebAppConfiguration public class AuthorizationServerClientCredentialsPasswordValidXmlTests { private static final String CLIENT_ID = "acme"; - private static final String CLIENT_SECRET = "secret"; private static final String USER_ID = "acme"; private static final String USER_SECRET = "password"; From 32f7cc5e1bb7dd163f51f99744991555c0d7758e Mon Sep 17 00:00:00 2001 From: Josh Kerr Date: Fri, 15 Mar 2019 23:52:35 -0500 Subject: [PATCH 29/94] Address Bias in RandomValueStringGenerator Fixes gh-639 --- .../util/RandomValueStringGenerator.java | 24 +++++- .../util/RandomValueStringGeneratorTests.java | 76 +++++++++++++++++++ 2 files changed, 97 insertions(+), 3 deletions(-) create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/util/RandomValueStringGeneratorTests.java diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/RandomValueStringGenerator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/RandomValueStringGenerator.java index b6aadb8c2..33a3791ae 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/RandomValueStringGenerator.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/RandomValueStringGenerator.java @@ -1,3 +1,18 @@ +/* + * Copyright 2012-2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.springframework.security.oauth2.common.util; import java.security.SecureRandom; @@ -15,7 +30,7 @@ @Deprecated public class RandomValueStringGenerator { - private static final char[] DEFAULT_CODEC = "1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + private static final char[] DEFAULT_CODEC = "1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_" .toCharArray(); private Random random = new SecureRandom(); @@ -47,7 +62,7 @@ public String generate() { /** * Convert these random bytes to a verifier string. The length of the byte array can be * {@link #setLength(int) configured}. The default implementation mods the bytes to fit into the - * ASCII letters 1-9, A-Z, a-z . + * ASCII letters 1-9, A-Z, a-z, -_ . * * @param verifierBytes The bytes. * @return The string. @@ -70,11 +85,14 @@ public void setRandom(Random random) { } /** - * The length of string to generate. + * The length of string to generate. A length less than or equal to 0 will result in an {@code IllegalArgumentException}. * * @param length the length to set */ public void setLength(int length) { + if (length <= 0) { + throw new IllegalArgumentException("length must be greater than 0"); + } this.length = length; } diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/util/RandomValueStringGeneratorTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/util/RandomValueStringGeneratorTests.java new file mode 100644 index 000000000..7f4d8bab5 --- /dev/null +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/util/RandomValueStringGeneratorTests.java @@ -0,0 +1,76 @@ +/* + * Copyright 2012-2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.common.util; + +import org.junit.Before; +import org.junit.Test; + +import java.security.SecureRandom; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; + +/** + * Tests for {@link RandomValueStringGenerator} + * + * @author Josh Kerr + */ +public class RandomValueStringGeneratorTests { + + private RandomValueStringGenerator generator; + + @Before + public void setup() { + generator = new RandomValueStringGenerator(); + } + + @Test + public void generate() { + String value = generator.generate(); + assertNotNull(value); + assertEquals("Authorization code is not correct size", 6, value.length()); + } + + @Test + public void generate_LargeLengthOnConstructor() { + generator = new RandomValueStringGenerator(1024); + String value = generator.generate(); + assertNotNull(value); + assertEquals("Authorization code is not correct size", 1024, value.length()); + } + + @Test + public void getAuthorizationCodeString() { + byte[] bytes = new byte[10]; + new SecureRandom().nextBytes(bytes); + String value = generator.getAuthorizationCodeString(bytes); + assertNotNull(value); + assertEquals("Authorization code is not correct size", 10, value.length()); + } + + @Test + public void setLength() { + generator.setLength(12); + String value = generator.generate(); + assertEquals("Authorization code is not correct size", 12, value.length()); + } + + @Test(expected = IllegalArgumentException.class) + public void setLength_NonPositiveNumber() { + generator.setLength(-1); + generator.generate(); + } +} \ No newline at end of file From d93722ad08e595a0dc0f48120d4b0d959d61135e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=86=B7=E5=86=B7?= Date: Wed, 1 Apr 2020 17:40:48 +0800 Subject: [PATCH 30/94] Fix check token NPE Fixes gh-1841 --- .../oauth2/provider/token/RemoteTokenServices.java | 8 ++++++++ .../provider/token/RemoteTokenServicesTest.java | 11 +++++++++++ 2 files changed, 19 insertions(+) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java index 3ff32839e..356ef43be 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java @@ -24,6 +24,7 @@ import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.util.CollectionUtils; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; import org.springframework.web.client.DefaultResponseErrorHandler; @@ -109,6 +110,13 @@ public OAuth2Authentication loadAuthentication(String accessToken) throws Authen headers.set("Authorization", getAuthorizationHeader(clientId, clientSecret)); Map map = postForMap(checkTokenEndpointUrl, formData, headers); + if (CollectionUtils.isEmpty(map)) { + if (logger.isDebugEnabled()) { + logger.debug("check_token returned empty"); + } + throw new InvalidTokenException(accessToken); + } + if (map.containsKey("error")) { if (logger.isDebugEnabled()) { logger.debug("check_token returned error: " + map.get("error")); diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java index 0a88a279e..54de94390 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java @@ -78,6 +78,16 @@ public void loadAuthenticationWhenIntrospectionResponseContainsActiveTrueStringT assertNotNull(authentication); } + @Test(expected = InvalidTokenException.class) + public void loadAuthenticationWhenIntrospectionResponseNullThenThrowInvalidTokenException() throws Exception { + ResponseEntity response = new ResponseEntity(HttpStatus.REQUEST_TIMEOUT); + RestTemplate restTemplate = mock(RestTemplate.class); + when(restTemplate.exchange(anyString(), any(HttpMethod.class), any(HttpEntity.class), any(Class.class))).thenReturn(response); + this.remoteTokenServices.setRestTemplate(restTemplate); + + this.remoteTokenServices.loadAuthentication("access-token-1234"); + } + // gh-838 @Test(expected = InvalidTokenException.class) public void loadAuthenticationWhenIntrospectionResponseContainsActiveFalseThenThrowInvalidTokenException() throws Exception { @@ -95,6 +105,7 @@ public void loadAuthenticationWhenIntrospectionResponseContainsActiveFalseThenTh @Test public void loadAuthenticationWhenIntrospectionResponseMissingActiveAttributeThenReturnAuthentication() throws Exception { Map responseAttrs = new HashMap(); + responseAttrs.put("attr1", "value1"); ResponseEntity response = new ResponseEntity(responseAttrs, HttpStatus.OK); RestTemplate restTemplate = mock(RestTemplate.class); when(restTemplate.exchange(anyString(), any(HttpMethod.class), any(HttpEntity.class), any(Class.class))).thenReturn(response); From 9c09209f1078b83026f52607ca2282dd8928dcac Mon Sep 17 00:00:00 2001 From: Marcelo Barros Date: Mon, 2 Sep 2019 17:19:50 -0300 Subject: [PATCH 31/94] Improves comparison of strings in DefaultRedirectResolver Fixes gh-1745 --- .../oauth2/provider/endpoint/DefaultRedirectResolver.java | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java index ef2a6e631..5095ca613 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java @@ -175,12 +175,10 @@ private boolean matchQueryParams(MultiValueMap registeredRedirec * @return true if strings are equal, false otherwise */ private boolean isEqual(String str1, String str2) { - if (StringUtils.isEmpty(str1) && StringUtils.isEmpty(str2)) { - return true; - } else if (!StringUtils.isEmpty(str1)) { - return str1.equals(str2); + if (StringUtils.isEmpty(str1)) { + return StringUtils.isEmpty(str2); } else { - return false; + return str1.equals(str2); } } From bff72a9bf8f12b73f945e4e77f4dd206b3636e83 Mon Sep 17 00:00:00 2001 From: Keesun Baik Date: Fri, 3 Apr 2020 11:50:56 -0700 Subject: [PATCH 32/94] Fix NPE when refresh_token is not provided The NullPointerException can occur when the grant_type is refresh_token but the refresh_token itself is not provided. And the response code would be 500 as it is a server error. With this fix, it will return 4xx as it is one of the client side error that missed providing required parameter, refresh_token. Fixes gh-941 --- .../provider/endpoint/TokenEndpoint.java | 5 ++- .../provider/endpoint/TokenEndpointTests.java | 38 +++++++++++++++++++ 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java index acc7658b8..bf4fdda7f 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java @@ -129,6 +129,9 @@ public ResponseEntity postAccessToken(Principal principal, @R } if (isRefreshTokenRequest(parameters)) { + if (StringUtils.isEmpty(parameters.get("refresh_token"))) { + throw new InvalidRequestException("refresh_token parameter not provided"); + } // A refresh token has its own default scopes, so we should ignore any added by the factory here. tokenRequest.setScope(OAuth2Utils.parseParameterList(parameters.get(OAuth2Utils.SCOPE))); } @@ -200,7 +203,7 @@ private ResponseEntity getResponse(OAuth2AccessToken accessTo } private boolean isRefreshTokenRequest(Map parameters) { - return "refresh_token".equals(parameters.get("grant_type")) && parameters.get("refresh_token") != null; + return "refresh_token".equals(parameters.get("grant_type")); } private boolean isAuthCodeRequest(Map parameters) { diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointTests.java index 27f4c9dc7..5b5099b63 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointTests.java @@ -45,6 +45,7 @@ import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.exceptions.InvalidGrantException; +import org.springframework.security.oauth2.common.exceptions.InvalidRequestException; import org.springframework.security.oauth2.common.util.OAuth2Utils; import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.ClientDetailsService; @@ -217,4 +218,41 @@ public void testGetAccessTokenReturnsHeaderContentTypeJson() throws Exception { assertEquals(HttpStatus.OK, response.getStatusCode()); assertEquals("application/json;charset=UTF-8", response.getHeaders().get("Content-Type").iterator().next()); } + + @Test(expected = InvalidRequestException.class) + public void testRefreshTokenGrantTypeWithoutRefreshTokenParameter() throws Exception { + when(clientDetailsService.loadClientByClientId(clientId)).thenReturn(clientDetails); + + HashMap parameters = new HashMap(); + parameters.put("client_id", clientId); + parameters.put("scope", "read"); + parameters.put("grant_type", "refresh_token"); + + when(authorizationRequestFactory.createTokenRequest(any(Map.class), eq(clientDetails))).thenReturn( + createFromParameters(parameters)); + + endpoint.postAccessToken(clientAuthentication, parameters); + } + + @Test + public void testGetAccessTokenWithRefreshToken() throws Exception { + when(clientDetailsService.loadClientByClientId(clientId)).thenReturn(clientDetails); + + HashMap parameters = new HashMap(); + parameters.put("client_id", clientId); + parameters.put("scope", "read"); + parameters.put("grant_type", "refresh_token"); + parameters.put("refresh_token", "kJAHDFG"); + + OAuth2AccessToken expectedToken = new DefaultOAuth2AccessToken("FOO"); + + when(tokenGranter.grant(eq("refresh_token"), any(TokenRequest.class))).thenReturn(expectedToken); + + when(authorizationRequestFactory.createTokenRequest(any(Map.class), eq(clientDetails))).thenReturn( + createFromParameters(parameters)); + + ResponseEntity response = endpoint.postAccessToken(clientAuthentication, parameters); + + assertEquals(expectedToken, response.getBody()); + } } From ff555251805d472ca24ad4463b680b02554a7470 Mon Sep 17 00:00:00 2001 From: Alexander Litreev Date: Fri, 5 Jul 2019 18:03:25 +0300 Subject: [PATCH 33/94] Replace UUID with SecureRandom in DefaultTokenServices.createAccessToken Fixes gh-1720 --- .../oauth2/provider/token/DefaultTokenServices.java | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java index 7c22e8674..7b4f2328a 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java @@ -16,6 +16,9 @@ import java.util.Date; import java.util.Set; import java.util.UUID; +import java.security.SecureRandom; + +import org.apache.commons.codec.binary.Base64; import org.springframework.beans.factory.InitializingBean; import org.springframework.security.authentication.AuthenticationManager; @@ -294,7 +297,12 @@ private OAuth2RefreshToken createRefreshToken(OAuth2Authentication authenticatio } private OAuth2AccessToken createAccessToken(OAuth2Authentication authentication, OAuth2RefreshToken refreshToken) { - DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(UUID.randomUUID().toString()); + SecureRandom random = new SecureRandom(); + byte[] accessTokenBuffer = new byte[20]; + random.nextBytes(accessTokenBuffer); + String accessTokenString = new String(Base64.encodeBase64(accessTokenBuffer)); + + DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(accessTokenString); int validitySeconds = getAccessTokenValiditySeconds(authentication.getOAuth2Request()); if (validitySeconds > 0) { token.setExpiration(new Date(System.currentTimeMillis() + (validitySeconds * 1000L))); From 6e062cbd600cde82a845f673cbc76ea219d597bc Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Wed, 8 Apr 2020 15:37:24 -0400 Subject: [PATCH 34/94] Polish gh-1720 --- .../provider/token/DefaultTokenServices.java | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java index 7b4f2328a..bbe7e3acc 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java @@ -15,8 +15,6 @@ import java.util.Date; import java.util.Set; -import java.util.UUID; -import java.security.SecureRandom; import org.apache.commons.codec.binary.Base64; @@ -24,6 +22,8 @@ import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; +import org.springframework.security.crypto.keygen.BytesKeyGenerator; +import org.springframework.security.crypto.keygen.KeyGenerators; import org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken; import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; import org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken; @@ -44,7 +44,7 @@ import org.springframework.util.Assert; /** - * Base implementation for token services using random UUID values for the access token and refresh token values. The + * Base implementation for token services using {@code SecureRandom} values for the access token and refresh token values. The * main extension point for customizations is the {@link TokenEnhancer} which will be called after the access and * refresh tokens have been generated but before they are stored. *

@@ -62,6 +62,8 @@ public class DefaultTokenServices implements AuthorizationServerTokenServices, ResourceServerTokenServices, ConsumerTokenServices, InitializingBean { + private static final BytesKeyGenerator DEFAULT_TOKEN_GENERATOR = KeyGenerators.secureRandom(20); + private int refreshTokenValiditySeconds = 60 * 60 * 24 * 30; // default 30 days. private int accessTokenValiditySeconds = 60 * 60 * 12; // default 12 hours. @@ -288,21 +290,19 @@ private OAuth2RefreshToken createRefreshToken(OAuth2Authentication authenticatio return null; } int validitySeconds = getRefreshTokenValiditySeconds(authentication.getOAuth2Request()); - String value = UUID.randomUUID().toString(); + String tokenValue = new String(Base64.encodeBase64( + DEFAULT_TOKEN_GENERATOR.generateKey())); if (validitySeconds > 0) { - return new DefaultExpiringOAuth2RefreshToken(value, new Date(System.currentTimeMillis() + return new DefaultExpiringOAuth2RefreshToken(tokenValue, new Date(System.currentTimeMillis() + (validitySeconds * 1000L))); } - return new DefaultOAuth2RefreshToken(value); + return new DefaultOAuth2RefreshToken(tokenValue); } private OAuth2AccessToken createAccessToken(OAuth2Authentication authentication, OAuth2RefreshToken refreshToken) { - SecureRandom random = new SecureRandom(); - byte[] accessTokenBuffer = new byte[20]; - random.nextBytes(accessTokenBuffer); - String accessTokenString = new String(Base64.encodeBase64(accessTokenBuffer)); - - DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(accessTokenString); + String tokenValue = new String(Base64.encodeBase64( + DEFAULT_TOKEN_GENERATOR.generateKey())); + DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(tokenValue); int validitySeconds = getAccessTokenValiditySeconds(authentication.getOAuth2Request()); if (validitySeconds > 0) { token.setExpiration(new Date(System.currentTimeMillis() + (validitySeconds * 1000L))); From 3dc144cbcfb505fb1019d5c5c59e9bb72f9c0538 Mon Sep 17 00:00:00 2001 From: Anton Shatenfeld Date: Fri, 22 Jun 2018 18:16:48 -0700 Subject: [PATCH 35/94] ResourceOwnerPasswordTokenGranter handles UsernameNotFoundException Fixes gh-1408 --- .../password/ResourceOwnerPasswordTokenGranter.java | 5 +++++ .../ResourceOwnerPasswordTokenGranterTests.java | 11 +++++++++++ 2 files changed, 16 insertions(+) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/password/ResourceOwnerPasswordTokenGranter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/password/ResourceOwnerPasswordTokenGranter.java index 3d58458c4..365202c6e 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/password/ResourceOwnerPasswordTokenGranter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/password/ResourceOwnerPasswordTokenGranter.java @@ -25,6 +25,7 @@ import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; +import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.oauth2.common.exceptions.InvalidGrantException; import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.ClientDetailsService; @@ -82,6 +83,10 @@ protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, Tok // If the username/password are wrong the spec says we should send 400/invalid grant throw new InvalidGrantException(e.getMessage()); } + catch (UsernameNotFoundException e) { + // If the user is not found, report a generic error message + throw new InvalidGrantException(e.getMessage()); + } if (userAuth == null || !userAuth.isAuthenticated()) { throw new InvalidGrantException("Could not authenticate user: " + username); } diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/password/ResourceOwnerPasswordTokenGranterTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/password/ResourceOwnerPasswordTokenGranterTests.java index 0e7cfcdee..123801f15 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/password/ResourceOwnerPasswordTokenGranterTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/password/ResourceOwnerPasswordTokenGranterTests.java @@ -30,6 +30,7 @@ import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.exceptions.InvalidClientException; import org.springframework.security.oauth2.common.exceptions.InvalidGrantException; @@ -167,4 +168,14 @@ public void testUnauthenticated() { granter.grant("password", tokenRequest); } + @Test(expected = InvalidGrantException.class) + public void testUsernameNotFound() { + ResourceOwnerPasswordTokenGranter granter = new ResourceOwnerPasswordTokenGranter(new AuthenticationManager() { + @Override + public Authentication authenticate(final Authentication authentication) throws AuthenticationException { + throw new UsernameNotFoundException("test"); + } + }, providerTokenServices, clientDetailsService, requestFactory); + granter.grant("password", tokenRequest); + } } From a99f2e7cfd08ee9e7c606b75aa9dfbc122019790 Mon Sep 17 00:00:00 2001 From: Anton Shatenfeld Date: Fri, 22 Jun 2018 18:37:20 -0700 Subject: [PATCH 36/94] RefreshTokenGranter handles AuthenticationException Fixes gh-1410 --- .../provider/refresh/RefreshTokenGranter.java | 15 ++- .../refresh/RefreshTokenGranterTests.java | 124 ++++++++++++++++++ 2 files changed, 137 insertions(+), 2 deletions(-) create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/refresh/RefreshTokenGranterTests.java diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/refresh/RefreshTokenGranter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/refresh/RefreshTokenGranter.java index 71e4702f9..d390a2780 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/refresh/RefreshTokenGranter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/refresh/RefreshTokenGranter.java @@ -16,7 +16,10 @@ package org.springframework.security.oauth2.provider.refresh; +import org.springframework.security.authentication.AccountStatusException; +import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.oauth2.common.OAuth2AccessToken; +import org.springframework.security.oauth2.common.exceptions.InvalidGrantException; import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.ClientDetailsService; import org.springframework.security.oauth2.provider.OAuth2RequestFactory; @@ -48,7 +51,15 @@ protected RefreshTokenGranter(AuthorizationServerTokenServices tokenServices, Cl @Override protected OAuth2AccessToken getAccessToken(ClientDetails client, TokenRequest tokenRequest) { String refreshToken = tokenRequest.getRequestParameters().get("refresh_token"); - return getTokenServices().refreshAccessToken(refreshToken, tokenRequest); + try { + return getTokenServices().refreshAccessToken(refreshToken, tokenRequest); + } + catch (AccountStatusException ase) { + //covers expired, locked, disabled cases (mentioned in section 5.2, draft 31) + throw new InvalidGrantException(ase.getMessage()); + } catch (UsernameNotFoundException e) { + // If the user is not found, report a generic error message + throw new InvalidGrantException(e.getMessage()); + } } - } diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/refresh/RefreshTokenGranterTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/refresh/RefreshTokenGranterTests.java new file mode 100644 index 000000000..77433140c --- /dev/null +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/refresh/RefreshTokenGranterTests.java @@ -0,0 +1,124 @@ +package org.springframework.security.oauth2.provider.refresh; + +import org.junit.Before; +import org.junit.Test; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.LockedException; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.oauth2.common.OAuth2AccessToken; +import org.springframework.security.oauth2.common.exceptions.InvalidClientException; +import org.springframework.security.oauth2.common.exceptions.InvalidGrantException; +import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; +import org.springframework.security.oauth2.provider.ClientDetails; +import org.springframework.security.oauth2.provider.ClientDetailsService; +import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.OAuth2RequestFactory; +import org.springframework.security.oauth2.provider.TokenRequest; +import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory; +import org.springframework.security.oauth2.provider.token.DefaultTokenServices; +import org.springframework.security.oauth2.provider.token.TokenStore; +import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore; + +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +import static org.junit.Assert.assertTrue; + +public class RefreshTokenGranterTests { + + private Authentication validUser = new UsernamePasswordAuthenticationToken("foo", "bar", + Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"))); + + private AuthenticationManager authenticationManager = new AuthenticationManager() { + public Authentication authenticate(Authentication authentication) throws AuthenticationException { + return validUser; + } + }; + + private BaseClientDetails client = new BaseClientDetails("foo", "resource", "scope", "refresh_token", "ROLE_USER"); + + private TokenStore tokenStore = new InMemoryTokenStore(); + private DefaultTokenServices providerTokenServices = new DefaultTokenServices(); + + private ClientDetailsService clientDetailsService = new ClientDetailsService() { + public ClientDetails loadClientByClientId(String clientId) throws OAuth2Exception { + return client; + } + }; + + private OAuth2RequestFactory requestFactory = new DefaultOAuth2RequestFactory(clientDetailsService); + + private OAuth2AccessToken accessToken; + + private TokenRequest validRefreshTokenRequest; + + @Before + public void setUp() { + String clientId = "client"; + BaseClientDetails clientDetails = new BaseClientDetails(); + clientDetails.setClientId(clientId); + + providerTokenServices.setTokenStore(tokenStore); + providerTokenServices.setSupportRefreshToken(true); + providerTokenServices.setAuthenticationManager(authenticationManager); + // Create access token to refresh + accessToken = providerTokenServices.createAccessToken(new OAuth2Authentication(requestFactory.createOAuth2Request(client, requestFactory.createTokenRequest(Collections.emptyMap(), clientDetails)), validUser)); + validRefreshTokenRequest = createRefreshTokenRequest(accessToken.getRefreshToken().getValue()); + } + + private TokenRequest createRefreshTokenRequest(String refreshToken) { + Map parameters = new HashMap(); + parameters.put("grant_type", "refresh_token"); + parameters.put("refresh_token", refreshToken); + return requestFactory.createTokenRequest(parameters, client); + } + + @Test + public void testSunnyDay() { + RefreshTokenGranter granter = new RefreshTokenGranter(providerTokenServices, clientDetailsService, requestFactory); + OAuth2AccessToken token = granter.grant("refresh_token", validRefreshTokenRequest); + OAuth2Authentication authentication = providerTokenServices.loadAuthentication(token.getValue()); + assertTrue(authentication.isAuthenticated()); + } + + @Test(expected = InvalidGrantException.class) + public void testBadCredentials() { + RefreshTokenGranter granter = new RefreshTokenGranter(providerTokenServices, clientDetailsService, requestFactory); + granter.grant("refresh_token", createRefreshTokenRequest(accessToken.getRefreshToken().getValue() + "invalid_token")); + } + + @Test(expected = InvalidClientException.class) + public void testGrantTypeNotSupported() { + RefreshTokenGranter granter = new RefreshTokenGranter(providerTokenServices, clientDetailsService, requestFactory); + client.setAuthorizedGrantTypes(Collections.singleton("client_credentials")); + granter.grant("refresh_token", validRefreshTokenRequest); + } + + @Test(expected = InvalidGrantException.class) + public void testAccountLocked() { + providerTokenServices.setAuthenticationManager(new AuthenticationManager() { + public Authentication authenticate(Authentication authentication) throws AuthenticationException { + throw new LockedException("test"); + } + }); + RefreshTokenGranter granter = new RefreshTokenGranter(providerTokenServices, clientDetailsService, requestFactory); + granter.grant("refresh_token", validRefreshTokenRequest); + } + + @Test(expected = InvalidGrantException.class) + public void testUsernameNotFound() { + providerTokenServices.setAuthenticationManager(new AuthenticationManager() { + public Authentication authenticate(Authentication authentication) throws AuthenticationException { + throw new UsernameNotFoundException("test"); + } + }); + RefreshTokenGranter granter = new RefreshTokenGranter(providerTokenServices, clientDetailsService, requestFactory); + granter.grant("refresh_token", validRefreshTokenRequest); + } +} From d41b5a119d41a51d1afd382c5b2f9c117372ef23 Mon Sep 17 00:00:00 2001 From: Bjoern Eickvonder Date: Mon, 18 Mar 2019 15:48:27 +0100 Subject: [PATCH 37/94] Support x5t JWK header in JwkTokenStore Fixes gh-1617 --- .../store/jwk/EllipticCurveJwkDefinition.java | 4 +- .../token/store/jwk/JwkAttributes.java | 5 ++ .../token/store/jwk/JwkDefinition.java | 18 ++++++ .../token/store/jwk/JwkDefinitionSource.java | 34 ++++++++--- .../token/store/jwk/JwkSetConverter.java | 8 ++- .../JwkVerifyingJwtAccessTokenConverter.java | 19 ++++--- .../token/store/jwk/RsaJwkDefinition.java | 5 +- ...st.java => JwkDefinitionSourceITests.java} | 39 +++++++++++-- ...est.java => JwkDefinitionSourceTests.java} | 10 ++-- ...itionTest.java => JwkDefinitionTests.java} | 6 +- ...terTest.java => JwkSetConverterTests.java} | 2 +- ...oreITest.java => JwkTokenStoreITests.java} | 2 +- ...StoreTest.java => JwkTokenStoreTests.java} | 4 +- ...erifyingJwtAccessTokenConverterTests.java} | 56 ++++++++++++------- ...Test.java => JwtHeaderConverterTests.java} | 2 +- .../provider/token/store/jwk/JwtTestUtil.java | 7 ++- ...onTest.java => RsaJwkDefinitionTests.java} | 6 +- 17 files changed, 165 insertions(+), 62 deletions(-) rename spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/{JwkDefinitionSourceITest.java => JwkDefinitionSourceITests.java} (71%) rename spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/{JwkDefinitionSourceTest.java => JwkDefinitionSourceTests.java} (91%) rename spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/{JwkDefinitionTest.java => JwkDefinitionTests.java} (90%) rename spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/{JwkSetConverterTest.java => JwkSetConverterTests.java} (99%) rename spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/{JwkTokenStoreITest.java => JwkTokenStoreITests.java} (99%) rename spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/{JwkTokenStoreTest.java => JwkTokenStoreTests.java} (99%) rename spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/{JwkVerifyingJwtAccessTokenConverterTest.java => JwkVerifyingJwtAccessTokenConverterTests.java} (72%) rename spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/{JwtHeaderConverterTest.java => JwtHeaderConverterTests.java} (98%) rename spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/{RsaJwkDefinitionTest.java => RsaJwkDefinitionTests.java} (90%) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/EllipticCurveJwkDefinition.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/EllipticCurveJwkDefinition.java index 5b259ee79..360099d17 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/EllipticCurveJwkDefinition.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/EllipticCurveJwkDefinition.java @@ -32,6 +32,7 @@ final class EllipticCurveJwkDefinition extends JwkDefinition { * Creates an instance of an Elliptic Curve JSON Web Key (JWK). * * @param keyId the Key ID + * @param x5t the X.509 Certificate SHA-1 Thumbprint ("x5t") * @param publicKeyUse the intended use of the Public Key * @param algorithm the algorithm intended to be used * @param x the x value to be used @@ -39,12 +40,13 @@ final class EllipticCurveJwkDefinition extends JwkDefinition { * @param curve the curve to be used */ EllipticCurveJwkDefinition(String keyId, + String x5t, PublicKeyUse publicKeyUse, CryptoAlgorithm algorithm, String x, String y, String curve) { - super(keyId, KeyType.EC, publicKeyUse, algorithm); + super(keyId, x5t, KeyType.EC, publicKeyUse, algorithm); this.x = x; this.y = y; this.curve = curve; diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java index 931397668..15c3f1c2c 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java @@ -28,6 +28,11 @@ final class JwkAttributes { */ static final String KEY_ID = "kid"; + /** + * The "x5t" (X.509 Certificate SHA-1 Thumbprint) parameter used in a JWT header and in a JWK. + */ + static final String X5T = "x5t"; + /** * The "kty" (key type) parameter identifies the cryptographic algorithm family * used by a JWK, for example, "RSA" or "EC". diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java index eb19ba2e3..f8392fa10 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java @@ -25,6 +25,7 @@ */ abstract class JwkDefinition { private final String keyId; + private final String x5t; private final KeyType keyType; private final PublicKeyUse publicKeyUse; private final CryptoAlgorithm algorithm; @@ -33,15 +34,18 @@ abstract class JwkDefinition { * Creates an instance with the common attributes of a JWK. * * @param keyId the Key ID + * @param x5t the X.509 Certificate SHA-1 Thumbprint ("x5t") * @param keyType the Key Type * @param publicKeyUse the intended use of the Public Key * @param algorithm the algorithm intended to be used */ protected JwkDefinition(String keyId, + String x5t, KeyType keyType, PublicKeyUse publicKeyUse, CryptoAlgorithm algorithm) { this.keyId = keyId; + this.x5t = x5t; this.keyType = keyType; this.publicKeyUse = publicKeyUse; this.algorithm = algorithm; @@ -54,6 +58,13 @@ String getKeyId() { return this.keyId; } + /** + * @return the X.509 Certificate SHA-1 Thumbprint ("x5t") + */ + String getX5t() { + return this.x5t; + } + /** * @return the Key Type ("kty") */ @@ -89,6 +100,12 @@ public boolean equals(Object obj) { if (!this.getKeyId().equals(that.getKeyId())) { return false; } + if (this.getX5t() == null) { + if (that.getX5t() != null) + return false; + } + else if (!this.getX5t().equals(that.getX5t())) + return false; return this.getKeyType().equals(that.getKeyType()); } @@ -97,6 +114,7 @@ public boolean equals(Object obj) { public int hashCode() { int result = this.getKeyId().hashCode(); result = 31 * result + this.getKeyType().hashCode(); + result = 31 * result + ((this.getX5t() == null) ? 0 : this.getX5t().hashCode()); return result; } diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java index 7c2a2ff67..8340106e3 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java @@ -30,6 +30,7 @@ import java.security.spec.RSAPublicKeySpec; import java.util.ArrayList; import java.util.Arrays; +import java.util.Iterator; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; @@ -47,6 +48,7 @@ * * @author Joe Grandja * @author Michael Duergner + * @author Bjoern Eickvonder */ class JwkDefinitionSource { private final List jwkSetUrls; @@ -79,20 +81,21 @@ class JwkDefinitionSource { } /** - * Returns the JWK definition matching the provided keyId ("kid"). + * Returns the JWK definition matching the provided keyId ("kid") or provided thumbprint ("x5t"). * If the JWK definition is not available in the internal cache then {@link #loadJwkDefinitions(URL)} * will be called (to re-load the cache) and then followed-up with a second attempt to locate the JWK definition. * - * @param keyId the Key ID ("kid") + * @param keyId the Key ID ("kid"), if not given x5t will be checked + * @param x5t the X.509 Certificate SHA-1 Thumbprint ("x5t"), will only be checked if keyId is not given * @return the matching {@link JwkDefinition} or null if not found */ - JwkDefinitionHolder getDefinitionLoadIfNecessary(String keyId) { - JwkDefinitionHolder result = this.getDefinition(keyId); + JwkDefinitionHolder getDefinitionLoadIfNecessary(String keyId, String x5t) { + JwkDefinitionHolder result = this.getDefinition(keyId, x5t); if (result != null) { return result; } synchronized (this.jwkDefinitions) { - result = this.getDefinition(keyId); + result = this.getDefinition(keyId, x5t); if (result != null) { return result; } @@ -102,18 +105,31 @@ JwkDefinitionHolder getDefinitionLoadIfNecessary(String keyId) { } this.jwkDefinitions.clear(); this.jwkDefinitions.putAll(newJwkDefinitions); - return this.getDefinition(keyId); + return this.getDefinition(keyId, x5t); } } /** * Returns the JWK definition matching the provided keyId ("kid"). * - * @param keyId the Key ID ("kid") + * @param keyId the Key ID ("kid"), if not given x5t will be checked + * @param x5t the X.509 Certificate SHA-1 Thumbprint ("x5t"), will only be checked if keyId is not given * @return the matching {@link JwkDefinition} or null if not found */ - private JwkDefinitionHolder getDefinition(String keyId) { - return this.jwkDefinitions.get(keyId); + private JwkDefinitionHolder getDefinition(String keyId, String x5t) { + JwkDefinitionHolder result = null; + if (keyId != null) { + result = this.jwkDefinitions.get(keyId); + } else if (x5t != null) { + Iterator iter = this.jwkDefinitions.values().iterator(); + while (result == null && iter.hasNext()) { + JwkDefinitionHolder entry = iter.next(); + if (x5t.equals(entry.getJwkDefinition().getX5t())) { + result = entry; + } + } + } + return result; } /** diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java index d23683cf6..e6cf5d6d0 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java @@ -101,7 +101,7 @@ public Set convert(InputStream jwkSetSource) { if (JwkDefinition.PublicKeyUse.ENC.equals(publicKeyUse)) { continue; } - + JwkDefinition jwkDefinition = null; JwkDefinition.KeyType keyType = JwkDefinition.KeyType.fromValue(attributes.get(KEY_TYPE)); @@ -142,6 +142,7 @@ private JwkDefinition createRsaJwkDefinition(Map attributes) { if (!StringUtils.hasText(keyId)) { throw new JwkException(KEY_ID + " is a required attribute for a JWK."); } + String x5t = attributes.get(X5T); // use JwkDefinition.PublicKeyUse publicKeyUse = @@ -174,7 +175,7 @@ private JwkDefinition createRsaJwkDefinition(Map attributes) { } RsaJwkDefinition jwkDefinition = new RsaJwkDefinition( - keyId, publicKeyUse, algorithm, modulus, exponent); + keyId, x5t, publicKeyUse, algorithm, modulus, exponent); return jwkDefinition; } @@ -192,6 +193,7 @@ private JwkDefinition createEllipticCurveJwkDefinition(Map attri if (!StringUtils.hasText(keyId)) { throw new JwkException(KEY_ID + " is a required attribute for an EC JWK."); } + String x5t = attributes.get(X5T); // use JwkDefinition.PublicKeyUse publicKeyUse = @@ -230,7 +232,7 @@ private JwkDefinition createEllipticCurveJwkDefinition(Map attri } EllipticCurveJwkDefinition jwkDefinition = new EllipticCurveJwkDefinition( - keyId, publicKeyUse, algorithm, x, y, curve); + keyId, x5t, publicKeyUse, algorithm, x, y, curve); return jwkDefinition; } diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java index 3f2a6ebc3..02fbc3d5a 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java @@ -29,6 +29,7 @@ import static org.springframework.security.oauth2.provider.token.store.jwk.JwkAttributes.ALGORITHM; import static org.springframework.security.oauth2.provider.token.store.jwk.JwkAttributes.KEY_ID; +import static org.springframework.security.oauth2.provider.token.store.jwk.JwkAttributes.X5T; /** * A specialized extension of {@link JwtAccessTokenConverter} that is responsible for verifying @@ -42,8 +43,8 @@ *
*
*

    - *
  1. Extract the "kid" parameter from the JWT header.
    2. - *
  2. Find the matching {@link JwkDefinition} from the {@link JwkDefinitionSource} with the corresponding "kid" attribute.
    3. + *
  3. Extract the "kid" and "x5t" parameters from the JWT header.
    4. + *
  4. Find the matching {@link JwkDefinition} from the {@link JwkDefinitionSource} with the corresponding "kid" or "x5t" attribute.
    5. *
  5. Obtain the {@link SignatureVerifier} associated with the {@link JwkDefinition} via the {@link JwkDefinitionSource} and verify the signature.
    6. *
*
@@ -67,6 +68,7 @@ * @see JSON Web Signature (JWS) * * @author Joe Grandja + * @author bjoern Eickvonder */ class JwkVerifyingJwtAccessTokenConverter extends JwtAccessTokenConverter { private final JwkDefinitionSource jwkDefinitionSource; @@ -95,14 +97,15 @@ class JwkVerifyingJwtAccessTokenConverter extends JwtAccessTokenConverter { protected Map decode(String token) { Map headers = this.jwtHeaderConverter.convert(token); - // Validate "kid" header + // Validate "kid" or "x5t" header String keyIdHeader = headers.get(KEY_ID); - if (keyIdHeader == null) { - throw new InvalidTokenException("Invalid JWT/JWS: " + KEY_ID + " is a required JOSE Header"); + String x5tHeader = headers.get(X5T); + if (keyIdHeader == null && x5tHeader == null) { + throw new InvalidTokenException("Invalid JWT/JWS: " + KEY_ID + " or " + X5T + " is a required JOSE Header"); } - JwkDefinitionSource.JwkDefinitionHolder jwkDefinitionHolder = this.jwkDefinitionSource.getDefinitionLoadIfNecessary(keyIdHeader); + JwkDefinitionSource.JwkDefinitionHolder jwkDefinitionHolder = this.jwkDefinitionSource.getDefinitionLoadIfNecessary(keyIdHeader, x5tHeader); if (jwkDefinitionHolder == null) { - throw new InvalidTokenException("Invalid JOSE Header " + KEY_ID + " (" + keyIdHeader + ")"); + throw new InvalidTokenException("Invalid JOSE Header " + KEY_ID + " (" + keyIdHeader + "), " + X5T + " (" + x5tHeader + ")"); } JwkDefinition jwkDefinition = jwkDefinitionHolder.getJwkDefinition(); @@ -113,7 +116,7 @@ protected Map decode(String token) { } if (jwkDefinition.getAlgorithm() != null && !algorithmHeader.equals(jwkDefinition.getAlgorithm().headerParamValue())) { throw new InvalidTokenException("Invalid JOSE Header " + ALGORITHM + " (" + algorithmHeader + ")" + - " does not match algorithm associated to JWK with " + KEY_ID + " (" + keyIdHeader + ")"); + " does not match algorithm associated to JWK with " + KEY_ID + " (" + keyIdHeader + "), " + X5T + " (" + x5tHeader + ")"); } // Verify signature diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinition.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinition.java index 141cadb97..5eada32c4 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinition.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinition.java @@ -31,18 +31,19 @@ final class RsaJwkDefinition extends JwkDefinition { * Creates an instance of a RSA JSON Web Key (JWK). * * @param keyId the Key ID + * @param x5t the X.509 Certificate SHA-1 Thumbprint ("x5t") * @param publicKeyUse the intended use of the Public Key * @param algorithm the algorithm intended to be used * @param modulus the modulus value for the Public Key * @param exponent the exponent value for the Public Key */ RsaJwkDefinition(String keyId, + String x5t, PublicKeyUse publicKeyUse, CryptoAlgorithm algorithm, String modulus, String exponent) { - - super(keyId, KeyType.RSA, publicKeyUse, algorithm); + super(keyId, x5t, KeyType.RSA, publicKeyUse, algorithm); this.modulus = modulus; this.exponent = exponent; } diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceITest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceITests.java similarity index 71% rename from spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceITest.java rename to spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceITests.java index e08ace32b..43a9c70b3 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceITest.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceITests.java @@ -25,11 +25,12 @@ import java.util.Arrays; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertSame; /** * @author Rob Winch */ -public class JwkDefinitionSourceITest { +public class JwkDefinitionSourceITests { private MockWebServer server; @@ -80,9 +81,9 @@ public void getDefinitionLoadIfNecessaryWhenMultipleUrlsThenBothUrlsAreLoaded() String keyId1 = "key-id-1"; String keyId2 = "key-id-2"; String keyId3 = "key-id-3"; - JwkDefinition jwkDef1 = this.source.getDefinitionLoadIfNecessary(keyId1).getJwkDefinition(); - JwkDefinition jwkDef2 = this.source.getDefinitionLoadIfNecessary(keyId2).getJwkDefinition(); - JwkDefinition jwkDef3 = this.source.getDefinitionLoadIfNecessary(keyId3).getJwkDefinition(); + JwkDefinition jwkDef1 = this.source.getDefinitionLoadIfNecessary(keyId1, null).getJwkDefinition(); + JwkDefinition jwkDef2 = this.source.getDefinitionLoadIfNecessary(keyId2, null).getJwkDefinition(); + JwkDefinition jwkDef3 = this.source.getDefinitionLoadIfNecessary(keyId3, null).getJwkDefinition(); assertEquals(jwkDef1.getKeyId(), keyId1); assertEquals(jwkDef1.getAlgorithm(), JwkDefinition.CryptoAlgorithm.RS256); @@ -100,6 +101,36 @@ public void getDefinitionLoadIfNecessaryWhenMultipleUrlsThenBothUrlsAreLoaded() assertEquals(jwkDef3.getKeyType(), JwkDefinition.KeyType.EC); } + @Test + public void getDefinitionLoadIfNecessaryWithX5T() { + this.server.enqueue(new MockResponse().setHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).setBody("{\n" + + " \"keys\": [\n" + + " {\n" + + " \"kid\": \"key-id-1\",\n" + + " \"x5t\": \"x5t-1\",\n" + + " \"kty\": \"RSA\",\n" + + " \"alg\": \"RS256\",\n" + + " \"use\": \"sig\",\n" + + " \"n\": \"rne3dowbQHcFCzg2ejWb6az5QNxWFiv6kRpd34VDzYNMhWeewfeEL5Pf5clE8Xh1KlllrDYSxtnzUQm-t9p92yEBASfV96ydTYG-ITfxfJzKtJUN-iIS5K9WGYXnDNS4eYZ_ygW-zBU_9NwFMXdwSTzRqHeJmLJrfbmmjoIuuWyfh2Ko52KzyidceR5SJxGeW0ckeyWka1lDf4cr7fv-s093Y_sd2wrNvg0-9IAkXotbxWWXcfMgXFyw0qHFT_5LrKmiwkY3HCaiV5NgEFJmC6fBIG2EOZG4rqjBoYV6LZwrfTMHknaeel9MOZesW6SR2bswtuuWN3DGq2zg0KamLw\",\n" + + " \"e\": \"AQAB\"\n" + + " }\n" + + " ]\n" + + "}\n")); + this.source = new JwkDefinitionSource(Arrays.asList(serverUrl("/jwk1"))); + + String keyId1 = "key-id-1"; + String x5t1 = "x5t-1"; + JwkDefinition jwkDef1 = this.source.getDefinitionLoadIfNecessary(keyId1, x5t1).getJwkDefinition(); + assertEquals(keyId1, jwkDef1.getKeyId()); + assertEquals(x5t1, jwkDef1.getX5t()); + assertEquals(JwkDefinition.CryptoAlgorithm.RS256, jwkDef1.getAlgorithm()); + assertEquals(JwkDefinition.PublicKeyUse.SIG, jwkDef1.getPublicKeyUse()); + assertEquals(JwkDefinition.KeyType.RSA, jwkDef1.getKeyType()); + + assertSame(jwkDef1, this.source.getDefinitionLoadIfNecessary(keyId1, null).getJwkDefinition()); + assertSame(jwkDef1, this.source.getDefinitionLoadIfNecessary(null, x5t1).getJwkDefinition()); + } + private String serverUrl(String path) { return this.server.url(http://github.com/path).toString(); } diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTests.java similarity index 91% rename from spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTest.java rename to spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTests.java index e0556619c..409a0ed0c 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTest.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTests.java @@ -39,7 +39,7 @@ */ @RunWith(PowerMockRunner.class) @PrepareForTest(JwkDefinitionSource.class) -public class JwkDefinitionSourceTest { +public class JwkDefinitionSourceTests { private static final String DEFAULT_JWK_SET_URL = "https://identity.server1.io/token_keys"; @Test(expected = IllegalArgumentException.class) @@ -57,16 +57,16 @@ public void getDefinitionLoadIfNecessaryWhenKeyIdNotFoundThenLoadJwkDefinitions( JwkDefinitionSource jwkDefinitionSource = spy(new JwkDefinitionSource(DEFAULT_JWK_SET_URL)); mockStatic(JwkDefinitionSource.class); when(JwkDefinitionSource.loadJwkDefinitions(any(URL.class))).thenReturn(Collections.emptyMap()); - jwkDefinitionSource.getDefinitionLoadIfNecessary("invalid-key-id"); + jwkDefinitionSource.getDefinitionLoadIfNecessary("invalid-key-id", null); verifyStatic(); } // gh-1010 @Test public void getVerifierWhenModulusMostSignificantBitIs1ThenVerifierStillVerifyContentSignature() throws Exception { - String jwkSetUrl = JwkDefinitionSourceTest.class.getResource("jwk-set.json").toString(); + String jwkSetUrl = JwkDefinitionSourceTests.class.getResource("jwk-set.json").toString(); JwkDefinitionSource jwkDefinitionSource = new JwkDefinitionSource(jwkSetUrl); - SignatureVerifier verifier = jwkDefinitionSource.getDefinitionLoadIfNecessary("_Ci3-VfV_N0YAG22NQOgOUpFBDDcDe_rJxpu5JK702o").getSignatureVerifier(); + SignatureVerifier verifier = jwkDefinitionSource.getDefinitionLoadIfNecessary("_Ci3-VfV_N0YAG22NQOgOUpFBDDcDe_rJxpu5JK702o", null).getSignatureVerifier(); String token = this.readToken("token.jwt"); int secondPeriodIndex = token.indexOf('.', token.indexOf('.') + 1); String contentString = token.substring(0, secondPeriodIndex); @@ -80,7 +80,7 @@ private String readToken(String resource) throws IOException { StringBuilder sb = new StringBuilder(); InputStream in = null; try { - in = JwkDefinitionSourceTest.class.getResourceAsStream(resource); + in = JwkDefinitionSourceTests.class.getResourceAsStream(resource); int ch; while ((ch = in.read()) != -1) { sb.append((char) ch); diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionTests.java similarity index 90% rename from spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionTest.java rename to spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionTests.java index 66660b65f..b571f4ab5 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionTest.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionTests.java @@ -22,18 +22,20 @@ /** * @author Joe Grandja */ -public class JwkDefinitionTest { +public class JwkDefinitionTests { @Test public void constructorWhenArgumentsPassedThenAttributesAreCorrectlySet() throws Exception { String keyId = "key-id-1"; + String x5t = "x5t-1"; JwkDefinition.KeyType keyType = JwkDefinition.KeyType.RSA; JwkDefinition.PublicKeyUse publicKeyUse = JwkDefinition.PublicKeyUse.SIG; JwkDefinition.CryptoAlgorithm algorithm = JwkDefinition.CryptoAlgorithm.RS512; - JwkDefinition jwkDefinition = new JwkDefinition(keyId, keyType, publicKeyUse, algorithm) { }; + JwkDefinition jwkDefinition = new JwkDefinition(keyId, x5t, keyType, publicKeyUse, algorithm) { }; assertEquals(keyId, jwkDefinition.getKeyId()); + assertEquals(x5t, jwkDefinition.getX5t()); assertEquals(keyType, jwkDefinition.getKeyType()); assertEquals(publicKeyUse, jwkDefinition.getPublicKeyUse()); assertEquals(algorithm, jwkDefinition.getAlgorithm()); diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTests.java similarity index 99% rename from spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java rename to spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTests.java index 6591efa25..c8db18758 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTests.java @@ -36,7 +36,7 @@ * @author Joe Grandja * @author Vedran Pavic */ -public class JwkSetConverterTest { +public class JwkSetConverterTests { private final JwkSetConverter converter = new JwkSetConverter(); private final ObjectMapper objectMapper = new ObjectMapper(); diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreITest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreITests.java similarity index 99% rename from spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreITest.java rename to spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreITests.java index 370fb7a28..4e4dffa8d 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreITest.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreITests.java @@ -38,7 +38,7 @@ /** * @author Joe Grandja */ -public class JwkTokenStoreITest { +public class JwkTokenStoreITests { private MockWebServer server; @Before diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTests.java similarity index 99% rename from spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTest.java rename to spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTests.java index 1817582fd..f835e110f 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTest.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTests.java @@ -48,7 +48,7 @@ */ @RunWith(PowerMockRunner.class) @PrepareForTest(JwkTokenStore.class) -public class JwkTokenStoreTest { +public class JwkTokenStoreTests { private JwkTokenStore jwkTokenStore = new JwkTokenStore("https://identity.server1.io/token_keys"); @Rule @@ -129,7 +129,7 @@ public void readAccessTokenWhenJwtClaimsSetVerifierIsSetThenVerifyIsCalled() thr when(jwkDefinitionHolder.getSignatureVerifier()).thenReturn(mock(SignatureVerifier.class)); JwkDefinitionSource jwkDefinitionSource = mock(JwkDefinitionSource.class); - when(jwkDefinitionSource.getDefinitionLoadIfNecessary(anyString())).thenReturn(jwkDefinitionHolder); + when(jwkDefinitionSource.getDefinitionLoadIfNecessary(anyString(), anyString())).thenReturn(jwkDefinitionHolder); JwkVerifyingJwtAccessTokenConverter jwtVerifyingAccessTokenConverter = new JwkVerifyingJwtAccessTokenConverter(jwkDefinitionSource); diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTests.java similarity index 72% rename from spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTest.java rename to spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTests.java index c67c54c3e..9c2534412 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTest.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTests.java @@ -34,7 +34,7 @@ /** * @author Joe Grandja */ -public class JwkVerifyingJwtAccessTokenConverterTest { +public class JwkVerifyingJwtAccessTokenConverterTests { @Rule public ExpectedException thrown = ExpectedException.none(); @@ -51,41 +51,41 @@ public void encodeWhenCalledThenThrowJwkException() throws Exception { @Test public void decodeWhenKeyIdHeaderMissingThenThrowJwkException() throws Exception { this.thrown.expect(InvalidTokenException.class); - this.thrown.expectMessage("Invalid JWT/JWS: kid is a required JOSE Header"); + this.thrown.expectMessage("Invalid JWT/JWS: kid or x5t is a required JOSE Header"); JwkVerifyingJwtAccessTokenConverter accessTokenConverter = new JwkVerifyingJwtAccessTokenConverter(mock(JwkDefinitionSource.class)); - String jwt = createJwt(createJwtHeader(null, JwkDefinition.CryptoAlgorithm.RS256)); + String jwt = createJwt(createJwtHeader(null, null, JwkDefinition.CryptoAlgorithm.RS256)); accessTokenConverter.decode(jwt); } @Test public void decodeWhenKeyIdHeaderInvalidThenThrowJwkException() throws Exception { this.thrown.expect(InvalidTokenException.class); - this.thrown.expectMessage("Invalid JOSE Header kid (invalid-key-id)"); - JwkDefinition jwkDefinition = this.createRSAJwkDefinition("key-id-1", JwkDefinition.CryptoAlgorithm.RS256); + this.thrown.expectMessage("Invalid JOSE Header kid (invalid-key-id), x5t (null)"); + JwkDefinition jwkDefinition = this.createRSAJwkDefinition("key-id-1", null, JwkDefinition.CryptoAlgorithm.RS256); JwkDefinitionSource jwkDefinitionSource = mock(JwkDefinitionSource.class); JwkDefinitionSource.JwkDefinitionHolder jwkDefinitionHolder = mock(JwkDefinitionSource.JwkDefinitionHolder.class); when(jwkDefinitionHolder.getJwkDefinition()).thenReturn(jwkDefinition); - when(jwkDefinitionSource.getDefinitionLoadIfNecessary("key-id-1")).thenReturn(jwkDefinitionHolder); + when(jwkDefinitionSource.getDefinitionLoadIfNecessary("key-id-1", null)).thenReturn(jwkDefinitionHolder); JwkVerifyingJwtAccessTokenConverter accessTokenConverter = new JwkVerifyingJwtAccessTokenConverter(jwkDefinitionSource); - String jwt = createJwt(createJwtHeader("invalid-key-id", JwkDefinition.CryptoAlgorithm.RS256)); + String jwt = createJwt(createJwtHeader("invalid-key-id", null, JwkDefinition.CryptoAlgorithm.RS256)); accessTokenConverter.decode(jwt); } // gh-1129 @Test public void decodeWhenJwkAlgorithmNullAndJwtAlgorithmPresentThenDecodeStillSucceeds() throws Exception { - JwkDefinition jwkDefinition = this.createRSAJwkDefinition("key-id-1", null); + JwkDefinition jwkDefinition = this.createRSAJwkDefinition("key-id-1", null, null); JwkDefinitionSource jwkDefinitionSource = mock(JwkDefinitionSource.class); JwkDefinitionSource.JwkDefinitionHolder jwkDefinitionHolder = mock(JwkDefinitionSource.JwkDefinitionHolder.class); SignatureVerifier signatureVerifier = mock(SignatureVerifier.class); when(jwkDefinitionHolder.getJwkDefinition()).thenReturn(jwkDefinition); - when(jwkDefinitionSource.getDefinitionLoadIfNecessary("key-id-1")).thenReturn(jwkDefinitionHolder); + when(jwkDefinitionSource.getDefinitionLoadIfNecessary("key-id-1", null)).thenReturn(jwkDefinitionHolder); when(jwkDefinitionHolder.getSignatureVerifier()).thenReturn(signatureVerifier); JwkVerifyingJwtAccessTokenConverter accessTokenConverter = new JwkVerifyingJwtAccessTokenConverter(jwkDefinitionSource); - String jwt = createJwt(createJwtHeader("key-id-1", JwkDefinition.CryptoAlgorithm.RS256)); + String jwt = createJwt(createJwtHeader("key-id-1", null, JwkDefinition.CryptoAlgorithm.RS256)); String jws = jwt + "." + utf8Decode(b64UrlEncode("junkSignature".getBytes())); Map decodedJwt = accessTokenConverter.decode(jws); assertNotNull(decodedJwt); @@ -95,14 +95,14 @@ public void decodeWhenJwkAlgorithmNullAndJwtAlgorithmPresentThenDecodeStillSucce public void decodeWhenAlgorithmHeaderMissingThenThrowJwkException() throws Exception { this.thrown.expect(InvalidTokenException.class); this.thrown.expectMessage("Invalid JWT/JWS: alg is a required JOSE Header"); - JwkDefinition jwkDefinition = this.createRSAJwkDefinition("key-id-1", JwkDefinition.CryptoAlgorithm.RS256); + JwkDefinition jwkDefinition = this.createRSAJwkDefinition("key-id-1", null, JwkDefinition.CryptoAlgorithm.RS256); JwkDefinitionSource jwkDefinitionSource = mock(JwkDefinitionSource.class); JwkDefinitionSource.JwkDefinitionHolder jwkDefinitionHolder = mock(JwkDefinitionSource.JwkDefinitionHolder.class); when(jwkDefinitionHolder.getJwkDefinition()).thenReturn(jwkDefinition); - when(jwkDefinitionSource.getDefinitionLoadIfNecessary("key-id-1")).thenReturn(jwkDefinitionHolder); + when(jwkDefinitionSource.getDefinitionLoadIfNecessary("key-id-1", null)).thenReturn(jwkDefinitionHolder); JwkVerifyingJwtAccessTokenConverter accessTokenConverter = new JwkVerifyingJwtAccessTokenConverter(jwkDefinitionSource); - String jwt = createJwt(createJwtHeader("key-id-1", null)); + String jwt = createJwt(createJwtHeader("key-id-1", null, null)); accessTokenConverter.decode(jwt); } @@ -111,29 +111,47 @@ public void decodeWhenAlgorithmHeaderDoesNotMatchJwkAlgorithmThenThrowJwkExcepti this.thrown.expect(InvalidTokenException.class); this.thrown.expectMessage("Invalid JOSE Header alg (RS512) " + "does not match algorithm associated to JWK with kid (key-id-1)"); - JwkDefinition jwkDefinition = this.createRSAJwkDefinition("key-id-1", JwkDefinition.CryptoAlgorithm.RS256); + JwkDefinition jwkDefinition = this.createRSAJwkDefinition("key-id-1", null, JwkDefinition.CryptoAlgorithm.RS256); JwkDefinitionSource jwkDefinitionSource = mock(JwkDefinitionSource.class); JwkDefinitionSource.JwkDefinitionHolder jwkDefinitionHolder = mock(JwkDefinitionSource.JwkDefinitionHolder.class); when(jwkDefinitionHolder.getJwkDefinition()).thenReturn(jwkDefinition); - when(jwkDefinitionSource.getDefinitionLoadIfNecessary("key-id-1")).thenReturn(jwkDefinitionHolder); + when(jwkDefinitionSource.getDefinitionLoadIfNecessary("key-id-1", null)).thenReturn(jwkDefinitionHolder); JwkVerifyingJwtAccessTokenConverter accessTokenConverter = new JwkVerifyingJwtAccessTokenConverter(jwkDefinitionSource); - String jwt = createJwt(createJwtHeader("key-id-1", JwkDefinition.CryptoAlgorithm.RS512)); + String jwt = createJwt(createJwtHeader("key-id-1", null, JwkDefinition.CryptoAlgorithm.RS512)); accessTokenConverter.decode(jwt); } - private JwkDefinition createRSAJwkDefinition(String keyId, JwkDefinition.CryptoAlgorithm algorithm) { - return createRSAJwkDefinition(JwkDefinition.KeyType.RSA, keyId, + @Test + public void decodeWhenKidHeaderMissingButX5tHeaderPresentThenDecodeStillSucceeds() throws Exception { + JwkDefinition jwkDefinition = this.createRSAJwkDefinition("key-id-1", "x5t-1", null); + JwkDefinitionSource jwkDefinitionSource = mock(JwkDefinitionSource.class); + JwkDefinitionSource.JwkDefinitionHolder jwkDefinitionHolder = mock(JwkDefinitionSource.JwkDefinitionHolder.class); + SignatureVerifier signatureVerifier = mock(SignatureVerifier.class); + when(jwkDefinitionHolder.getJwkDefinition()).thenReturn(jwkDefinition); + when(jwkDefinitionSource.getDefinitionLoadIfNecessary(null, "x5t-1")).thenReturn(jwkDefinitionHolder); + when(jwkDefinitionHolder.getSignatureVerifier()).thenReturn(signatureVerifier); + JwkVerifyingJwtAccessTokenConverter accessTokenConverter = + new JwkVerifyingJwtAccessTokenConverter(jwkDefinitionSource); + String jwt = createJwt(createJwtHeader(null, "x5t-1", JwkDefinition.CryptoAlgorithm.RS256)); + String jws = jwt + "." + utf8Decode(b64UrlEncode("junkSignature".getBytes())); + Map decodedJwt = accessTokenConverter.decode(jws); + assertNotNull(decodedJwt); + } + + private JwkDefinition createRSAJwkDefinition(String keyId, String x5t, JwkDefinition.CryptoAlgorithm algorithm) { + return createRSAJwkDefinition(JwkDefinition.KeyType.RSA, keyId, x5t, JwkDefinition.PublicKeyUse.SIG, algorithm, "AMh-pGAj9vX2gwFDyrXot1f2YfHgh8h0Qx6w9IqLL", "AQAB"); } private JwkDefinition createRSAJwkDefinition(JwkDefinition.KeyType keyType, String keyId, + String x5t, JwkDefinition.PublicKeyUse publicKeyUse, JwkDefinition.CryptoAlgorithm algorithm, String modulus, String exponent) { - return new RsaJwkDefinition(keyId, publicKeyUse, algorithm, modulus, exponent); + return new RsaJwkDefinition(keyId, x5t, publicKeyUse, algorithm, modulus, exponent); } } \ No newline at end of file diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverterTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverterTests.java similarity index 98% rename from spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverterTest.java rename to spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverterTests.java index f15422876..5d44d2cc9 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverterTest.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverterTests.java @@ -32,7 +32,7 @@ * @author Joe Grandja * @author Vedran Pavic */ -public class JwtHeaderConverterTest { +public class JwtHeaderConverterTests { private final JwtHeaderConverter converter = new JwtHeaderConverter(); @Rule diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtTestUtil.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtTestUtil.java index 4b8b97c30..b8c30e1de 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtTestUtil.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtTestUtil.java @@ -44,14 +44,17 @@ static String createJwt(byte[] jwtHeader, byte[] jwtPayload) throws Exception { } static byte[] createDefaultJwtHeader() throws Exception { - return createJwtHeader("key-id-1", JwkDefinition.CryptoAlgorithm.RS256); + return createJwtHeader("key-id-1", null, JwkDefinition.CryptoAlgorithm.RS256); } - static byte[] createJwtHeader(String keyId, JwkDefinition.CryptoAlgorithm algorithm) throws Exception { + static byte[] createJwtHeader(String keyId, String x5t, JwkDefinition.CryptoAlgorithm algorithm) throws Exception { Map jwtHeader = new HashMap(); if (keyId != null) { jwtHeader.put(JwkAttributes.KEY_ID, keyId); } + if (x5t != null) { + jwtHeader.put(JwkAttributes.X5T, x5t); + } if (algorithm != null) { jwtHeader.put(JwkAttributes.ALGORITHM, algorithm.headerParamValue()); } diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinitionTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinitionTests.java similarity index 90% rename from spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinitionTest.java rename to spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinitionTests.java index 96712e452..b62eb5658 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinitionTest.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinitionTests.java @@ -22,20 +22,22 @@ /** * @author Joe Grandja */ -public class RsaJwkDefinitionTest { +public class RsaJwkDefinitionTests { @Test public void constructorWhenArgumentsPassedThenAttributesAreCorrectlySet() throws Exception { String keyId = "key-id-1"; + String x5t = "x5t-1"; JwkDefinition.PublicKeyUse publicKeyUse = JwkDefinition.PublicKeyUse.ENC; JwkDefinition.CryptoAlgorithm algorithm = JwkDefinition.CryptoAlgorithm.RS384; String modulus = "AMh-pGAj9vX2gwFDyrXot1f2YfHgh8h0Qx6w9IqLL"; String exponent = "AQAB"; RsaJwkDefinition rsaJwkDefinition = new RsaJwkDefinition( - keyId, publicKeyUse, algorithm, modulus, exponent); + keyId, x5t, publicKeyUse, algorithm, modulus, exponent); assertEquals(keyId, rsaJwkDefinition.getKeyId()); + assertEquals(x5t, rsaJwkDefinition.getX5t()); assertEquals(JwkDefinition.KeyType.RSA, rsaJwkDefinition.getKeyType()); assertEquals(publicKeyUse, rsaJwkDefinition.getPublicKeyUse()); assertEquals(algorithm, rsaJwkDefinition.getAlgorithm()); From 24d6dcb3dcaaf1c1b1b7009528a50753c7e85bf0 Mon Sep 17 00:00:00 2001 From: Kenrick Satrio Sahputra Date: Sun, 4 Nov 2018 22:04:39 +0900 Subject: [PATCH 38/94] Polish Fixes gh-1519 --- .../ClientCredentialsAccessTokenProvider.java | 3 +- .../AuthorizationCodeAccessTokenProvider.java | 4 +- ...ourceOwnerPasswordAccessTokenProvider.java | 5 ++- .../oauth2/provider/TokenRequest.java | 2 +- .../endpoint/AuthorizationEndpoint.java | 2 +- .../provider/endpoint/TokenEndpoint.java | 41 +++++++++---------- .../TokenEndpointAuthenticationFilter.java | 4 +- 7 files changed, 30 insertions(+), 31 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/client/ClientCredentialsAccessTokenProvider.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/client/ClientCredentialsAccessTokenProvider.java index 0560e46a9..4d7c664c7 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/client/ClientCredentialsAccessTokenProvider.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/client/ClientCredentialsAccessTokenProvider.java @@ -13,6 +13,7 @@ import org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport; import org.springframework.security.oauth2.common.OAuth2RefreshToken; import org.springframework.security.oauth2.common.OAuth2AccessToken; +import org.springframework.security.oauth2.common.util.OAuth2Utils; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; @@ -52,7 +53,7 @@ public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails detail private MultiValueMap getParametersForTokenRequest(ClientCredentialsResourceDetails resource) { MultiValueMap form = new LinkedMultiValueMap(); - form.set("grant_type", "client_credentials"); + form.set(OAuth2Utils.GRANT_TYPE, "client_credentials"); if (resource.isScoped()) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProvider.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProvider.java index 682b7c67e..4e48c9685 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProvider.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProvider.java @@ -219,7 +219,7 @@ public OAuth2AccessToken refreshAccessToken(OAuth2ProtectedResourceDetails resou OAuth2RefreshToken refreshToken, AccessTokenRequest request) throws UserRedirectRequiredException, OAuth2AccessDeniedException { MultiValueMap form = new LinkedMultiValueMap(); - form.add("grant_type", "refresh_token"); + form.add(OAuth2Utils.GRANT_TYPE, "refresh_token"); form.add("refresh_token", refreshToken.getValue()); try { return retrieveToken(request, resource, form, getHeadersForTokenRequest(request)); @@ -248,7 +248,7 @@ private MultiValueMap getParametersForTokenRequest(Authorization AccessTokenRequest request) { MultiValueMap form = new LinkedMultiValueMap(); - form.set("grant_type", "authorization_code"); + form.set(OAuth2Utils.GRANT_TYPE, "authorization_code"); form.set("code", request.getAuthorizationCode()); Object preservedState = request.getPreservedState(); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/password/ResourceOwnerPasswordAccessTokenProvider.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/password/ResourceOwnerPasswordAccessTokenProvider.java index db85f4e40..fb53594a7 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/password/ResourceOwnerPasswordAccessTokenProvider.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/password/ResourceOwnerPasswordAccessTokenProvider.java @@ -13,6 +13,7 @@ import org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport; import org.springframework.security.oauth2.common.OAuth2RefreshToken; import org.springframework.security.oauth2.common.OAuth2AccessToken; +import org.springframework.security.oauth2.common.util.OAuth2Utils; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; @@ -39,7 +40,7 @@ public OAuth2AccessToken refreshAccessToken(OAuth2ProtectedResourceDetails resou OAuth2RefreshToken refreshToken, AccessTokenRequest request) throws UserRedirectRequiredException, OAuth2AccessDeniedException { MultiValueMap form = new LinkedMultiValueMap(); - form.add("grant_type", "refresh_token"); + form.add(OAuth2Utils.GRANT_TYPE, "refresh_token"); form.add("refresh_token", refreshToken.getValue()); return retrieveToken(request, resource, form, new HttpHeaders()); } @@ -55,7 +56,7 @@ public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails detail private MultiValueMap getParametersForTokenRequest(ResourceOwnerPasswordResourceDetails resource, AccessTokenRequest request) { MultiValueMap form = new LinkedMultiValueMap(); - form.set("grant_type", "password"); + form.set(OAuth2Utils.GRANT_TYPE, "password"); form.set("username", resource.getUsername()); form.set("password", resource.getPassword()); diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/TokenRequest.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/TokenRequest.java index 6fb2dbc69..b04919afe 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/TokenRequest.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/TokenRequest.java @@ -94,7 +94,7 @@ public OAuth2Request createOAuth2Request(ClientDetails client) { modifiable.remove("password"); modifiable.remove("client_secret"); // Add grant type so it can be retrieved from OAuth2Request - modifiable.put("grant_type", grantType); + modifiable.put(OAuth2Utils.GRANT_TYPE, grantType); return new OAuth2Request(modifiable, client.getClientId(), client.getAuthorities(), true, this.getScope(), client.getResourceIds(), null, null, null); } diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpoint.java index 79449846c..b0898ef8f 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpoint.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpoint.java @@ -416,7 +416,7 @@ private String appendAccessToken(AuthorizationRequest authorizationRequest, OAut } String originalScope = authorizationRequest.getRequestParameters().get(OAuth2Utils.SCOPE); if (originalScope == null || !OAuth2Utils.parseParameterList(originalScope).equals(accessToken.getScope())) { - vars.put("scope", OAuth2Utils.formatParameterList(accessToken.getScope())); + vars.put(OAuth2Utils.SCOPE, OAuth2Utils.formatParameterList(accessToken.getScope())); } Map additionalInformation = accessToken.getAdditionalInformation(); for (String key : additionalInformation.keySet()) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java index bf4fdda7f..6c6cb7793 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java @@ -79,8 +79,10 @@ public class TokenEndpoint extends AbstractEndpoint { private Set allowedRequestMethods = new HashSet(Arrays.asList(HttpMethod.POST)); @RequestMapping(value = "/oauth/token", method=RequestMethod.GET) - public ResponseEntity getAccessToken(Principal principal, @RequestParam - Map parameters) throws HttpRequestMethodNotSupportedException { + public ResponseEntity getAccessToken( + Principal principal, @RequestParam Map parameters) + throws HttpRequestMethodNotSupportedException { + if (!allowedRequestMethods.contains(HttpMethod.GET)) { throw new HttpRequestMethodNotSupportedException("GET"); } @@ -88,8 +90,9 @@ public ResponseEntity getAccessToken(Principal principal, @Re } @RequestMapping(value = "/oauth/token", method=RequestMethod.POST) - public ResponseEntity postAccessToken(Principal principal, @RequestParam - Map parameters) throws HttpRequestMethodNotSupportedException { + public ResponseEntity postAccessToken( + Principal principal, @RequestParam Map parameters) + throws HttpRequestMethodNotSupportedException { if (!(principal instanceof Authentication)) { throw new InsufficientAuthenticationException( @@ -101,34 +104,29 @@ public ResponseEntity postAccessToken(Principal principal, @R TokenRequest tokenRequest = getOAuth2RequestFactory().createTokenRequest(parameters, authenticatedClient); - if (clientId != null && !clientId.equals("")) { - // Only validate the client details if a client authenticated during this - // request. - if (!clientId.equals(tokenRequest.getClientId())) { - // double check to make sure that the client ID in the token request is the same as that in the - // authenticated client - throw new InvalidClientException("Given client ID does not match authenticated client"); - } + // Only validate client details if a client is authenticated during this request. + // Double check to make sure that the client ID is the same in the token request and authenticated client. + if (StringUtils.hasText(clientId) && !clientId.equals(tokenRequest.getClientId())) { + throw new InvalidClientException("Given client ID does not match authenticated client"); } + if (authenticatedClient != null) { oAuth2RequestValidator.validateScope(tokenRequest, authenticatedClient); } + if (!StringUtils.hasText(tokenRequest.getGrantType())) { throw new InvalidRequestException("Missing grant type"); } + if (tokenRequest.getGrantType().equals("implicit")) { throw new InvalidGrantException("Implicit grant type not supported from token endpoint"); } - if (isAuthCodeRequest(parameters)) { + if (isAuthCodeRequest(parameters) && !tokenRequest.getScope().isEmpty()) { // The scope was requested or determined during the authorization step - if (!tokenRequest.getScope().isEmpty()) { - logger.debug("Clearing scope of incoming token request"); - tokenRequest.setScope(Collections. emptySet()); - } - } - - if (isRefreshTokenRequest(parameters)) { + logger.debug("Clearing scope of incoming token request"); + tokenRequest.setScope(Collections.emptySet()); + } else if (isRefreshTokenRequest(parameters)) { if (StringUtils.isEmpty(parameters.get("refresh_token"))) { throw new InvalidRequestException("refresh_token parameter not provided"); } @@ -142,7 +140,6 @@ public ResponseEntity postAccessToken(Principal principal, @R } return getResponse(token); - } /** @@ -207,7 +204,7 @@ private boolean isRefreshTokenRequest(Map parameters) { } private boolean isAuthCodeRequest(Map parameters) { - return "authorization_code".equals(parameters.get("grant_type")) && parameters.get("code") != null; + return "authorization_code".equals(parameters.get(OAuth2Utils.GRANT_TYPE)) && parameters.get("code") != null; } public void setOAuth2RequestValidator(OAuth2RequestValidator oAuth2RequestValidator) { diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java index 14b03690a..1e6493c88 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java @@ -207,7 +207,7 @@ protected void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServ * @return an authentication for validation (or null if there is no further authentication) */ protected Authentication extractCredentials(HttpServletRequest request) { - String grantType = request.getParameter("grant_type"); + String grantType = request.getParameter(OAuth2Utils.GRANT_TYPE); if (grantType != null && grantType.equals("password")) { UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken( request.getParameter("username"), request.getParameter("password")); @@ -218,7 +218,7 @@ protected Authentication extractCredentials(HttpServletRequest request) { } private Set getScope(HttpServletRequest request) { - return OAuth2Utils.parseParameterList(request.getParameter("scope")); + return OAuth2Utils.parseParameterList(request.getParameter(OAuth2Utils.SCOPE)); } public void init(FilterConfig filterConfig) throws ServletException { From 57a02917c5d3bb3df5751ea203bd0150a5db05a8 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Tue, 14 Apr 2020 21:04:33 -0400 Subject: [PATCH 39/94] Improve handling of invalid tokens Fixes gh-1522 --- .../provider/token/DefaultTokenServices.java | 14 ++++++++++++-- .../provider/token/DefaultTokenServicesTests.java | 15 ++++++++++++++- 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java index bbe7e3acc..64a4e4d6a 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java @@ -230,12 +230,22 @@ protected boolean isExpired(OAuth2RefreshToken refreshToken) { } public OAuth2AccessToken readAccessToken(String accessToken) { - return tokenStore.readAccessToken(accessToken); + try { + return tokenStore.readAccessToken(accessToken); + } catch (Exception ex) { + throw new InvalidTokenException("Invalid access token", ex); + } } public OAuth2Authentication loadAuthentication(String accessTokenValue) throws AuthenticationException, InvalidTokenException { - OAuth2AccessToken accessToken = tokenStore.readAccessToken(accessTokenValue); + OAuth2AccessToken accessToken; + try { + accessToken = tokenStore.readAccessToken(accessTokenValue); + } catch (Exception ex) { + throw new InvalidTokenException("Invalid access token", ex); + } + if (accessToken == null) { throw new InvalidTokenException("Invalid access token: " + accessTokenValue); } diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultTokenServicesTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultTokenServicesTests.java index 7eda9601b..9d19e0827 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultTokenServicesTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultTokenServicesTests.java @@ -30,4 +30,17 @@ public void testAccidentalNullAuthentication() { services.loadAuthentication("FOO"); } -} + // gh-1522 + @Test(expected = InvalidTokenException.class) + public void testLoadAuthenticationWithInvalidToken() { + Mockito.when(tokenStore.readAccessToken(Mockito.anyString())).thenThrow(new RuntimeException()); + services.loadAuthentication("invalid-token"); + } + + // gh-1522 + @Test(expected = InvalidTokenException.class) + public void testReadAccessTokenWithInvalidToken() { + Mockito.when(tokenStore.readAccessToken(Mockito.anyString())).thenThrow(new RuntimeException()); + services.readAccessToken("invalid-token"); + } +} \ No newline at end of file From 711761b10a09162306352ab350a7ecabaf3263f4 Mon Sep 17 00:00:00 2001 From: Kathryn Newbould Date: Tue, 26 Nov 2019 11:34:05 +0100 Subject: [PATCH 40/94] Updated javadoc links to point to correct methods Fixes gh-1813 --- .../provider/expression/OAuth2SecurityExpressionMethods.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2SecurityExpressionMethods.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2SecurityExpressionMethods.java index 83d2bc34a..4ec9e28ff 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2SecurityExpressionMethods.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2SecurityExpressionMethods.java @@ -80,7 +80,7 @@ public boolean throwOnError(boolean decision) { /** * Check if the OAuth2 client (not the user) has the role specified. To check the user's roles see - * {@link #clientHasRole(String)}. + * {@link #clientHasAnyRole(String...)}. * * @param role the role to check * @return true if the OAuth2 client has this role @@ -91,7 +91,7 @@ public boolean clientHasRole(String role) { /** * Check if the OAuth2 client (not the user) has one of the roles specified. To check the user's roles see - * {@link #clientHasAnyRole(String...)}. + * {@link OAuth2ExpressionUtils#clientHasAnyRole(Authentication, String...)}. * * @param roles the roles to check * @return true if the OAuth2 client has one of these roles From 849ae238ff84b5e3cbf5319deda8ac4c1b0e39f4 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Tue, 14 Apr 2020 21:45:54 -0400 Subject: [PATCH 41/94] Next development version --- pom.xml | 2 +- samples/oauth/sparklr/pom.xml | 2 +- samples/oauth/tonr/pom.xml | 2 +- samples/oauth2/sparklr/pom.xml | 2 +- samples/oauth2/tonr/pom.xml | 2 +- samples/pom.xml | 2 +- spring-security-oauth/pom.xml | 2 +- spring-security-oauth2/pom.xml | 2 +- tests/annotation/approval/pom.xml | 2 +- tests/annotation/client/pom.xml | 2 +- tests/annotation/common/pom.xml | 2 +- tests/annotation/custom-authentication/pom.xml | 2 +- tests/annotation/custom-grant/pom.xml | 2 +- tests/annotation/form/pom.xml | 2 +- tests/annotation/jaxb/pom.xml | 2 +- tests/annotation/jdbc/pom.xml | 2 +- tests/annotation/jpa/pom.xml | 2 +- tests/annotation/jwt/pom.xml | 2 +- tests/annotation/mappings/pom.xml | 2 +- tests/annotation/multi/pom.xml | 2 +- tests/annotation/pom.xml | 4 ++-- tests/annotation/resource/pom.xml | 2 +- tests/annotation/ssl/pom.xml | 2 +- tests/annotation/vanilla/pom.xml | 2 +- tests/pom.xml | 2 +- tests/xml/approval/pom.xml | 2 +- tests/xml/client/pom.xml | 2 +- tests/xml/common/pom.xml | 2 +- tests/xml/form/pom.xml | 2 +- tests/xml/jdbc/pom.xml | 2 +- tests/xml/jwt/pom.xml | 2 +- tests/xml/mappings/pom.xml | 2 +- tests/xml/pom.xml | 4 ++-- tests/xml/vanilla/pom.xml | 2 +- 34 files changed, 36 insertions(+), 36 deletions(-) diff --git a/pom.xml b/pom.xml index 12cc6bcf4..ec07240dc 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ OAuth for Spring Security Parent Project for OAuth Support for Spring Security pom - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT https://docs.spring.io/spring-security/oauth diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml index bb917be02..4bb0cb416 100644 --- a/samples/oauth/sparklr/pom.xml +++ b/samples/oauth/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml index 33c4686b3..11ac87f08 100644 --- a/samples/oauth/tonr/pom.xml +++ b/samples/oauth/tonr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml index 7d34b19d3..958650118 100644 --- a/samples/oauth2/sparklr/pom.xml +++ b/samples/oauth2/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml index 8a0c3a62b..01a01675e 100644 --- a/samples/oauth2/tonr/pom.xml +++ b/samples/oauth2/tonr/pom.xml @@ -6,7 +6,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT ../../.. diff --git a/samples/pom.xml b/samples/pom.xml index 92ba10982..0d35cb3e9 100755 --- a/samples/pom.xml +++ b/samples/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT spring-security-oauth-samples diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml index e3c83d4d3..fb5166af2 100644 --- a/spring-security-oauth/pom.xml +++ b/spring-security-oauth/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT spring-security-oauth diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml index 9a06c257f..7fc355f1c 100644 --- a/spring-security-oauth2/pom.xml +++ b/spring-security-oauth2/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT spring-security-oauth2 diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml index f4fb7a4aa..959104081 100644 --- a/tests/annotation/approval/pom.xml +++ b/tests/annotation/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml index 6386d37bb..647897855 100644 --- a/tests/annotation/client/pom.xml +++ b/tests/annotation/client/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml index 9e2b8d78f..2f072d4d6 100644 --- a/tests/annotation/common/pom.xml +++ b/tests/annotation/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml index 13926247c..e2f17e185 100644 --- a/tests/annotation/custom-authentication/pom.xml +++ b/tests/annotation/custom-authentication/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml index 43c41e6cb..75f23c032 100644 --- a/tests/annotation/custom-grant/pom.xml +++ b/tests/annotation/custom-grant/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml index 8580ae14d..4df030bb2 100644 --- a/tests/annotation/form/pom.xml +++ b/tests/annotation/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml index 91e6a6402..824dbad34 100644 --- a/tests/annotation/jaxb/pom.xml +++ b/tests/annotation/jaxb/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml index d55e18680..17c515ffc 100644 --- a/tests/annotation/jdbc/pom.xml +++ b/tests/annotation/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml index f7ed4c024..2dff5f2f3 100644 --- a/tests/annotation/jpa/pom.xml +++ b/tests/annotation/jpa/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml index 1de68a99f..9ed1af356 100644 --- a/tests/annotation/jwt/pom.xml +++ b/tests/annotation/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml index 7f62f63d8..604d07860 100644 --- a/tests/annotation/mappings/pom.xml +++ b/tests/annotation/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml index 52689cb94..1bf04aedf 100644 --- a/tests/annotation/multi/pom.xml +++ b/tests/annotation/multi/pom.xml @@ -9,7 +9,7 @@ org.demo spring-oauth2-tests-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml index 575838226..638c1c0e0 100644 --- a/tests/annotation/pom.xml +++ b/tests/annotation/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT pom @@ -45,7 +45,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT org.springframework.security diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml index 7cacf9c75..1336522b1 100644 --- a/tests/annotation/resource/pom.xml +++ b/tests/annotation/resource/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml index 668eadc5b..e59f7c168 100644 --- a/tests/annotation/ssl/pom.xml +++ b/tests/annotation/ssl/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml index e626d443e..cdb9cf9c6 100644 --- a/tests/annotation/vanilla/pom.xml +++ b/tests/annotation/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/pom.xml b/tests/pom.xml index 0e61218e2..a8cf8b765 100644 --- a/tests/pom.xml +++ b/tests/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT spring-security-oauth-tests diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml index 6b1f9049e..805980de8 100644 --- a/tests/xml/approval/pom.xml +++ b/tests/xml/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml index 7c2b07255..7f0f425b7 100644 --- a/tests/xml/client/pom.xml +++ b/tests/xml/client/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml index 8745be2be..fcdc16cc8 100644 --- a/tests/xml/common/pom.xml +++ b/tests/xml/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml index 22cd300b4..61c08039c 100644 --- a/tests/xml/form/pom.xml +++ b/tests/xml/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml index 098fdcb8b..e89b85fbe 100644 --- a/tests/xml/jdbc/pom.xml +++ b/tests/xml/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml index 63e5b58a9..8afca8fe9 100644 --- a/tests/xml/jwt/pom.xml +++ b/tests/xml/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml index 0848a75ef..37b14ccce 100644 --- a/tests/xml/mappings/pom.xml +++ b/tests/xml/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml index 1fd8fea0c..e8ab92d50 100644 --- a/tests/xml/pom.xml +++ b/tests/xml/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT pom @@ -39,7 +39,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT org.springframework.security diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml index 02a4b6188..425eebe04 100644 --- a/tests/xml/vanilla/pom.xml +++ b/tests/xml/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.4.1.BUILD-SNAPSHOT + 2.5.0.BUILD-SNAPSHOT From 38bd24a804c0156e69edc8d3a2ff9d172eb6b60f Mon Sep 17 00:00:00 2001 From: Gavin Golden Date: Fri, 31 May 2019 12:00:38 -0600 Subject: [PATCH 42/94] Add support for custom username claim Fixes gh-1696 --- .../DefaultUserAuthenticationConverter.java | 19 ++++++-- ...faultUserAuthenticationConverterTests.java | 47 +++++++++++++++++++ 2 files changed, 62 insertions(+), 4 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultUserAuthenticationConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultUserAuthenticationConverter.java index 7302a55c9..72ac94cbc 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultUserAuthenticationConverter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultUserAuthenticationConverter.java @@ -42,6 +42,8 @@ public class DefaultUserAuthenticationConverter implements UserAuthenticationCon private UserDetailsService userDetailsService; + private String userClaimName = USERNAME; + /** * Optional {@link UserDetailsService} to use when extracting an {@link Authentication} from the incoming map. * @@ -51,6 +53,15 @@ public void setUserDetailsService(UserDetailsService userDetailsService) { this.userDetailsService = userDetailsService; } + /** + * Set the name of the user claim to use when extracting an {@link Authentication} from the incoming map + * or when converting an {@link Authentication} to a map. + * @param claimName the claim name to use (default {@link UserAuthenticationConverter#USERNAME}) + */ + public void setUserClaimName(String claimName) { + this.userClaimName = claimName; + } + /** * Default value for authorities if an Authentication is being created and the input has no data for authorities. * Note that unless this property is set, the default Authentication created by {@link #extractAuthentication(Map)} @@ -65,7 +76,7 @@ public void setDefaultAuthorities(String[] defaultAuthorities) { public Map convertUserAuthentication(Authentication authentication) { Map response = new LinkedHashMap(); - response.put(USERNAME, authentication.getName()); + response.put(userClaimName, authentication.getName()); if (authentication.getAuthorities() != null && !authentication.getAuthorities().isEmpty()) { response.put(AUTHORITIES, AuthorityUtils.authorityListToSet(authentication.getAuthorities())); } @@ -73,11 +84,11 @@ public void setDefaultAuthorities(String[] defaultAuthorities) { } public Authentication extractAuthentication(Map map) { - if (map.containsKey(USERNAME)) { - Object principal = map.get(USERNAME); + if (map.containsKey(userClaimName)) { + Object principal = map.get(userClaimName); Collection authorities = getAuthorities(map); if (userDetailsService != null) { - UserDetails user = userDetailsService.loadUserByUsername((String) map.get(USERNAME)); + UserDetails user = userDetailsService.loadUserByUsername((String) map.get(userClaimName)); authorities = user.getAuthorities(); principal = user; } diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultUserAuthenticationConverterTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultUserAuthenticationConverterTests.java index 647324ddc..237d7e563 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultUserAuthenticationConverterTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultUserAuthenticationConverterTests.java @@ -8,6 +8,7 @@ import org.junit.Test; import org.mockito.Mockito; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.userdetails.User; @@ -59,4 +60,50 @@ public void shouldExtractAuthenticationWhenUserDetailsProvided() throws Exceptio assertEquals("ROLE_SPAM", authentication.getAuthorities().iterator().next().toString()); } + + @Test + public void shouldExtractWithDefaultUsernameClaimWhenNotSet() throws Exception { + Map map = new HashMap(); + map.put(UserAuthenticationConverter.USERNAME, "test_user"); + + Authentication authentication = converter.extractAuthentication(map); + + assertEquals("test_user", authentication.getPrincipal()); + } + + @Test + public void shouldConvertUserWithDefaultUsernameClaimWhenNotSet() throws Exception { + Authentication authentication = new UsernamePasswordAuthenticationToken("test_user", ""); + + Map map = converter.convertUserAuthentication(authentication); + + assertEquals("test_user", map.get(UserAuthenticationConverter.USERNAME)); + } + + @Test + public void shouldExtractWithCustomUsernameClaimWhenSet() throws Exception { + String customUserClaim = "custom_user_name"; + DefaultUserAuthenticationConverter converter = new DefaultUserAuthenticationConverter(); + converter.setUserClaimName(customUserClaim); + + Map map = new HashMap(); + map.put(customUserClaim, "test_user"); + + Authentication authentication = converter.extractAuthentication(map); + + assertEquals("test_user", authentication.getPrincipal()); + } + + @Test + public void shouldConvertUserWithCustomUsernameClaimWhenSet() throws Exception { + String customUserClaim = "custom_user_name"; + DefaultUserAuthenticationConverter converter = new DefaultUserAuthenticationConverter(); + converter.setUserClaimName(customUserClaim); + + Authentication authentication = new UsernamePasswordAuthenticationToken("test_user", ""); + + Map map = converter.convertUserAuthentication(authentication); + + assertEquals("test_user", map.get(customUserClaim)); + } } From 08d1f23426d145dd0c935e13424dca80d2eddf31 Mon Sep 17 00:00:00 2001 From: Stefan Rempfer Date: Wed, 21 Dec 2016 20:39:56 +0100 Subject: [PATCH 43/94] Add redis based authorization code services Fixes gh-935 --- .../code/RedisAuthorizationCodeServices.java | 143 ++++++++++++++++++ .../RedisAuthorizationCodeServicesTests.java | 106 +++++++++++++ 2 files changed, 249 insertions(+) create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/RedisAuthorizationCodeServices.java create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/code/RedisAuthorizationCodeServicesTests.java diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/RedisAuthorizationCodeServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/RedisAuthorizationCodeServices.java new file mode 100644 index 000000000..083bc72ca --- /dev/null +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/RedisAuthorizationCodeServices.java @@ -0,0 +1,143 @@ +/* + * Copyright 2002-2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.provider.code; + +import java.lang.reflect.Method; +import java.util.List; + +import org.springframework.data.redis.connection.RedisConnection; +import org.springframework.data.redis.connection.RedisConnectionFactory; +import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.token.store.redis.JdkSerializationStrategy; +import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStoreSerializationStrategy; +import org.springframework.util.ClassUtils; +import org.springframework.util.ReflectionUtils; + +/** + * Implementation of authorization code services that stores the codes and authentication in Redis. + * + *

+ * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. + * + * @author Stefan Rempfer + */ +@Deprecated +public class RedisAuthorizationCodeServices extends RandomValueAuthorizationCodeServices { + + private static final boolean springDataRedis_2_0 = ClassUtils.isPresent( + "org.springframework.data.redis.connection.RedisStandaloneConfiguration", + RedisAuthorizationCodeServices.class.getClassLoader()); + + private static final String AUTH_CODE = "auth_code:"; + + private final RedisConnectionFactory connectionFactory; + + private String prefix = ""; + + private RedisTokenStoreSerializationStrategy serializationStrategy = new JdkSerializationStrategy(); + + private Method redisConnectionSet_2_0; + + /** + * Default constructor. + * + * @param connectionFactory the connection factory which should be used to obtain a connection to Redis + */ + public RedisAuthorizationCodeServices(RedisConnectionFactory connectionFactory) { + this.connectionFactory = connectionFactory; + if (springDataRedis_2_0) { + this.loadRedisConnectionMethods_2_0(); + } + } + + @Override + protected void store(String code, OAuth2Authentication authentication) { + byte[] key = serializeKey(AUTH_CODE + code); + byte[] auth = serialize(authentication); + + RedisConnection conn = getConnection(); + try { + if (springDataRedis_2_0) { + try { + this.redisConnectionSet_2_0.invoke(conn, key, auth); + } catch (Exception ex) { + throw new RuntimeException(ex); + } + } else { + conn.set(key, auth); + } + } + finally { + conn.close(); + } + } + + @Override + protected OAuth2Authentication remove(String code) { + byte[] key = serializeKey(AUTH_CODE + code); + + List results = null; + RedisConnection conn = getConnection(); + try { + conn.openPipeline(); + conn.get(key); + conn.del(key); + results = conn.closePipeline(); + } + finally { + conn.close(); + } + + if (results == null) { + return null; + } + byte[] bytes = (byte[]) results.get(0); + return deserializeAuthentication(bytes); + } + + private void loadRedisConnectionMethods_2_0() { + this.redisConnectionSet_2_0 = ReflectionUtils.findMethod( + RedisConnection.class, "set", byte[].class, byte[].class); + } + + private byte[] serializeKey(String object) { + return serialize(prefix + object); + } + + private byte[] serialize(Object object) { + return serializationStrategy.serialize(object); + } + + private byte[] serialize(String string) { + return serializationStrategy.serialize(string); + } + + private RedisConnection getConnection() { + return connectionFactory.getConnection(); + } + + private OAuth2Authentication deserializeAuthentication(byte[] bytes) { + return serializationStrategy.deserialize(bytes, OAuth2Authentication.class); + } + + public void setSerializationStrategy(RedisTokenStoreSerializationStrategy serializationStrategy) { + this.serializationStrategy = serializationStrategy; + } + + public void setPrefix(String prefix) { + this.prefix = prefix; + } +} diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/code/RedisAuthorizationCodeServicesTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/code/RedisAuthorizationCodeServicesTests.java new file mode 100644 index 000000000..bbad28ce5 --- /dev/null +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/code/RedisAuthorizationCodeServicesTests.java @@ -0,0 +1,106 @@ +/* + * Copyright 2002-2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.provider.code; + +import static org.hamcrest.CoreMatchers.allOf; +import static org.hamcrest.CoreMatchers.containsString; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNotSame; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.fail; + +import org.junit.Before; +import org.junit.Test; +import org.springframework.data.redis.connection.jedis.JedisConnectionFactory; +import org.springframework.security.authentication.TestingAuthenticationToken; +import org.springframework.security.oauth2.common.exceptions.InvalidGrantException; +import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.RequestTokenFactory; + +import org.springframework.util.ClassUtils; +import redis.clients.jedis.JedisShardInfo; + +/** + * @author Stefan Rempfer + */ +public class RedisAuthorizationCodeServicesTests { + + private RedisAuthorizationCodeServices authorizationCodeServices; + + private OAuth2Authentication authentication; + + /** + * Initialize test data and Class-Under-Test. + */ + @Before + public void setup() { + boolean springDataRedis_2_0 = ClassUtils.isPresent( + "org.springframework.data.redis.connection.RedisStandaloneConfiguration", + this.getClass().getClassLoader()); + + JedisConnectionFactory connectionFactory; + if (springDataRedis_2_0) { + connectionFactory = new JedisConnectionFactory(); + } else { + JedisShardInfo shardInfo = new JedisShardInfo("localhost"); + connectionFactory = new JedisConnectionFactory(shardInfo); + } + + authorizationCodeServices = new RedisAuthorizationCodeServices(connectionFactory); + + authentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("myClientId", false), + new TestingAuthenticationToken("myUser4Test", false)); + } + + /** + * Verifies that a authorization code could be generated and stored. + */ + @Test + public void verifyCreateAuthorizationCode() { + String authorizationCode1 = authorizationCodeServices.createAuthorizationCode(authentication); + assertNotNull("Authorization code must not be null!", authorizationCode1); + + String authorizationCode2 = authorizationCodeServices.createAuthorizationCode(authentication); + assertNotNull("Authorization code must not be null!", authorizationCode2); + + assertNotEquals("Authorization code must be different!", authorizationCode1, authorizationCode2); + } + + /** + * Verifies that a authorization code could be retrieved and removed. + */ + @Test + public void verifyCreateAndConsumeAuthorizationCode() { + + String authorizationCode = authorizationCodeServices.createAuthorizationCode(authentication); + assertNotNull("Authorization code must not be null!", authorizationCode); + + OAuth2Authentication authentication = authorizationCodeServices.consumeAuthorizationCode(authorizationCode); + assertNotSame("Authentication object must not be the same!", this.authentication, authentication); + assertEquals("Authentication object must equals to original one!", this.authentication, authentication); + + try { + authorizationCodeServices.consumeAuthorizationCode(authorizationCode); + fail("There must be an exception that the authorization code is invalid!"); + } + catch (InvalidGrantException e) { + assertThat("Wrong error message!", e.getMessage(), + allOf(containsString("Invalid"), containsString(authorizationCode))); + } + } +} From b2485b12c4fbcb87e255b3fbfd87b46750775e8f Mon Sep 17 00:00:00 2001 From: KZ06891 Date: Mon, 10 Sep 2018 15:30:52 -0500 Subject: [PATCH 44/94] Support clock skew for access token expiry check Fixes gh-1287 --- .../oauth2/client/OAuth2RestTemplate.java | 24 ++++++++++- .../client/OAuth2RestTemplateTests.java | 40 +++++++++++++++++++ 2 files changed, 63 insertions(+), 1 deletion(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestTemplate.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestTemplate.java index e6f3380bf..628b83fa6 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestTemplate.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestTemplate.java @@ -54,6 +54,8 @@ public class OAuth2RestTemplate extends RestTemplate implements OAuth2RestOperat private OAuth2RequestAuthenticator authenticator = new DefaultOAuth2RequestAuthenticator(); + private int tokenExpirationDelta = 5; + public OAuth2RestTemplate(OAuth2ProtectedResourceDetails resource) { this(resource, new DefaultOAuth2ClientContext()); } @@ -161,6 +163,11 @@ private String getClientId() { return resource.getClientId(); } + private boolean isApproachingExpiration(OAuth2AccessToken accessToken) { + int expiresIn = accessToken.getExpiresIn(); + return accessToken.isExpired() || (expiresIn != 0 && expiresIn <= this.tokenExpirationDelta); + } + /** * Acquire or renew an access token for the current context if necessary. This method will be called automatically * when a request is executed (and the result is cached), but can also be called as a standalone method to @@ -172,7 +179,7 @@ public OAuth2AccessToken getAccessToken() throws UserRedirectRequiredException { OAuth2AccessToken accessToken = context.getAccessToken(); - if (accessToken == null || accessToken.isExpired()) { + if (accessToken == null || isApproachingExpiration(accessToken)) { try { accessToken = acquireAccessToken(context); } @@ -275,4 +282,19 @@ public void setAccessTokenProvider(AccessTokenProvider accessTokenProvider) { this.accessTokenProvider = accessTokenProvider; } + /** + * Value to qualify request with an existing access token to preemptively try for new access token. + * Useful for preventing token expiration while request in-flight. + * + * @param tokenExpirationDelta seconds (default 5) + */ + public void setTokenExpirationDelta(int tokenExpirationDelta) + throws IllegalArgumentException { + if(tokenExpirationDelta < 0) { + throw new IllegalArgumentException( + "Token expiration delta seconds must be greater than zero."); + } + this.tokenExpirationDelta = tokenExpirationDelta; + } + } diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/OAuth2RestTemplateTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/OAuth2RestTemplateTests.java index 4d0d57792..2ac02d4f6 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/OAuth2RestTemplateTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/OAuth2RestTemplateTests.java @@ -200,6 +200,46 @@ public void testNewTokenAcquiredIfExpired() throws Exception { assertTrue(!token.equals(newToken)); } + @Test + public void testNewTokenAcquiredIfAlmostExpired() throws Exception { + DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("TEST"); + token.setExpiration(new Date(System.currentTimeMillis() + 4800)); + restTemplate.getOAuth2ClientContext().setAccessToken(token); + restTemplate.setAccessTokenProvider(new StubAccessTokenProvider()); + OAuth2AccessToken newToken = restTemplate.getAccessToken(); + assertNotNull(newToken); + assertTrue(!token.equals(newToken)); + } + + @Test + public void testNewTokenAcquiredIfLessThanOrEqualToConfiguredExpirationDelta() throws Exception { + DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("TEST"); + token.setExpiration(new Date(System.currentTimeMillis() + 6500)); + restTemplate.setTokenExpirationDelta(6); + restTemplate.getOAuth2ClientContext().setAccessToken(token); + restTemplate.setAccessTokenProvider(new StubAccessTokenProvider()); + OAuth2AccessToken newToken = restTemplate.getAccessToken(); + assertNotNull(newToken); + assertTrue(!token.equals(newToken)); + } + + @Test + public void testNoNewTokenAcquiredIfGreaterThanConfiguredExpirationDelta() throws Exception { + DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("TEST"); + token.setExpiration(new Date(System.currentTimeMillis() + 4100)); + restTemplate.setTokenExpirationDelta(1); + restTemplate.getOAuth2ClientContext().setAccessToken(token); + restTemplate.setAccessTokenProvider(new StubAccessTokenProvider()); + OAuth2AccessToken newToken = restTemplate.getAccessToken(); + assertNotNull(newToken); + assertTrue(token.equals(newToken)); + } + + @Test(expected = IllegalArgumentException.class) + public void testIllegalArgumentExceptionForNegativeExpirationDelta() throws Exception { + restTemplate.setTokenExpirationDelta(-1); + } + @Test public void testTokenIsResetIfInvalid() throws Exception { DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("TEST"); From f4bbfc5ba73a3d6dde61c6d685057d95604e1fbc Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Wed, 15 Apr 2020 21:15:48 -0400 Subject: [PATCH 45/94] Polish gh-1478 --- .../oauth2/client/OAuth2RestTemplate.java | 40 ++++++++++--------- .../client/OAuth2RestTemplateTests.java | 24 ++++++----- 2 files changed, 35 insertions(+), 29 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestTemplate.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestTemplate.java index 628b83fa6..757d7f383 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestTemplate.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestTemplate.java @@ -6,6 +6,7 @@ import java.net.URISyntaxException; import java.net.URLEncoder; import java.util.Arrays; +import java.util.Calendar; import org.springframework.http.HttpMethod; import org.springframework.http.client.ClientHttpRequest; @@ -24,6 +25,7 @@ import org.springframework.security.oauth2.common.AuthenticationScheme; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; +import org.springframework.util.Assert; import org.springframework.web.client.RequestCallback; import org.springframework.web.client.ResponseErrorHandler; import org.springframework.web.client.ResponseExtractor; @@ -54,7 +56,7 @@ public class OAuth2RestTemplate extends RestTemplate implements OAuth2RestOperat private OAuth2RequestAuthenticator authenticator = new DefaultOAuth2RequestAuthenticator(); - private int tokenExpirationDelta = 5; + private int clockSkew = 30; public OAuth2RestTemplate(OAuth2ProtectedResourceDetails resource) { this(resource, new DefaultOAuth2ClientContext()); @@ -163,11 +165,6 @@ private String getClientId() { return resource.getClientId(); } - private boolean isApproachingExpiration(OAuth2AccessToken accessToken) { - int expiresIn = accessToken.getExpiresIn(); - return accessToken.isExpired() || (expiresIn != 0 && expiresIn <= this.tokenExpirationDelta); - } - /** * Acquire or renew an access token for the current context if necessary. This method will be called automatically * when a request is executed (and the result is cached), but can also be called as a standalone method to @@ -179,7 +176,7 @@ public OAuth2AccessToken getAccessToken() throws UserRedirectRequiredException { OAuth2AccessToken accessToken = context.getAccessToken(); - if (accessToken == null || isApproachingExpiration(accessToken)) { + if (accessToken == null || hasTokenExpired(accessToken)) { try { accessToken = acquireAccessToken(context); } @@ -200,6 +197,16 @@ public OAuth2AccessToken getAccessToken() throws UserRedirectRequiredException { return accessToken; } + private boolean hasTokenExpired(OAuth2AccessToken accessToken) { + Calendar now = Calendar.getInstance(); + Calendar expiresAt = (Calendar) now.clone(); + if (accessToken.getExpiration() != null) { + expiresAt.setTime(accessToken.getExpiration()); + expiresAt.add(Calendar.SECOND, -this.clockSkew); + } + return now.after(expiresAt); + } + /** * @return the context for this template */ @@ -283,18 +290,13 @@ public void setAccessTokenProvider(AccessTokenProvider accessTokenProvider) { } /** - * Value to qualify request with an existing access token to preemptively try for new access token. - * Useful for preventing token expiration while request in-flight. + * Sets the maximum acceptable clock skew, which is used when checking the + * {@link OAuth2AccessToken access token} expiry. The default is 30 seconds. * - * @param tokenExpirationDelta seconds (default 5) + * @param clockSkew the maximum acceptable clock skew */ - public void setTokenExpirationDelta(int tokenExpirationDelta) - throws IllegalArgumentException { - if(tokenExpirationDelta < 0) { - throw new IllegalArgumentException( - "Token expiration delta seconds must be greater than zero."); - } - this.tokenExpirationDelta = tokenExpirationDelta; + public void setClockSkew(int clockSkew) { + Assert.isTrue(clockSkew >= 0, "clockSkew must be >= 0"); + this.clockSkew = clockSkew; } - -} +} \ No newline at end of file diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/OAuth2RestTemplateTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/OAuth2RestTemplateTests.java index 2ac02d4f6..895ffdc3a 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/OAuth2RestTemplateTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/OAuth2RestTemplateTests.java @@ -200,10 +200,11 @@ public void testNewTokenAcquiredIfExpired() throws Exception { assertTrue(!token.equals(newToken)); } + // gh-1478 @Test - public void testNewTokenAcquiredIfAlmostExpired() throws Exception { + public void testNewTokenAcquiredWithDefaultClockSkew() { DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("TEST"); - token.setExpiration(new Date(System.currentTimeMillis() + 4800)); + token.setExpiration(new Date(System.currentTimeMillis() + 29000)); // Default clock skew is 30 secs restTemplate.getOAuth2ClientContext().setAccessToken(token); restTemplate.setAccessTokenProvider(new StubAccessTokenProvider()); OAuth2AccessToken newToken = restTemplate.getAccessToken(); @@ -211,11 +212,12 @@ public void testNewTokenAcquiredIfAlmostExpired() throws Exception { assertTrue(!token.equals(newToken)); } + // gh-1478 @Test - public void testNewTokenAcquiredIfLessThanOrEqualToConfiguredExpirationDelta() throws Exception { + public void testNewTokenAcquiredIfLessThanConfiguredClockSkew() { DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("TEST"); - token.setExpiration(new Date(System.currentTimeMillis() + 6500)); - restTemplate.setTokenExpirationDelta(6); + token.setExpiration(new Date(System.currentTimeMillis() + 5000)); + restTemplate.setClockSkew(6); restTemplate.getOAuth2ClientContext().setAccessToken(token); restTemplate.setAccessTokenProvider(new StubAccessTokenProvider()); OAuth2AccessToken newToken = restTemplate.getAccessToken(); @@ -223,11 +225,12 @@ public void testNewTokenAcquiredIfLessThanOrEqualToConfiguredExpirationDelta() t assertTrue(!token.equals(newToken)); } + // gh-1478 @Test - public void testNoNewTokenAcquiredIfGreaterThanConfiguredExpirationDelta() throws Exception { + public void testNewTokenNotAcquiredIfGreaterThanConfiguredClockSkew() { DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("TEST"); - token.setExpiration(new Date(System.currentTimeMillis() + 4100)); - restTemplate.setTokenExpirationDelta(1); + token.setExpiration(new Date(System.currentTimeMillis() + 5000)); + restTemplate.setClockSkew(4); restTemplate.getOAuth2ClientContext().setAccessToken(token); restTemplate.setAccessTokenProvider(new StubAccessTokenProvider()); OAuth2AccessToken newToken = restTemplate.getAccessToken(); @@ -235,9 +238,10 @@ public void testNoNewTokenAcquiredIfGreaterThanConfiguredExpirationDelta() throw assertTrue(token.equals(newToken)); } + // gh-1478 @Test(expected = IllegalArgumentException.class) - public void testIllegalArgumentExceptionForNegativeExpirationDelta() throws Exception { - restTemplate.setTokenExpirationDelta(-1); + public void testNegativeClockSkew() { + restTemplate.setClockSkew(-1); } @Test From 7866a350fdb305e0c2ff3caa53baaadf04626968 Mon Sep 17 00:00:00 2001 From: michaeltecourt Date: Mon, 19 Oct 2015 11:16:32 +0200 Subject: [PATCH 46/94] Change visibility of DefaultUserAuthenticationConverter#getAuthorities(Map) Fixes gh-604 --- .../provider/token/DefaultUserAuthenticationConverter.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultUserAuthenticationConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultUserAuthenticationConverter.java index 72ac94cbc..331114567 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultUserAuthenticationConverter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultUserAuthenticationConverter.java @@ -97,7 +97,7 @@ public Authentication extractAuthentication(Map map) { return null; } - private Collection getAuthorities(Map map) { + protected Collection getAuthorities(Map map) { if (!map.containsKey(AUTHORITIES)) { return defaultAuthorities; } From b1ec290c39a61f8a440a588c19bcf242534b0b4d Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 16 Apr 2020 12:11:12 -0400 Subject: [PATCH 47/94] Release 2.5.0.M1 --- pom.xml | 2 +- samples/oauth/sparklr/pom.xml | 2 +- samples/oauth/tonr/pom.xml | 2 +- samples/oauth2/sparklr/pom.xml | 2 +- samples/oauth2/tonr/pom.xml | 2 +- samples/pom.xml | 2 +- spring-security-oauth/pom.xml | 2 +- spring-security-oauth2/pom.xml | 2 +- tests/annotation/approval/pom.xml | 2 +- tests/annotation/client/pom.xml | 2 +- tests/annotation/common/pom.xml | 2 +- tests/annotation/custom-authentication/pom.xml | 2 +- tests/annotation/custom-grant/pom.xml | 2 +- tests/annotation/form/pom.xml | 2 +- tests/annotation/jaxb/pom.xml | 2 +- tests/annotation/jdbc/pom.xml | 2 +- tests/annotation/jpa/pom.xml | 2 +- tests/annotation/jwt/pom.xml | 2 +- tests/annotation/mappings/pom.xml | 2 +- tests/annotation/multi/pom.xml | 2 +- tests/annotation/pom.xml | 4 ++-- tests/annotation/resource/pom.xml | 2 +- tests/annotation/ssl/pom.xml | 2 +- tests/annotation/vanilla/pom.xml | 2 +- tests/pom.xml | 2 +- tests/xml/approval/pom.xml | 2 +- tests/xml/client/pom.xml | 2 +- tests/xml/common/pom.xml | 2 +- tests/xml/form/pom.xml | 2 +- tests/xml/jdbc/pom.xml | 2 +- tests/xml/jwt/pom.xml | 2 +- tests/xml/mappings/pom.xml | 2 +- tests/xml/pom.xml | 4 ++-- tests/xml/vanilla/pom.xml | 2 +- 34 files changed, 36 insertions(+), 36 deletions(-) diff --git a/pom.xml b/pom.xml index ec07240dc..35c401052 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ OAuth for Spring Security Parent Project for OAuth Support for Spring Security pom - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 https://docs.spring.io/spring-security/oauth diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml index 4bb0cb416..77c2c693d 100644 --- a/samples/oauth/sparklr/pom.xml +++ b/samples/oauth/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 ../../.. diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml index 11ac87f08..7b08b9575 100644 --- a/samples/oauth/tonr/pom.xml +++ b/samples/oauth/tonr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 ../../.. diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml index 958650118..f42d429df 100644 --- a/samples/oauth2/sparklr/pom.xml +++ b/samples/oauth2/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 ../../.. diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml index 01a01675e..acbd1e785 100644 --- a/samples/oauth2/tonr/pom.xml +++ b/samples/oauth2/tonr/pom.xml @@ -6,7 +6,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 ../../.. diff --git a/samples/pom.xml b/samples/pom.xml index 0d35cb3e9..3db838cc5 100755 --- a/samples/pom.xml +++ b/samples/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 spring-security-oauth-samples diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml index fb5166af2..9fea67b00 100644 --- a/spring-security-oauth/pom.xml +++ b/spring-security-oauth/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 spring-security-oauth diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml index 7fc355f1c..70be8b6ec 100644 --- a/spring-security-oauth2/pom.xml +++ b/spring-security-oauth2/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 spring-security-oauth2 diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml index 959104081..3889dc3f6 100644 --- a/tests/annotation/approval/pom.xml +++ b/tests/annotation/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml index 647897855..82be1a0c7 100644 --- a/tests/annotation/client/pom.xml +++ b/tests/annotation/client/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml index 2f072d4d6..0d92a945e 100644 --- a/tests/annotation/common/pom.xml +++ b/tests/annotation/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml index e2f17e185..2cce2792f 100644 --- a/tests/annotation/custom-authentication/pom.xml +++ b/tests/annotation/custom-authentication/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml index 75f23c032..3d8feab13 100644 --- a/tests/annotation/custom-grant/pom.xml +++ b/tests/annotation/custom-grant/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml index 4df030bb2..821ed5593 100644 --- a/tests/annotation/form/pom.xml +++ b/tests/annotation/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml index 824dbad34..8bcda7aeb 100644 --- a/tests/annotation/jaxb/pom.xml +++ b/tests/annotation/jaxb/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml index 17c515ffc..174ee74fd 100644 --- a/tests/annotation/jdbc/pom.xml +++ b/tests/annotation/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml index 2dff5f2f3..a1bb2b9f5 100644 --- a/tests/annotation/jpa/pom.xml +++ b/tests/annotation/jpa/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml index 9ed1af356..3de0b82ea 100644 --- a/tests/annotation/jwt/pom.xml +++ b/tests/annotation/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml index 604d07860..ffc10e774 100644 --- a/tests/annotation/mappings/pom.xml +++ b/tests/annotation/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml index 1bf04aedf..850817562 100644 --- a/tests/annotation/multi/pom.xml +++ b/tests/annotation/multi/pom.xml @@ -9,7 +9,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml index 638c1c0e0..04c173040 100644 --- a/tests/annotation/pom.xml +++ b/tests/annotation/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 pom @@ -45,7 +45,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 org.springframework.security diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml index 1336522b1..5df1dd558 100644 --- a/tests/annotation/resource/pom.xml +++ b/tests/annotation/resource/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml index e59f7c168..cc5442678 100644 --- a/tests/annotation/ssl/pom.xml +++ b/tests/annotation/ssl/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml index cdb9cf9c6..47d601d1f 100644 --- a/tests/annotation/vanilla/pom.xml +++ b/tests/annotation/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/pom.xml b/tests/pom.xml index a8cf8b765..44e6e5d29 100644 --- a/tests/pom.xml +++ b/tests/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 spring-security-oauth-tests diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml index 805980de8..4b0235c6f 100644 --- a/tests/xml/approval/pom.xml +++ b/tests/xml/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml index 7f0f425b7..60cfbfce8 100644 --- a/tests/xml/client/pom.xml +++ b/tests/xml/client/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml index fcdc16cc8..e0e9dcdc3 100644 --- a/tests/xml/common/pom.xml +++ b/tests/xml/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml index 61c08039c..54264796c 100644 --- a/tests/xml/form/pom.xml +++ b/tests/xml/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml index e89b85fbe..c4d15f460 100644 --- a/tests/xml/jdbc/pom.xml +++ b/tests/xml/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml index 8afca8fe9..7729c12bc 100644 --- a/tests/xml/jwt/pom.xml +++ b/tests/xml/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml index 37b14ccce..4d298162a 100644 --- a/tests/xml/mappings/pom.xml +++ b/tests/xml/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml index e8ab92d50..1589974a1 100644 --- a/tests/xml/pom.xml +++ b/tests/xml/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 pom @@ -39,7 +39,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 org.springframework.security diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml index 425eebe04..23b566aa7 100644 --- a/tests/xml/vanilla/pom.xml +++ b/tests/xml/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.M1 From 689b8d7ee40f32462ed03fd981f6ee31bed70621 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 16 Apr 2020 12:30:10 -0400 Subject: [PATCH 48/94] Revert to snapshot This reverts commit b1ec290c39a61f8a440a588c19bcf242534b0b4d. --- pom.xml | 2 +- samples/oauth/sparklr/pom.xml | 2 +- samples/oauth/tonr/pom.xml | 2 +- samples/oauth2/sparklr/pom.xml | 2 +- samples/oauth2/tonr/pom.xml | 2 +- samples/pom.xml | 2 +- spring-security-oauth/pom.xml | 2 +- spring-security-oauth2/pom.xml | 2 +- tests/annotation/approval/pom.xml | 2 +- tests/annotation/client/pom.xml | 2 +- tests/annotation/common/pom.xml | 2 +- tests/annotation/custom-authentication/pom.xml | 2 +- tests/annotation/custom-grant/pom.xml | 2 +- tests/annotation/form/pom.xml | 2 +- tests/annotation/jaxb/pom.xml | 2 +- tests/annotation/jdbc/pom.xml | 2 +- tests/annotation/jpa/pom.xml | 2 +- tests/annotation/jwt/pom.xml | 2 +- tests/annotation/mappings/pom.xml | 2 +- tests/annotation/multi/pom.xml | 2 +- tests/annotation/pom.xml | 4 ++-- tests/annotation/resource/pom.xml | 2 +- tests/annotation/ssl/pom.xml | 2 +- tests/annotation/vanilla/pom.xml | 2 +- tests/pom.xml | 2 +- tests/xml/approval/pom.xml | 2 +- tests/xml/client/pom.xml | 2 +- tests/xml/common/pom.xml | 2 +- tests/xml/form/pom.xml | 2 +- tests/xml/jdbc/pom.xml | 2 +- tests/xml/jwt/pom.xml | 2 +- tests/xml/mappings/pom.xml | 2 +- tests/xml/pom.xml | 4 ++-- tests/xml/vanilla/pom.xml | 2 +- 34 files changed, 36 insertions(+), 36 deletions(-) diff --git a/pom.xml b/pom.xml index 35c401052..ec07240dc 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ OAuth for Spring Security Parent Project for OAuth Support for Spring Security pom - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT https://docs.spring.io/spring-security/oauth diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml index 77c2c693d..4bb0cb416 100644 --- a/samples/oauth/sparklr/pom.xml +++ b/samples/oauth/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml index 7b08b9575..11ac87f08 100644 --- a/samples/oauth/tonr/pom.xml +++ b/samples/oauth/tonr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml index f42d429df..958650118 100644 --- a/samples/oauth2/sparklr/pom.xml +++ b/samples/oauth2/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml index acbd1e785..01a01675e 100644 --- a/samples/oauth2/tonr/pom.xml +++ b/samples/oauth2/tonr/pom.xml @@ -6,7 +6,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT ../../.. diff --git a/samples/pom.xml b/samples/pom.xml index 3db838cc5..0d35cb3e9 100755 --- a/samples/pom.xml +++ b/samples/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT spring-security-oauth-samples diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml index 9fea67b00..fb5166af2 100644 --- a/spring-security-oauth/pom.xml +++ b/spring-security-oauth/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT spring-security-oauth diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml index 70be8b6ec..7fc355f1c 100644 --- a/spring-security-oauth2/pom.xml +++ b/spring-security-oauth2/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT spring-security-oauth2 diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml index 3889dc3f6..959104081 100644 --- a/tests/annotation/approval/pom.xml +++ b/tests/annotation/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml index 82be1a0c7..647897855 100644 --- a/tests/annotation/client/pom.xml +++ b/tests/annotation/client/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml index 0d92a945e..2f072d4d6 100644 --- a/tests/annotation/common/pom.xml +++ b/tests/annotation/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml index 2cce2792f..e2f17e185 100644 --- a/tests/annotation/custom-authentication/pom.xml +++ b/tests/annotation/custom-authentication/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml index 3d8feab13..75f23c032 100644 --- a/tests/annotation/custom-grant/pom.xml +++ b/tests/annotation/custom-grant/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml index 821ed5593..4df030bb2 100644 --- a/tests/annotation/form/pom.xml +++ b/tests/annotation/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml index 8bcda7aeb..824dbad34 100644 --- a/tests/annotation/jaxb/pom.xml +++ b/tests/annotation/jaxb/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml index 174ee74fd..17c515ffc 100644 --- a/tests/annotation/jdbc/pom.xml +++ b/tests/annotation/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml index a1bb2b9f5..2dff5f2f3 100644 --- a/tests/annotation/jpa/pom.xml +++ b/tests/annotation/jpa/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml index 3de0b82ea..9ed1af356 100644 --- a/tests/annotation/jwt/pom.xml +++ b/tests/annotation/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml index ffc10e774..604d07860 100644 --- a/tests/annotation/mappings/pom.xml +++ b/tests/annotation/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml index 850817562..1bf04aedf 100644 --- a/tests/annotation/multi/pom.xml +++ b/tests/annotation/multi/pom.xml @@ -9,7 +9,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml index 04c173040..638c1c0e0 100644 --- a/tests/annotation/pom.xml +++ b/tests/annotation/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT pom @@ -45,7 +45,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT org.springframework.security diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml index 5df1dd558..1336522b1 100644 --- a/tests/annotation/resource/pom.xml +++ b/tests/annotation/resource/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml index cc5442678..e59f7c168 100644 --- a/tests/annotation/ssl/pom.xml +++ b/tests/annotation/ssl/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml index 47d601d1f..cdb9cf9c6 100644 --- a/tests/annotation/vanilla/pom.xml +++ b/tests/annotation/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/pom.xml b/tests/pom.xml index 44e6e5d29..a8cf8b765 100644 --- a/tests/pom.xml +++ b/tests/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT spring-security-oauth-tests diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml index 4b0235c6f..805980de8 100644 --- a/tests/xml/approval/pom.xml +++ b/tests/xml/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml index 60cfbfce8..7f0f425b7 100644 --- a/tests/xml/client/pom.xml +++ b/tests/xml/client/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml index e0e9dcdc3..fcdc16cc8 100644 --- a/tests/xml/common/pom.xml +++ b/tests/xml/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml index 54264796c..61c08039c 100644 --- a/tests/xml/form/pom.xml +++ b/tests/xml/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml index c4d15f460..e89b85fbe 100644 --- a/tests/xml/jdbc/pom.xml +++ b/tests/xml/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml index 7729c12bc..8afca8fe9 100644 --- a/tests/xml/jwt/pom.xml +++ b/tests/xml/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml index 4d298162a..37b14ccce 100644 --- a/tests/xml/mappings/pom.xml +++ b/tests/xml/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml index 1589974a1..e8ab92d50 100644 --- a/tests/xml/pom.xml +++ b/tests/xml/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT pom @@ -39,7 +39,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT org.springframework.security diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml index 23b566aa7..425eebe04 100644 --- a/tests/xml/vanilla/pom.xml +++ b/tests/xml/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.M1 + 2.5.0.BUILD-SNAPSHOT From ca06d26580ca15b9976431cf94cc652bc1030630 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Tue, 21 Apr 2020 15:10:04 -0400 Subject: [PATCH 49/94] Update to commons-codec:1.14 Fixes gh-1850 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ec07240dc..6312c5b05 100644 --- a/pom.xml +++ b/pom.xml @@ -18,7 +18,7 @@ UTF-8 - 1.9 + 1.14 4.3.26.RELEASE 4.2.13.RELEASE 1.5.2.RELEASE From 4b27e2e173dd2bad6b031b9f28144a8e427e4aa9 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Tue, 21 Apr 2020 15:18:56 -0400 Subject: [PATCH 50/94] Update to spring-security:4.2.15.RELEASE Fixes gh-1851 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 6312c5b05..7b0d96d06 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ UTF-8 1.14 4.3.26.RELEASE - 4.2.13.RELEASE + 4.2.15.RELEASE 1.5.2.RELEASE 2.6.3 4.12 From 9ece323fe61725d5ceab507cd4b8f106436c4ea5 Mon Sep 17 00:00:00 2001 From: imgx64 Date: Tue, 17 Apr 2018 13:12:06 +0300 Subject: [PATCH 51/94] Add support for reading public key from X.509 PEM certificates Issue #784 --- .../jwt/crypto/sign/RsaKeyHelper.java | 10 ++++++++++ .../jwt/crypto/cipher/RsaTestKeyData.java | 20 +++++++++++++++++++ .../jwt/crypto/sign/RsaSigningTests.java | 3 +++ 3 files changed, 33 insertions(+) diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaKeyHelper.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaKeyHelper.java index f15862a5e..b256cdb64 100644 --- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaKeyHelper.java +++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaKeyHelper.java @@ -19,6 +19,9 @@ import java.io.IOException; import java.math.BigInteger; import java.security.*; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; import java.security.interfaces.RSAPublicKey; import java.security.spec.*; import java.util.Arrays; @@ -72,6 +75,10 @@ static KeyPair parseKeyPair(String pemData) { org.bouncycastle.asn1.pkcs.RSAPublicKey key = org.bouncycastle.asn1.pkcs.RSAPublicKey.getInstance(seq); RSAPublicKeySpec pubSpec = new RSAPublicKeySpec(key.getModulus(), key.getPublicExponent()); publicKey = fact.generatePublic(pubSpec); + } else if (type.equals("CERTIFICATE")) { + CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); + Certificate certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(content)); + publicKey = certificate.getPublicKey(); } else { throw new IllegalArgumentException(type + " is not a supported format"); } @@ -81,6 +88,9 @@ static KeyPair parseKeyPair(String pemData) { catch (InvalidKeySpecException e) { throw new RuntimeException(e); } + catch (CertificateException e) { + throw new RuntimeException(e); + } catch (NoSuchAlgorithmException e) { throw new IllegalStateException(e); } diff --git a/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/cipher/RsaTestKeyData.java b/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/cipher/RsaTestKeyData.java index b0901127d..cf9d7447e 100644 --- a/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/cipher/RsaTestKeyData.java +++ b/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/cipher/RsaTestKeyData.java @@ -117,4 +117,24 @@ public class RsaTestKeyData { "L7ZIncG3aCvXxp8pUQ7NPimYd70dEPuu1QIDAQAB\n" + "-----END RSA PUBLIC KEY-----"; + public static final String SSH_X509_CERTIFICATE_PEM_STRING = "-----BEGIN CERTIFICATE-----\n" + + "MIIDHDCCAgSgAwIBAgIJAK+wnYpjtdVFMA0GCSqGSIb3DQEBCwUAMCMxITAfBgNV\n" + + "BAMMGHNwcmluZy1zZWN1cml0eS1qd3QtdGVzdDAeFw0xODA0MTcwOTQ4MzVaFw0x\n" + + "ODA1MTcwOTQ4MzVaMCMxITAfBgNVBAMMGHNwcmluZy1zZWN1cml0eS1qd3QtdGVz\n" + + "dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAETeEu2dGrEhI+tfki\n" + + "L7VFLh6KXf3353tQm2h1zcY/3COK2NJORC2dkhghVYJsfVwAySYWKECJjvrzMRQK\n" + + "m1scjuOQda2UdatAoRBVixj5jQfn2PE6xRyIyW/O97NHdhU2AzsLLeh3Sj415C3Y\n" + + "BhzuCtXy5ztXEByhoJQSr3OGUlZ4lDidRHSmR8Rp5FY6bNYT/fAL0MehKZihMXsH\n" + + "eDDI++4EWAHkqNKT4boC65suQyz6MUlBkmRBwj5Qnzn0wLfTbhOGMG6QsA3w5kG/\n" + + "vZ3qu0ND8JrT+oxa1eFWd4q9nFmDkxehXC+2SJ3Bt2gr18afKVEOzT4pmHe9HRD7\n" + + "rtUCAwEAAaNTMFEwHQYDVR0OBBYEFPM7mHoBTz7Bgyblen9oSqd6gCVTMB8GA1Ud\n" + + "IwQYMBaAFPM7mHoBTz7Bgyblen9oSqd6gCVTMA8GA1UdEwEB/wQFMAMBAf8wDQYJ\n" + + "KoZIhvcNAQELBQADggEBAGfx6+D8YpYVHYbB9mdUDVmFKEq3rFBKaHXL8fDceHUi\n" + + "GOAG0dLqP+lxx/pPsgfW8dnu1h/I5+cvOsj/YmwLMlodhrGN0XpaWmATz7+ikif3\n" + + "VGGNXIWl/km+r30M4diFnSnycjYaOJdBqhLIkQd/w/JFFJ5J+C5b2281jYGw6Y1F\n" + + "Kq3pqLlQVCnQhcnDroCtwLK78hG7yZasYVBnjKilSkMB1k14Kfq8WUR3NsODRiXg\n" + + "EP+KsWrwS5l/cyUzkWDKgOvmlWeqSWp95WGhewuVAs34W0hzdT3JDd4TIX3NWMuw\n" + + "i9txCbagsrq/2+rKgsasCPlcQwFw6Umzd73HuqiHmoM=\n" + + "-----END CERTIFICATE-----\n"; + } diff --git a/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/sign/RsaSigningTests.java b/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/sign/RsaSigningTests.java index 27e8dbb46..d6f7a46ce 100644 --- a/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/sign/RsaSigningTests.java +++ b/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/sign/RsaSigningTests.java @@ -56,5 +56,8 @@ public void keysFromPrivateAndPublicKeyStringDataAreCorrect() throws Exception { verifier = new RsaVerifier(RsaTestKeyData.SSH_PUBLIC_KEY_OPENSSL_PEM_STRING); verifier.verify(content, signed); + + verifier = new RsaVerifier(RsaTestKeyData.SSH_X509_CERTIFICATE_PEM_STRING); + verifier.verify(content, signed); } } From 68a87b99915043323bce7abbba8f1d58f9ae52ef Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 30 Apr 2020 06:47:12 -0400 Subject: [PATCH 52/94] Revert "Improve handling of invalid tokens" This reverts commit 57a02917c5d3bb3df5751ea203bd0150a5db05a8. --- .../provider/token/DefaultTokenServices.java | 14 ++------------ .../provider/token/DefaultTokenServicesTests.java | 15 +-------------- 2 files changed, 3 insertions(+), 26 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java index 64a4e4d6a..bbe7e3acc 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java @@ -230,22 +230,12 @@ protected boolean isExpired(OAuth2RefreshToken refreshToken) { } public OAuth2AccessToken readAccessToken(String accessToken) { - try { - return tokenStore.readAccessToken(accessToken); - } catch (Exception ex) { - throw new InvalidTokenException("Invalid access token", ex); - } + return tokenStore.readAccessToken(accessToken); } public OAuth2Authentication loadAuthentication(String accessTokenValue) throws AuthenticationException, InvalidTokenException { - OAuth2AccessToken accessToken; - try { - accessToken = tokenStore.readAccessToken(accessTokenValue); - } catch (Exception ex) { - throw new InvalidTokenException("Invalid access token", ex); - } - + OAuth2AccessToken accessToken = tokenStore.readAccessToken(accessTokenValue); if (accessToken == null) { throw new InvalidTokenException("Invalid access token: " + accessTokenValue); } diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultTokenServicesTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultTokenServicesTests.java index 9d19e0827..7eda9601b 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultTokenServicesTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultTokenServicesTests.java @@ -30,17 +30,4 @@ public void testAccidentalNullAuthentication() { services.loadAuthentication("FOO"); } - // gh-1522 - @Test(expected = InvalidTokenException.class) - public void testLoadAuthenticationWithInvalidToken() { - Mockito.when(tokenStore.readAccessToken(Mockito.anyString())).thenThrow(new RuntimeException()); - services.loadAuthentication("invalid-token"); - } - - // gh-1522 - @Test(expected = InvalidTokenException.class) - public void testReadAccessTokenWithInvalidToken() { - Mockito.when(tokenStore.readAccessToken(Mockito.anyString())).thenThrow(new RuntimeException()); - services.readAccessToken("invalid-token"); - } -} \ No newline at end of file +} From d2c3b9d8e5652da04b3f9d76c1973e1eb34ee0f3 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 30 Apr 2020 13:11:37 -0400 Subject: [PATCH 53/94] Handle failed JWT signature verification Issue gh-1522 Fixes gh-1852 --- .../JwkVerifyingJwtAccessTokenConverter.java | 9 ++++++-- ...VerifyingJwtAccessTokenConverterTests.java | 22 +++++++++++++++++++ 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java index 02fbc3d5a..58f166cfc 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java @@ -121,8 +121,13 @@ protected Map decode(String token) { // Verify signature SignatureVerifier verifier = jwkDefinitionHolder.getSignatureVerifier(); - Jwt jwt = JwtHelper.decode(token); - jwt.verifySignature(verifier); + Jwt jwt; + try { + jwt = JwtHelper.decode(token); + jwt.verifySignature(verifier); + } catch (Exception ex) { + throw new InvalidTokenException("Failed to decode/verify JWT/JWS", ex); + } Map claims = this.jsonParser.parseMap(jwt.getClaims()); if (claims.containsKey(EXP) && claims.get(EXP) instanceof Integer) { diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTests.java index 9c2534412..c534216fe 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTests.java @@ -24,6 +24,8 @@ import java.util.Map; import static org.junit.Assert.assertNotNull; +import static org.mockito.Matchers.any; +import static org.mockito.Mockito.doThrow; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; import static org.springframework.security.jwt.codec.Codecs.b64UrlEncode; @@ -139,6 +141,26 @@ public void decodeWhenKidHeaderMissingButX5tHeaderPresentThenDecodeStillSucceeds assertNotNull(decodedJwt); } + // gh-1522, gh-1852 + @Test + public void decodeWhenVerifySignatureFailsThenThrowInvalidTokenException() throws Exception { + this.thrown.expect(InvalidTokenException.class); + this.thrown.expectMessage("Failed to decode/verify JWT/JWS"); + JwkDefinition jwkDefinition = this.createRSAJwkDefinition("key-id-1", null, null); + JwkDefinitionSource jwkDefinitionSource = mock(JwkDefinitionSource.class); + JwkDefinitionSource.JwkDefinitionHolder jwkDefinitionHolder = mock(JwkDefinitionSource.JwkDefinitionHolder.class); + SignatureVerifier signatureVerifier = mock(SignatureVerifier.class); + when(jwkDefinitionHolder.getJwkDefinition()).thenReturn(jwkDefinition); + when(jwkDefinitionSource.getDefinitionLoadIfNecessary("key-id-1", null)).thenReturn(jwkDefinitionHolder); + when(jwkDefinitionHolder.getSignatureVerifier()).thenReturn(signatureVerifier); + doThrow(RuntimeException.class).when(signatureVerifier).verify(any(byte[].class), any(byte[].class)); + JwkVerifyingJwtAccessTokenConverter accessTokenConverter = + new JwkVerifyingJwtAccessTokenConverter(jwkDefinitionSource); + String jwt = createJwt(createJwtHeader("key-id-1", null, JwkDefinition.CryptoAlgorithm.RS256)); + String jws = jwt + "." + utf8Decode(b64UrlEncode("junkSignature".getBytes())); + accessTokenConverter.decode(jws); + } + private JwkDefinition createRSAJwkDefinition(String keyId, String x5t, JwkDefinition.CryptoAlgorithm algorithm) { return createRSAJwkDefinition(JwkDefinition.KeyType.RSA, keyId, x5t, JwkDefinition.PublicKeyUse.SIG, algorithm, "AMh-pGAj9vX2gwFDyrXot1f2YfHgh8h0Qx6w9IqLL", "AQAB"); From 0a3938e7b79804c4b09a614e8fcd304e25048437 Mon Sep 17 00:00:00 2001 From: Stefan Rempfer Date: Thu, 16 Apr 2020 21:31:39 +0200 Subject: [PATCH 54/94] Delete access_to_refresh key when removing refresh token in RedisTokenStore Fixes gh-1836 --- .../token/store/redis/RedisTokenStore.java | 23 ++++++--- .../store/redis/RedisTokenStoreMockTests.java | 7 +++ .../store/redis/RedisTokenStoreTests.java | 49 ++++++++++++++++++- 3 files changed, 70 insertions(+), 9 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStore.java index af91a39b7..519ffbea5 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStore.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStore.java @@ -207,19 +207,19 @@ public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authe } OAuth2RefreshToken refreshToken = token.getRefreshToken(); if (refreshToken != null && refreshToken.getValue() != null) { - byte[] refresh = serialize(token.getRefreshToken().getValue()); - byte[] auth = serialize(token.getValue()); - byte[] refreshToAccessKey = serializeKey(REFRESH_TO_ACCESS + token.getRefreshToken().getValue()); + byte[] refresh = serialize(refreshToken.getValue()); + byte[] access = serialize(token.getValue()); + byte[] refreshToAccessKey = serializeKey(REFRESH_TO_ACCESS + refreshToken.getValue()); byte[] accessToRefreshKey = serializeKey(ACCESS_TO_REFRESH + token.getValue()); if (springDataRedis_2_0) { try { - this.redisConnectionSet_2_0.invoke(conn, refreshToAccessKey, auth); + this.redisConnectionSet_2_0.invoke(conn, refreshToAccessKey, access); this.redisConnectionSet_2_0.invoke(conn, accessToRefreshKey, refresh); } catch (Exception ex) { throw new RuntimeException(ex); } } else { - conn.set(refreshToAccessKey, auth); + conn.set(refreshToAccessKey, access); conn.set(accessToRefreshKey, refresh); } if (refreshToken instanceof ExpiringOAuth2RefreshToken) { @@ -361,15 +361,22 @@ public void removeRefreshToken(String tokenValue) { byte[] refreshKey = serializeKey(REFRESH + tokenValue); byte[] refreshAuthKey = serializeKey(REFRESH_AUTH + tokenValue); byte[] refresh2AccessKey = serializeKey(REFRESH_TO_ACCESS + tokenValue); - byte[] access2RefreshKey = serializeKey(ACCESS_TO_REFRESH + tokenValue); RedisConnection conn = getConnection(); try { conn.openPipeline(); conn.del(refreshKey); conn.del(refreshAuthKey); + conn.get(refresh2AccessKey); conn.del(refresh2AccessKey); - conn.del(access2RefreshKey); - conn.closePipeline(); + List results = conn.closePipeline(); + + byte[] accessTokenBytes = (byte[]) results.get(2); + if(accessTokenBytes != null) { + String accessTokenValue = deserializeString(accessTokenBytes); + byte[] access2RefreshKey = serializeKey(ACCESS_TO_REFRESH + accessTokenValue); + conn.del(access2RefreshKey); + } + } finally { conn.close(); } diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreMockTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreMockTests.java index 738f0f1c2..4baa81884 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreMockTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreMockTests.java @@ -67,6 +67,13 @@ public void storeRefreshTokenRemoveRefreshTokenVerifyKeysRemoved() { ArgumentCaptor keyArgs = ArgumentCaptor.forClass(byte[].class); verify(connection, times(2)).set(keyArgs.capture(), any(byte[].class)); + List result = new ArrayList(); + result.add(Long.valueOf(1)); + result.add(Long.valueOf(1)); + result.add(new byte[] {42}); + result.add(Long.valueOf(1)); + when(connection.closePipeline()).thenReturn(result); + tokenStore.removeRefreshToken(oauth2RefreshToken); for (byte[] key : keyArgs.getAllValues()) { diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreTests.java index 996e15c21..ded1f1529 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreTests.java @@ -2,6 +2,8 @@ import org.junit.Before; import org.junit.Test; + +import org.springframework.data.redis.connection.RedisConnection; import org.springframework.data.redis.connection.jedis.JedisConnectionFactory; import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken; @@ -28,6 +30,8 @@ */ public class RedisTokenStoreTests extends TokenStoreBaseTests { + private JedisConnectionFactory connectionFactory; + private RedisTokenStoreSerializationStrategy serializationStrategy = new JdkSerializationStrategy(); private RedisTokenStore tokenStore; @Override @@ -41,7 +45,6 @@ public void setup() throws Exception { "org.springframework.data.redis.connection.RedisStandaloneConfiguration", this.getClass().getClassLoader()); - JedisConnectionFactory connectionFactory; if (springDataRedis_2_0) { connectionFactory = new JedisConnectionFactory(); } else { @@ -49,7 +52,9 @@ public void setup() throws Exception { connectionFactory = new JedisConnectionFactory(shardInfo); } + serializationStrategy = new JdkSerializationStrategy(); tokenStore = new RedisTokenStore(connectionFactory); + tokenStore.setSerializationStrategy(serializationStrategy); } @Test @@ -109,4 +114,46 @@ public void storeAccessTokenWithoutRefreshTokenRemoveAccessTokenVerifyTokenRemov assertTrue(oauth2AccessTokens.isEmpty()); } + // gh-1836 + @Test + public void storeAccessTokenWithRefreshTokenRemoveRefreshTokenAndAccessTokenVerifyTokenRemoved() { + OAuth2Request request = RequestTokenFactory.createOAuth2Request("clientId", false); + TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password"); + + DefaultOAuth2AccessToken oauth2AccessToken = new DefaultOAuth2AccessToken( + "access-token-" + UUID.randomUUID()); + DefaultOAuth2RefreshToken oauth2RefreshToken = new DefaultOAuth2RefreshToken( + "refresh-token-" + UUID.randomUUID()); + oauth2AccessToken.setRefreshToken(oauth2RefreshToken); + + OAuth2Authentication oauth2Authentication = new OAuth2Authentication(request, authentication); + + tokenStore.storeAccessToken(oauth2AccessToken, oauth2Authentication); + String accessTokenValue = getValue("refresh_to_access:" + oauth2RefreshToken.getValue()); + assertEquals(accessTokenValue, oauth2AccessToken.getValue()); + String refreshTokenValue = getValue("access_to_refresh:" + oauth2AccessToken.getValue()); + assertEquals(refreshTokenValue, oauth2RefreshToken.getValue()); + + tokenStore.removeRefreshToken(oauth2RefreshToken); + accessTokenValue = getValue("refresh_to_access:" + oauth2RefreshToken.getValue()); + assertNull("Key refresh_to_access was not deleted!", accessTokenValue); + refreshTokenValue = getValue("access_to_refresh:" + oauth2AccessToken.getValue()); + assertNull("Key access_to_refresh was not deleted!", refreshTokenValue); + + tokenStore.removeAccessToken(oauth2AccessToken); + + Collection oauth2AccessTokens = tokenStore.findTokensByClientId(request.getClientId()); + assertTrue(oauth2AccessTokens.isEmpty()); + } + + private String getValue(String key) { + RedisConnection conn = connectionFactory.getConnection(); + try { + byte[] value = conn.get(key.getBytes()); + return serializationStrategy.deserializeString(value); + } + finally { + conn.close(); + } + } } \ No newline at end of file From e581a8184b0df9c6ff24417e078d6b442b4e61f4 Mon Sep 17 00:00:00 2001 From: Mathieu Ouellet <6408576+mouellet@users.noreply.github.com> Date: Sat, 25 Feb 2017 06:58:04 -0500 Subject: [PATCH 55/94] Add optional parameters in RemoteTokenService Support for introspection request (see RFC 7662). Fixes gh-974 --- .../provider/token/RemoteTokenServices.java | 15 +++++++++-- .../token/RemoteTokenServicesTest.java | 26 ++++++++++++++++++- 2 files changed, 38 insertions(+), 3 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java index 356ef43be..db5095892 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java @@ -45,6 +45,7 @@ * * @author Dave Syer * @author Luke Taylor + * @author Mathieu Ouellet * */ @Deprecated @@ -62,6 +63,8 @@ public class RemoteTokenServices implements ResourceServerTokenServices { private String tokenName = "token"; + private Map additionalParameters; + private AccessTokenConverter tokenConverter = new DefaultAccessTokenConverter(); public RemoteTokenServices() { @@ -101,10 +104,18 @@ public void setTokenName(String tokenName) { this.tokenName = tokenName; } - @Override - public OAuth2Authentication loadAuthentication(String accessToken) throws AuthenticationException, InvalidTokenException { + public void setAdditionalParameters(Map additionalParameters) { + this.additionalParameters = additionalParameters; + } + + @Override + public OAuth2Authentication loadAuthentication(String accessToken) + throws AuthenticationException, InvalidTokenException { MultiValueMap formData = new LinkedMultiValueMap(); + if (additionalParameters != null) { + formData.setAll(additionalParameters); + } formData.add(tokenName, accessToken); HttpHeaders headers = new HttpHeaders(); headers.set("Authorization", getAuthorizationHeader(clientId, clientSecret)); diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java index 54de94390..4eaaecb8c 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java @@ -17,6 +17,7 @@ import org.junit.Before; import org.junit.Test; +import org.mockito.ArgumentCaptor; import org.springframework.http.HttpEntity; import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; @@ -26,8 +27,10 @@ import org.springframework.web.client.RestTemplate; import java.util.HashMap; +import java.util.List; import java.util.Map; +import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.mockito.Matchers.any; import static org.mockito.Matchers.anyString; @@ -51,6 +54,27 @@ public void setUp() { this.remoteTokenServices.setCheckTokenEndpointUrl(DEFAULT_CHECK_TOKEN_ENDPOINT_URI); } + // gh-974 + @Test + public void loadAuthenticationWhenAdditionalQueryParametersProvidedThenReturnAuthentication() { + Map additionalParameters = new HashMap(); + additionalParameters.put("apiKey", "some-api-key"); + this.remoteTokenServices.setAdditionalParameters(additionalParameters); + + Map responseAttrs = new HashMap(); + responseAttrs.put("active", true); // "active" is the only required attribute as per RFC 7662 (https://tools.ietf.org/search/rfc7662#section-2.2) + ResponseEntity response = new ResponseEntity(responseAttrs, HttpStatus.OK); + RestTemplate restTemplate = mock(RestTemplate.class); + ArgumentCaptor requestEntityCaptor = ArgumentCaptor.forClass(HttpEntity.class); + when(restTemplate.exchange(anyString(), any(HttpMethod.class), requestEntityCaptor.capture(), any(Class.class))).thenReturn(response); + this.remoteTokenServices.setRestTemplate(restTemplate); + + OAuth2Authentication authentication = this.remoteTokenServices.loadAuthentication("access-token-1234"); + assertNotNull(authentication); + Map formParameters = (Map) requestEntityCaptor.getValue().getBody(); + assertEquals("some-api-key", ((List) formParameters.get("apiKey")).get(0)); + } + // gh-838 @Test public void loadAuthenticationWhenIntrospectionResponseContainsActiveTrueBooleanThenReturnAuthentication() throws Exception { @@ -114,4 +138,4 @@ public void loadAuthenticationWhenIntrospectionResponseMissingActiveAttributeThe OAuth2Authentication authentication = this.remoteTokenServices.loadAuthentication("access-token-1234"); assertNotNull(authentication); } -} \ No newline at end of file +} From 7e95ee4878a1b66478531d7f63df8d28fd80eb4d Mon Sep 17 00:00:00 2001 From: Denny Verbeeck Date: Wed, 15 Nov 2017 08:55:21 +0100 Subject: [PATCH 56/94] Fix OAuth2AuthenticationDetails display string The logic for inserting comma's between the components of the string was incorrect and would produce string like e.g. remoteAddress=0:0:0:0:0:0:0:1, tokenType=BearertokenValue=. This fix correctly inserts commas before appending a new field if there was already a field added before it. Fixes gh-1209 --- .../authentication/OAuth2AuthenticationDetails.java | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetails.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetails.java index 7ff8dc19c..820ef1556 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetails.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetails.java @@ -67,19 +67,22 @@ public OAuth2AuthenticationDetails(HttpServletRequest request) { if (remoteAddress!=null) { builder.append("remoteAddress=").append(remoteAddress); } - if (builder.length()>1) { - builder.append(", "); - } if (sessionId!=null) { - builder.append("sessionId="); - if (builder.length()>1) { + if (builder.length() > 1) { builder.append(", "); } + builder.append("sessionId="); } if (tokenType!=null) { + if (builder.length() > 1) { + builder.append(", "); + } builder.append("tokenType=").append(this.tokenType); } if (tokenValue!=null) { + if (builder.length() > 1) { + builder.append(", "); + } builder.append("tokenValue="); } this.display = builder.toString(); From f384bbfd8b2b3e6f509bc9c9a9209d75a9acb9a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Andersson?= Date: Thu, 26 Jan 2017 21:42:10 +0800 Subject: [PATCH 57/94] Document needing sessions on stateless=false If you don't configure Spring Security to allow sessions when your endpoints are not stateless then Spring will not honor stateless=false. Fixes gh-939 --- .../authentication/OAuth2AuthenticationProcessingFilter.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilter.java index d2ba671ba..7152691cb 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilter.java @@ -74,7 +74,9 @@ public class OAuth2AuthenticationProcessingFilter implements Filter, Initializin /** * Flag to say that this filter guards stateless resources (default true). Set this to true if the only way the * resource can be accessed is with a token. If false then an incoming cookie can populate the security context and - * allow access to a caller that isn't an OAuth2 client. + * allow access to a caller that isn't an OAuth2 client. When false, remember to also allow sessions to be created + * by configuring session management with a session creation policy that allows sessions to be set. + * See {@link org.springframework.security.config.http.SessionCreationPolicy} for your choices. * * @param stateless the flag to set (default true) */ From 0787ed593358a05409dcff12d0d27540f1c965e6 Mon Sep 17 00:00:00 2001 From: Mirko Zeibig Date: Mon, 16 Jan 2017 10:59:31 +0100 Subject: [PATCH 58/94] RsaKeyHelper parses public key without comment (id) Fixes gh-949 --- .../security/jwt/crypto/sign/RsaKeyHelper.java | 8 ++++---- .../security/jwt/crypto/cipher/RsaTestKeyData.java | 6 ++++++ .../security/jwt/crypto/sign/RsaSigningTests.java | 10 ++++++++-- 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaKeyHelper.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaKeyHelper.java index b256cdb64..69a87874c 100644 --- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaKeyHelper.java +++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaKeyHelper.java @@ -12,8 +12,7 @@ */ package org.springframework.security.jwt.crypto.sign; -import static org.springframework.security.jwt.codec.Codecs.b64Decode; -import static org.springframework.security.jwt.codec.Codecs.utf8Encode; +import org.bouncycastle.asn1.ASN1Sequence; import java.io.ByteArrayInputStream; import java.io.IOException; @@ -28,7 +27,8 @@ import java.util.regex.Matcher; import java.util.regex.Pattern; -import org.bouncycastle.asn1.ASN1Sequence; +import static org.springframework.security.jwt.codec.Codecs.b64Decode; +import static org.springframework.security.jwt.codec.Codecs.utf8Encode; /** * Reads RSA key pairs using BC provider classes but without the @@ -96,7 +96,7 @@ static KeyPair parseKeyPair(String pemData) { } } - private static final Pattern SSH_PUB_KEY = Pattern.compile("ssh-(rsa|dsa) ([A-Za-z0-9/+]+=*) (.*)"); + private static final Pattern SSH_PUB_KEY = Pattern.compile("ssh-(rsa|dsa) ([A-Za-z0-9/+]+=*) ?(.*)"); static RSAPublicKey parsePublicKey(String key) { Matcher m = SSH_PUB_KEY.matcher(key); diff --git a/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/cipher/RsaTestKeyData.java b/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/cipher/RsaTestKeyData.java index cf9d7447e..5efbfe88d 100644 --- a/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/cipher/RsaTestKeyData.java +++ b/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/cipher/RsaTestKeyData.java @@ -97,6 +97,12 @@ public class RsaTestKeyData { + "eJQ4nUR0pkfEaeRWOmzWE/3wC9DHoSmYoTF7B3gwyPvuBFgB5KjSk+G6AuubLkMs+jFJQZJkQcI+UJ859MC3024ThjBukLAN8OZBv7" + "2d6rtDQ/Ca0/qMWtXhVneKvZxZg5MXoVwvtkidwbdoK9fGnylRDs0+KZh3vR0Q+67V blah@blah.local"; + public static final String SSH_PUBLIC_KEY_STRING_WITHOUT_COMMENT = "ssh-rsa " + + "AAAAB3NzaC1yc2EAAAADAQABAAABAQDABE3hLtnRqxISPrX5Ii+1RS4eil399+d7UJtodc3GP9wjitjSTkQtnZIYIVWCbH1cAMkmFi" + + "hAiY768zEUCptbHI7jkHWtlHWrQKEQVYsY+Y0H59jxOsUciMlvzvezR3YVNgM7Cy3od0o+NeQt2AYc7grV8uc7VxAcoaCUEq9zhlJW" + + "eJQ4nUR0pkfEaeRWOmzWE/3wC9DHoSmYoTF7B3gwyPvuBFgB5KjSk+G6AuubLkMs+jFJQZJkQcI+UJ859MC3024ThjBukLAN8OZBv7" + + "2d6rtDQ/Ca0/qMWtXhVneKvZxZg5MXoVwvtkidwbdoK9fGnylRDs0+KZh3vR0Q+67V"; + public static final String SSH_PUBLIC_KEY_OPENSSL_PEM_STRING = "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwARN4S7Z0asSEj61+SIv\n" + diff --git a/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/sign/RsaSigningTests.java b/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/sign/RsaSigningTests.java index d6f7a46ce..da83c9bc3 100644 --- a/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/sign/RsaSigningTests.java +++ b/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/sign/RsaSigningTests.java @@ -12,12 +12,12 @@ */ package org.springframework.security.jwt.crypto.sign; -import static org.junit.Assert.assertNotNull; - import org.junit.Test; import org.springframework.security.jwt.codec.Codecs; import org.springframework.security.jwt.crypto.cipher.RsaTestKeyData; +import static org.junit.Assert.assertNotNull; + /** * @author Luke Taylor */ @@ -35,6 +35,12 @@ public void rsaSignerValidKeyWithWhitespace() throws Exception { assertNotNull(signer); } + @Test + public void rsaVerifierValidKeyWithoutComment() throws Exception { + RsaVerifier verifier = new RsaVerifier(RsaTestKeyData.SSH_PUBLIC_KEY_STRING_WITHOUT_COMMENT); + assertNotNull(verifier); + } + @Test public void keysFromPrivateAndPublicKeyStringDataAreCorrect() throws Exception { // Do a test sign and verify From c6e56f1fdd4bbc9ecc3fb9d923e503860aa1c6cd Mon Sep 17 00:00:00 2001 From: Yoshinori Ehara Date: Thu, 15 Dec 2016 00:38:08 +0900 Subject: [PATCH 59/94] Fix potential NPE in OAuthProviderBeanDefinitionParser Fixes gh-925 --- .../oauth/config/OAuthProviderBeanDefinitionParser.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthProviderBeanDefinitionParser.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthProviderBeanDefinitionParser.java index 568219c90..6b1721050 100644 --- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthProviderBeanDefinitionParser.java +++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthProviderBeanDefinitionParser.java @@ -207,7 +207,7 @@ private int insertIndex(List filterChain) { BeanMetadataElement filter = filterChain.get(i); if (filter instanceof BeanDefinition) { String beanName = ((BeanDefinition) filter).getBeanClassName(); - if (beanName.equals(ExceptionTranslationFilter.class.getName())) { + if (ExceptionTranslationFilter.class.getName().equals(beanName)) { return i + 1; } } From 611854e76db42f46a11556f2d577f93f50a3dd73 Mon Sep 17 00:00:00 2001 From: Alexandr Latushkin Date: Fri, 8 May 2020 21:33:33 +0300 Subject: [PATCH 60/94] Handle expires_in when 0 Fixes gh-1172 --- .../common/OAuth2AccessTokenJackson2Deserializer.java | 2 +- .../oauth2/common/BaseOAuth2AccessTokenJacksonTest.java | 2 ++ .../common/OAuth2AccessTokenJackson2DeserializerTests.java | 7 +++++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Deserializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Deserializer.java index 1753bda04..ff0084019 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Deserializer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Deserializer.java @@ -96,7 +96,7 @@ else if (OAuth2AccessToken.SCOPE.equals(name)) { DefaultOAuth2AccessToken accessToken = new DefaultOAuth2AccessToken(tokenValue); accessToken.setTokenType(tokenType); - if (expiresIn != null) { + if (expiresIn != null && expiresIn != 0) { accessToken.setExpiration(new Date(System.currentTimeMillis() + (expiresIn * 1000))); } if (refreshToken != null) { diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/BaseOAuth2AccessTokenJacksonTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/BaseOAuth2AccessTokenJacksonTest.java index 93a277c4f..175d1150d 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/BaseOAuth2AccessTokenJacksonTest.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/BaseOAuth2AccessTokenJacksonTest.java @@ -55,6 +55,8 @@ abstract class BaseOAuth2AccessTokenJacksonTest { protected static final String ACCESS_TOKEN_ADDITIONAL_INFO = "{\"access_token\":\"token-value\",\"token_type\":\"bearer\",\"one\":\"two\",\"three\":4,\"five\":{\"six\":7}}"; + protected static final String ACCESS_TOKEN_ZERO_EXPIRES = "{\"access_token\":\"token-value\",\"token_type\":\"bearer\",\"expires_in\":0}"; + @Rule public ExpectedException thrown = ExpectedException.none(); diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2DeserializerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2DeserializerTests.java index fbd43158a..b91503d47 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2DeserializerTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2DeserializerTests.java @@ -25,6 +25,7 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertFalse; /** * Tests deserialization of an {@link org.springframework.security.oauth2.common.OAuth2AccessToken} using jackson. @@ -107,6 +108,12 @@ public void readValueWithAdditionalInformation() throws Exception { assertTokenEquals(accessToken,actual); } + @Test + public void readValueWithZeroExpiresAsNotExpired() throws Exception { + OAuth2AccessToken actual = mapper.readValue(ACCESS_TOKEN_ZERO_EXPIRES, OAuth2AccessToken.class); + assertFalse("Token with expires_in:0 must be treated as not expired.", actual.isExpired()); + } + private static void assertTokenEquals(OAuth2AccessToken expected, OAuth2AccessToken actual) { assertEquals(expected.getTokenType(), actual.getTokenType()); assertEquals(expected.getValue(), actual.getValue()); From fa46bac51d98bc8d09a6c9e7093ac3a53ed17707 Mon Sep 17 00:00:00 2001 From: Torsten Kuhnhenne Date: Tue, 5 May 2020 07:20:53 +0200 Subject: [PATCH 61/94] DefaultTokenServices generates url-safe tokens Fixes gh-1857 --- .../oauth2/provider/token/DefaultTokenServices.java | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java index bbe7e3acc..0046426e9 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java @@ -290,8 +290,7 @@ private OAuth2RefreshToken createRefreshToken(OAuth2Authentication authenticatio return null; } int validitySeconds = getRefreshTokenValiditySeconds(authentication.getOAuth2Request()); - String tokenValue = new String(Base64.encodeBase64( - DEFAULT_TOKEN_GENERATOR.generateKey())); + String tokenValue = new String(Base64.encodeBase64URLSafe(DEFAULT_TOKEN_GENERATOR.generateKey())); if (validitySeconds > 0) { return new DefaultExpiringOAuth2RefreshToken(tokenValue, new Date(System.currentTimeMillis() + (validitySeconds * 1000L))); @@ -300,8 +299,7 @@ private OAuth2RefreshToken createRefreshToken(OAuth2Authentication authenticatio } private OAuth2AccessToken createAccessToken(OAuth2Authentication authentication, OAuth2RefreshToken refreshToken) { - String tokenValue = new String(Base64.encodeBase64( - DEFAULT_TOKEN_GENERATOR.generateKey())); + String tokenValue = new String(Base64.encodeBase64URLSafe(DEFAULT_TOKEN_GENERATOR.generateKey())); DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(tokenValue); int validitySeconds = getAccessTokenValiditySeconds(authentication.getOAuth2Request()); if (validitySeconds > 0) { From b478e803197d84a8054217365e1fa60e4606acba Mon Sep 17 00:00:00 2001 From: Jacques-Etienne Beaudet Date: Mon, 11 May 2020 17:29:14 -0400 Subject: [PATCH 62/94] Allow custom AuthenticationProvider and AuthenticationEventPublisher Custom AuthenticationProviders and AuthenticationEventPublisher can now be added when using @EnableAuthorizationServer. Adding a custom AuthenticationProvider will override the default DaoAuthenticationProvider provided by the class. Fixes gh-620 --- ...AuthorizationServerSecurityConfigurer.java | 55 +++++-- ...AuthorizationServerConfigurationTests.java | 142 +++++++++++++++++- 2 files changed, 186 insertions(+), 11 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java index 6c8a2df84..c0962ac73 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java @@ -22,7 +22,10 @@ import javax.servlet.Filter; import org.springframework.http.MediaType; +import org.springframework.security.authentication.AuthenticationEventPublisher; import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.AuthenticationProvider; +import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.SecurityConfigurerAdapter; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; @@ -80,7 +83,11 @@ public final class AuthorizationServerSecurityConfigurer extends * BasicAuthenticationFilter. */ private List tokenEndpointAuthenticationFilters = new ArrayList(); - + + private List authenticationProviders = new ArrayList(); + + private AuthenticationEventPublisher authenticationEventPublisher; + public AuthorizationServerSecurityConfigurer sslOnly() { this.sslOnly = true; return this; @@ -112,6 +119,29 @@ public AuthorizationServerSecurityConfigurer accessDeniedHandler(AccessDeniedHan return this; } + /** + * Authentication provider(s) to use with the {@link AuthenticationManager}. + * Adding an authentication provider here will replace the default {@link DaoAuthenticationProvider}. + * + * @param authenticationProvider the authentication provider to add + */ + public AuthorizationServerSecurityConfigurer addAuthenticationProvider(AuthenticationProvider authenticationProvider) { + Assert.notNull(authenticationProvider, "authenticationProvider must not be null"); + this.authenticationProviders.add(authenticationProvider); + return this; + } + + /** + * {@link AuthenticationEventPublisher} to use with the {@link AuthenticationManager}. + * + * @param authenticationEventPublisher the {@link AuthenticationEventPublisher} to use + */ + public AuthorizationServerSecurityConfigurer authenticationEventPublisher(AuthenticationEventPublisher authenticationEventPublisher) { + Assert.notNull(authenticationEventPublisher, "authenticationEventPublisher must not be null"); + this.authenticationEventPublisher = authenticationEventPublisher; + return this; + } + public AuthorizationServerSecurityConfigurer tokenKeyAccess(String tokenKeyAccess) { this.tokenKeyAccess = tokenKeyAccess; return this; @@ -132,17 +162,22 @@ public String getCheckTokenAccess() { @Override public void init(HttpSecurity http) throws Exception { - registerDefaultAuthenticationEntryPoint(http); - if (passwordEncoder != null) { - ClientDetailsUserDetailsService clientDetailsUserDetailsService = new ClientDetailsUserDetailsService(clientDetailsService()); - clientDetailsUserDetailsService.setPasswordEncoder(passwordEncoder()); - http.getSharedObject(AuthenticationManagerBuilder.class) - .userDetailsService(clientDetailsUserDetailsService) - .passwordEncoder(passwordEncoder()); + AuthenticationManagerBuilder builder = http.getSharedObject(AuthenticationManagerBuilder.class); + if (authenticationEventPublisher != null) { + builder.authenticationEventPublisher(authenticationEventPublisher); } - else { - http.userDetailsService(new ClientDetailsUserDetailsService(clientDetailsService())); + if (authenticationProviders.isEmpty()) { + if (passwordEncoder != null) { + builder.userDetailsService(new ClientDetailsUserDetailsService(clientDetailsService())) + .passwordEncoder(passwordEncoder()); + } else { + builder.userDetailsService(new ClientDetailsUserDetailsService(clientDetailsService())); + } + } else { + for (AuthenticationProvider provider: authenticationProviders) { + builder.authenticationProvider(provider); + } } http.securityContext().securityContextRepository(new NullSecurityContextRepository()).and().csrf().disable() .httpBasic().authenticationEntryPoint(this.authenticationEntryPoint).realmName(realm); diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/AuthorizationServerConfigurationTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/AuthorizationServerConfigurationTests.java index 1e63ddd3c..a5544dce6 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/AuthorizationServerConfigurationTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/AuthorizationServerConfigurationTests.java @@ -27,9 +27,18 @@ import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.mock.web.MockServletContext; +import org.springframework.security.authentication.AnonymousAuthenticationProvider; +import org.springframework.security.authentication.AuthenticationEventPublisher; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.AuthenticationProvider; +import org.springframework.security.authentication.DefaultAuthenticationEventPublisher; +import org.springframework.security.authentication.ProviderManager; +import org.springframework.security.authentication.TestingAuthenticationProvider; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; @@ -64,10 +73,13 @@ import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore; import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; import org.springframework.security.oauth2.provider.token.store.JwtTokenStore; +import org.springframework.security.web.FilterChainProxy; +import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import org.springframework.test.util.ReflectionTestUtils; import org.springframework.web.context.support.AnnotationConfigWebApplicationContext; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; +import javax.servlet.Filter; import javax.sql.DataSource; import java.util.Arrays; import java.util.List; @@ -112,7 +124,10 @@ public static List parameters() { new Object[] { null, new Class[] { AuthorizationServerCustomGranter.class } }, new Object[] { null, new Class[] { AuthorizationServerSslEnabled.class } }, new Object[] { null, new Class[] { AuthorizationServerCustomRedirectResolver.class } }, - new Object[] { null, new Class[] { AuthorizationServerDefaultRedirectResolver.class } } + new Object[] { null, new Class[] { AuthorizationServerDefaultRedirectResolver.class } }, + new Object[] { null, new Class[] { AuthorizationServerCustomAuthenticationProvidersOnTokenEndpoint.class } }, + new Object[] { null, new Class[] { AuthorizationServerDefaultAuthenticationProviderOnTokenEndpoint.class } }, + new Object[] { null, new Class[] { AuthorizationServerCustomAuthenticationEventPublisher.class } } // @formatter:on ); } @@ -736,4 +751,129 @@ public void configure(AuthorizationServerSecurityConfigurer security) throws Exc security.sslOnly(); } } + + @Configuration + @EnableWebMvcSecurity + @EnableAuthorizationServer + protected static class AuthorizationServerCustomAuthenticationProvidersOnTokenEndpoint extends + AuthorizationServerConfigurerAdapter implements Runnable { + + @Autowired + private ApplicationContext context; + + @Override + public void configure(AuthorizationServerSecurityConfigurer security) + throws Exception { + security.addAuthenticationProvider(new AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider()); + security.addAuthenticationProvider(new TestingAuthenticationProvider()); + } + + @Override + public void run() { + FilterChainProxy springSecurityFilterChain = context.getBean(FilterChainProxy.class); + List filters = springSecurityFilterChain.getFilters("/oauth/token"); + BasicAuthenticationFilter basicAuthenticationFilter = null; + for (Filter filter : filters) { + if (filter instanceof BasicAuthenticationFilter) { + basicAuthenticationFilter = (BasicAuthenticationFilter) filter; + break; + } + } + + ProviderManager authenticationManager = (ProviderManager) ReflectionTestUtils.getField(basicAuthenticationFilter, "authenticationManager"); + boolean nullAuthenticationProviderFound = false; + boolean testingAuthenticationProviderFound = false; + boolean anonymousAuthenticationProviderFound = false; + for (AuthenticationProvider provider : authenticationManager.getProviders()) { + if (provider instanceof AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider) { + nullAuthenticationProviderFound = true; + } else if (provider instanceof TestingAuthenticationProvider) { + testingAuthenticationProviderFound = true; + } else if (provider instanceof AnonymousAuthenticationProvider) { + anonymousAuthenticationProviderFound = true; + } + } + + assertEquals(3, authenticationManager.getProviders().size()); + assertTrue(testingAuthenticationProviderFound); + assertTrue(anonymousAuthenticationProviderFound); + assertTrue(nullAuthenticationProviderFound); + } + } + + @Configuration + @EnableWebMvcSecurity + @EnableAuthorizationServer + protected static class AuthorizationServerDefaultAuthenticationProviderOnTokenEndpoint extends + AuthorizationServerConfigurerAdapter implements Runnable { + + @Autowired + private ApplicationContext context; + + @Override + public void run() { + FilterChainProxy springSecurityFilterChain = context.getBean(FilterChainProxy.class); + List filters = springSecurityFilterChain.getFilters("/oauth/token"); + BasicAuthenticationFilter basicAuthenticationFilter = null; + for (Filter filter : filters) { + if (filter instanceof BasicAuthenticationFilter) { + basicAuthenticationFilter = (BasicAuthenticationFilter) filter; + break; + } + } + + ProviderManager authenticationManager = (ProviderManager) ReflectionTestUtils.getField(basicAuthenticationFilter, "authenticationManager"); + boolean anonymousAuthenticationProviderFound = false; + boolean daoAuthenticationProviderFound = false; + + for (AuthenticationProvider provider : authenticationManager.getProviders()) { + if (provider instanceof DaoAuthenticationProvider) { + daoAuthenticationProviderFound = true; + } else if (provider instanceof AnonymousAuthenticationProvider) { + anonymousAuthenticationProviderFound = true; + } + } + + assertEquals(2, authenticationManager.getProviders().size()); + assertTrue(anonymousAuthenticationProviderFound); + assertTrue(daoAuthenticationProviderFound); + } + } + + @Configuration + @EnableWebMvcSecurity + @EnableAuthorizationServer + protected static class AuthorizationServerCustomAuthenticationEventPublisher extends + AuthorizationServerConfigurerAdapter implements Runnable { + + @Autowired + private ApplicationContext context; + private AuthenticationEventPublisher defaultAuthenticationEventPublisher = new DefaultAuthenticationEventPublisher(); + + @Override + public void configure(AuthorizationServerSecurityConfigurer security) + throws Exception { + security.authenticationEventPublisher(defaultAuthenticationEventPublisher); + } + + @Override + public void run() { + FilterChainProxy springSecurityFilterChain = context.getBean(FilterChainProxy.class); + List filters = springSecurityFilterChain.getFilters("/oauth/token"); + BasicAuthenticationFilter basicAuthenticationFilter = null; + for (Filter filter : filters) { + if (filter instanceof BasicAuthenticationFilter) { + basicAuthenticationFilter = (BasicAuthenticationFilter) filter; + break; + } + } + + AuthenticationManager authenticationManager = (AuthenticationManager) ReflectionTestUtils. + getField(basicAuthenticationFilter, "authenticationManager"); + AuthenticationEventPublisher authenticationEventPublisher = (AuthenticationEventPublisher) ReflectionTestUtils. + getField(authenticationManager, "eventPublisher"); + + assertTrue(authenticationEventPublisher == defaultAuthenticationEventPublisher); + } + } } From c8d92da4d2627343bb9ac0374090baa981fbb524 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 14 May 2020 14:01:23 -0400 Subject: [PATCH 63/94] Release 2.5.0.RC1 --- pom.xml | 2 +- samples/oauth/sparklr/pom.xml | 2 +- samples/oauth/tonr/pom.xml | 2 +- samples/oauth2/sparklr/pom.xml | 2 +- samples/oauth2/tonr/pom.xml | 2 +- samples/pom.xml | 2 +- spring-security-oauth/pom.xml | 2 +- spring-security-oauth2/pom.xml | 2 +- tests/annotation/approval/pom.xml | 2 +- tests/annotation/client/pom.xml | 2 +- tests/annotation/common/pom.xml | 2 +- tests/annotation/custom-authentication/pom.xml | 2 +- tests/annotation/custom-grant/pom.xml | 2 +- tests/annotation/form/pom.xml | 2 +- tests/annotation/jaxb/pom.xml | 2 +- tests/annotation/jdbc/pom.xml | 2 +- tests/annotation/jpa/pom.xml | 2 +- tests/annotation/jwt/pom.xml | 2 +- tests/annotation/mappings/pom.xml | 2 +- tests/annotation/multi/pom.xml | 2 +- tests/annotation/pom.xml | 4 ++-- tests/annotation/resource/pom.xml | 2 +- tests/annotation/ssl/pom.xml | 2 +- tests/annotation/vanilla/pom.xml | 2 +- tests/pom.xml | 2 +- tests/xml/approval/pom.xml | 2 +- tests/xml/client/pom.xml | 2 +- tests/xml/common/pom.xml | 2 +- tests/xml/form/pom.xml | 2 +- tests/xml/jdbc/pom.xml | 2 +- tests/xml/jwt/pom.xml | 2 +- tests/xml/mappings/pom.xml | 2 +- tests/xml/pom.xml | 4 ++-- tests/xml/vanilla/pom.xml | 2 +- 34 files changed, 36 insertions(+), 36 deletions(-) diff --git a/pom.xml b/pom.xml index 7b0d96d06..55ef3d2a3 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ OAuth for Spring Security Parent Project for OAuth Support for Spring Security pom - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 https://docs.spring.io/spring-security/oauth diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml index 4bb0cb416..18678f734 100644 --- a/samples/oauth/sparklr/pom.xml +++ b/samples/oauth/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 ../../.. diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml index 11ac87f08..b97f0a59a 100644 --- a/samples/oauth/tonr/pom.xml +++ b/samples/oauth/tonr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 ../../.. diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml index 958650118..76149f151 100644 --- a/samples/oauth2/sparklr/pom.xml +++ b/samples/oauth2/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 ../../.. diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml index 01a01675e..ba048e9e5 100644 --- a/samples/oauth2/tonr/pom.xml +++ b/samples/oauth2/tonr/pom.xml @@ -6,7 +6,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 ../../.. diff --git a/samples/pom.xml b/samples/pom.xml index 0d35cb3e9..7938751fe 100755 --- a/samples/pom.xml +++ b/samples/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 spring-security-oauth-samples diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml index fb5166af2..1b5977b86 100644 --- a/spring-security-oauth/pom.xml +++ b/spring-security-oauth/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 spring-security-oauth diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml index 7fc355f1c..e0258b519 100644 --- a/spring-security-oauth2/pom.xml +++ b/spring-security-oauth2/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 spring-security-oauth2 diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml index 959104081..1f137c5e7 100644 --- a/tests/annotation/approval/pom.xml +++ b/tests/annotation/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml index 647897855..ec8e7097e 100644 --- a/tests/annotation/client/pom.xml +++ b/tests/annotation/client/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml index 2f072d4d6..531b4288c 100644 --- a/tests/annotation/common/pom.xml +++ b/tests/annotation/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml index e2f17e185..f5cfae351 100644 --- a/tests/annotation/custom-authentication/pom.xml +++ b/tests/annotation/custom-authentication/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml index 75f23c032..fb956017d 100644 --- a/tests/annotation/custom-grant/pom.xml +++ b/tests/annotation/custom-grant/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml index 4df030bb2..7e0c1f2a9 100644 --- a/tests/annotation/form/pom.xml +++ b/tests/annotation/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml index 824dbad34..4422473ab 100644 --- a/tests/annotation/jaxb/pom.xml +++ b/tests/annotation/jaxb/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml index 17c515ffc..d083b0f1e 100644 --- a/tests/annotation/jdbc/pom.xml +++ b/tests/annotation/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml index 2dff5f2f3..8cfc7486e 100644 --- a/tests/annotation/jpa/pom.xml +++ b/tests/annotation/jpa/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml index 9ed1af356..d3149cb73 100644 --- a/tests/annotation/jwt/pom.xml +++ b/tests/annotation/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml index 604d07860..8afb500c3 100644 --- a/tests/annotation/mappings/pom.xml +++ b/tests/annotation/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml index 1bf04aedf..524caa8d7 100644 --- a/tests/annotation/multi/pom.xml +++ b/tests/annotation/multi/pom.xml @@ -9,7 +9,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml index 638c1c0e0..6fd1be46b 100644 --- a/tests/annotation/pom.xml +++ b/tests/annotation/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 pom @@ -45,7 +45,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 org.springframework.security diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml index 1336522b1..83a6ae65e 100644 --- a/tests/annotation/resource/pom.xml +++ b/tests/annotation/resource/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml index e59f7c168..49c900d53 100644 --- a/tests/annotation/ssl/pom.xml +++ b/tests/annotation/ssl/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml index cdb9cf9c6..e80b56c5f 100644 --- a/tests/annotation/vanilla/pom.xml +++ b/tests/annotation/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/pom.xml b/tests/pom.xml index a8cf8b765..12c916c10 100644 --- a/tests/pom.xml +++ b/tests/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 spring-security-oauth-tests diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml index 805980de8..e7b566d7e 100644 --- a/tests/xml/approval/pom.xml +++ b/tests/xml/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml index 7f0f425b7..8c1369421 100644 --- a/tests/xml/client/pom.xml +++ b/tests/xml/client/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml index fcdc16cc8..02c8e04b0 100644 --- a/tests/xml/common/pom.xml +++ b/tests/xml/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml index 61c08039c..5a4d59ed4 100644 --- a/tests/xml/form/pom.xml +++ b/tests/xml/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml index e89b85fbe..106832dbc 100644 --- a/tests/xml/jdbc/pom.xml +++ b/tests/xml/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml index 8afca8fe9..42a0019c9 100644 --- a/tests/xml/jwt/pom.xml +++ b/tests/xml/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml index 37b14ccce..b7fe69d6e 100644 --- a/tests/xml/mappings/pom.xml +++ b/tests/xml/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml index e8ab92d50..6092f41ca 100644 --- a/tests/xml/pom.xml +++ b/tests/xml/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 pom @@ -39,7 +39,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 org.springframework.security diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml index 425eebe04..1db048482 100644 --- a/tests/xml/vanilla/pom.xml +++ b/tests/xml/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RC1 From 42a6bcd137403f04e79b6dfdd49c48cce3d39e65 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 14 May 2020 15:33:22 -0400 Subject: [PATCH 64/94] Revert to snapshot This reverts commit c8d92da4d2627343bb9ac0374090baa981fbb524. --- pom.xml | 2 +- samples/oauth/sparklr/pom.xml | 2 +- samples/oauth/tonr/pom.xml | 2 +- samples/oauth2/sparklr/pom.xml | 2 +- samples/oauth2/tonr/pom.xml | 2 +- samples/pom.xml | 2 +- spring-security-oauth/pom.xml | 2 +- spring-security-oauth2/pom.xml | 2 +- tests/annotation/approval/pom.xml | 2 +- tests/annotation/client/pom.xml | 2 +- tests/annotation/common/pom.xml | 2 +- tests/annotation/custom-authentication/pom.xml | 2 +- tests/annotation/custom-grant/pom.xml | 2 +- tests/annotation/form/pom.xml | 2 +- tests/annotation/jaxb/pom.xml | 2 +- tests/annotation/jdbc/pom.xml | 2 +- tests/annotation/jpa/pom.xml | 2 +- tests/annotation/jwt/pom.xml | 2 +- tests/annotation/mappings/pom.xml | 2 +- tests/annotation/multi/pom.xml | 2 +- tests/annotation/pom.xml | 4 ++-- tests/annotation/resource/pom.xml | 2 +- tests/annotation/ssl/pom.xml | 2 +- tests/annotation/vanilla/pom.xml | 2 +- tests/pom.xml | 2 +- tests/xml/approval/pom.xml | 2 +- tests/xml/client/pom.xml | 2 +- tests/xml/common/pom.xml | 2 +- tests/xml/form/pom.xml | 2 +- tests/xml/jdbc/pom.xml | 2 +- tests/xml/jwt/pom.xml | 2 +- tests/xml/mappings/pom.xml | 2 +- tests/xml/pom.xml | 4 ++-- tests/xml/vanilla/pom.xml | 2 +- 34 files changed, 36 insertions(+), 36 deletions(-) diff --git a/pom.xml b/pom.xml index 55ef3d2a3..7b0d96d06 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ OAuth for Spring Security Parent Project for OAuth Support for Spring Security pom - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT https://docs.spring.io/spring-security/oauth diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml index 18678f734..4bb0cb416 100644 --- a/samples/oauth/sparklr/pom.xml +++ b/samples/oauth/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml index b97f0a59a..11ac87f08 100644 --- a/samples/oauth/tonr/pom.xml +++ b/samples/oauth/tonr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml index 76149f151..958650118 100644 --- a/samples/oauth2/sparklr/pom.xml +++ b/samples/oauth2/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml index ba048e9e5..01a01675e 100644 --- a/samples/oauth2/tonr/pom.xml +++ b/samples/oauth2/tonr/pom.xml @@ -6,7 +6,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT ../../.. diff --git a/samples/pom.xml b/samples/pom.xml index 7938751fe..0d35cb3e9 100755 --- a/samples/pom.xml +++ b/samples/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT spring-security-oauth-samples diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml index 1b5977b86..fb5166af2 100644 --- a/spring-security-oauth/pom.xml +++ b/spring-security-oauth/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT spring-security-oauth diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml index e0258b519..7fc355f1c 100644 --- a/spring-security-oauth2/pom.xml +++ b/spring-security-oauth2/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT spring-security-oauth2 diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml index 1f137c5e7..959104081 100644 --- a/tests/annotation/approval/pom.xml +++ b/tests/annotation/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml index ec8e7097e..647897855 100644 --- a/tests/annotation/client/pom.xml +++ b/tests/annotation/client/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml index 531b4288c..2f072d4d6 100644 --- a/tests/annotation/common/pom.xml +++ b/tests/annotation/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml index f5cfae351..e2f17e185 100644 --- a/tests/annotation/custom-authentication/pom.xml +++ b/tests/annotation/custom-authentication/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml index fb956017d..75f23c032 100644 --- a/tests/annotation/custom-grant/pom.xml +++ b/tests/annotation/custom-grant/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml index 7e0c1f2a9..4df030bb2 100644 --- a/tests/annotation/form/pom.xml +++ b/tests/annotation/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml index 4422473ab..824dbad34 100644 --- a/tests/annotation/jaxb/pom.xml +++ b/tests/annotation/jaxb/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml index d083b0f1e..17c515ffc 100644 --- a/tests/annotation/jdbc/pom.xml +++ b/tests/annotation/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml index 8cfc7486e..2dff5f2f3 100644 --- a/tests/annotation/jpa/pom.xml +++ b/tests/annotation/jpa/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml index d3149cb73..9ed1af356 100644 --- a/tests/annotation/jwt/pom.xml +++ b/tests/annotation/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml index 8afb500c3..604d07860 100644 --- a/tests/annotation/mappings/pom.xml +++ b/tests/annotation/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml index 524caa8d7..1bf04aedf 100644 --- a/tests/annotation/multi/pom.xml +++ b/tests/annotation/multi/pom.xml @@ -9,7 +9,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml index 6fd1be46b..638c1c0e0 100644 --- a/tests/annotation/pom.xml +++ b/tests/annotation/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT pom @@ -45,7 +45,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT org.springframework.security diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml index 83a6ae65e..1336522b1 100644 --- a/tests/annotation/resource/pom.xml +++ b/tests/annotation/resource/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml index 49c900d53..e59f7c168 100644 --- a/tests/annotation/ssl/pom.xml +++ b/tests/annotation/ssl/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml index e80b56c5f..cdb9cf9c6 100644 --- a/tests/annotation/vanilla/pom.xml +++ b/tests/annotation/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/pom.xml b/tests/pom.xml index 12c916c10..a8cf8b765 100644 --- a/tests/pom.xml +++ b/tests/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT spring-security-oauth-tests diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml index e7b566d7e..805980de8 100644 --- a/tests/xml/approval/pom.xml +++ b/tests/xml/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml index 8c1369421..7f0f425b7 100644 --- a/tests/xml/client/pom.xml +++ b/tests/xml/client/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml index 02c8e04b0..fcdc16cc8 100644 --- a/tests/xml/common/pom.xml +++ b/tests/xml/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml index 5a4d59ed4..61c08039c 100644 --- a/tests/xml/form/pom.xml +++ b/tests/xml/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml index 106832dbc..e89b85fbe 100644 --- a/tests/xml/jdbc/pom.xml +++ b/tests/xml/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml index 42a0019c9..8afca8fe9 100644 --- a/tests/xml/jwt/pom.xml +++ b/tests/xml/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml index b7fe69d6e..37b14ccce 100644 --- a/tests/xml/mappings/pom.xml +++ b/tests/xml/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml index 6092f41ca..e8ab92d50 100644 --- a/tests/xml/pom.xml +++ b/tests/xml/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT pom @@ -39,7 +39,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT org.springframework.security diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml index 1db048482..425eebe04 100644 --- a/tests/xml/vanilla/pom.xml +++ b/tests/xml/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.RC1 + 2.5.0.BUILD-SNAPSHOT From b8a137bd9921323068c91f5c7336698170719875 Mon Sep 17 00:00:00 2001 From: Kyle Lieber Date: Wed, 20 May 2020 17:52:34 -0500 Subject: [PATCH 65/94] Preserve user authentication details on re-authentication During a token refresh in the `DefaultTokenServices` the user authentication will be re-authenticated if an `AuthenticationManager` was provided. A `PreAuthenticatedAuthenticationToken` is created based on the user authentication and then passed to the `AuthenticationManager`. However, if there were any details on the user authentication those details are lost because they are not copied to the `PreAuthenticatedAuthenticationToken`. If the `AuthenticationManager` is not provided then this logic is skipped over and the details are correctly preserved. The fix is simply to set the details on the `PreAuthenticatedAuthenticationToken` before passing it to the `AuthenticationManager`. Finally, I added two new tests to `DefaultTokenServicesTests` to validate that the user authentication is built correctly on a refresh. There is one test for the scenario when there is no re-authentication which passes even before these changes and then the other tests the re-authentication scenario which requires this change to pass. Fixes gh-823 --- .../provider/token/DefaultTokenServices.java | 12 +- .../token/DefaultTokenServicesTests.java | 110 ++++++++++++++++++ 2 files changed, 120 insertions(+), 2 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java index 0046426e9..f8cf5028c 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java @@ -155,8 +155,16 @@ public OAuth2AccessToken refreshAccessToken(String refreshTokenValue, TokenReque if (this.authenticationManager != null && !authentication.isClientOnly()) { // The client has already been authenticated, but the user authentication might be old now, so give it a // chance to re-authenticate. - Authentication user = new PreAuthenticatedAuthenticationToken(authentication.getUserAuthentication(), "", authentication.getAuthorities()); - user = authenticationManager.authenticate(user); + Authentication userAuthentication = authentication.getUserAuthentication(); + PreAuthenticatedAuthenticationToken preAuthenticatedToken = new PreAuthenticatedAuthenticationToken( + userAuthentication, + "", + authentication.getAuthorities() + ); + if (userAuthentication.getDetails() != null) { + preAuthenticatedToken.setDetails(userAuthentication.getDetails()); + } + Authentication user = authenticationManager.authenticate(preAuthenticatedToken); Object details = authentication.getDetails(); authentication = new OAuth2Authentication(authentication.getOAuth2Request(), user); authentication.setDetails(details); diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultTokenServicesTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultTokenServicesTests.java index 7eda9601b..f371f4cd7 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultTokenServicesTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultTokenServicesTests.java @@ -1,11 +1,32 @@ package org.springframework.security.oauth2.provider.token; +import org.junit.Assert; import org.junit.Before; import org.junit.Test; +import org.mockito.ArgumentCaptor; import org.mockito.Mockito; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.AuthenticationProvider; +import org.springframework.security.authentication.ProviderManager; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper; +import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; +import org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken; import org.springframework.security.oauth2.common.OAuth2AccessToken; +import org.springframework.security.oauth2.common.OAuth2RefreshToken; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; +import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.OAuth2Request; +import org.springframework.security.oauth2.provider.TokenRequest; +import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider; +import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; + +import java.util.Arrays; public class DefaultTokenServicesTests { @@ -29,5 +50,94 @@ public void testAccidentalNullAuthentication() { .thenReturn(null); services.loadAuthentication("FOO"); } + + @Test + public void testRefreshAccessTokenWithReauthentication() { + UserDetails user = createMockUser("joeuser", "PROCESSOR"); + UserDetailsService userDetailsService = Mockito.mock(UserDetailsService.class); + + Mockito + .when(tokenStore.readRefreshToken(Mockito.anyString())) + .thenReturn(new DefaultOAuth2RefreshToken("FOO")); + + Mockito + .when(tokenStore.readAuthenticationForRefreshToken(Mockito.any(OAuth2RefreshToken.class))) + .thenReturn(createMockOAuth2Authentication("myclient", user, "some more details")); + + Mockito + .when(userDetailsService.loadUserByUsername(Mockito.anyString())) + .thenReturn(user); + + services.setSupportRefreshToken(true); + services.setAuthenticationManager(createAuthenticationManager(userDetailsService)); + + OAuth2AccessToken refreshedAccessToken = services.refreshAccessToken("FOO", createMockTokenRequest("myclient")); + + ArgumentCaptor refreshedAuthenticationCaptor = ArgumentCaptor.forClass(OAuth2Authentication.class); + + Mockito.verify(tokenStore).storeAccessToken(Mockito.eq(refreshedAccessToken), refreshedAuthenticationCaptor.capture()); + + OAuth2Authentication refreshedAuthentication = refreshedAuthenticationCaptor.getValue(); + Authentication authentication = refreshedAuthentication.getUserAuthentication(); + Assert.assertEquals(user, authentication.getPrincipal()); + Assert.assertEquals("some more details", authentication.getDetails()); + } + + @Test + public void testRefreshAccessTokenWithoutReauthentication() { + + UserDetails user = createMockUser("joeuser", "PROCESSOR"); + + Mockito + .when(tokenStore.readRefreshToken(Mockito.anyString())) + .thenReturn(new DefaultOAuth2RefreshToken("FOO")); + + Mockito + .when(tokenStore.readAuthenticationForRefreshToken(Mockito.any(OAuth2RefreshToken.class))) + .thenReturn(createMockOAuth2Authentication("myclient", user, "some more details")); + + services.setSupportRefreshToken(true); + services.setAuthenticationManager(null); + + OAuth2AccessToken refreshedAccessToken = services.refreshAccessToken("FOO", createMockTokenRequest("myclient")); + ArgumentCaptor refreshedAuthenticationCaptor = ArgumentCaptor.forClass(OAuth2Authentication.class); + + Mockito.verify(tokenStore).storeAccessToken(Mockito.eq(refreshedAccessToken), refreshedAuthenticationCaptor.capture()); + + OAuth2Authentication refreshedAuthentication = refreshedAuthenticationCaptor.getValue(); + Authentication authentication = refreshedAuthentication.getUserAuthentication(); + Assert.assertEquals(user, authentication.getPrincipal()); + Assert.assertEquals("some more details", authentication.getDetails()); + } + + private AuthenticationManager createAuthenticationManager(UserDetailsService userDetailsService) { + PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider(); + provider.setPreAuthenticatedUserDetailsService( + new UserDetailsByNameServiceWrapper(userDetailsService) + ); + return new ProviderManager(Arrays. asList(provider)); + } + + private TokenRequest createMockTokenRequest(String clientId) { + return new TokenRequest(null, clientId, null, null); + } + + private OAuth2Request createMockOAuth2Request(String clientId) { + return new OAuth2Request(null, clientId, null, true, null, null, null, null, null); + } + + private OAuth2Authentication createMockOAuth2Authentication(String clientId, UserDetails user, String extraDetails) { + return new OAuth2Authentication(createMockOAuth2Request(clientId), createMockUserAuthentication(user, extraDetails)); + } + + private UsernamePasswordAuthenticationToken createMockUserAuthentication(UserDetails user, Object extraDetails) { + UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user, "", user.getAuthorities()); + token.setDetails(extraDetails); + return token; + } + + private UserDetails createMockUser(String username, String ... roles) { + return new User(username, "", AuthorityUtils.createAuthorityList(roles)); + } } From 93b06d60cd66b59697937d63fca73ff24da7da84 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 28 May 2020 08:36:06 -0400 Subject: [PATCH 66/94] JwkSetConverter only accepts public key use sig Fixes gh-1871 --- .../token/store/jwk/JwkSetConverter.java | 10 +++--- .../token/store/jwk/JwkSetConverterTests.java | 32 +++++++++---------- 2 files changed, 20 insertions(+), 22 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java index e6cf5d6d0..930884c12 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java @@ -95,10 +95,10 @@ public Set convert(InputStream jwkSetSource) { } } - // gh-1470 - skip unsupported public key use (enc) without discarding the entire set + // gh-1871 - only accept public key use (sig) JwkDefinition.PublicKeyUse publicKeyUse = JwkDefinition.PublicKeyUse.fromValue(attributes.get(PUBLIC_KEY_USE)); - if (JwkDefinition.PublicKeyUse.ENC.equals(publicKeyUse)) { + if (!JwkDefinition.PublicKeyUse.SIG.equals(publicKeyUse)) { continue; } @@ -148,8 +148,7 @@ private JwkDefinition createRsaJwkDefinition(Map attributes) { JwkDefinition.PublicKeyUse publicKeyUse = JwkDefinition.PublicKeyUse.fromValue(attributes.get(PUBLIC_KEY_USE)); if (!JwkDefinition.PublicKeyUse.SIG.equals(publicKeyUse)) { - throw new JwkException((publicKeyUse != null ? publicKeyUse.value() : "unknown") + - " (" + PUBLIC_KEY_USE + ") is currently not supported."); + return null; } // alg @@ -199,8 +198,7 @@ private JwkDefinition createEllipticCurveJwkDefinition(Map attri JwkDefinition.PublicKeyUse publicKeyUse = JwkDefinition.PublicKeyUse.fromValue(attributes.get(PUBLIC_KEY_USE)); if (!JwkDefinition.PublicKeyUse.SIG.equals(publicKeyUse)) { - throw new JwkException((publicKeyUse != null ? publicKeyUse.value() : "unknown") + - " (" + PUBLIC_KEY_USE + ") is currently not supported."); + return null; } // alg diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTests.java index c8db18758..61c9df70f 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTests.java @@ -122,25 +122,25 @@ public void convertWhenJwkSetStreamHasRSAJwkElementWithMissingKeyIdAttributeThen this.thrown.expect(JwkException.class); this.thrown.expectMessage("kid is a required attribute for a JWK."); Map jwkSetObject = new HashMap(); - Map jwkObject = this.createJwkObject(JwkDefinition.KeyType.RSA, null); + Map jwkObject = this.createJwkObject(JwkDefinition.KeyType.RSA, null, JwkDefinition.PublicKeyUse.SIG); jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject}); this.converter.convert(this.asInputStream(jwkSetObject)); } @Test - public void convertWhenJwkSetStreamHasRSAJwkElementWithMissingPublicKeyUseAttributeThenThrowJwkException() throws Exception { - this.thrown.expect(JwkException.class); - this.thrown.expectMessage("unknown (use) is currently not supported."); + public void convertWhenJwkSetStreamHasRSAJwkElementWithENCPublicKeyUseAttributeThenReturnEmptyJwkSet() throws Exception { Map jwkSetObject = new HashMap(); - Map jwkObject = this.createJwkObject(JwkDefinition.KeyType.RSA, "key-id-1"); + Map jwkObject = this.createJwkObject(JwkDefinition.KeyType.RSA, "key-id-1", JwkDefinition.PublicKeyUse.ENC); jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject}); - this.converter.convert(this.asInputStream(jwkSetObject)); + Set jwkSet = this.converter.convert(this.asInputStream(jwkSetObject)); + assertTrue("JWK Set NOT empty", jwkSet.isEmpty()); } + // gh-1871 @Test - public void convertWhenJwkSetStreamHasRSAJwkElementWithENCPublicKeyUseAttributeThenReturnEmptyJwkSet() throws Exception { + public void convertWhenJwkSetStreamHasRSAJwkElementWithoutPublicKeyUseAttributeThenReturnEmptyJwkSet() throws Exception { Map jwkSetObject = new HashMap(); - Map jwkObject = this.createJwkObject(JwkDefinition.KeyType.RSA, "key-id-1", JwkDefinition.PublicKeyUse.ENC); + Map jwkObject = this.createJwkObject(JwkDefinition.KeyType.RSA, "key-id-1"); jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject}); Set jwkSet = this.converter.convert(this.asInputStream(jwkSetObject)); assertTrue("JWK Set NOT empty", jwkSet.isEmpty()); @@ -173,25 +173,25 @@ public void convertWhenJwkSetStreamHasECJwkElementWithMissingKeyIdAttributeThenT this.thrown.expect(JwkException.class); this.thrown.expectMessage("kid is a required attribute for an EC JWK."); Map jwkSetObject = new HashMap(); - Map jwkObject = this.createEllipticCurveJwkObject(null, null, null); + Map jwkObject = this.createEllipticCurveJwkObject(null, JwkDefinition.PublicKeyUse.SIG, null); jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject}); this.converter.convert(this.asInputStream(jwkSetObject)); } @Test - public void convertWhenJwkSetStreamHasECJwkElementWithMissingPublicKeyUseAttributeThenThrowJwkException() throws Exception { - this.thrown.expect(JwkException.class); - this.thrown.expectMessage("unknown (use) is currently not supported."); + public void convertWhenJwkSetStreamHasECJwkElementWithENCPublicKeyUseAttributeThenReturnEmptyJwkSet() throws Exception { Map jwkSetObject = new HashMap(); - Map jwkObject = this.createEllipticCurveJwkObject("key-id-1", null, null); + Map jwkObject = this.createEllipticCurveJwkObject("key-id-1", JwkDefinition.PublicKeyUse.ENC, null); jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject}); - this.converter.convert(this.asInputStream(jwkSetObject)); + Set jwkSet = this.converter.convert(this.asInputStream(jwkSetObject)); + assertTrue("JWK Set NOT empty", jwkSet.isEmpty()); } + // gh-1871 @Test - public void convertWhenJwkSetStreamHasECJwkElementWithENCPublicKeyUseAttributeThenReturnEmptyJwkSet() throws Exception { + public void convertWhenJwkSetStreamHasECJwkElementWithoutPublicKeyUseAttributeThenReturnEmptyJwkSet() throws Exception { Map jwkSetObject = new HashMap(); - Map jwkObject = this.createEllipticCurveJwkObject("key-id-1", JwkDefinition.PublicKeyUse.ENC, null); + Map jwkObject = this.createEllipticCurveJwkObject("key-id-1", null, null); jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject}); Set jwkSet = this.converter.convert(this.asInputStream(jwkSetObject)); assertTrue("JWK Set NOT empty", jwkSet.isEmpty()); From 4ca524dbf7d2488d9ed640812706d3939b691170 Mon Sep 17 00:00:00 2001 From: James Howe <675056+OrangeDog@users.noreply.github.com> Date: Mon, 25 May 2020 11:49:59 +0100 Subject: [PATCH 67/94] Specify charset when generating tokens Ensures the token is URL-safe even if the system charset is not a superset of ASCII. Fixes gh-1870 --- .../oauth2/provider/token/DefaultTokenServices.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java index f8cf5028c..fe247b83f 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java @@ -13,6 +13,7 @@ package org.springframework.security.oauth2.provider.token; +import java.nio.charset.Charset; import java.util.Date; import java.util.Set; @@ -64,6 +65,8 @@ public class DefaultTokenServices implements AuthorizationServerTokenServices, R private static final BytesKeyGenerator DEFAULT_TOKEN_GENERATOR = KeyGenerators.secureRandom(20); + private static final Charset US_ASCII = Charset.forName("US-ASCII"); + private int refreshTokenValiditySeconds = 60 * 60 * 24 * 30; // default 30 days. private int accessTokenValiditySeconds = 60 * 60 * 12; // default 12 hours. @@ -298,7 +301,7 @@ private OAuth2RefreshToken createRefreshToken(OAuth2Authentication authenticatio return null; } int validitySeconds = getRefreshTokenValiditySeconds(authentication.getOAuth2Request()); - String tokenValue = new String(Base64.encodeBase64URLSafe(DEFAULT_TOKEN_GENERATOR.generateKey())); + String tokenValue = new String(Base64.encodeBase64URLSafe(DEFAULT_TOKEN_GENERATOR.generateKey()), US_ASCII); if (validitySeconds > 0) { return new DefaultExpiringOAuth2RefreshToken(tokenValue, new Date(System.currentTimeMillis() + (validitySeconds * 1000L))); @@ -307,7 +310,7 @@ private OAuth2RefreshToken createRefreshToken(OAuth2Authentication authenticatio } private OAuth2AccessToken createAccessToken(OAuth2Authentication authentication, OAuth2RefreshToken refreshToken) { - String tokenValue = new String(Base64.encodeBase64URLSafe(DEFAULT_TOKEN_GENERATOR.generateKey())); + String tokenValue = new String(Base64.encodeBase64URLSafe(DEFAULT_TOKEN_GENERATOR.generateKey()), US_ASCII); DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(tokenValue); int validitySeconds = getAccessTokenValiditySeconds(authentication.getOAuth2Request()); if (validitySeconds > 0) { From 0675229ba09735d0b0391ba7e2c94c12739f5082 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 28 May 2020 10:04:06 -0400 Subject: [PATCH 68/94] Release spring-security-jwt.1.1.1.RELEASE --- spring-security-jwt/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spring-security-jwt/pom.xml b/spring-security-jwt/pom.xml index 91e87cdae..1f0a24518 100755 --- a/spring-security-jwt/pom.xml +++ b/spring-security-jwt/pom.xml @@ -5,7 +5,7 @@ org.springframework.security spring-security-jwt - 1.1.1.BUILD-SNAPSHOT + 1.1.1.RELEASE jar Spring Security JWT Library From eba9bf422aff797d1bc4ff8c23e3ad607f7c9299 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 28 May 2020 10:30:40 -0400 Subject: [PATCH 69/94] Next development version spring-security-jwt --- spring-security-jwt/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spring-security-jwt/pom.xml b/spring-security-jwt/pom.xml index 1f0a24518..1131e5d76 100755 --- a/spring-security-jwt/pom.xml +++ b/spring-security-jwt/pom.xml @@ -5,7 +5,7 @@ org.springframework.security spring-security-jwt - 1.1.1.RELEASE + 1.1.2.BUILD-SNAPSHOT jar Spring Security JWT Library From aced45d020bdb95475423d698a2410cb9dd0e986 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 28 May 2020 10:44:42 -0400 Subject: [PATCH 70/94] Update to spring-security-jwt:1.1.1 Fixes gh-1873 --- spring-security-oauth2/pom.xml | 2 +- tests/annotation/pom.xml | 2 +- tests/xml/pom.xml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml index 7fc355f1c..a163c6d39 100644 --- a/spring-security-oauth2/pom.xml +++ b/spring-security-oauth2/pom.xml @@ -15,7 +15,7 @@ 2.10.1 3.0.1 - 1.1.0.RELEASE + 1.1.1.RELEASE 1.7.4 diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml index 638c1c0e0..183d6c68a 100644 --- a/tests/annotation/pom.xml +++ b/tests/annotation/pom.xml @@ -50,7 +50,7 @@ org.springframework.security spring-security-jwt - 1.1.0.RELEASE + 1.1.1.RELEASE diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml index e8ab92d50..b8ce9b576 100644 --- a/tests/xml/pom.xml +++ b/tests/xml/pom.xml @@ -44,7 +44,7 @@ org.springframework.security spring-security-jwt - 1.1.0.RELEASE + 1.1.1.RELEASE From b7208d2a8134d64f95e128f2e016a2bb85dd9556 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 28 May 2020 10:52:55 -0400 Subject: [PATCH 71/94] Release 2.5.0.RELEASE --- pom.xml | 2 +- samples/oauth/sparklr/pom.xml | 2 +- samples/oauth/tonr/pom.xml | 2 +- samples/oauth2/sparklr/pom.xml | 2 +- samples/oauth2/tonr/pom.xml | 2 +- samples/pom.xml | 2 +- spring-security-oauth/pom.xml | 2 +- spring-security-oauth2/pom.xml | 2 +- tests/annotation/approval/pom.xml | 2 +- tests/annotation/client/pom.xml | 2 +- tests/annotation/common/pom.xml | 2 +- tests/annotation/custom-authentication/pom.xml | 2 +- tests/annotation/custom-grant/pom.xml | 2 +- tests/annotation/form/pom.xml | 2 +- tests/annotation/jaxb/pom.xml | 2 +- tests/annotation/jdbc/pom.xml | 2 +- tests/annotation/jpa/pom.xml | 2 +- tests/annotation/jwt/pom.xml | 2 +- tests/annotation/mappings/pom.xml | 2 +- tests/annotation/multi/pom.xml | 2 +- tests/annotation/pom.xml | 4 ++-- tests/annotation/resource/pom.xml | 2 +- tests/annotation/ssl/pom.xml | 2 +- tests/annotation/vanilla/pom.xml | 2 +- tests/pom.xml | 2 +- tests/xml/approval/pom.xml | 2 +- tests/xml/client/pom.xml | 2 +- tests/xml/common/pom.xml | 2 +- tests/xml/form/pom.xml | 2 +- tests/xml/jdbc/pom.xml | 2 +- tests/xml/jwt/pom.xml | 2 +- tests/xml/mappings/pom.xml | 2 +- tests/xml/pom.xml | 4 ++-- tests/xml/vanilla/pom.xml | 2 +- 34 files changed, 36 insertions(+), 36 deletions(-) diff --git a/pom.xml b/pom.xml index 7b0d96d06..aaf532c65 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ OAuth for Spring Security Parent Project for OAuth Support for Spring Security pom - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE https://docs.spring.io/spring-security/oauth diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml index 4bb0cb416..5cc28d047 100644 --- a/samples/oauth/sparklr/pom.xml +++ b/samples/oauth/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE ../../.. diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml index 11ac87f08..8717fa35d 100644 --- a/samples/oauth/tonr/pom.xml +++ b/samples/oauth/tonr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE ../../.. diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml index 958650118..7ac94482c 100644 --- a/samples/oauth2/sparklr/pom.xml +++ b/samples/oauth2/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE ../../.. diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml index 01a01675e..4b226a47f 100644 --- a/samples/oauth2/tonr/pom.xml +++ b/samples/oauth2/tonr/pom.xml @@ -6,7 +6,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE ../../.. diff --git a/samples/pom.xml b/samples/pom.xml index 0d35cb3e9..4d1ce1a74 100755 --- a/samples/pom.xml +++ b/samples/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE spring-security-oauth-samples diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml index fb5166af2..e89a7908e 100644 --- a/spring-security-oauth/pom.xml +++ b/spring-security-oauth/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE spring-security-oauth diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml index a163c6d39..b17853b25 100644 --- a/spring-security-oauth2/pom.xml +++ b/spring-security-oauth2/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE spring-security-oauth2 diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml index 959104081..170dced8a 100644 --- a/tests/annotation/approval/pom.xml +++ b/tests/annotation/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml index 647897855..af53a19a0 100644 --- a/tests/annotation/client/pom.xml +++ b/tests/annotation/client/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml index 2f072d4d6..8d7dfecc3 100644 --- a/tests/annotation/common/pom.xml +++ b/tests/annotation/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml index e2f17e185..11e53156a 100644 --- a/tests/annotation/custom-authentication/pom.xml +++ b/tests/annotation/custom-authentication/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml index 75f23c032..d21cfa4e1 100644 --- a/tests/annotation/custom-grant/pom.xml +++ b/tests/annotation/custom-grant/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml index 4df030bb2..cc7e2a0dd 100644 --- a/tests/annotation/form/pom.xml +++ b/tests/annotation/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml index 824dbad34..33a316b30 100644 --- a/tests/annotation/jaxb/pom.xml +++ b/tests/annotation/jaxb/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml index 17c515ffc..e4b453e92 100644 --- a/tests/annotation/jdbc/pom.xml +++ b/tests/annotation/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml index 2dff5f2f3..eefb84372 100644 --- a/tests/annotation/jpa/pom.xml +++ b/tests/annotation/jpa/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml index 9ed1af356..9ac8f5c29 100644 --- a/tests/annotation/jwt/pom.xml +++ b/tests/annotation/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml index 604d07860..e56d6a8f7 100644 --- a/tests/annotation/mappings/pom.xml +++ b/tests/annotation/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml index 1bf04aedf..de5b7f096 100644 --- a/tests/annotation/multi/pom.xml +++ b/tests/annotation/multi/pom.xml @@ -9,7 +9,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml index 183d6c68a..d507edb60 100644 --- a/tests/annotation/pom.xml +++ b/tests/annotation/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE pom @@ -45,7 +45,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE org.springframework.security diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml index 1336522b1..dc785bcb4 100644 --- a/tests/annotation/resource/pom.xml +++ b/tests/annotation/resource/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml index e59f7c168..3135b378c 100644 --- a/tests/annotation/ssl/pom.xml +++ b/tests/annotation/ssl/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml index cdb9cf9c6..5a6a2dadc 100644 --- a/tests/annotation/vanilla/pom.xml +++ b/tests/annotation/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/pom.xml b/tests/pom.xml index a8cf8b765..2897aa91b 100644 --- a/tests/pom.xml +++ b/tests/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE spring-security-oauth-tests diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml index 805980de8..2cbdea22e 100644 --- a/tests/xml/approval/pom.xml +++ b/tests/xml/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml index 7f0f425b7..0373c405e 100644 --- a/tests/xml/client/pom.xml +++ b/tests/xml/client/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml index fcdc16cc8..21f043434 100644 --- a/tests/xml/common/pom.xml +++ b/tests/xml/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml index 61c08039c..a6c74c553 100644 --- a/tests/xml/form/pom.xml +++ b/tests/xml/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml index e89b85fbe..06d17fbf6 100644 --- a/tests/xml/jdbc/pom.xml +++ b/tests/xml/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml index 8afca8fe9..30205dbfe 100644 --- a/tests/xml/jwt/pom.xml +++ b/tests/xml/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml index 37b14ccce..3550f3fb8 100644 --- a/tests/xml/mappings/pom.xml +++ b/tests/xml/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml index b8ce9b576..bf049b43f 100644 --- a/tests/xml/pom.xml +++ b/tests/xml/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE pom @@ -39,7 +39,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE org.springframework.security diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml index 425eebe04..723120b1e 100644 --- a/tests/xml/vanilla/pom.xml +++ b/tests/xml/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.BUILD-SNAPSHOT + 2.5.0.RELEASE From 304c43bed142853442d1a76e5969e337cc887378 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 28 May 2020 11:06:10 -0400 Subject: [PATCH 72/94] Next development version --- pom.xml | 2 +- samples/oauth/sparklr/pom.xml | 2 +- samples/oauth/tonr/pom.xml | 2 +- samples/oauth2/sparklr/pom.xml | 2 +- samples/oauth2/tonr/pom.xml | 2 +- samples/pom.xml | 2 +- spring-security-oauth/pom.xml | 2 +- spring-security-oauth2/pom.xml | 2 +- tests/annotation/approval/pom.xml | 2 +- tests/annotation/client/pom.xml | 2 +- tests/annotation/common/pom.xml | 2 +- tests/annotation/custom-authentication/pom.xml | 2 +- tests/annotation/custom-grant/pom.xml | 2 +- tests/annotation/form/pom.xml | 2 +- tests/annotation/jaxb/pom.xml | 2 +- tests/annotation/jdbc/pom.xml | 2 +- tests/annotation/jpa/pom.xml | 2 +- tests/annotation/jwt/pom.xml | 2 +- tests/annotation/mappings/pom.xml | 2 +- tests/annotation/multi/pom.xml | 2 +- tests/annotation/pom.xml | 4 ++-- tests/annotation/resource/pom.xml | 2 +- tests/annotation/ssl/pom.xml | 2 +- tests/annotation/vanilla/pom.xml | 2 +- tests/pom.xml | 2 +- tests/xml/approval/pom.xml | 2 +- tests/xml/client/pom.xml | 2 +- tests/xml/common/pom.xml | 2 +- tests/xml/form/pom.xml | 2 +- tests/xml/jdbc/pom.xml | 2 +- tests/xml/jwt/pom.xml | 2 +- tests/xml/mappings/pom.xml | 2 +- tests/xml/pom.xml | 4 ++-- tests/xml/vanilla/pom.xml | 2 +- 34 files changed, 36 insertions(+), 36 deletions(-) diff --git a/pom.xml b/pom.xml index aaf532c65..2f1a165c7 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ OAuth for Spring Security Parent Project for OAuth Support for Spring Security pom - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT https://docs.spring.io/spring-security/oauth diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml index 5cc28d047..54fc3467a 100644 --- a/samples/oauth/sparklr/pom.xml +++ b/samples/oauth/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml index 8717fa35d..6becaeef9 100644 --- a/samples/oauth/tonr/pom.xml +++ b/samples/oauth/tonr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml index 7ac94482c..7146bbac2 100644 --- a/samples/oauth2/sparklr/pom.xml +++ b/samples/oauth2/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml index 4b226a47f..328e7118b 100644 --- a/samples/oauth2/tonr/pom.xml +++ b/samples/oauth2/tonr/pom.xml @@ -6,7 +6,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT ../../.. diff --git a/samples/pom.xml b/samples/pom.xml index 4d1ce1a74..53a6a9ba9 100755 --- a/samples/pom.xml +++ b/samples/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT spring-security-oauth-samples diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml index e89a7908e..062ce3e81 100644 --- a/spring-security-oauth/pom.xml +++ b/spring-security-oauth/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT spring-security-oauth diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml index b17853b25..391826352 100644 --- a/spring-security-oauth2/pom.xml +++ b/spring-security-oauth2/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT spring-security-oauth2 diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml index 170dced8a..aa652e8e1 100644 --- a/tests/annotation/approval/pom.xml +++ b/tests/annotation/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml index af53a19a0..3d411ad52 100644 --- a/tests/annotation/client/pom.xml +++ b/tests/annotation/client/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml index 8d7dfecc3..696f649bc 100644 --- a/tests/annotation/common/pom.xml +++ b/tests/annotation/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml index 11e53156a..c962891b1 100644 --- a/tests/annotation/custom-authentication/pom.xml +++ b/tests/annotation/custom-authentication/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml index d21cfa4e1..36b41f2fb 100644 --- a/tests/annotation/custom-grant/pom.xml +++ b/tests/annotation/custom-grant/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml index cc7e2a0dd..66c1c4a2b 100644 --- a/tests/annotation/form/pom.xml +++ b/tests/annotation/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml index 33a316b30..4cff9773e 100644 --- a/tests/annotation/jaxb/pom.xml +++ b/tests/annotation/jaxb/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml index e4b453e92..bbd391935 100644 --- a/tests/annotation/jdbc/pom.xml +++ b/tests/annotation/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml index eefb84372..b9086e86c 100644 --- a/tests/annotation/jpa/pom.xml +++ b/tests/annotation/jpa/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml index 9ac8f5c29..2f7840f1c 100644 --- a/tests/annotation/jwt/pom.xml +++ b/tests/annotation/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml index e56d6a8f7..ade3a89ea 100644 --- a/tests/annotation/mappings/pom.xml +++ b/tests/annotation/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml index de5b7f096..0e76c965b 100644 --- a/tests/annotation/multi/pom.xml +++ b/tests/annotation/multi/pom.xml @@ -9,7 +9,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml index d507edb60..04bad7a18 100644 --- a/tests/annotation/pom.xml +++ b/tests/annotation/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT pom @@ -45,7 +45,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT org.springframework.security diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml index dc785bcb4..236bbb594 100644 --- a/tests/annotation/resource/pom.xml +++ b/tests/annotation/resource/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml index 3135b378c..e1b648932 100644 --- a/tests/annotation/ssl/pom.xml +++ b/tests/annotation/ssl/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml index 5a6a2dadc..2cd9adad5 100644 --- a/tests/annotation/vanilla/pom.xml +++ b/tests/annotation/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/pom.xml b/tests/pom.xml index 2897aa91b..31ff36441 100644 --- a/tests/pom.xml +++ b/tests/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT spring-security-oauth-tests diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml index 2cbdea22e..7261b1ac5 100644 --- a/tests/xml/approval/pom.xml +++ b/tests/xml/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml index 0373c405e..1fa266a9a 100644 --- a/tests/xml/client/pom.xml +++ b/tests/xml/client/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml index 21f043434..68638115e 100644 --- a/tests/xml/common/pom.xml +++ b/tests/xml/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml index a6c74c553..5394cf034 100644 --- a/tests/xml/form/pom.xml +++ b/tests/xml/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml index 06d17fbf6..d28f18867 100644 --- a/tests/xml/jdbc/pom.xml +++ b/tests/xml/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml index 30205dbfe..501d7c623 100644 --- a/tests/xml/jwt/pom.xml +++ b/tests/xml/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml index 3550f3fb8..c74ec9190 100644 --- a/tests/xml/mappings/pom.xml +++ b/tests/xml/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml index bf049b43f..30721fd18 100644 --- a/tests/xml/pom.xml +++ b/tests/xml/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT pom @@ -39,7 +39,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT org.springframework.security diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml index 723120b1e..ef406a151 100644 --- a/tests/xml/vanilla/pom.xml +++ b/tests/xml/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.0.RELEASE + 2.5.1.BUILD-SNAPSHOT From ef8d78403d551ca9c23c6de4db0aa6aae2e24d79 Mon Sep 17 00:00:00 2001 From: Daniel Date: Mon, 22 Aug 2016 16:55:32 +0100 Subject: [PATCH 73/94] Fix typo Closes gh-827 --- .../AuthorizationServerEndpointsConfiguration.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java index 042e28cc7..ccc18971d 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java @@ -82,7 +82,7 @@ public void init() { try { configurer.configure(endpoints); } catch (Exception e) { - throw new IllegalStateException("Cannot configure enpdoints", e); + throw new IllegalStateException("Cannot configure endpoints", e); } } endpoints.setClientDetailsService(clientDetailsService); From 4bcfe798f4bbdfa4ee785b952fc60d023f9ce2d4 Mon Sep 17 00:00:00 2001 From: Mike Noordermeer Date: Thu, 11 Feb 2021 17:18:55 +0100 Subject: [PATCH 74/94] Fix NPE in JdbcTokenStore If an old Authentication failed to deserialize (e.g., after upgraded Spring Security core libs) during the creation of a token, a NPE would be thrown as readAuthentication() will return null in that case. Closes gh-1907 --- .../provider/token/store/JdbcTokenStore.java | 14 ++++---- .../token/store/JdbcTokenStoreTests.java | 36 +++++++++++++++++++ 2 files changed, 44 insertions(+), 6 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JdbcTokenStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JdbcTokenStore.java index f2cafc3c1..46305c2ad 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JdbcTokenStore.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JdbcTokenStore.java @@ -129,12 +129,14 @@ public OAuth2AccessToken mapRow(ResultSet rs, int rowNum) throws SQLException { LOG.error("Could not extract access token for authentication " + authentication, e); } - if (accessToken != null - && !key.equals(authenticationKeyGenerator.extractKey(readAuthentication(accessToken.getValue())))) { - removeAccessToken(accessToken.getValue()); - // Keep the store consistent (maybe the same user is represented by this authentication but the details have - // changed) - storeAccessToken(accessToken, authentication); + if (accessToken != null) { + OAuth2Authentication oldAuthentication = readAuthentication(accessToken.getValue()); + if (oldAuthentication == null || !key.equals(authenticationKeyGenerator.extractKey(oldAuthentication))) { + removeAccessToken(accessToken.getValue()); + // Keep the store consistent (maybe the same user is represented by this authentication but the details have + // changed) + storeAccessToken(accessToken, authentication); + } } return accessToken; } diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/JdbcTokenStoreTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/JdbcTokenStoreTests.java index ba7a549c2..f02c50687 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/JdbcTokenStoreTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/JdbcTokenStoreTests.java @@ -15,6 +15,7 @@ import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseBuilder; import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2AccessToken; +import org.springframework.security.oauth2.common.util.DefaultSerializationStrategy; import org.springframework.security.oauth2.common.util.SerializationStrategy; import org.springframework.security.oauth2.common.util.SerializationUtils; import org.springframework.security.oauth2.common.util.WhitelistedSerializationStrategy; @@ -120,6 +121,41 @@ public void testNotAllowedCustomTokenWithCustomStrategy() { } } + // gh-1907 + @Test + public void testGetAccessTokenWithInvalidStoredAuthentication() { + OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false), new TestAuthentication("test2", false)); + OAuth2AccessToken expectedOAuth2AccessToken = new DefaultOAuth2AccessToken("testToken"); + + // We will set a custom serialization strategy, that will write an invalid OAuth2Authentication object to the database. + // This way we can verify that JdbcTokenStore.getAccessToken() correctly handles this case and still returns a valid + // authentication if the serialized representation of Authentication objects has changed. + DefaultSerializationStrategy newStrategy = new DefaultSerializationStrategy(){ + @Override + public byte[] serialize(Object state) { + if (state instanceof OAuth2Authentication) { + return new byte[0]; + } else { + return super.serialize(state); + } + } + }; + SerializationStrategy oldStrategy = SerializationUtils.getSerializationStrategy(); + + try { + SerializationUtils.setSerializationStrategy(newStrategy); + getTokenStore().storeAccessToken(expectedOAuth2AccessToken, expectedAuthentication); + } finally { + SerializationUtils.setSerializationStrategy(oldStrategy); + } + + OAuth2AccessToken actualOAuth2AccessToken = getTokenStore().getAccessToken(expectedAuthentication); + OAuth2Authentication actualAuthentication = getTokenStore().readAuthentication(expectedOAuth2AccessToken); + + assertEquals(expectedOAuth2AccessToken, actualOAuth2AccessToken); + assertEquals(expectedAuthentication, actualAuthentication); + } + @After public void tearDown() throws Exception { db.shutdown(); From 2732a09e47d6c7219b4b2fb8b878f7719bcb8246 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20Klo=CC=88ber?= Date: Sat, 27 Feb 2021 14:05:05 +0100 Subject: [PATCH 75/94] Add clock skew support to AccessTokenProviderChain This fixes spring-projects#1909 and adds clock skew support to AccessTokenProviderChain. The clock skew configured on OAuth2RestTemplate is propagated into AccessTokenProviderChain where is is also taken into account when the token's expiration is checked. Note: The clock skew value is injected via reflection as version 2.5.0 was the final minor release before EOL of this project and the public API must not be changed in patch releases. Background: The fix for spring-projects#1287 added a clock skew to OAuth2RestTemplate but there is another expiration check in AccessTokenProviderChain that does not take this into account which renders this fix useless when used in combination with AccessTokenProviderChain. Closes gh-1909 --- .../oauth2/client/OAuth2RestTemplate.java | 28 +++++++++++++ .../token/AccessTokenProviderChain.java | 23 ++++++++++- .../client/OAuth2RestTemplateTests.java | 39 +++++++++++++++++++ .../token/AccessTokenProviderChainTests.java | 33 ++++++++++++++-- 4 files changed, 118 insertions(+), 5 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestTemplate.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestTemplate.java index 757d7f383..3f8c18452 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestTemplate.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestTemplate.java @@ -2,6 +2,7 @@ import java.io.IOException; import java.io.UnsupportedEncodingException; +import java.lang.reflect.Field; import java.net.URI; import java.net.URISyntaxException; import java.net.URLEncoder; @@ -26,6 +27,7 @@ import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; import org.springframework.util.Assert; +import org.springframework.util.ReflectionUtils; import org.springframework.web.client.RequestCallback; import org.springframework.web.client.ResponseErrorHandler; import org.springframework.web.client.ResponseExtractor; @@ -287,6 +289,7 @@ protected URI appendQueryParameter(URI uri, OAuth2AccessToken accessToken) { public void setAccessTokenProvider(AccessTokenProvider accessTokenProvider) { this.accessTokenProvider = accessTokenProvider; + propagateClockSkewToAccessTokenProvider(this.clockSkew, accessTokenProvider); } /** @@ -298,5 +301,30 @@ public void setAccessTokenProvider(AccessTokenProvider accessTokenProvider) { public void setClockSkew(int clockSkew) { Assert.isTrue(clockSkew >= 0, "clockSkew must be >= 0"); this.clockSkew = clockSkew; + propagateClockSkewToAccessTokenProvider(clockSkew, this.accessTokenProvider); + } + + /** + * Propagates the maximum acceptable clock skew, which is used when checking the + * {@link OAuth2AccessToken access token} expiry into the given {@link AccessTokenProvider} if it is an instance of + * {@link AccessTokenProviderChain}. + *

+ * Note: The clock skew value is injected via reflection as version 2.5.0 was the final minor release before EOL of + * this project and the public API must not be changed in patch releases. + * + * @param clockSkew the maximum acceptable clock skew + * @param accessTokenProvider the access token provider + */ + private static void propagateClockSkewToAccessTokenProvider(int clockSkew, AccessTokenProvider accessTokenProvider) { + if (!(accessTokenProvider instanceof AccessTokenProviderChain)) { + return; + } + + Field field = ReflectionUtils.findField(accessTokenProvider.getClass(), "clockSkew"); + if (field == null) { + return; + } + field.setAccessible(true); + ReflectionUtils.setField(field, accessTokenProvider, clockSkew); } } \ No newline at end of file diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java index 0070b6123..51cc6c9f3 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2011 the original author or authors. + * Copyright 2002-2021 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,6 +15,7 @@ */ package org.springframework.security.oauth2.client.token; +import java.util.Calendar; import java.util.Collections; import java.util.List; @@ -50,6 +51,8 @@ public class AccessTokenProviderChain extends OAuth2AccessTokenSupport private ClientTokenServices clientTokenServices; + private int clockSkew = 30; + public AccessTokenProviderChain(List chain) { this.chain = chain == null ? Collections. emptyList() : Collections.unmodifiableList(chain); @@ -104,7 +107,7 @@ public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails resour } if (existingToken != null) { - if (existingToken.isExpired()) { + if (hasTokenExpired(existingToken)) { if (clientTokenServices != null) { clientTokenServices.removeAccessToken(resource, auth); } @@ -188,4 +191,20 @@ public OAuth2AccessToken refreshAccessToken(OAuth2ProtectedResourceDetails resou resource); } + /** + * Checks if the given {@link OAuth2AccessToken access token} should be considered to have expired based on the + * token's expiration time and the clock skew. + * + * @param token the token to be checked + * @return true if the token should be considered expired, false otherwise + */ + private boolean hasTokenExpired(OAuth2AccessToken token) { + Calendar now = Calendar.getInstance(); + Calendar expiresAt = (Calendar) now.clone(); + if (token.getExpiration() != null) { + expiresAt.setTime(token.getExpiration()); + expiresAt.add(Calendar.SECOND, -this.clockSkew); + } + return now.after(expiresAt); + } } diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/OAuth2RestTemplateTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/OAuth2RestTemplateTests.java index 895ffdc3a..1c419fde9 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/OAuth2RestTemplateTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/OAuth2RestTemplateTests.java @@ -7,6 +7,7 @@ import static org.junit.Assert.fail; import java.io.IOException; +import java.lang.reflect.Field; import java.net.URI; import java.util.Collections; import java.util.Date; @@ -27,10 +28,12 @@ import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails; import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException; import org.springframework.security.oauth2.client.token.AccessTokenProvider; +import org.springframework.security.oauth2.client.token.AccessTokenProviderChain; import org.springframework.security.oauth2.client.token.AccessTokenRequest; import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2RefreshToken; +import org.springframework.util.ReflectionUtils; import org.springframework.web.client.RequestCallback; import org.springframework.web.client.ResponseExtractor; import org.springframework.web.util.UriTemplate; @@ -244,6 +247,42 @@ public void testNegativeClockSkew() { restTemplate.setClockSkew(-1); } + // gh-1909 + @Test + public void testClockSkewPropagationIntoAccessTokenProviderChain() { + AccessTokenProvider accessTokenProvider = new AccessTokenProviderChain(Collections.emptyList()); + restTemplate.setAccessTokenProvider(accessTokenProvider); + restTemplate.setClockSkew(5); + + Field field = ReflectionUtils.findField(accessTokenProvider.getClass(), "clockSkew"); + field.setAccessible(true); + + assertEquals(5, ReflectionUtils.getField(field, accessTokenProvider)); + } + + // gh-1909 + @Test + public void testApplyClockSkewOnProvidedAccessTokenProviderChain() { + AccessTokenProvider accessTokenProvider = new AccessTokenProviderChain(Collections.emptyList()); + restTemplate.setClockSkew(5); + restTemplate.setAccessTokenProvider(accessTokenProvider); + + Field field = ReflectionUtils.findField(accessTokenProvider.getClass(), "clockSkew"); + field.setAccessible(true); + + assertEquals(5, ReflectionUtils.getField(field, accessTokenProvider)); + } + + // gh-1909 + @Test + public void testClockSkewPropagationSkippedForNonAccessTokenProviderChainInstances() { + restTemplate.setClockSkew(5); + restTemplate.setAccessTokenProvider(null); + restTemplate.setClockSkew(5); + restTemplate.setAccessTokenProvider(new StubAccessTokenProvider()); + restTemplate.setClockSkew(5); + } + @Test public void testTokenIsResetIfInvalid() throws Exception { DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("TEST"); diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChainTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChainTests.java index 5b9e08035..8848ecf0b 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChainTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChainTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2006-2011 the original author or authors. + * Copyright 2006-2021 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at @@ -145,7 +145,7 @@ public void testSunnyDayWithExpiredTokenAndTokenServices() throws Exception { } @Test - public void testSunnyDayWIthExpiredTokenAndValidRefreshToken() throws Exception { + public void testSunnyDayWithExpiredTokenAndValidRefreshToken() throws Exception { AccessTokenProviderChain chain = new AccessTokenProviderChain(Arrays.asList(new StubAccessTokenProvider())); accessToken.setExpiration(new Date(System.currentTimeMillis() - 1000)); accessToken.setRefreshToken(new DefaultOAuth2RefreshToken("EXP")); @@ -154,10 +154,37 @@ public void testSunnyDayWIthExpiredTokenAndValidRefreshToken() throws Exception SecurityContextHolder.getContext().setAuthentication(user); OAuth2AccessToken token = chain.obtainAccessToken(resource, request); assertNotNull(token); + assertEquals(refreshedToken, token); + } + + @Test + public void testSunnyDayWithTokenWithinClockSkewWindowAndValidRefreshToken() throws Exception { + AccessTokenProviderChain chain = new AccessTokenProviderChain(Arrays.asList(new StubAccessTokenProvider())); + accessToken.setExpiration(new Date(System.currentTimeMillis() + 1000)); + accessToken.setRefreshToken(new DefaultOAuth2RefreshToken("EXP")); + AccessTokenRequest request = new DefaultAccessTokenRequest(); + request.setExistingToken(accessToken); + SecurityContextHolder.getContext().setAuthentication(user); + OAuth2AccessToken token = chain.obtainAccessToken(resource, request); + assertNotNull(token); + assertEquals(refreshedToken, token); + } + + @Test + public void testSunnyDayWithTokenOutsideClockSkewWindowAndValidRefreshToken() throws Exception { + AccessTokenProviderChain chain = new AccessTokenProviderChain(Arrays.asList(new StubAccessTokenProvider())); + accessToken.setExpiration(new Date(System.currentTimeMillis() + 31000)); + accessToken.setRefreshToken(new DefaultOAuth2RefreshToken("EXP")); + AccessTokenRequest request = new DefaultAccessTokenRequest(); + request.setExistingToken(accessToken); + SecurityContextHolder.getContext().setAuthentication(user); + OAuth2AccessToken token = chain.obtainAccessToken(resource, request); + assertNotNull(token); + assertEquals(accessToken, token); } @Test(expected = InvalidTokenException.class) - public void testSunnyDayWIthExpiredTokenAndExpiredRefreshToken() throws Exception { + public void testSunnyDayWithExpiredTokenAndExpiredRefreshToken() throws Exception { AccessTokenProviderChain chain = new AccessTokenProviderChain(Arrays.asList(new StubAccessTokenProvider())); accessToken.setExpiration(new Date(System.currentTimeMillis() - 1000)); DefaultOAuth2RefreshToken refreshToken = new DefaultExpiringOAuth2RefreshToken("EXP", From 5d33f4455db9e77ddfcbd25c2198e8463a1327c0 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 25 Mar 2021 09:18:01 -0400 Subject: [PATCH 76/94] Fix misconfigured redirect-uri in sparklr2 sample --- .../oauth/examples/sparklr/config/OAuth2ServerConfig.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/OAuth2ServerConfig.java b/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/OAuth2ServerConfig.java index ebacd9eef..a054cf85c 100644 --- a/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/OAuth2ServerConfig.java +++ b/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/OAuth2ServerConfig.java @@ -131,7 +131,7 @@ public void configure(ClientDetailsServiceConfigurer clients) throws Exception { .authorizedGrantTypes("authorization_code", "client_credentials") .authorities("ROLE_CLIENT") .scopes("read", "trust") - .redirectUris("https://anywhere/?key=value") + .redirectUris("http://localhost:8080/tonr2/sparklr/photos") .and() .withClient("my-trusted-client") .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit") From 58454b7e78f1649f6e852cd73d3d519f210f7406 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Fri, 9 Apr 2021 14:26:06 -0400 Subject: [PATCH 77/94] Update Spring to 4.3.30.RELEASE Closes gh-1918 --- pom.xml | 2 +- tests/annotation/pom.xml | 2 +- tests/xml/pom.xml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 2f1a165c7..d56290067 100644 --- a/pom.xml +++ b/pom.xml @@ -19,7 +19,7 @@ UTF-8 1.14 - 4.3.26.RELEASE + 4.3.30.RELEASE 4.2.15.RELEASE 1.5.2.RELEASE 2.6.3 diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml index 04bad7a18..03ac66733 100644 --- a/tests/annotation/pom.xml +++ b/tests/annotation/pom.xml @@ -27,7 +27,7 @@ demo.Application 1.7 - 4.3.26.RELEASE + 4.3.30.RELEASE spring-oauth2-tests diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml index 30721fd18..f17e07419 100644 --- a/tests/xml/pom.xml +++ b/tests/xml/pom.xml @@ -21,7 +21,7 @@ demo.Application 1.7 - 4.3.26.RELEASE + 4.3.30.RELEASE spring-oauth2-tests-xml From e0e502ea8b00b60f1c8bcb3064bd358951b3b203 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Fri, 9 Apr 2021 14:31:15 -0400 Subject: [PATCH 78/94] Update Spring Security to 4.2.20.RELEASE Closes gh-1919 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d56290067..743595f6f 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ UTF-8 1.14 4.3.30.RELEASE - 4.2.15.RELEASE + 4.2.20.RELEASE 1.5.2.RELEASE 2.6.3 4.12 From af7cd123e51ec652bd625bd30993f02e708e8d4e Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Fri, 9 Apr 2021 14:49:22 -0400 Subject: [PATCH 79/94] Update Jackson to 2.10.5 Closes gh-1920 --- samples/oauth2/sparklr/pom.xml | 4 ++-- samples/oauth2/tonr/pom.xml | 4 ++-- spring-security-oauth2/pom.xml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml index 7146bbac2..ab4006adb 100644 --- a/samples/oauth2/sparklr/pom.xml +++ b/samples/oauth2/sparklr/pom.xml @@ -15,7 +15,7 @@ /sparklr2 - 2.10.1 + 2.10.5 3.0.1 @@ -23,7 +23,7 @@ spring5 - 2.10.1 + 2.10.5 3.1.0 diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml index 328e7118b..35c453742 100644 --- a/samples/oauth2/tonr/pom.xml +++ b/samples/oauth2/tonr/pom.xml @@ -16,7 +16,7 @@ /tonr2 - 2.10.1 + 2.10.5 3.0.1 @@ -24,7 +24,7 @@ spring5 - 2.10.1 + 2.10.5 3.1.0 diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml index 391826352..c6ce9eeb4 100644 --- a/spring-security-oauth2/pom.xml +++ b/spring-security-oauth2/pom.xml @@ -13,7 +13,7 @@ Module for providing OAuth2 support to Spring Security - 2.10.1 + 2.10.5 3.0.1 1.1.1.RELEASE 1.7.4 @@ -23,7 +23,7 @@ spring5 - 2.10.1 + 2.10.5 3.1.0 1.6.1 From 3f33a89a5903c73ab18a3ad56e5da35c2a0b6423 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Fri, 9 Apr 2021 15:15:24 -0400 Subject: [PATCH 80/94] Release 2.5.1.RELEASE --- pom.xml | 2 +- samples/oauth/sparklr/pom.xml | 2 +- samples/oauth/tonr/pom.xml | 2 +- samples/oauth2/sparklr/pom.xml | 2 +- samples/oauth2/tonr/pom.xml | 2 +- samples/pom.xml | 2 +- spring-security-oauth/pom.xml | 2 +- spring-security-oauth2/pom.xml | 2 +- tests/annotation/approval/pom.xml | 2 +- tests/annotation/client/pom.xml | 2 +- tests/annotation/common/pom.xml | 2 +- tests/annotation/custom-authentication/pom.xml | 2 +- tests/annotation/custom-grant/pom.xml | 2 +- tests/annotation/form/pom.xml | 2 +- tests/annotation/jaxb/pom.xml | 2 +- tests/annotation/jdbc/pom.xml | 2 +- tests/annotation/jpa/pom.xml | 2 +- tests/annotation/jwt/pom.xml | 2 +- tests/annotation/mappings/pom.xml | 2 +- tests/annotation/multi/pom.xml | 2 +- tests/annotation/pom.xml | 4 ++-- tests/annotation/resource/pom.xml | 2 +- tests/annotation/ssl/pom.xml | 2 +- tests/annotation/vanilla/pom.xml | 2 +- tests/pom.xml | 2 +- tests/xml/approval/pom.xml | 2 +- tests/xml/client/pom.xml | 2 +- tests/xml/common/pom.xml | 2 +- tests/xml/form/pom.xml | 2 +- tests/xml/jdbc/pom.xml | 2 +- tests/xml/jwt/pom.xml | 2 +- tests/xml/mappings/pom.xml | 2 +- tests/xml/pom.xml | 4 ++-- tests/xml/vanilla/pom.xml | 2 +- 34 files changed, 36 insertions(+), 36 deletions(-) diff --git a/pom.xml b/pom.xml index 743595f6f..4cd508c74 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ OAuth for Spring Security Parent Project for OAuth Support for Spring Security pom - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE https://docs.spring.io/spring-security/oauth diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml index 54fc3467a..d628a13cc 100644 --- a/samples/oauth/sparklr/pom.xml +++ b/samples/oauth/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE ../../.. diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml index 6becaeef9..b03317bd3 100644 --- a/samples/oauth/tonr/pom.xml +++ b/samples/oauth/tonr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE ../../.. diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml index ab4006adb..c33017209 100644 --- a/samples/oauth2/sparklr/pom.xml +++ b/samples/oauth2/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE ../../.. diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml index 35c453742..059c741fb 100644 --- a/samples/oauth2/tonr/pom.xml +++ b/samples/oauth2/tonr/pom.xml @@ -6,7 +6,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE ../../.. diff --git a/samples/pom.xml b/samples/pom.xml index 53a6a9ba9..d2318e570 100755 --- a/samples/pom.xml +++ b/samples/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE spring-security-oauth-samples diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml index 062ce3e81..765c8e81b 100644 --- a/spring-security-oauth/pom.xml +++ b/spring-security-oauth/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE spring-security-oauth diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml index c6ce9eeb4..f28ebcbab 100644 --- a/spring-security-oauth2/pom.xml +++ b/spring-security-oauth2/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE spring-security-oauth2 diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml index aa652e8e1..66f891303 100644 --- a/tests/annotation/approval/pom.xml +++ b/tests/annotation/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml index 3d411ad52..713835228 100644 --- a/tests/annotation/client/pom.xml +++ b/tests/annotation/client/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml index 696f649bc..2bf5b0418 100644 --- a/tests/annotation/common/pom.xml +++ b/tests/annotation/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml index c962891b1..d78c15b87 100644 --- a/tests/annotation/custom-authentication/pom.xml +++ b/tests/annotation/custom-authentication/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml index 36b41f2fb..273ec92ed 100644 --- a/tests/annotation/custom-grant/pom.xml +++ b/tests/annotation/custom-grant/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml index 66c1c4a2b..8f4d86eea 100644 --- a/tests/annotation/form/pom.xml +++ b/tests/annotation/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml index 4cff9773e..c697f64c2 100644 --- a/tests/annotation/jaxb/pom.xml +++ b/tests/annotation/jaxb/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml index bbd391935..9807ceacf 100644 --- a/tests/annotation/jdbc/pom.xml +++ b/tests/annotation/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml index b9086e86c..d2f7e3b11 100644 --- a/tests/annotation/jpa/pom.xml +++ b/tests/annotation/jpa/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml index 2f7840f1c..01868b66f 100644 --- a/tests/annotation/jwt/pom.xml +++ b/tests/annotation/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml index ade3a89ea..f7faae255 100644 --- a/tests/annotation/mappings/pom.xml +++ b/tests/annotation/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml index 0e76c965b..613ef8e9c 100644 --- a/tests/annotation/multi/pom.xml +++ b/tests/annotation/multi/pom.xml @@ -9,7 +9,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml index 03ac66733..aec08b4f1 100644 --- a/tests/annotation/pom.xml +++ b/tests/annotation/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE pom @@ -45,7 +45,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE org.springframework.security diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml index 236bbb594..2be19a4d0 100644 --- a/tests/annotation/resource/pom.xml +++ b/tests/annotation/resource/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml index e1b648932..45a7958fc 100644 --- a/tests/annotation/ssl/pom.xml +++ b/tests/annotation/ssl/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml index 2cd9adad5..95b1470f6 100644 --- a/tests/annotation/vanilla/pom.xml +++ b/tests/annotation/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/pom.xml b/tests/pom.xml index 31ff36441..9cf40b749 100644 --- a/tests/pom.xml +++ b/tests/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE spring-security-oauth-tests diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml index 7261b1ac5..dc8520866 100644 --- a/tests/xml/approval/pom.xml +++ b/tests/xml/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml index 1fa266a9a..8f70ba452 100644 --- a/tests/xml/client/pom.xml +++ b/tests/xml/client/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml index 68638115e..4744a0394 100644 --- a/tests/xml/common/pom.xml +++ b/tests/xml/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml index 5394cf034..62688bbe6 100644 --- a/tests/xml/form/pom.xml +++ b/tests/xml/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml index d28f18867..86e797bc3 100644 --- a/tests/xml/jdbc/pom.xml +++ b/tests/xml/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml index 501d7c623..baa529f4f 100644 --- a/tests/xml/jwt/pom.xml +++ b/tests/xml/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml index c74ec9190..5cacedefd 100644 --- a/tests/xml/mappings/pom.xml +++ b/tests/xml/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml index f17e07419..d0fd06f64 100644 --- a/tests/xml/pom.xml +++ b/tests/xml/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE pom @@ -39,7 +39,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE org.springframework.security diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml index ef406a151..06b76ca12 100644 --- a/tests/xml/vanilla/pom.xml +++ b/tests/xml/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.1.BUILD-SNAPSHOT + 2.5.1.RELEASE From 6f2965368761d0f20027b62640e30c62844bcafd Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Fri, 9 Apr 2021 16:49:49 -0400 Subject: [PATCH 81/94] Next development version --- pom.xml | 2 +- samples/oauth/sparklr/pom.xml | 2 +- samples/oauth/tonr/pom.xml | 2 +- samples/oauth2/sparklr/pom.xml | 2 +- samples/oauth2/tonr/pom.xml | 2 +- samples/pom.xml | 2 +- spring-security-oauth/pom.xml | 2 +- spring-security-oauth2/pom.xml | 2 +- tests/annotation/approval/pom.xml | 2 +- tests/annotation/client/pom.xml | 2 +- tests/annotation/common/pom.xml | 2 +- tests/annotation/custom-authentication/pom.xml | 2 +- tests/annotation/custom-grant/pom.xml | 2 +- tests/annotation/form/pom.xml | 2 +- tests/annotation/jaxb/pom.xml | 2 +- tests/annotation/jdbc/pom.xml | 2 +- tests/annotation/jpa/pom.xml | 2 +- tests/annotation/jwt/pom.xml | 2 +- tests/annotation/mappings/pom.xml | 2 +- tests/annotation/multi/pom.xml | 2 +- tests/annotation/pom.xml | 4 ++-- tests/annotation/resource/pom.xml | 2 +- tests/annotation/ssl/pom.xml | 2 +- tests/annotation/vanilla/pom.xml | 2 +- tests/pom.xml | 2 +- tests/xml/approval/pom.xml | 2 +- tests/xml/client/pom.xml | 2 +- tests/xml/common/pom.xml | 2 +- tests/xml/form/pom.xml | 2 +- tests/xml/jdbc/pom.xml | 2 +- tests/xml/jwt/pom.xml | 2 +- tests/xml/mappings/pom.xml | 2 +- tests/xml/pom.xml | 4 ++-- tests/xml/vanilla/pom.xml | 2 +- 34 files changed, 36 insertions(+), 36 deletions(-) diff --git a/pom.xml b/pom.xml index 4cd508c74..b861edf30 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ OAuth for Spring Security Parent Project for OAuth Support for Spring Security pom - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT https://docs.spring.io/spring-security/oauth diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml index d628a13cc..4f60bc3ff 100644 --- a/samples/oauth/sparklr/pom.xml +++ b/samples/oauth/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml index b03317bd3..4ffa4828f 100644 --- a/samples/oauth/tonr/pom.xml +++ b/samples/oauth/tonr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml index c33017209..6886667c9 100644 --- a/samples/oauth2/sparklr/pom.xml +++ b/samples/oauth2/sparklr/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT ../../.. diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml index 059c741fb..7510bb025 100644 --- a/samples/oauth2/tonr/pom.xml +++ b/samples/oauth2/tonr/pom.xml @@ -6,7 +6,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT ../../.. diff --git a/samples/pom.xml b/samples/pom.xml index d2318e570..f78835a4d 100755 --- a/samples/pom.xml +++ b/samples/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT spring-security-oauth-samples diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml index 765c8e81b..9f5195b0d 100644 --- a/spring-security-oauth/pom.xml +++ b/spring-security-oauth/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT spring-security-oauth diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml index f28ebcbab..b59928d04 100644 --- a/spring-security-oauth2/pom.xml +++ b/spring-security-oauth2/pom.xml @@ -5,7 +5,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT spring-security-oauth2 diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml index 66f891303..c072826ba 100644 --- a/tests/annotation/approval/pom.xml +++ b/tests/annotation/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml index 713835228..03ae9e3e7 100644 --- a/tests/annotation/client/pom.xml +++ b/tests/annotation/client/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml index 2bf5b0418..0f20d7c87 100644 --- a/tests/annotation/common/pom.xml +++ b/tests/annotation/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml index d78c15b87..bb384219c 100644 --- a/tests/annotation/custom-authentication/pom.xml +++ b/tests/annotation/custom-authentication/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml index 273ec92ed..c9dd5bfa3 100644 --- a/tests/annotation/custom-grant/pom.xml +++ b/tests/annotation/custom-grant/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml index 8f4d86eea..38b0b228d 100644 --- a/tests/annotation/form/pom.xml +++ b/tests/annotation/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml index c697f64c2..7fbf7c624 100644 --- a/tests/annotation/jaxb/pom.xml +++ b/tests/annotation/jaxb/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml index 9807ceacf..022418680 100644 --- a/tests/annotation/jdbc/pom.xml +++ b/tests/annotation/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml index d2f7e3b11..a81d82a90 100644 --- a/tests/annotation/jpa/pom.xml +++ b/tests/annotation/jpa/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml index 01868b66f..d90d10e93 100644 --- a/tests/annotation/jwt/pom.xml +++ b/tests/annotation/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml index f7faae255..904099dcc 100644 --- a/tests/annotation/mappings/pom.xml +++ b/tests/annotation/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml index 613ef8e9c..d317a95a4 100644 --- a/tests/annotation/multi/pom.xml +++ b/tests/annotation/multi/pom.xml @@ -9,7 +9,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml index aec08b4f1..6b9bb606d 100644 --- a/tests/annotation/pom.xml +++ b/tests/annotation/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT pom @@ -45,7 +45,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT org.springframework.security diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml index 2be19a4d0..e0a662cca 100644 --- a/tests/annotation/resource/pom.xml +++ b/tests/annotation/resource/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml index 45a7958fc..9a1d11851 100644 --- a/tests/annotation/ssl/pom.xml +++ b/tests/annotation/ssl/pom.xml @@ -11,7 +11,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml index 95b1470f6..c9327950f 100644 --- a/tests/annotation/vanilla/pom.xml +++ b/tests/annotation/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/pom.xml b/tests/pom.xml index 9cf40b749..a8ccb01f4 100644 --- a/tests/pom.xml +++ b/tests/pom.xml @@ -4,7 +4,7 @@ org.springframework.security.oauth spring-security-oauth-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT spring-security-oauth-tests diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml index dc8520866..f76d57852 100644 --- a/tests/xml/approval/pom.xml +++ b/tests/xml/approval/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml index 8f70ba452..a87b59bd6 100644 --- a/tests/xml/client/pom.xml +++ b/tests/xml/client/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml index 4744a0394..06ab6e3f6 100644 --- a/tests/xml/common/pom.xml +++ b/tests/xml/common/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml index 62688bbe6..4c2c20be8 100644 --- a/tests/xml/form/pom.xml +++ b/tests/xml/form/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml index 86e797bc3..da6e8f69f 100644 --- a/tests/xml/jdbc/pom.xml +++ b/tests/xml/jdbc/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml index baa529f4f..a672c4c71 100644 --- a/tests/xml/jwt/pom.xml +++ b/tests/xml/jwt/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml index 5cacedefd..c2a823398 100644 --- a/tests/xml/mappings/pom.xml +++ b/tests/xml/mappings/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml index d0fd06f64..e181e0025 100644 --- a/tests/xml/pom.xml +++ b/tests/xml/pom.xml @@ -4,7 +4,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT pom @@ -39,7 +39,7 @@ org.springframework.security.oauth spring-security-oauth2 - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT org.springframework.security diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml index 06b76ca12..ed2830fc4 100644 --- a/tests/xml/vanilla/pom.xml +++ b/tests/xml/vanilla/pom.xml @@ -10,7 +10,7 @@ org.demo spring-oauth2-tests-xml-parent - 2.5.1.RELEASE + 2.5.2.BUILD-SNAPSHOT From 3a1654618c47d932e2cfb813564eed0a8c004cf8 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Tue, 27 Apr 2021 06:12:43 -0400 Subject: [PATCH 82/94] Rename master branch to main Closes gh-1922 --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index fe69c3b35..d45eca54e 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -[![Build Status](https://travis-ci.org/spring-projects/spring-security-oauth.svg?branch=master)](https://travis-ci.org/spring-projects/spring-security-oauth) +[![Build Status](https://travis-ci.org/spring-projects/spring-security-oauth.svg?branch=main)](https://travis-ci.org/spring-projects/spring-security-oauth) ### ** Deprecation Notice ** @@ -101,4 +101,4 @@ request but before a merge. * Add yourself as an @author to the .java files that you modify substantially (more than cosmetic changes). * Add some Javadocs and, if you change the namespace, some XSD doc elements. * A few unit tests would help a lot as well - someone has to do it. -* If no-one else is using your branch, please rebase it against the current master (or other target branch in the main project). +* If no-one else is using your branch, please rebase it against the current main (or other target branch in the main project). From 947a314bc24c248ad743bb2f58eb5207415dbc9b Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 13 May 2021 08:39:45 -0400 Subject: [PATCH 83/94] Update security policy link --- .github/ISSUE_TEMPLATE.md | 2 +- .github/PULL_REQUEST_TEMPLATE.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index d7639157b..aaeb72f2a 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -8,7 +8,7 @@ See the OAuth 2.0 Migration Guide https://github.com/spring-projects/spring-secu --> ### Summary diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index a5fcc4da3..570bf5e02 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -8,7 +8,7 @@ See the OAuth 2.0 Migration Guide https://github.com/spring-projects/spring-secu -->