Polish spring-projectsgh-331

Author: jgrandja

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/JdbcOAuth2AuthorizationService.java

@@ -54,7 +54,7 @@
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
-import org.springframework.security.oauth2.server.authorization.jackson2.OAuth2ServerJackson2Module;
+import org.springframework.security.oauth2.server.authorization.jackson2.OAuth2AuthorizationServerJackson2Module;
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
@@ -317,7 +317,7 @@ public OAuth2AuthorizationRowMapper(RegisteredClientRepository registeredClientR
 			ClassLoader classLoader = JdbcOAuth2AuthorizationService.class.getClassLoader();
 			List<Module> securityModules = SecurityJackson2Modules.getModules(classLoader);
 			this.objectMapper.registerModules(securityModules);
-			this.objectMapper.registerModule(new OAuth2ServerJackson2Module());
+			this.objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
 		}
 
 		@Override
@@ -455,7 +455,7 @@ public OAuth2AuthorizationParametersMapper() {
 			ClassLoader classLoader = JdbcOAuth2AuthorizationService.class.getClassLoader();
 			List<Module> securityModules = SecurityJackson2Modules.getModules(classLoader);
 			this.objectMapper.registerModules(securityModules);
-			this.objectMapper.registerModule(new OAuth2ServerJackson2Module());
+			this.objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
 		}
 
 		@Override

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/HashSetMixin.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2020-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -13,7 +13,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.springframework.security.oauth2.server.authorization.jackson2;
 
 import java.util.HashSet;
@@ -26,9 +25,8 @@
  * This mixin class is used to serialize/deserialize {@link HashSet}.
  *
  * @author Steve Riesenberg
- * @see HashSet
- * @see OAuth2ServerJackson2Module
  * @since 0.1.2
+ * @see HashSet
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 abstract class HashSetMixin {

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/JsonNodeUtils.java

@@ -24,10 +24,14 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 /**
+ * TODO
+ * This class is a straight copy from Spring Security.
+ * It should be consolidated when merging this codebase into Spring Security.
+ *
  * Utility class for {@code JsonNode}.
  *
  * @author Joe Grandja
- * @since 0.1.2
+ * @since 5.3
  */
 abstract class JsonNodeUtils {
 

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationRequestDeserializer.java

@@ -31,10 +31,14 @@
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder;
 
 /**
+ * TODO
+ * This class is a straight copy from Spring Security.
+ * It should be consolidated when merging this codebase into Spring Security.
+ *
  * A {@code JsonDeserializer} for {@link OAuth2AuthorizationRequest}.
  *
  * @author Joe Grandja
- * @since 0.1.2
+ * @since 5.3
  * @see OAuth2AuthorizationRequest
  * @see OAuth2AuthorizationRequestMixin
  */

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationRequestMixin.java

@@ -24,14 +24,17 @@
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 
 /**
+ * TODO
+ * This class is a straight copy from Spring Security.
+ * It should be consolidated when merging this codebase into Spring Security.
+ *
  * This mixin class is used to serialize/deserialize {@link OAuth2AuthorizationRequest}.
  * It also registers a custom deserializer {@link OAuth2AuthorizationRequestDeserializer}.
  *
  * @author Joe Grandja
- * @since 0.1.2
+ * @since 5.3
  * @see OAuth2AuthorizationRequest
  * @see OAuth2AuthorizationRequestDeserializer
- * @see OAuth2ServerJackson2Module
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonDeserialize(using = OAuth2AuthorizationRequestDeserializer.class)

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2ServerJackson2Module.java renamed to oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationServerJackson2Module.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2020-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -13,7 +13,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.springframework.security.oauth2.server.authorization.jackson2;
 
 import java.util.Collections;
@@ -24,7 +23,6 @@
 
 import org.springframework.security.jackson2.SecurityJackson2Modules;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
-import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
 
 /**
  * Jackson {@code Module} for {@code spring-authorization-server}, that registers the
@@ -34,7 +32,6 @@
  * <li>{@link UnmodifiableMapMixin}</li>
  * <li>{@link HashSetMixin}</li>
  * <li>{@link OAuth2AuthorizationRequestMixin}</li>
- * <li>{@link OAuth2ClientAuthenticationTokenMixin}</li>
  * </ul>
  *
  * If not already enabled, default typing will be automatically enabled as type info is
@@ -43,21 +40,23 @@
  *
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
- *     mapper.registerModule(new OAuth2ServerJackson2Module());
+ *     mapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
  * </pre>
  *
+ * <b>NOTE:</b> Use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get a list
+ * of all security modules.
+ *
  * @author Steve Riesenberg
  * @since 0.1.2
  * @see SecurityJackson2Modules
  * @see UnmodifiableMapMixin
  * @see HashSetMixin
  * @see OAuth2AuthorizationRequestMixin
- * @see OAuth2ClientAuthenticationTokenMixin
  */
-public class OAuth2ServerJackson2Module extends SimpleModule {
+public class OAuth2AuthorizationServerJackson2Module extends SimpleModule {
 
-	public OAuth2ServerJackson2Module() {
-		super(OAuth2ServerJackson2Module.class.getName(), new Version(1, 0, 0, null, null, null));
+	public OAuth2AuthorizationServerJackson2Module() {
+		super(OAuth2AuthorizationServerJackson2Module.class.getName(), new Version(1, 0, 0, null, null, null));
 	}
 
 	@Override
@@ -67,7 +66,6 @@ public void setupModule(SetupContext context) {
 				UnmodifiableMapMixin.class);
 		context.setMixInAnnotations(HashSet.class, HashSetMixin.class);
 		context.setMixInAnnotations(OAuth2AuthorizationRequest.class, OAuth2AuthorizationRequestMixin.class);
-		context.setMixInAnnotations(OAuth2ClientAuthenticationToken.class, OAuth2ClientAuthenticationTokenMixin.class);
 	}
 
 }

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2ClientAuthenticationTokenMixin.java

@@ -19,16 +19,57 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.util.StdConverter;
 
+import org.springframework.security.oauth2.core.AuthenticationMethod;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
 
 /**
+ * TODO
+ * This class is a straight copy from Spring Security.
+ * It should be consolidated when merging this codebase into Spring Security.
+ *
  * {@code StdConverter} implementations.
  *
  * @author Joe Grandja
- * @since 0.1.2
+ * @since 5.3
  */
 abstract class StdConverters {
 
+	static final class AccessTokenTypeConverter extends StdConverter<JsonNode, OAuth2AccessToken.TokenType> {
+
+		@Override
+		public OAuth2AccessToken.TokenType convert(JsonNode jsonNode) {
+			String value = JsonNodeUtils.findStringValue(jsonNode, "value");
+			if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(value)) {
+				return OAuth2AccessToken.TokenType.BEARER;
+			}
+			return null;
+		}
+
+	}
+
+	static final class ClientAuthenticationMethodConverter extends StdConverter<JsonNode, ClientAuthenticationMethod> {
+
+		@Override
+		public ClientAuthenticationMethod convert(JsonNode jsonNode) {
+			String value = JsonNodeUtils.findStringValue(jsonNode, "value");
+			if (ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue().equalsIgnoreCase(value)
+					|| ClientAuthenticationMethod.BASIC.getValue().equalsIgnoreCase(value)) {
+				return ClientAuthenticationMethod.CLIENT_SECRET_BASIC;
+			}
+			if (ClientAuthenticationMethod.CLIENT_SECRET_POST.getValue().equalsIgnoreCase(value)
+					|| ClientAuthenticationMethod.POST.getValue().equalsIgnoreCase(value)) {
+				return ClientAuthenticationMethod.CLIENT_SECRET_POST;
+			}
+			if (ClientAuthenticationMethod.NONE.getValue().equalsIgnoreCase(value)) {
+				return ClientAuthenticationMethod.NONE;
+			}
+			return null;
+		}
+
+	}
+
 	static final class AuthorizationGrantTypeConverter extends StdConverter<JsonNode, AuthorizationGrantType> {
 
 		@Override
@@ -51,4 +92,23 @@ public AuthorizationGrantType convert(JsonNode jsonNode) {
 
 	}
 
+	static final class AuthenticationMethodConverter extends StdConverter<JsonNode, AuthenticationMethod> {
+
+		@Override
+		public AuthenticationMethod convert(JsonNode jsonNode) {
+			String value = JsonNodeUtils.findStringValue(jsonNode, "value");
+			if (AuthenticationMethod.HEADER.getValue().equalsIgnoreCase(value)) {
+				return AuthenticationMethod.HEADER;
+			}
+			if (AuthenticationMethod.FORM.getValue().equalsIgnoreCase(value)) {
+				return AuthenticationMethod.FORM;
+			}
+			if (AuthenticationMethod.QUERY.getValue().equalsIgnoreCase(value)) {
+				return AuthenticationMethod.QUERY;
+			}
+			return null;
+		}
+
+	}
+
 }

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/StdConverters.java

@@ -28,10 +28,14 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 /**
+ * TODO
+ * This class is a straight copy from Spring Security.
+ * It should be consolidated when merging this codebase into Spring Security.
+ *
  * A {@code JsonDeserializer} for {@link Collections#unmodifiableMap(Map)}.
  *
  * @author Joe Grandja
- * @since 0.1.2
+ * @since 5.3
  * @see Collections#unmodifiableMap(Map)
  * @see UnmodifiableMapMixin
  */

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/UnmodifiableMapDeserializer.java

@@ -24,15 +24,18 @@
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 
 /**
+ * TODO
+ * This class is a straight copy from Spring Security.
+ * It should be consolidated when merging this codebase into Spring Security.
+ *
  * This mixin class is used to serialize/deserialize
  * {@link Collections#unmodifiableMap(Map)}. It also registers a custom deserializer
  * {@link UnmodifiableMapDeserializer}.
  *
  * @author Joe Grandja
- * @since 0.1.2
+ * @since 5.3
  * @see Collections#unmodifiableMap(Map)
  * @see UnmodifiableMapDeserializer
- * @see OAuth2ServerJackson2Module
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonDeserialize(using = UnmodifiableMapDeserializer.class)

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/UnmodifiableMapMixin.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2020-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -13,7 +13,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.springframework.security.oauth2.server.authorization.jackson2;
 
 import java.util.List;