Polish spring-projectsgh-79

Author: jgrandja

core/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2Authorization.java

@@ -33,7 +33,6 @@
  *
  * @author Joe Grandja
  * @author Krisztian Toth
- * @author Madhu Bhat
  * @since 0.0.1
  * @see RegisteredClient
  * @see OAuth2AccessToken
@@ -75,15 +74,6 @@ public OAuth2AccessToken getAccessToken() {
 		return this.accessToken;
 	}
 
-	/**
-	 * Sets the access token {@link OAuth2AccessToken} in the {@link OAuth2Authorization}.
-	 *
-	 * @param accessToken the access token
-	 */
-	public final void setAccessToken(OAuth2AccessToken accessToken) {
-		this.accessToken = accessToken;
-	}
-
 	/**
 	 * Returns the attribute(s) associated to the authorization.
 	 *

core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AccessTokenAuthenticationToken.java

@@ -17,8 +17,8 @@
 
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.server.authorization.Version;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
 
 import java.util.Collections;
@@ -28,7 +28,7 @@
  * @author Madhu Bhat
  */
 public class OAuth2AccessTokenAuthenticationToken extends AbstractAuthenticationToken {
-	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+	private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
 	private RegisteredClient registeredClient;
 	private Authentication clientPrincipal;
 	private OAuth2AccessToken accessToken;
@@ -52,9 +52,9 @@ public Object getPrincipal() {
 	}
 
 	/**
-	 * Returns the access token {@link OAuth2AccessToken}.
+	 * Returns the {@link OAuth2AccessToken access token}.
 	 *
-	 * @return the access token
+	 * @return the {@link OAuth2AccessToken}
 	 */
 	public OAuth2AccessToken getAccessToken() {
 		return this.accessToken;

core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationToken.java

@@ -18,7 +18,7 @@
 import org.springframework.lang.Nullable;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.SpringSecurityCoreVersion;
+import org.springframework.security.oauth2.server.authorization.Version;
 
 import java.util.Collections;
 
@@ -27,7 +27,7 @@
  * @author Madhu Bhat
  */
 public class OAuth2AuthorizationCodeAuthenticationToken extends AbstractAuthenticationToken {
-	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+	private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
 	private String code;
 	private Authentication clientPrincipal;
 	private String clientId;
@@ -37,26 +37,26 @@ public OAuth2AuthorizationCodeAuthenticationToken(String code,
 			Authentication clientPrincipal, @Nullable String redirectUri) {
 		super(Collections.emptyList());
 		this.code = code;
-		this.redirectUri = redirectUri;
 		this.clientPrincipal = clientPrincipal;
+		this.redirectUri = redirectUri;
 	}
 
 	public OAuth2AuthorizationCodeAuthenticationToken(String code,
 			String clientId, @Nullable String redirectUri) {
 		super(Collections.emptyList());
 		this.code = code;
-		this.redirectUri = redirectUri;
 		this.clientId = clientId;
+		this.redirectUri = redirectUri;
 	}
 
 	@Override
-	public Object getCredentials() {
-		return null;
+	public Object getPrincipal() {
+		return this.clientPrincipal != null ? this.clientPrincipal : this.clientId;
 	}
 
 	@Override
-	public Object getPrincipal() {
-		return null;
+	public Object getCredentials() {
+		return "";
 	}
 
 	/**
@@ -67,4 +67,13 @@ public Object getPrincipal() {
 	public String getCode() {
 		return this.code;
 	}
+
+	/**
+	 * Returns the redirectUri.
+	 *
+	 * @return the redirectUri
+	 */
+	public String getRedirectUri() {
+		return this.redirectUri;
+	}
 }

core/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationEndpointFilter.java

@@ -38,7 +38,6 @@
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
-import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 import org.springframework.util.StringUtils;
 import org.springframework.web.filter.OncePerRequestFilter;
@@ -53,7 +52,6 @@
 import java.util.Base64;
 import java.util.Collections;
 import java.util.HashSet;
-import java.util.Map;
 import java.util.Set;
 
 /**
@@ -123,7 +121,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 		// Validate the request to ensure that all required parameters are present and valid
 		// ---------------
 
-		MultiValueMap<String, String> parameters = getParameters(request);
+		MultiValueMap<String, String> parameters = OAuth2EndpointUtils.getParameters(request);
 		String stateParameter = parameters.getFirst(OAuth2ParameterNames.STATE);
 
 		// client_id (REQUIRED)
@@ -258,7 +256,7 @@ private static boolean isPrincipalAuthenticated(Authentication principal) {
 	}
 
 	private static OAuth2AuthorizationRequest convertAuthorizationRequest(HttpServletRequest request) {
-		MultiValueMap<String, String> parameters = getParameters(request);
+		MultiValueMap<String, String> parameters = OAuth2EndpointUtils.getParameters(request);
 
 		Set<String> scopes = Collections.emptySet();
 		if (parameters.containsKey(OAuth2ParameterNames.SCOPE)) {
@@ -282,17 +280,4 @@ private static OAuth2AuthorizationRequest convertAuthorizationRequest(HttpServle
 								.forEach(e -> additionalParameters.put(e.getKey(), e.getValue().get(0))))
 				.build();
 	}
-
-	private static MultiValueMap<String, String> getParameters(HttpServletRequest request) {
-		Map<String, String[]> parameterMap = request.getParameterMap();
-		MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>(parameterMap.size());
-		parameterMap.forEach((key, values) -> {
-			if (values.length > 0) {
-				for (String value : values) {
-					parameters.add(key, value);
-				}
-			}
-		});
-		return parameters;
-	}
 }

core/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2EndpointUtils.java

@@ -0,0 +1,49 @@
+/*
+ * Copyright 2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.server.authorization.web;
+
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Map;
+
+/**
+ * Utility methods for the OAuth 2.0 Protocol Endpoints.
+ *
+ * @author Joe Grandja
+ * @since 0.0.1
+ * @see OAuth2AuthorizationEndpointFilter
+ * @see OAuth2TokenEndpointFilter
+ */
+final class OAuth2EndpointUtils {
+
+	private OAuth2EndpointUtils() {
+	}
+
+	static MultiValueMap<String, String> getParameters(HttpServletRequest request) {
+		Map<String, String[]> parameterMap = request.getParameterMap();
+		MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>(parameterMap.size());
+		parameterMap.forEach((key, values) -> {
+			if (values.length > 0) {
+				for (String value : values) {
+					parameters.add(key, value);
+				}
+			}
+		});
+		return parameters;
+	}
+}