Make AuthorizationServerContextFilter private

Closes spring-projectsgh-866

Author: jgrandja

docs/src/docs/asciidoc/configuration-model.adoc

@@ -182,9 +182,6 @@ If the issuer identifier is not configured in `AuthorizationServerSettings.build
 [NOTE]
 The `AuthorizationServerContext` is accessible through the `AuthorizationServerContextHolder`, which associates it with the current request thread by using a `ThreadLocal`.
 
-[NOTE]
-The `AuthorizationServerContextFilter` associates the `AuthorizationServerContext` with the `AuthorizationServerContextHolder`.
-
 [[configuring-client-authentication]]
 == Configuring Client Authentication
 

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/AuthorizationServerContextFilter.java renamed to oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/AuthorizationServerContextFilter.java

@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.oauth2.server.authorization.web;
+package org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers;
 
 import java.io.IOException;
 
@@ -39,15 +39,10 @@
  * @see AuthorizationServerContextHolder
  * @see AuthorizationServerSettings
  */
-public final class AuthorizationServerContextFilter extends OncePerRequestFilter {
+final class AuthorizationServerContextFilter extends OncePerRequestFilter {
 	private final AuthorizationServerSettings authorizationServerSettings;
 
-	/**
-	 * Constructs an {@code AuthorizationServerContextFilter} using the provided parameters.
-	 *
-	 * @param authorizationServerSettings the authorization server settings
-	 */
-	public AuthorizationServerContextFilter(AuthorizationServerSettings authorizationServerSettings) {
+	AuthorizationServerContextFilter(AuthorizationServerSettings authorizationServerSettings) {
 		Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null");
 		this.authorizationServerSettings = authorizationServerSettings;
 	}

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerConfigurer.java

@@ -33,7 +33,6 @@
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
 import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
-import org.springframework.security.oauth2.server.authorization.web.AuthorizationServerContextFilter;
 import org.springframework.security.oauth2.server.authorization.web.NimbusJwkSetEndpointFilter;
 import org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationServerMetadataEndpointFilter;
 import org.springframework.security.web.authentication.HttpStatusEntryPoint;

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/context/AuthorizationServerContextHolder.java

@@ -15,15 +15,12 @@
  */
 package org.springframework.security.oauth2.server.authorization.context;
 
-import org.springframework.security.oauth2.server.authorization.web.AuthorizationServerContextFilter;
-
 /**
  * A holder of the {@link AuthorizationServerContext} that associates it with the current thread using a {@code ThreadLocal}.
  *
  * @author Joe Grandja
  * @since 0.2.2
  * @see AuthorizationServerContext
- * @see AuthorizationServerContextFilter
  */
 public final class AuthorizationServerContextHolder {
 	private static final ThreadLocal<AuthorizationServerContext> holder = new ThreadLocal<>();

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java

@@ -92,7 +92,7 @@ public static void destroy() {
 	}
 
 	@Test
-	public void requestWhenAuthorizationServerMetadataRequestAndIssuerSetThenReturnMetadataResponse() throws Exception {
+	public void requestWhenAuthorizationServerMetadataRequestAndIssuerSetThenUsed() throws Exception {
 		this.spring.register(AuthorizationServerConfiguration.class).autowire();
 
 		this.mvc.perform(get(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI))
@@ -101,6 +101,16 @@ public void requestWhenAuthorizationServerMetadataRequestAndIssuerSetThenReturnM
 				.andReturn();
 	}
 
+	@Test
+	public void requestWhenAuthorizationServerMetadataRequestAndIssuerNotSetThenResolveFromRequest() throws Exception {
+		this.spring.register(AuthorizationServerConfigurationWithIssuerNotSet.class).autowire();
+
+		this.mvc.perform(get(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI))
+				.andExpect(status().is2xxSuccessful())
+				.andExpect(jsonPath("issuer").value("http://localhost"))
+				.andReturn();
+	}
+
 	@EnableWebSecurity
 	@Import(OAuth2AuthorizationServerConfiguration.class)
 	static class AuthorizationServerConfiguration {
@@ -129,4 +139,14 @@ AuthorizationServerSettings authorizationServerSettings() {
 		}
 	}
 
+	@EnableWebSecurity
+	@Import(OAuth2AuthorizationServerConfiguration.class)
+	static class AuthorizationServerConfigurationWithIssuerNotSet extends AuthorizationServerConfiguration {
+
+		@Bean
+		AuthorizationServerSettings authorizationServerSettings() {
+			return AuthorizationServerSettings.builder().build();
+		}
+	}
+
 }