Merge branch 'master' into gh_2-JWK-Endpoint

Author: jbellmann

.gitignore

@@ -3,6 +3,11 @@ build/
 !gradle/wrapper/gradle-wrapper.jar
 !**/src/main/**
 !**/src/test/**
+bin/
+classes/
+target/
+*.log
+*.log.*
 
 ### STS ###
 .apt_generated
@@ -32,4 +37,4 @@ out/
 .vscode/
 
 ### Mac ###
-.DS_Store
+.DS_Store

CONTRIBUTING.adoc

@@ -1,7 +1,7 @@
 = Contributing to Spring Authorization Server
 
 Spring Authorization Server is released under the Apache 2.0 license.
-If you would like to contribute something, or simply want to hack on the code this document should help you get started.
+If you would like to contribute something, or simply want to hack on the code this document should help you https://github.com/spring-projects-experimental/spring-authorization-server#getting-started[get started].
 
 == Code of Conduct
 This project adheres to the Contributor Covenant link:CODE_OF_CONDUCT.adoc[code of conduct].

README.adoc

@@ -17,22 +17,33 @@ This project uses https://www.zenhub.com/[ZenHub] to prioritize the feature road
 The project board can be accessed https://app.zenhub.com/workspaces/authorization-server-5e8f3182b5e8f5841bfc4902/board?repos=248032165[here].
 It is recommended to install the ZenHub https://www.zenhub.com/extension[browser extension] as it integrates natively within GitHub's user interface.
 
-== Code of Conduct
-This project adheres to the Contributor Covenant link:CODE_OF_CONDUCT.adoc[code of conduct].
-By participating, you are expected to uphold this code. Please report unacceptable behavior to spring-[email protected].
+== Getting Started
+The first place to start is to read the https://tools.ietf.org/html/rfc6749[OAuth 2.0 Authorization Framework] to gain an in-depth understanding on how to build an Authorization Server.
+It is a critically important first step as the implementation must conform to the specification defined in the OAuth 2.0 Authorization Framework and the https://github.com/spring-projects-experimental/spring-authorization-server/wiki/OAuth-2.0-Specifications[related specifications].
 
-== Downloading Artifacts
-See https://github.com/spring-projects/spring-framework/wiki/Downloading-Spring-artifacts[downloading Spring artifacts] for Maven repository information.
+The second place to start is to become very familiar with the codebase in the following Spring Security modules:
+
+- https://github.com/spring-projects/spring-security/tree/master/oauth2/oauth2-core[OAuth 2.0 Core]
+- https://github.com/spring-projects/spring-security/tree/master/oauth2/oauth2-client[OAuth 2.0 Client]
+- https://github.com/spring-projects/spring-security/tree/master/oauth2/oauth2-resource-server[OAuth 2.0 Resource Server]
+- https://github.com/spring-projects/spring-security/tree/master/oauth2/oauth2-jose[OAuth 2.0 JOSE] (Javascript Object Signing and Encryption)
+
+A significant amount of effort was put into developing the https://spring.io/blog/2018/01/30/next-generation-oauth-2-0-support-with-spring-security[Next Generation OAuth 2.0 Support in Spring Security].
+The goal is to leverage all the knowledge learned thus far and apply the same to the development of Spring Authorization Server.
+
+Submitted work via pull requests should follow the same coding style/conventions and adopt the same or similar design patterns that have been established in Spring Security's OAuth 2.0 support.
 
 == Documentation
 Be sure to read the https://docs.spring.io/spring-security/site/docs/current/reference/html5/[Spring Security Reference], as well as the https://docs.spring.io/spring-security/site/docs/current/reference/html5/#oauth2[OAuth 2.0 Reference], which describes the Client and Resource Server features available.
 
 Extensive JavaDoc for the Spring Security code is also available in the https://docs.spring.io/spring-security/site/docs/current/api/[Spring Security API Documentation].
 
-== Quick Start
-We recommend that you review the https://tools.ietf.org/html/rfc6749[OAuth 2.0 Authorization Framework] to gain a deep understanding of the framework.
+== Code of Conduct
+This project adheres to the Contributor Covenant link:CODE_OF_CONDUCT.adoc[code of conduct].
+By participating, you are expected to uphold this code. Please report unacceptable behavior to [email protected].
 
-The https://oauth.net/2/[OAuth 2.0] website, maintained by Aaron Parecki, provides links to learning resources as well as the various extension specifications.
+== Downloading Artifacts
+See https://github.com/spring-projects/spring-framework/wiki/Downloading-Spring-artifacts[downloading Spring artifacts] for Maven repository information.
 
 == Building from Source
 Spring Authorization Server uses a https://gradle.org[Gradle]-based build system.

core/spring-authorization-server-core.gradle

@@ -18,3 +18,7 @@ dependencies {
 
 	provided 'javax.servlet:javax.servlet-api'
 }
+
+jacoco {
+	toolVersion = '0.8.5'
+}

core/src/main/java/org/springframework/security/oauth2/server/authorization/Version.java

@@ -0,0 +1,37 @@
+/*
+ * Copyright 2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.server.authorization;
+
+/**
+ * Internal class used for serialization across Spring Security Authorization Server classes.
+ *
+ * @author Anoop Garlapati
+ * @since 0.0.1
+ */
+public final class Version {
+	private static final int MAJOR = 0;
+	private static final int MINOR = 0;
+	private static final int PATCH = 1;
+
+	/**
+	 * Global Serialization value for Spring Security Authorization Server classes.
+	 */
+	public static final long SERIAL_VERSION_UID = getVersion().hashCode();
+
+	public static String getVersion() {
+		return MAJOR + "." + MINOR + "." + PATCH;
+	}
+}

core/src/main/java/org/springframework/security/oauth2/server/authorization/client/InMemoryRegisteredClientRepository.java

@@ -0,0 +1,85 @@
+/*
+ * Copyright 2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.server.authorization.client;
+
+import org.springframework.util.Assert;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+/**
+ * A {@link RegisteredClientRepository} that stores {@link RegisteredClient}(s) in-memory.
+ *
+ * @author Anoop Garlapati
+ * @see RegisteredClientRepository
+ * @see RegisteredClient
+ * @since 0.0.1
+ */
+public final class InMemoryRegisteredClientRepository implements RegisteredClientRepository {
+	private final Map<String, RegisteredClient> idRegistrationMap;
+	private final Map<String, RegisteredClient> clientIdRegistrationMap;
+
+	/**
+	 * Constructs an {@code InMemoryRegisteredClientRepository} using the provided parameters.
+	 *
+	 * @param registrations the client registration(s)
+	 */
+	public InMemoryRegisteredClientRepository(RegisteredClient... registrations) {
+		this(Arrays.asList(registrations));
+	}
+
+	/**
+	 * Constructs an {@code InMemoryRegisteredClientRepository} using the provided parameters.
+	 *
+	 * @param registrations the client registration(s)
+	 */
+	public InMemoryRegisteredClientRepository(List<RegisteredClient> registrations) {
+		Assert.notEmpty(registrations, "registrations cannot be empty");
+		ConcurrentHashMap<String, RegisteredClient> idRegistrationMapResult = new ConcurrentHashMap<>();
+		ConcurrentHashMap<String, RegisteredClient> clientIdRegistrationMapResult = new ConcurrentHashMap<>();
+		for (RegisteredClient registration : registrations) {
+			Assert.notNull(registration, "registration cannot be null");
+			String id = registration.getId();
+			if (idRegistrationMapResult.containsKey(id)) {
+				throw new IllegalArgumentException("Registered client must be unique. " +
+						"Found duplicate identifier: " + id);
+			}
+			String clientId = registration.getClientId();
+			if (clientIdRegistrationMapResult.containsKey(clientId)) {
+				throw new IllegalArgumentException("Registered client must be unique. " +
+						"Found duplicate client identifier: " + clientId);
+			}
+			idRegistrationMapResult.put(id, registration);
+			clientIdRegistrationMapResult.put(clientId, registration);
+		}
+		this.idRegistrationMap = idRegistrationMapResult;
+		this.clientIdRegistrationMap = clientIdRegistrationMapResult;
+	}
+
+	@Override
+	public RegisteredClient findById(String id) {
+		Assert.hasText(id, "id cannot be empty");
+		return this.idRegistrationMap.get(id);
+	}
+
+	@Override
+	public RegisteredClient findByClientId(String clientId) {
+		Assert.hasText(clientId, "clientId cannot be empty");
+		return this.clientIdRegistrationMap.get(clientId);
+	}
+}