Polish gh-280

Author: jgrandja

oauth2-authorization-server/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.java

@@ -35,12 +35,12 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.jwt.JwtEncoder;
 import org.springframework.security.oauth2.jwt.NimbusJwsEncoder;
-import org.springframework.security.oauth2.server.authorization.InMemoryOAuth2AuthorizationService;
 import org.springframework.security.oauth2.server.authorization.InMemoryOAuth2AuthorizationConsentService;
+import org.springframework.security.oauth2.server.authorization.InMemoryOAuth2AuthorizationService;
 import org.springframework.security.oauth2.server.authorization.JwtEncodingContext;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsentService;
 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
 import org.springframework.security.oauth2.server.authorization.OAuth2TokenCustomizer;
-import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsentService;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationProvider;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationProvider;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientCredentialsAuthenticationProvider;
@@ -79,6 +79,7 @@
  * @see AbstractHttpConfigurer
  * @see RegisteredClientRepository
  * @see OAuth2AuthorizationService
+ * @see OAuth2AuthorizationConsentService
  * @see OAuth2AuthorizationEndpointFilter
  * @see OAuth2TokenEndpointFilter
  * @see OAuth2TokenIntrospectionEndpointFilter
@@ -138,7 +139,7 @@ public OAuth2AuthorizationServerConfigurer<B> authorizationService(OAuth2Authori
 	/**
 	 * Sets the authorization consent service.
 	 *
-	 * @param authorizationConsentService the authorization service
+	 * @param authorizationConsentService the authorization consent service
 	 * @return the {@link OAuth2AuthorizationServerConfigurer} for further configuration
 	 */
 	public OAuth2AuthorizationServerConfigurer<B> authorizationConsentService(OAuth2AuthorizationConsentService authorizationConsentService) {
@@ -160,17 +161,17 @@ public OAuth2AuthorizationServerConfigurer<B> providerSettings(ProviderSettings
 	}
 
 	/**
-	 * Specify the URL to redirect Resource Owners to if consent is required during
+	 * Specify the URI to redirect Resource Owners to if consent is required during
 	 * the {@code authorization_code} flow. A default consent page will be generated when
 	 * this attribute is not specified.
 	 *
-	 * If a URL is specified, users are required to process the specified URL to generate
+	 * If a URI is specified, applications are required to process the specified URI to generate
 	 * a consent page. The query string will contain the following parameters:
 	 *
 	 * <ul>
-	 * <li>{@code client_id} the client identifier</li>
-	 * <li>{@code scope} the space separated list of scopes present in the authorization request</li>
-	 * <li>{@code state} a CSRF protection token</li>
+	 * <li>{@code client_id} - the client identifier</li>
+	 * <li>{@code scope} - the space separated list of scopes present in the authorization request</li>
+	 * <li>{@code state} - a CSRF protection token</li>
 	 * </ul>
 	 *
 	 * In general, the consent page should create a form that submits
@@ -181,14 +182,13 @@ public OAuth2AuthorizationServerConfigurer<B> providerSettings(ProviderSettings
 	 * <li>It must be submitted to {@link ProviderSettings#authorizationEndpoint()}</li>
 	 * <li>It must include the received {@code client_id} as an HTTP parameter</li>
 	 * <li>It must include the received {@code state} as an HTTP parameter</li>
-	 * <li>It must include the list of {@code scope}s the {@code Resource Owners}
-	 * consents to as an HTTP parameter</li>
-	 * <li>It must include the {@code consent_action} parameter, with value either
+	 * <li>It must include the list of {@code scope}s the {@code Resource Owner}
+	 * consented to as an HTTP parameter</li>
+	 * <li>It must include the {@code consent_action} parameter, with a value either
 	 * {@code approve} or {@code cancel} as an HTTP parameter</li>
 	 * </ul>
 	 *
-	 *
-	 * @param consentPage the consent page to redirect to if consent is required (e.g. "/consent")
+	 * @param consentPage the consent page to redirect to if consent is required (e.g. "/oauth2/consent")
 	 * @return the {@link OAuth2AuthorizationServerConfigurer} for further configuration
 	 */
 	public OAuth2AuthorizationServerConfigurer<B> consentPage(String consentPage) {
@@ -316,9 +316,8 @@ public void configure(B builder) {
 						getRegisteredClientRepository(builder),
 						getAuthorizationService(builder),
 						getAuthorizationConsentService(builder),
-						providerSettings.authorizationEndpoint()
-				);
-		if (this.consentPage != null) {
+						providerSettings.authorizationEndpoint());
+		if (StringUtils.hasText(this.consentPage)) {
 			authorizationEndpointFilter.setUserConsentUri(this.consentPage);
 		}
 		builder.addFilterBefore(postProcess(authorizationEndpointFilter), AbstractPreAuthenticatedProcessingFilter.class);

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationConsentService.java

@@ -15,16 +15,16 @@
  */
 package org.springframework.security.oauth2.server.authorization;
 
-import org.springframework.lang.Nullable;
-import org.springframework.util.Assert;
-
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 import java.util.concurrent.ConcurrentHashMap;
 
+import org.springframework.lang.Nullable;
+import org.springframework.util.Assert;
+
 /**
  * An {@link OAuth2AuthorizationConsentService} that stores {@link OAuth2AuthorizationConsent}'s in-memory.
  *
@@ -102,4 +102,5 @@ private static int getId(String registeredClientId, String principalName) {
 	private static int getId(OAuth2AuthorizationConsent authorizationConsent) {
 		return getId(authorizationConsent.getRegisteredClientId(), authorizationConsent.getPrincipalName());
 	}
+
 }

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationConsent.java

@@ -15,6 +15,13 @@
  */
 package org.springframework.security.oauth2.server.authorization;
 
+import java.io.Serializable;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.function.Consumer;
+import java.util.stream.Collectors;
+
 import org.springframework.lang.NonNull;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -23,16 +30,9 @@
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
 
-import java.io.Serializable;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-import java.util.function.Consumer;
-import java.util.stream.Collectors;
-
 /**
  * A representation of an OAuth 2.0 "consent" to an Authorization request, which holds state related to the
- * set of {@link #getAuthorities()} authorities} granted to a {@link #getRegisteredClientId() client} by the
+ * set of {@link #getAuthorities() authorities} granted to a {@link #getRegisteredClientId() client} by the
  * {@link #getPrincipalName() resource owner}.
  * <p>
  * When authorizing access for a given client, the resource owner may only grant a subset of the authorities
@@ -130,7 +130,7 @@ public static Builder withId(@NonNull String registeredClientId, @NonNull String
 	/**
 	 * A builder for {@link OAuth2AuthorizationConsent}.
 	 */
-	public final static class Builder implements Serializable {
+	public static final class Builder implements Serializable {
 		private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
 
 		private final String registeredClientId;
@@ -151,10 +151,10 @@ private Builder(String registeredClientId, String principalName, Set<GrantedAuth
 
 		/**
 		 * Adds a scope to the collection of {@code authorities} in the resulting {@link OAuth2AuthorizationConsent},
-		 * wrapping it in a SimpleGrantedAuthority, prefixed by {@code SCOPE_}. For example, a
+		 * wrapping it in a {@link SimpleGrantedAuthority}, prefixed by {@code SCOPE_}. For example, a
 		 * {@code message.write} scope would be stored as {@code SCOPE_message.write}.
 		 *
-		 * @param scope the {@code scope}
+		 * @param scope the scope
 		 * @return the {@code Builder} for further configuration
 		 */
 		public Builder scope(String scope) {

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationConsentService.java

@@ -29,6 +29,7 @@
  * @see OAuth2AuthorizationConsent
  */
 public interface OAuth2AuthorizationConsentService {
+
 	/**
 	 * Saves the {@link OAuth2AuthorizationConsent}.
 	 *
@@ -53,4 +54,5 @@ public interface OAuth2AuthorizationConsentService {
 	 */
 	@Nullable
 	OAuth2AuthorizationConsent findById(String registeredClientId, String principalName);
+
 }