Extract constants from Settings implementations

Closes gh-369

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/ClientSettings.java

@@ -25,11 +25,9 @@ import org.springframework.util.Assert;
  * @author Joe Grandja
  * @since 0.0.2
  * @see AbstractSettings
+ * @see ConfigurationSettingNames.Client
  */
 public final class ClientSettings extends AbstractSettings {
-	private static final String CLIENT_SETTING_BASE = "setting.client.";
-	public static final String REQUIRE_PROOF_KEY = CLIENT_SETTING_BASE.concat("require-proof-key");
-	public static final String REQUIRE_AUTHORIZATION_CONSENT = CLIENT_SETTING_BASE.concat("require-authorization-consent");
 
 	private ClientSettings(Map<String, Object> settings) {
 		super(settings);
@@ -42,7 +40,7 @@ public final class ClientSettings extends AbstractSettings {
 	 * @return {@code true} if the client is required to provide a proof key challenge and verifier, {@code false} otherwise
 	 */
 	public boolean isRequireProofKey() {
-		return getSetting(REQUIRE_PROOF_KEY);
+		return getSetting(ConfigurationSettingNames.Client.REQUIRE_PROOF_KEY);
 	}
 
 	/**
@@ -52,7 +50,7 @@ public final class ClientSettings extends AbstractSettings {
 	 * @return {@code true} if authorization consent is required when the client requests access, {@code false} otherwise
 	 */
 	public boolean isRequireAuthorizationConsent() {
-		return getSetting(REQUIRE_AUTHORIZATION_CONSENT);
+		return getSetting(ConfigurationSettingNames.Client.REQUIRE_AUTHORIZATION_CONSENT);
 	}
 
 	/**
@@ -94,7 +92,7 @@ public final class ClientSettings extends AbstractSettings {
 		 * @return the {@link Builder} for further configuration
 		 */
 		public Builder requireProofKey(boolean requireProofKey) {
-			return setting(REQUIRE_PROOF_KEY, requireProofKey);
+			return setting(ConfigurationSettingNames.Client.REQUIRE_PROOF_KEY, requireProofKey);
 		}
 
 		/**
@@ -105,7 +103,7 @@ public final class ClientSettings extends AbstractSettings {
 		 * @return the {@link Builder} for further configuration
 		 */
 		public Builder requireAuthorizationConsent(boolean requireAuthorizationConsent) {
-			return setting(REQUIRE_AUTHORIZATION_CONSENT, requireAuthorizationConsent);
+			return setting(ConfigurationSettingNames.Client.REQUIRE_AUTHORIZATION_CONSENT, requireAuthorizationConsent);
 		}
 
 		/**

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/ConfigurationSettingNames.java

@@ -0,0 +1,134 @@
+/*
+ * Copyright 2020-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.server.authorization.config;
+
+import org.springframework.security.oauth2.core.oidc.OidcIdToken;
+import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
+
+/**
+ * The names for all the configuration settings.
+ *
+ * @author Joe Grandja
+ * @since 0.2.0
+ */
+public final class ConfigurationSettingNames {
+	private static final String SETTINGS_NAMESPACE = "settings.";
+
+	private ConfigurationSettingNames() {
+	}
+
+	/**
+	 * The names for client configuration settings.
+	 */
+	public static class Client {
+		private static final String CLIENT_SETTINGS_NAMESPACE = SETTINGS_NAMESPACE.concat("client.");
+
+		/**
+		 * Set to {@code true} if the client is required to provide a proof key challenge and verifier
+		 * when performing the Authorization Code Grant flow.
+		 */
+		public static final String REQUIRE_PROOF_KEY = CLIENT_SETTINGS_NAMESPACE.concat("require-proof-key");
+
+		/**
+		 * Set to {@code true} if authorization consent is required when the client requests access.
+		 * This applies to all interactive flows (e.g. {@code authorization_code} and {@code device_code}).
+		 */
+		public static final String REQUIRE_AUTHORIZATION_CONSENT = CLIENT_SETTINGS_NAMESPACE.concat("require-authorization-consent");
+
+		private Client() {
+		}
+
+	}
+
+	/**
+	 * The names for provider configuration settings.
+	 */
+	public static class Provider {
+		private static final String PROVIDER_SETTINGS_NAMESPACE = SETTINGS_NAMESPACE.concat("provider.");
+
+		/**
+		 * Set the URL the Provider uses as its Issuer Identifier.
+		 */
+		public static final String ISSUER = PROVIDER_SETTINGS_NAMESPACE.concat("issuer");
+
+		/**
+		 * Set the Provider's OAuth 2.0 Authorization endpoint.
+		 */
+		public static final String AUTHORIZATION_ENDPOINT = PROVIDER_SETTINGS_NAMESPACE.concat("authorization-endpoint");
+
+		/**
+		 * Set the Provider's OAuth 2.0 Token endpoint.
+		 */
+		public static final String TOKEN_ENDPOINT = PROVIDER_SETTINGS_NAMESPACE.concat("token-endpoint");
+
+		/**
+		 * Set the Provider's JWK Set endpoint.
+		 */
+		public static final String JWK_SET_ENDPOINT = PROVIDER_SETTINGS_NAMESPACE.concat("jwk-set-endpoint");
+
+		/**
+		 * Set the Provider's OAuth 2.0 Token Revocation endpoint.
+		 */
+		public static final String TOKEN_REVOCATION_ENDPOINT = PROVIDER_SETTINGS_NAMESPACE.concat("token-revocation-endpoint");
+
+		/**
+		 * Set the Provider's OAuth 2.0 Token Introspection endpoint.
+		 */
+		public static final String TOKEN_INTROSPECTION_ENDPOINT = PROVIDER_SETTINGS_NAMESPACE.concat("token-introspection-endpoint");
+
+		/**
+		 * Set the Provider's OpenID Connect 1.0 Client Registration endpoint.
+		 */
+		public static final String OIDC_CLIENT_REGISTRATION_ENDPOINT = PROVIDER_SETTINGS_NAMESPACE.concat("oidc-client-registration-endpoint");
+
+		private Provider() {
+		}
+
+	}
+
+	/**
+	 * The names for token configuration settings.
+	 */
+	public static class Token {
+		private static final String TOKEN_SETTINGS_NAMESPACE = SETTINGS_NAMESPACE.concat("token.");
+
+		/**
+		 * Set the time-to-live for an access token.
+		 */
+		public static final String ACCESS_TOKEN_TIME_TO_LIVE = TOKEN_SETTINGS_NAMESPACE.concat("access-token-time-to-live");
+
+		/**
+		 * Set to {@code true} if refresh tokens are reused when returning the access token response,
+		 * or {@code false} if a new refresh token is issued.
+		 */
+		public static final String REUSE_REFRESH_TOKENS = TOKEN_SETTINGS_NAMESPACE.concat("reuse-refresh-tokens");
+
+		/**
+		 * Set the time-to-live for a refresh token.
+		 */
+		public static final String REFRESH_TOKEN_TIME_TO_LIVE = TOKEN_SETTINGS_NAMESPACE.concat("refresh-token-time-to-live");
+
+		/**
+		 * Set the {@link SignatureAlgorithm JWS} algorithm for signing the {@link OidcIdToken ID Token}.
+		 */
+		public static final String ID_TOKEN_SIGNATURE_ALGORITHM = TOKEN_SETTINGS_NAMESPACE.concat("id-token-signature-algorithm");
+
+		private Token() {
+		}
+
+	}
+
+}

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/ProviderSettings.java

@@ -26,16 +26,9 @@ import org.springframework.util.Assert;
  * @author Joe Grandja
  * @since 0.1.0
  * @see AbstractSettings
+ * @see ConfigurationSettingNames.Provider
  */
 public final class ProviderSettings extends AbstractSettings {
-	private static final String PROVIDER_SETTING_BASE = "setting.provider.";
-	public static final String ISSUER = PROVIDER_SETTING_BASE.concat("issuer");
-	public static final String AUTHORIZATION_ENDPOINT = PROVIDER_SETTING_BASE.concat("authorization-endpoint");
-	public static final String TOKEN_ENDPOINT = PROVIDER_SETTING_BASE.concat("token-endpoint");
-	public static final String JWK_SET_ENDPOINT = PROVIDER_SETTING_BASE.concat("jwk-set-endpoint");
-	public static final String TOKEN_REVOCATION_ENDPOINT = PROVIDER_SETTING_BASE.concat("token-revocation-endpoint");
-	public static final String TOKEN_INTROSPECTION_ENDPOINT = PROVIDER_SETTING_BASE.concat("token-introspection-endpoint");
-	public static final String OIDC_CLIENT_REGISTRATION_ENDPOINT = PROVIDER_SETTING_BASE.concat("oidc-client-registration-endpoint");
 
 	private ProviderSettings(Map<String, Object> settings) {
 		super(settings);
@@ -47,7 +40,7 @@ public final class ProviderSettings extends AbstractSettings {
 	 * @return the URL of the Provider's Issuer Identifier
 	 */
 	public String getIssuer() {
-		return getSetting(ISSUER);
+		return getSetting(ConfigurationSettingNames.Provider.ISSUER);
 	}
 
 	/**
@@ -56,7 +49,7 @@ public final class ProviderSettings extends AbstractSettings {
 	 * @return the Authorization endpoint
 	 */
 	public String getAuthorizationEndpoint() {
-		return getSetting(AUTHORIZATION_ENDPOINT);
+		return getSetting(ConfigurationSettingNames.Provider.AUTHORIZATION_ENDPOINT);
 	}
 
 	/**
@@ -65,7 +58,7 @@ public final class ProviderSettings extends AbstractSettings {
 	 * @return the Token endpoint
 	 */
 	public String getTokenEndpoint() {
-		return getSetting(TOKEN_ENDPOINT);
+		return getSetting(ConfigurationSettingNames.Provider.TOKEN_ENDPOINT);
 	}
 
 	/**
@@ -74,7 +67,7 @@ public final class ProviderSettings extends AbstractSettings {
 	 * @return the JWK Set endpoint
 	 */
 	public String getJwkSetEndpoint() {
-		return getSetting(JWK_SET_ENDPOINT);
+		return getSetting(ConfigurationSettingNames.Provider.JWK_SET_ENDPOINT);
 	}
 
 	/**
@@ -83,7 +76,7 @@ public final class ProviderSettings extends AbstractSettings {
 	 * @return the Token Revocation endpoint
 	 */
 	public String getTokenRevocationEndpoint() {
-		return getSetting(TOKEN_REVOCATION_ENDPOINT);
+		return getSetting(ConfigurationSettingNames.Provider.TOKEN_REVOCATION_ENDPOINT);
 	}
 
 	/**
@@ -92,7 +85,7 @@ public final class ProviderSettings extends AbstractSettings {
 	 * @return the Token Introspection endpoint
 	 */
 	public String getTokenIntrospectionEndpoint() {
-		return getSetting(TOKEN_INTROSPECTION_ENDPOINT);
+		return getSetting(ConfigurationSettingNames.Provider.TOKEN_INTROSPECTION_ENDPOINT);
 	}
 
 	/**
@@ -101,7 +94,7 @@ public final class ProviderSettings extends AbstractSettings {
 	 * @return the OpenID Connect 1.0 Client Registration endpoint
 	 */
 	public String getOidcClientRegistrationEndpoint() {
-		return getSetting(OIDC_CLIENT_REGISTRATION_ENDPOINT);
+		return getSetting(ConfigurationSettingNames.Provider.OIDC_CLIENT_REGISTRATION_ENDPOINT);
 	}
 
 	/**
@@ -146,7 +139,7 @@ public final class ProviderSettings extends AbstractSettings {
 		 * @return the {@link Builder} for further configuration
 		 */
 		public Builder issuer(String issuer) {
-			return setting(ISSUER, issuer);
+			return setting(ConfigurationSettingNames.Provider.ISSUER, issuer);
 		}
 
 		/**
@@ -156,7 +149,7 @@ public final class ProviderSettings extends AbstractSettings {
 		 * @return the {@link Builder} for further configuration
 		 */
 		public Builder authorizationEndpoint(String authorizationEndpoint) {
-			return setting(AUTHORIZATION_ENDPOINT, authorizationEndpoint);
+			return setting(ConfigurationSettingNames.Provider.AUTHORIZATION_ENDPOINT, authorizationEndpoint);
 		}
 
 		/**
@@ -166,7 +159,7 @@ public final class ProviderSettings extends AbstractSettings {
 		 * @return the {@link Builder} for further configuration
 		 */
 		public Builder tokenEndpoint(String tokenEndpoint) {
-			return setting(TOKEN_ENDPOINT, tokenEndpoint);
+			return setting(ConfigurationSettingNames.Provider.TOKEN_ENDPOINT, tokenEndpoint);
 		}
 
 		/**
@@ -176,7 +169,7 @@ public final class ProviderSettings extends AbstractSettings {
 		 * @return the {@link Builder} for further configuration
 		 */
 		public Builder jwkSetEndpoint(String jwkSetEndpoint) {
-			return setting(JWK_SET_ENDPOINT, jwkSetEndpoint);
+			return setting(ConfigurationSettingNames.Provider.JWK_SET_ENDPOINT, jwkSetEndpoint);
 		}
 
 		/**
@@ -186,7 +179,7 @@ public final class ProviderSettings extends AbstractSettings {
 		 * @return the {@link Builder} for further configuration
 		 */
 		public Builder tokenRevocationEndpoint(String tokenRevocationEndpoint) {
-			return setting(TOKEN_REVOCATION_ENDPOINT, tokenRevocationEndpoint);
+			return setting(ConfigurationSettingNames.Provider.TOKEN_REVOCATION_ENDPOINT, tokenRevocationEndpoint);
 		}
 
 		/**
@@ -196,7 +189,7 @@ public final class ProviderSettings extends AbstractSettings {
 		 * @return the {@link Builder} for further configuration
 		 */
 		public Builder tokenIntrospectionEndpoint(String tokenIntrospectionEndpoint) {
-			return setting(TOKEN_INTROSPECTION_ENDPOINT, tokenIntrospectionEndpoint);
+			return setting(ConfigurationSettingNames.Provider.TOKEN_INTROSPECTION_ENDPOINT, tokenIntrospectionEndpoint);
 		}
 
 		/**
@@ -206,7 +199,7 @@ public final class ProviderSettings extends AbstractSettings {
 		 * @return the {@link Builder} for further configuration
 		 */
 		public Builder oidcClientRegistrationEndpoint(String oidcClientRegistrationEndpoint) {
-			return setting(OIDC_CLIENT_REGISTRATION_ENDPOINT, oidcClientRegistrationEndpoint);
+			return setting(ConfigurationSettingNames.Provider.OIDC_CLIENT_REGISTRATION_ENDPOINT, oidcClientRegistrationEndpoint);
 		}
 
 		/**

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/TokenSettings.java

@@ -28,13 +28,9 @@ import org.springframework.util.Assert;
  * @author Joe Grandja
  * @since 0.0.2
  * @see AbstractSettings
+ * @see ConfigurationSettingNames.Token
  */
 public final class TokenSettings extends AbstractSettings {
-	private static final String TOKEN_SETTING_BASE = "setting.token.";
-	public static final String ACCESS_TOKEN_TIME_TO_LIVE = TOKEN_SETTING_BASE.concat("access-token-time-to-live");
-	public static final String REUSE_REFRESH_TOKENS = TOKEN_SETTING_BASE.concat("reuse-refresh-tokens");
-	public static final String REFRESH_TOKEN_TIME_TO_LIVE = TOKEN_SETTING_BASE.concat("refresh-token-time-to-live");
-	public static final String ID_TOKEN_SIGNATURE_ALGORITHM = TOKEN_SETTING_BASE.concat("id-token-signature-algorithm");
 
 	private TokenSettings(Map<String, Object> settings) {
 		super(settings);
@@ -46,7 +42,7 @@ public final class TokenSettings extends AbstractSettings {
 	 * @return the time-to-live for an access token
 	 */
 	public Duration getAccessTokenTimeToLive() {
-		return getSetting(ACCESS_TOKEN_TIME_TO_LIVE);
+		return getSetting(ConfigurationSettingNames.Token.ACCESS_TOKEN_TIME_TO_LIVE);
 	}
 
 	/**
@@ -54,7 +50,7 @@ public final class TokenSettings extends AbstractSettings {
 	 * or {@code false} if a new refresh token is issued. The default is {@code true}.
 	 */
 	public boolean isReuseRefreshTokens() {
-		return getSetting(REUSE_REFRESH_TOKENS);
+		return getSetting(ConfigurationSettingNames.Token.REUSE_REFRESH_TOKENS);
 	}
 
 	/**
@@ -63,7 +59,7 @@ public final class TokenSettings extends AbstractSettings {
 	 * @return the time-to-live for a refresh token
 	 */
 	public Duration getRefreshTokenTimeToLive() {
-		return getSetting(REFRESH_TOKEN_TIME_TO_LIVE);
+		return getSetting(ConfigurationSettingNames.Token.REFRESH_TOKEN_TIME_TO_LIVE);
 	}
 
 	/**
@@ -73,7 +69,7 @@ public final class TokenSettings extends AbstractSettings {
 	 * @return the {@link SignatureAlgorithm JWS} algorithm for signing the {@link OidcIdToken ID Token}
 	 */
 	public SignatureAlgorithm getIdTokenSignatureAlgorithm() {
-		return getSetting(ID_TOKEN_SIGNATURE_ALGORITHM);
+		return getSetting(ConfigurationSettingNames.Token.ID_TOKEN_SIGNATURE_ALGORITHM);
 	}
 
 	/**
@@ -118,7 +114,7 @@ public final class TokenSettings extends AbstractSettings {
 		public Builder accessTokenTimeToLive(Duration accessTokenTimeToLive) {
 			Assert.notNull(accessTokenTimeToLive, "accessTokenTimeToLive cannot be null");
 			Assert.isTrue(accessTokenTimeToLive.getSeconds() > 0, "accessTokenTimeToLive must be greater than Duration.ZERO");
-			return setting(ACCESS_TOKEN_TIME_TO_LIVE, accessTokenTimeToLive);
+			return setting(ConfigurationSettingNames.Token.ACCESS_TOKEN_TIME_TO_LIVE, accessTokenTimeToLive);
 		}
 
 		/**
@@ -129,7 +125,7 @@ public final class TokenSettings extends AbstractSettings {
 		 * @return the {@link Builder} for further configuration
 		 */
 		public Builder reuseRefreshTokens(boolean reuseRefreshTokens) {
-			return setting(REUSE_REFRESH_TOKENS, reuseRefreshTokens);
+			return setting(ConfigurationSettingNames.Token.REUSE_REFRESH_TOKENS, reuseRefreshTokens);
 		}
 
 		/**
@@ -141,7 +137,7 @@ public final class TokenSettings extends AbstractSettings {
 		public Builder refreshTokenTimeToLive(Duration refreshTokenTimeToLive) {
 			Assert.notNull(refreshTokenTimeToLive, "refreshTokenTimeToLive cannot be null");
 			Assert.isTrue(refreshTokenTimeToLive.getSeconds() > 0, "refreshTokenTimeToLive must be greater than Duration.ZERO");
-			return setting(REFRESH_TOKEN_TIME_TO_LIVE, refreshTokenTimeToLive);
+			return setting(ConfigurationSettingNames.Token.REFRESH_TOKEN_TIME_TO_LIVE, refreshTokenTimeToLive);
 		}
 
 		/**
@@ -152,7 +148,7 @@ public final class TokenSettings extends AbstractSettings {
 		 */
 		public Builder idTokenSignatureAlgorithm(SignatureAlgorithm idTokenSignatureAlgorithm) {
 			Assert.notNull(idTokenSignatureAlgorithm, "idTokenSignatureAlgorithm cannot be null");
-			return setting(ID_TOKEN_SIGNATURE_ALGORITHM, idTokenSignatureAlgorithm);
+			return setting(ConfigurationSettingNames.Token.ID_TOKEN_SIGNATURE_ALGORITHM, idTokenSignatureAlgorithm);
 		}
 
 		/**