Merge branch '1.1.x'

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/JdbcOAuth2AuthorizationConsentService.java

@@ -47,11 +47,17 @@ import org.springframework.util.StringUtils;
  * {@link JdbcOperations} for {@link OAuth2AuthorizationConsent} persistence.
  *
  * <p>
- * <b>NOTE:</b> This {@code OAuth2AuthorizationConsentService} depends on the table definition
+ * <b>IMPORTANT:</b> This {@code OAuth2AuthorizationConsentService} depends on the table definition
  * described in
  * "classpath:org/springframework/security/oauth2/server/authorization/oauth2-authorization-consent-schema.sql" and
  * therefore MUST be defined in the database schema.
  *
+ * <p>
+ * <b>NOTE:</b> This {@code OAuth2AuthorizationConsentService} is a simplified JDBC implementation that MAY be used in a production environment.
+ * However, it does have limitations as it likely won't perform well in an environment requiring high throughput.
+ * The expectation is that the consuming application will provide their own implementation of {@code OAuth2AuthorizationConsentService}
+ * that meets the performance requirements for its deployment environment.
+ *
  * @author Ovidiu Popa
  * @author Josh Long
  * @since 0.1.2

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/JdbcOAuth2AuthorizationService.java

@@ -72,11 +72,17 @@ import org.springframework.util.StringUtils;
  * {@link JdbcOperations} for {@link OAuth2Authorization} persistence.
  *
  * <p>
- * <b>NOTE:</b> This {@code OAuth2AuthorizationService} depends on the table definition
+ * <b>IMPORTANT:</b> This {@code OAuth2AuthorizationService} depends on the table definition
  * described in
  * "classpath:org/springframework/security/oauth2/server/authorization/oauth2-authorization-schema.sql" and
  * therefore MUST be defined in the database schema.
  *
+ * <p>
+ * <b>NOTE:</b> This {@code OAuth2AuthorizationService} is a simplified JDBC implementation that MAY be used in a production environment.
+ * However, it does have limitations as it likely won't perform well in an environment requiring high throughput.
+ * The expectation is that the consuming application will provide their own implementation of {@code OAuth2AuthorizationService}
+ * that meets the performance requirements for its deployment environment.
+ *
  * @author Ovidiu Popa
  * @author Joe Grandja
  * @author Josh Long

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository.java

@@ -56,10 +56,16 @@ import org.springframework.util.StringUtils;
  * {@link JdbcOperations} for {@link RegisteredClient} persistence.
  *
  * <p>
- * <b>NOTE:</b> This {@code RegisteredClientRepository} depends on the table definition described in
+ * <b>IMPORTANT:</b> This {@code RegisteredClientRepository} depends on the table definition described in
  * "classpath:org/springframework/security/oauth2/server/authorization/client/oauth2-registered-client-schema.sql" and
  * therefore MUST be defined in the database schema.
  *
+ * <p>
+ * <b>NOTE:</b> This {@code RegisteredClientRepository} is a simplified JDBC implementation that MAY be used in a production environment.
+ * However, it does have limitations as it likely won't perform well in an environment requiring high throughput.
+ * The expectation is that the consuming application will provide their own implementation of {@code RegisteredClientRepository}
+ * that meets the performance requirements for its deployment environment.
+ *
  * @author Rafal Lewczuk
  * @author Joe Grandja
  * @author Ovidiu Popa