3 жил өмнө · 61621c5671
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java
@@ -15,6 +15,7 @@
 
				  */
			
 
				 package org.springframework.security.oauth2.server.authorization.authentication;
			
 
				 
			
 
				+import java.util.Collections;
			
 
				 import java.util.LinkedHashSet;
			
 
				 import java.util.Set;
			
 
				 
			
@@ -87,7 +88,7 @@ public final class OAuth2ClientCredentialsAuthenticationProvider implements Auth
 
				 			throw new OAuth2AuthenticationException(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT);
			
 
				 		}
			
 
				 
			
 
				-		Set<String> authorizedScopes = registeredClient.getScopes();		// Default to configured scopes
			
 
				+		Set<String> authorizedScopes = Collections.EMPTY_SET; // Empty by default
			
 
				 		if (!CollectionUtils.isEmpty(clientCredentialsAuthentication.getScopes())) {
			
 
				 			for (String requestedScope : clientCredentialsAuthentication.getScopes()) {
			
 
				 				if (!registeredClient.getScopes().contains(requestedScope)) {
			
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java
@@ -211,6 +211,22 @@ public class OAuth2ClientCredentialsAuthenticationProviderTests {
 
				 		assertThat(accessTokenAuthentication.getAccessToken().getScopes()).isEqualTo(requestedScope);
			
 
				 	}
			
 
				 
			
 
				+	@Test
			
 
				+	public void authenticateWhenNoScopeRequestedThenAccessTokenNotContainsAnyScope() {
			
 
				+		RegisteredClient registeredClient = TestRegisteredClients.registeredClient2().build();
			
 
				+		OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(
			
 
				+				registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
			
 
				+		OAuth2ClientCredentialsAuthenticationToken authentication =
			
 
				+				new OAuth2ClientCredentialsAuthenticationToken(clientPrincipal, null, null);
			
 
				+
			
 
				+		when(this.jwtEncoder.encode(any()))
			
 
				+				.thenReturn(createJwt(Collections.singleton("mapped-scoped")));
			
 
				+
			
 
				+		OAuth2AccessTokenAuthenticationToken accessTokenAuthentication =
			
 
				+				(OAuth2AccessTokenAuthenticationToken) this.authenticationProvider.authenticate(authentication);
			
 
				+		assertThat(accessTokenAuthentication.getAccessToken().getScopes()).isEmpty();
			
 
				+	}
			
 
				+
			
 
				 	@Test
			
 
				 	public void authenticateWhenAccessTokenNotGeneratedThenThrowOAuth2AuthenticationException() {
			
 
				 		RegisteredClient registeredClient = TestRegisteredClients.registeredClient2().build();