Polish gh-331

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/JdbcOAuth2AuthorizationService.java

@@ -54,7 +54,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
-import org.springframework.security.oauth2.server.authorization.jackson2.OAuth2ServerJackson2Module;
+import org.springframework.security.oauth2.server.authorization.jackson2.OAuth2AuthorizationServerJackson2Module;
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
@@ -317,7 +317,7 @@ public class JdbcOAuth2AuthorizationService implements OAuth2AuthorizationServic
 			ClassLoader classLoader = JdbcOAuth2AuthorizationService.class.getClassLoader();
 			List<Module> securityModules = SecurityJackson2Modules.getModules(classLoader);
 			this.objectMapper.registerModules(securityModules);
-			this.objectMapper.registerModule(new OAuth2ServerJackson2Module());
+			this.objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
 		}
 
 		@Override
@@ -455,7 +455,7 @@ public class JdbcOAuth2AuthorizationService implements OAuth2AuthorizationServic
 			ClassLoader classLoader = JdbcOAuth2AuthorizationService.class.getClassLoader();
 			List<Module> securityModules = SecurityJackson2Modules.getModules(classLoader);
 			this.objectMapper.registerModules(securityModules);
-			this.objectMapper.registerModule(new OAuth2ServerJackson2Module());
+			this.objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
 		}
 
 		@Override

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/HashSetMixin.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2020-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -13,7 +13,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.springframework.security.oauth2.server.authorization.jackson2;
 
 import java.util.HashSet;
@@ -26,9 +25,8 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
  * This mixin class is used to serialize/deserialize {@link HashSet}.
  *
  * @author Steve Riesenberg
- * @see HashSet
- * @see OAuth2ServerJackson2Module
  * @since 0.1.2
+ * @see HashSet
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 abstract class HashSetMixin {

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/JsonNodeUtils.java

@@ -24,10 +24,14 @@ import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 /**
+ * TODO
+ * This class is a straight copy from Spring Security.
+ * It should be consolidated when merging this codebase into Spring Security.
+ *
  * Utility class for {@code JsonNode}.
  *
  * @author Joe Grandja
- * @since 0.1.2
+ * @since 5.3
  */
 abstract class JsonNodeUtils {
 

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationRequestDeserializer.java

@@ -31,10 +31,14 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder;
 
 /**
+ * TODO
+ * This class is a straight copy from Spring Security.
+ * It should be consolidated when merging this codebase into Spring Security.
+ *
  * A {@code JsonDeserializer} for {@link OAuth2AuthorizationRequest}.
  *
  * @author Joe Grandja
- * @since 0.1.2
+ * @since 5.3
  * @see OAuth2AuthorizationRequest
  * @see OAuth2AuthorizationRequestMixin
  */

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationRequestMixin.java

@@ -24,14 +24,17 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 
 /**
+ * TODO
+ * This class is a straight copy from Spring Security.
+ * It should be consolidated when merging this codebase into Spring Security.
+ *
  * This mixin class is used to serialize/deserialize {@link OAuth2AuthorizationRequest}.
  * It also registers a custom deserializer {@link OAuth2AuthorizationRequestDeserializer}.
  *
  * @author Joe Grandja
- * @since 0.1.2
+ * @since 5.3
  * @see OAuth2AuthorizationRequest
  * @see OAuth2AuthorizationRequestDeserializer
- * @see OAuth2ServerJackson2Module
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonDeserialize(using = OAuth2AuthorizationRequestDeserializer.class)

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2ServerJackson2Module.java → oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationServerJackson2Module.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2020-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -13,7 +13,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.springframework.security.oauth2.server.authorization.jackson2;
 
 import java.util.Collections;
@@ -24,7 +23,6 @@ import com.fasterxml.jackson.databind.module.SimpleModule;
 
 import org.springframework.security.jackson2.SecurityJackson2Modules;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
-import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
 
 /**
  * Jackson {@code Module} for {@code spring-authorization-server}, that registers the
@@ -34,7 +32,6 @@ import org.springframework.security.oauth2.server.authorization.authentication.O
  * <li>{@link UnmodifiableMapMixin}</li>
  * <li>{@link HashSetMixin}</li>
  * <li>{@link OAuth2AuthorizationRequestMixin}</li>
- * <li>{@link OAuth2ClientAuthenticationTokenMixin}</li>
  * </ul>
  *
  * If not already enabled, default typing will be automatically enabled as type info is
@@ -43,21 +40,23 @@ import org.springframework.security.oauth2.server.authorization.authentication.O
  *
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
- *     mapper.registerModule(new OAuth2ServerJackson2Module());
+ *     mapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
  * </pre>
  *
+ * <b>NOTE:</b> Use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get a list
+ * of all security modules.
+ *
  * @author Steve Riesenberg
  * @since 0.1.2
  * @see SecurityJackson2Modules
  * @see UnmodifiableMapMixin
  * @see HashSetMixin
  * @see OAuth2AuthorizationRequestMixin
- * @see OAuth2ClientAuthenticationTokenMixin
  */
-public class OAuth2ServerJackson2Module extends SimpleModule {
+public class OAuth2AuthorizationServerJackson2Module extends SimpleModule {
 
-	public OAuth2ServerJackson2Module() {
-		super(OAuth2ServerJackson2Module.class.getName(), new Version(1, 0, 0, null, null, null));
+	public OAuth2AuthorizationServerJackson2Module() {
+		super(OAuth2AuthorizationServerJackson2Module.class.getName(), new Version(1, 0, 0, null, null, null));
 	}
 
 	@Override
@@ -67,7 +66,6 @@ public class OAuth2ServerJackson2Module extends SimpleModule {
 				UnmodifiableMapMixin.class);
 		context.setMixInAnnotations(HashSet.class, HashSetMixin.class);
 		context.setMixInAnnotations(OAuth2AuthorizationRequest.class, OAuth2AuthorizationRequestMixin.class);
-		context.setMixInAnnotations(OAuth2ClientAuthenticationToken.class, OAuth2ClientAuthenticationTokenMixin.class);
 	}
 
 }

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2ClientAuthenticationTokenMixin.java

@@ -1,51 +0,0 @@
-/*
- * Copyright 2002-2020 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.oauth2.server.authorization.jackson2;
-
-import java.util.Map;
-
-import com.fasterxml.jackson.annotation.JsonAutoDetect;
-import com.fasterxml.jackson.annotation.JsonCreator;
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonProperty;
-import com.fasterxml.jackson.annotation.JsonTypeInfo;
-
-import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
-import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
-
-/**
- * This mixin class is used to serialize/deserialize {@link OAuth2ClientAuthenticationToken}.
- *
- * @author Joe Grandja
- * @since 0.1.2
- * @see OAuth2ClientAuthenticationToken
- * @see OAuth2ServerJackson2Module
- */
-@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
-@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
-		isGetterVisibility = JsonAutoDetect.Visibility.NONE)
-@JsonIgnoreProperties(value = { "authenticated" }, ignoreUnknown = true)
-abstract class OAuth2ClientAuthenticationTokenMixin {
-
-	@JsonCreator
-	OAuth2ClientAuthenticationTokenMixin(@JsonProperty("clientId") String clientId,
-			@JsonProperty("clientSecret") String clientSecret,
-			@JsonProperty("clientAuthenticationMethod") ClientAuthenticationMethod clientAuthenticationMethod,
-			@JsonProperty("additionalParameters") Map<String, Object> additionalParameters) {
-	}
-
-}

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/StdConverters.java

@@ -19,16 +19,57 @@ package org.springframework.security.oauth2.server.authorization.jackson2;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.util.StdConverter;
 
+import org.springframework.security.oauth2.core.AuthenticationMethod;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
 
 /**
+ * TODO
+ * This class is a straight copy from Spring Security.
+ * It should be consolidated when merging this codebase into Spring Security.
+ *
  * {@code StdConverter} implementations.
  *
  * @author Joe Grandja
- * @since 0.1.2
+ * @since 5.3
  */
 abstract class StdConverters {
 
+	static final class AccessTokenTypeConverter extends StdConverter<JsonNode, OAuth2AccessToken.TokenType> {
+
+		@Override
+		public OAuth2AccessToken.TokenType convert(JsonNode jsonNode) {
+			String value = JsonNodeUtils.findStringValue(jsonNode, "value");
+			if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(value)) {
+				return OAuth2AccessToken.TokenType.BEARER;
+			}
+			return null;
+		}
+
+	}
+
+	static final class ClientAuthenticationMethodConverter extends StdConverter<JsonNode, ClientAuthenticationMethod> {
+
+		@Override
+		public ClientAuthenticationMethod convert(JsonNode jsonNode) {
+			String value = JsonNodeUtils.findStringValue(jsonNode, "value");
+			if (ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue().equalsIgnoreCase(value)
+					|| ClientAuthenticationMethod.BASIC.getValue().equalsIgnoreCase(value)) {
+				return ClientAuthenticationMethod.CLIENT_SECRET_BASIC;
+			}
+			if (ClientAuthenticationMethod.CLIENT_SECRET_POST.getValue().equalsIgnoreCase(value)
+					|| ClientAuthenticationMethod.POST.getValue().equalsIgnoreCase(value)) {
+				return ClientAuthenticationMethod.CLIENT_SECRET_POST;
+			}
+			if (ClientAuthenticationMethod.NONE.getValue().equalsIgnoreCase(value)) {
+				return ClientAuthenticationMethod.NONE;
+			}
+			return null;
+		}
+
+	}
+
 	static final class AuthorizationGrantTypeConverter extends StdConverter<JsonNode, AuthorizationGrantType> {
 
 		@Override
@@ -51,4 +92,23 @@ abstract class StdConverters {
 
 	}
 
+	static final class AuthenticationMethodConverter extends StdConverter<JsonNode, AuthenticationMethod> {
+
+		@Override
+		public AuthenticationMethod convert(JsonNode jsonNode) {
+			String value = JsonNodeUtils.findStringValue(jsonNode, "value");
+			if (AuthenticationMethod.HEADER.getValue().equalsIgnoreCase(value)) {
+				return AuthenticationMethod.HEADER;
+			}
+			if (AuthenticationMethod.FORM.getValue().equalsIgnoreCase(value)) {
+				return AuthenticationMethod.FORM;
+			}
+			if (AuthenticationMethod.QUERY.getValue().equalsIgnoreCase(value)) {
+				return AuthenticationMethod.QUERY;
+			}
+			return null;
+		}
+
+	}
+
 }

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/UnmodifiableMapDeserializer.java

@@ -28,10 +28,14 @@ import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 /**
+ * TODO
+ * This class is a straight copy from Spring Security.
+ * It should be consolidated when merging this codebase into Spring Security.
+ *
  * A {@code JsonDeserializer} for {@link Collections#unmodifiableMap(Map)}.
  *
  * @author Joe Grandja
- * @since 0.1.2
+ * @since 5.3
  * @see Collections#unmodifiableMap(Map)
  * @see UnmodifiableMapMixin
  */

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/UnmodifiableMapMixin.java

@@ -24,15 +24,18 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 
 /**
+ * TODO
+ * This class is a straight copy from Spring Security.
+ * It should be consolidated when merging this codebase into Spring Security.
+ *
  * This mixin class is used to serialize/deserialize
  * {@link Collections#unmodifiableMap(Map)}. It also registers a custom deserializer
  * {@link UnmodifiableMapDeserializer}.
  *
  * @author Joe Grandja
- * @since 0.1.2
+ * @since 5.3
  * @see Collections#unmodifiableMap(Map)
  * @see UnmodifiableMapDeserializer
- * @see OAuth2ServerJackson2Module
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonDeserialize(using = UnmodifiableMapDeserializer.class)

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/jackson2/TestingAuthenticationTokenMixin.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2020-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -13,7 +13,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.springframework.security.oauth2.server.authorization.jackson2;
 
 import java.util.List;