5 years ago · cf70ddbf98
--- a/core/src/main/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationService.java
+++ b/core/src/main/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationService.java
@@ -15,7 +15,6 @@
 
				  */
			
 
				 package org.springframework.security.oauth2.server.authorization;
			
 
				 
			
 
				-import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
			
 
				 import org.springframework.util.Assert;
			
 
				 
			
 
				 import java.util.List;
			
@@ -66,7 +65,7 @@ public final class InMemoryOAuth2AuthorizationService implements OAuth2Authoriza
 
				 
			
 
				 	private boolean hasToken(OAuth2Authorization authorization, String token, TokenType tokenType) {
			
 
				 		if (TokenType.AUTHORIZATION_CODE.equals(tokenType)) {
			
 
				-			return token.equals(authorization.getAttributes().get(OAuth2ParameterNames.class.getName().concat(".CODE")));
			
 
				+			return token.equals(authorization.getAttribute(OAuth2AuthorizationAttributeNames.CODE));
			
 
				 		} else if (TokenType.ACCESS_TOKEN.equals(tokenType)) {
			
 
				 			return authorization.getAccessToken() != null &&
			
 
				 					authorization.getAccessToken().getTokenValue().equals(token);
			
--- a/core/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2Authorization.java
+++ b/core/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2Authorization.java
@@ -16,7 +16,6 @@
 
				 package org.springframework.security.oauth2.server.authorization;
			
 
				 
			
 
				 import org.springframework.security.oauth2.core.OAuth2AccessToken;
			
 
				-import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
			
 
				 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
			
 
				 import org.springframework.util.Assert;
			
 
				 
			
@@ -197,7 +196,7 @@ public class OAuth2Authorization implements Serializable {
 
				 		 */
			
 
				 		public OAuth2Authorization build() {
			
 
				 			Assert.hasText(this.principalName, "principalName cannot be empty");
			
 
				-			Assert.notNull(this.attributes.get(OAuth2ParameterNames.class.getName().concat(".CODE")), "authorization code cannot be null");
			
 
				+			Assert.notNull(this.attributes.get(OAuth2AuthorizationAttributeNames.CODE), "authorization code cannot be null");
			
 
				 
			
 
				 			OAuth2Authorization authorization = new OAuth2Authorization();
			
 
				 			authorization.registeredClientId = this.registeredClientId;
			
--- a/core/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationAttributeNames.java
+++ b/core/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationAttributeNames.java
@@ -0,0 +1,42 @@
 
				+/*
			
 
				+ * Copyright 2020 the original author or authors.
			
 
				+ *
			
 
				+ * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				+ * you may not use this file except in compliance with the License.
			
 
				+ * You may obtain a copy of the License at
			
 
				+ *
			
 
				+ *      https://www.apache.org/licenses/LICENSE-2.0
			
 
				+ *
			
 
				+ * Unless required by applicable law or agreed to in writing, software
			
 
				+ * distributed under the License is distributed on an "AS IS" BASIS,
			
 
				+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
			
 
				+ * See the License for the specific language governing permissions and
			
 
				+ * limitations under the License.
			
 
				+ */
			
 
				+package org.springframework.security.oauth2.server.authorization;
			
 
				+
			
 
				+
			
 
				+import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
			
 
				+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
			
 
				+
			
 
				+/**
			
 
				+ * The name of the attributes that may be contained in the
			
 
				+ * {@link OAuth2Authorization#getAttributes()} {@code Map}.
			
 
				+ *
			
 
				+ * @author Joe Grandja
			
 
				+ * @since 0.0.1
			
 
				+ * @see OAuth2Authorization#getAttributes()
			
 
				+ */
			
 
				+public interface OAuth2AuthorizationAttributeNames {
			
 
				+
			
 
				+	/**
			
 
				+	 * The name of the attribute used for the {@link OAuth2ParameterNames#CODE} parameter.
			
 
				+	 */
			
 
				+	String CODE = OAuth2Authorization.class.getName().concat(".CODE");
			
 
				+
			
 
				+	/**
			
 
				+	 * The name of the attribute used for the {@link OAuth2AuthorizationRequest}.
			
 
				+	 */
			
 
				+	String AUTHORIZATION_REQUEST = OAuth2Authorization.class.getName().concat(".AUTHORIZATION_REQUEST");
			
 
				+
			
 
				+}
			
--- a/core/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationEndpointFilter.java
+++ b/core/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationEndpointFilter.java
@@ -29,6 +29,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
 
				 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType;
			
 
				 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
			
 
				 import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
			
 
				+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationAttributeNames;
			
 
				 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
			
 
				 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
			
 
				 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
			
@@ -184,8 +185,8 @@ public class OAuth2AuthorizationEndpointFilter extends OncePerRequestFilter {
 
				 
			
 
				 		OAuth2Authorization authorization = OAuth2Authorization.withRegisteredClient(registeredClient)
			
 
				 				.principalName(principal.getName())
			
 
				-				.attribute(OAuth2ParameterNames.class.getName().concat(".CODE"), code)
			
 
				-				.attribute(OAuth2AuthorizationRequest.class.getName(), authorizationRequest)
			
 
				+				.attribute(OAuth2AuthorizationAttributeNames.CODE, code)
			
 
				+				.attribute(OAuth2AuthorizationAttributeNames.AUTHORIZATION_REQUEST, authorizationRequest)
			
 
				 				.build();
			
 
				 
			
 
				 		this.authorizationService.save(authorization);
			
--- a/core/src/test/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationServiceTests.java
+++ b/core/src/test/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationServiceTests.java
@@ -18,7 +18,6 @@ package org.springframework.security.oauth2.server.authorization;
 
				 import org.junit.Before;
			
 
				 import org.junit.Test;
			
 
				 import org.springframework.security.oauth2.core.OAuth2AccessToken;
			
 
				-import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
			
 
				 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
			
 
				 import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
			
 
				 
			
@@ -62,7 +61,7 @@ public class InMemoryOAuth2AuthorizationServiceTests {
 
				 	public void saveWhenAuthorizationProvidedThenSaved() {
			
 
				 		OAuth2Authorization expectedAuthorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT)
			
 
				 				.principalName(PRINCIPAL_NAME)
			
 
				-				.attribute(OAuth2ParameterNames.class.getName().concat(".CODE"), AUTHORIZATION_CODE)
			
 
				+				.attribute(OAuth2AuthorizationAttributeNames.CODE, AUTHORIZATION_CODE)
			
 
				 				.build();
			
 
				 		this.authorizationService.save(expectedAuthorization);
			
 
				 
			
@@ -89,7 +88,7 @@ public class InMemoryOAuth2AuthorizationServiceTests {
 
				 	public void findByTokenAndTokenTypeWhenTokenTypeAuthorizationCodeThenFound() {
			
 
				 		OAuth2Authorization authorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT)
			
 
				 				.principalName(PRINCIPAL_NAME)
			
 
				-				.attribute(OAuth2ParameterNames.class.getName().concat(".CODE"), AUTHORIZATION_CODE)
			
 
				+				.attribute(OAuth2AuthorizationAttributeNames.CODE, AUTHORIZATION_CODE)
			
 
				 				.build();
			
 
				 		this.authorizationService = new InMemoryOAuth2AuthorizationService(Collections.singletonList(authorization));
			
 
				 
			
@@ -104,7 +103,7 @@ public class InMemoryOAuth2AuthorizationServiceTests {
 
				 				"access-token", Instant.now().minusSeconds(60), Instant.now());
			
 
				 		OAuth2Authorization authorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT)
			
 
				 				.principalName(PRINCIPAL_NAME)
			
 
				-				.attribute(OAuth2ParameterNames.class.getName().concat(".CODE"), AUTHORIZATION_CODE)
			
 
				+				.attribute(OAuth2AuthorizationAttributeNames.CODE, AUTHORIZATION_CODE)
			
 
				 				.accessToken(accessToken)
			
 
				 				.build();
			
 
				 		this.authorizationService.save(authorization);
			
--- a/core/src/test/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationTests.java
+++ b/core/src/test/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationTests.java
@@ -17,7 +17,6 @@ package org.springframework.security.oauth2.server.authorization;
 
				 
			
 
				 import org.junit.Test;
			
 
				 import org.springframework.security.oauth2.core.OAuth2AccessToken;
			
 
				-import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
			
 
				 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
			
 
				 import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
			
 
				 
			
@@ -85,13 +84,13 @@ public class OAuth2AuthorizationTests {
 
				 		OAuth2Authorization authorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT)
			
 
				 				.principalName(PRINCIPAL_NAME)
			
 
				 				.accessToken(ACCESS_TOKEN)
			
 
				-				.attribute(OAuth2ParameterNames.class.getName().concat(".CODE"), AUTHORIZATION_CODE)
			
 
				+				.attribute(OAuth2AuthorizationAttributeNames.CODE, AUTHORIZATION_CODE)
			
 
				 				.build();
			
 
				 
			
 
				 		assertThat(authorization.getRegisteredClientId()).isEqualTo(REGISTERED_CLIENT.getId());
			
 
				 		assertThat(authorization.getPrincipalName()).isEqualTo(PRINCIPAL_NAME);
			
 
				 		assertThat(authorization.getAccessToken()).isEqualTo(ACCESS_TOKEN);
			
 
				 		assertThat(authorization.getAttributes()).containsExactly(
			
 
				-				entry(OAuth2ParameterNames.class.getName().concat(".CODE"), AUTHORIZATION_CODE));
			
 
				+				entry(OAuth2AuthorizationAttributeNames.CODE, AUTHORIZATION_CODE));
			
 
				 	}
			
 
				 }
			
--- a/core/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationEndpointFilterTests.java
+++ b/core/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationEndpointFilterTests.java
@@ -30,6 +30,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
 
				 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType;
			
 
				 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
			
 
				 import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
			
 
				+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationAttributeNames;
			
 
				 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
			
 
				 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
			
 
				 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
			
@@ -365,10 +366,10 @@ public class OAuth2AuthorizationEndpointFilterTests {
 
				 		assertThat(authorization.getRegisteredClientId()).isEqualTo(registeredClient.getId());
			
 
				 		assertThat(authorization.getPrincipalName()).isEqualTo(this.authentication.getPrincipal().toString());
			
 
				 
			
 
				-		String code = authorization.getAttribute(OAuth2ParameterNames.class.getName().concat(".CODE"));
			
 
				+		String code = authorization.getAttribute(OAuth2AuthorizationAttributeNames.CODE);
			
 
				 		assertThat(code).isNotNull();
			
 
				 
			
 
				-		OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute(OAuth2AuthorizationRequest.class.getName());
			
 
				+		OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute(OAuth2AuthorizationAttributeNames.AUTHORIZATION_REQUEST);
			
 
				 		assertThat(authorizationRequest).isNotNull();
			
 
				 		assertThat(authorizationRequest.getAuthorizationUri()).isEqualTo("http://localhost/oauth2/authorize");
			
 
				 		assertThat(authorizationRequest.getGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);