8 years ago · 1b7e761be4
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java
@@ -27,7 +27,6 @@ import org.springframework.security.oauth2.client.authentication.OAuth2UserAuthe
 
				 import org.springframework.security.oauth2.client.authentication.jwt.JwtDecoderRegistry;
			
 
				 import org.springframework.security.oauth2.client.authentication.jwt.nimbus.NimbusJwtDecoderRegistry;
			
 
				 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
			
 
				-import org.springframework.security.oauth2.client.token.InMemoryAccessTokenRepository;
			
 
				 import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
			
 
				 import org.springframework.security.oauth2.client.user.CustomUserTypesOAuth2UserService;
			
 
				 import org.springframework.security.oauth2.client.user.DefaultOAuth2UserService;
			
@@ -130,8 +129,10 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
 
				 	@Override
			
 
				 	public void init(H http) throws Exception {
			
 
				 		AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider =
			
 
				-			new AuthorizationCodeAuthenticationProvider(
			
 
				-				this.getAuthorizationCodeAuthenticator(), this.getAccessTokenRepository());
			
 
				+			new AuthorizationCodeAuthenticationProvider(this.getAuthorizationCodeAuthenticator());
			
 
				+		if (this.accessTokenRepository != null) {
			
 
				+			authorizationCodeAuthenticationProvider.setAccessTokenRepository(this.accessTokenRepository);
			
 
				+		}
			
 
				 		authorizationCodeAuthenticationProvider = this.postProcess(authorizationCodeAuthenticationProvider);
			
 
				 		http.authenticationProvider(authorizationCodeAuthenticationProvider);
			
 
				 
			
@@ -180,13 +181,6 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
 
				 		return this.authorizationCodeTokenExchanger;
			
 
				 	}
			
 
				 
			
 
				-	private SecurityTokenRepository<AccessToken> getAccessTokenRepository() {
			
 
				-		if (this.accessTokenRepository == null) {
			
 
				-			this.accessTokenRepository = new InMemoryAccessTokenRepository();
			
 
				-		}
			
 
				-		return this.accessTokenRepository;
			
 
				-	}
			
 
				-
			
 
				 	private JwtDecoderRegistry getJwtDecoderRegistry() {
			
 
				 		if (this.jwtDecoderRegistry == null) {
			
 
				 			this.jwtDecoderRegistry = new NimbusJwtDecoderRegistry();
			
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java
@@ -18,6 +18,7 @@ package org.springframework.security.oauth2.client.authentication;
 
				 import org.springframework.security.authentication.AuthenticationProvider;
			
 
				 import org.springframework.security.core.Authentication;
			
 
				 import org.springframework.security.core.AuthenticationException;
			
 
				+import org.springframework.security.oauth2.client.token.InMemoryAccessTokenRepository;
			
 
				 import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
			
 
				 import org.springframework.security.oauth2.core.AccessToken;
			
 
				 import org.springframework.security.oauth2.oidc.client.authentication.OidcClientAuthenticationToken;
			
@@ -49,16 +50,13 @@ import org.springframework.util.Assert;
 
				  */
			
 
				 public class AuthorizationCodeAuthenticationProvider implements AuthenticationProvider {
			
 
				 	private final AuthorizationGrantAuthenticator<AuthorizationCodeAuthenticationToken> authorizationCodeAuthenticator;
			
 
				-	private final SecurityTokenRepository<AccessToken> accessTokenRepository;
			
 
				+	private SecurityTokenRepository<AccessToken> accessTokenRepository = new InMemoryAccessTokenRepository();
			
 
				 
			
 
				 	public AuthorizationCodeAuthenticationProvider(
			
 
				-			AuthorizationGrantAuthenticator<AuthorizationCodeAuthenticationToken> authorizationCodeAuthenticator,
			
 
				-			SecurityTokenRepository<AccessToken> accessTokenRepository) {
			
 
				+		AuthorizationGrantAuthenticator<AuthorizationCodeAuthenticationToken> authorizationCodeAuthenticator) {
			
 
				 
			
 
				 		Assert.notNull(authorizationCodeAuthenticator, "authorizationCodeAuthenticator cannot be null");
			
 
				-		Assert.notNull(accessTokenRepository, "accessTokenRepository cannot be null");
			
 
				 		this.authorizationCodeAuthenticator = authorizationCodeAuthenticator;
			
 
				-		this.accessTokenRepository = accessTokenRepository;
			
 
				 	}
			
 
				 
			
 
				 	@Override
			
@@ -76,6 +74,11 @@ public class AuthorizationCodeAuthenticationProvider implements AuthenticationPr
 
				 		return oauth2ClientAuthentication;
			
 
				 	}
			
 
				 
			
 
				+	public final void setAccessTokenRepository(SecurityTokenRepository<AccessToken> accessTokenRepository) {
			
 
				+		Assert.notNull(accessTokenRepository, "accessTokenRepository cannot be null");
			
 
				+		this.accessTokenRepository = accessTokenRepository;
			
 
				+	}
			
 
				+
			
 
				 	@Override
			
 
				 	public boolean supports(Class<?> authentication) {
			
 
				 		return AuthorizationCodeAuthenticationToken.class.isAssignableFrom(authentication);