Remove SecurityHeaders

We no longer need this since Spring Framework now provides
HttpHeaders.setBearerAuth

Issue: gh-5612

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java

@@ -16,7 +16,6 @@
 
 package org.springframework.security.oauth2.client.userinfo;
 
-import static org.springframework.security.web.http.SecurityHeaders.bearerToken;
 
 import java.net.UnknownHostException;
 import java.util.HashSet;
@@ -114,7 +113,7 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi
 				requestHeadersSpec = this.webClient.get()
 						.uri(userInfoUri)
 						.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
-						.headers(bearerToken(userRequest.getAccessToken().getTokenValue()));
+						.headers(headers -> headers.setBearerAuth(userRequest.getAccessToken().getTokenValue()));
 			}
 			Mono<Map<String, Object>> userAttributes = requestHeadersSpec
 					.retrieve()

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java

@@ -48,7 +48,6 @@ import java.util.Optional;
 import java.util.function.Consumer;
 
 import static org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors.oauth2AccessTokenResponse;
-import static org.springframework.security.web.http.SecurityHeaders.bearerToken;
 
 /**
  * Provides an easy mechanism for using an {@link OAuth2AuthorizedClient} to make OAuth2 requests by including the
@@ -190,7 +189,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 
 	private ClientRequest bearer(ClientRequest request, OAuth2AuthorizedClient authorizedClient) {
 		return ClientRequest.from(request)
-					.headers(bearerToken(authorizedClient.getAccessToken().getTokenValue()))
+					.headers(headers -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue()))
 					.build();
 	}
 

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java

@@ -56,7 +56,6 @@ import java.util.Optional;
 import java.util.function.Consumer;
 
 import static org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors.oauth2AccessTokenResponse;
-import static org.springframework.security.web.http.SecurityHeaders.bearerToken;
 
 /**
  * Provides an easy mechanism for using an {@link OAuth2AuthorizedClient} to make OAuth2 requests by including the
@@ -338,7 +337,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 
 	private ClientRequest bearer(ClientRequest request, OAuth2AuthorizedClient authorizedClient) {
 		return ClientRequest.from(request)
-					.headers(bearerToken(authorizedClient.getAccessToken().getTokenValue()))
+					.headers(headers -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue()))
 					.build();
 	}
 

samples/boot/oauth2resourceserver-webflux/src/test/java/sample/ServerOauth2ResourceApplicationTests.java

@@ -25,8 +25,6 @@ import org.springframework.http.HttpHeaders;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
-import static org.springframework.security.web.http.SecurityHeaders.bearerToken;
-
 /**
  * @author Rob Winch
  * @since 5.1
@@ -42,7 +40,7 @@ public class ServerOauth2ResourceApplicationTests {
 	public void getWhenValidTokenThenIsOk() {
 		String token = "eyJhbGciOiJSUzI1NiJ9.eyJzY29wZSI6Im1lc3NhZ2U6cmVhZCIsImV4cCI6MzEwNjMyODEzMSwianRpIjoiOGY5ZjFiYzItOWVlMi00NTJkLThhMGEtODg3YmE4YmViYjYzIn0.CM_KulSsIrNXW1x6NFeN5VwKQiIW-LIAScJzakRFDox8Ql7o4WOb0ubY3CjWYnglwqYzBvH9McCFqVrUtzdfODY5tyEEJSxWndIGExOi2osrwRPsY3AGzNa23GMfC9I03BFP1IFCq4ZfL-L6yVcIjLke-rA40UG-r-oA7r-N_zsLc5poO7Azf29IQgQF0GSRp4AKQprYHF5Q-Nz9XkILMDz9CwPQ9cbdLCC9smvaGmEAjMUr-C1QgM-_ulb42gWtRDLorW_eArg8g-fmIP0_w82eNWCBjLTy-WaDMACnDVrrUVsUMCqx6jS6h8_uejKly2NFuhyueIHZTTySqCZoTA";
 		this.rest.get().uri("/")
-				.headers(bearerToken(token))
+				.headers(headers -> headers.setBearerAuth(token))
 				.exchange()
 				.expectStatus().isOk()
 				.expectBody(String.class).isEqualTo("Hello, null!");
@@ -60,7 +58,7 @@ public class ServerOauth2ResourceApplicationTests {
 	public void getWhenNone() {
 		String token = "ew0KICAiYWxnIjogIm5vbmUiLA0KICAidHlwIjogIkpXVCINCn0.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA0KICAibmFtZSI6ICJKb2huIERvZSIsDQogICJpYXQiOiAxNTE2MjM5MDIyDQp9.";
 		this.rest.get().uri("/")
-				.headers(bearerToken(token))
+				.headers(headers -> headers.setBearerAuth(token))
 				.exchange()
 				.expectStatus().isUnauthorized()
 				.expectHeader().valueEquals(HttpHeaders.WWW_AUTHENTICATE, "Bearer error=\"invalid_token\", error_description=\"Unsupported algorithm of none\", error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
@@ -70,7 +68,7 @@ public class ServerOauth2ResourceApplicationTests {
 	public void getWhenInvalidToken() {
 		String token = "a";
 		this.rest.get().uri("/")
-				.headers(bearerToken(token))
+				.headers(headers -> headers.setBearerAuth(token))
 				.exchange()
 				.expectStatus().isUnauthorized()
 				.expectHeader().valueEquals(HttpHeaders.WWW_AUTHENTICATE, "Bearer error=\"invalid_token\", error_description=\"An error occurred while attempting to decode the Jwt: Invalid JWT serialization: Missing dot delimiter(s)\", error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");

web/src/test/groovy/org/springframework/security/web/http/SecurityHeadersTests.java

@@ -1,42 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.web.http;
-
-import org.junit.Test;
-
-import static org.assertj.core.api.Assertions.*;
-
-/**
- * @author Rob Winch
- * @since 5.1
- */
-public class SecurityHeadersTests {
-
-	@Test
-	public void bearerTokenWhenNullThenIllegalArgumentException() {
-		String bearerTokenValue = null;
-		assertThatThrownBy(() -> SecurityHeaders.bearerToken(bearerTokenValue))
-				.isInstanceOf(IllegalArgumentException.class);
-	}
-
-	@Test
-	public void bearerTokenWhenEmptyStringThenIllegalArgumentException() {
-		assertThatThrownBy(() -> SecurityHeaders.bearerToken(""))
-				.isInstanceOf(IllegalArgumentException.class);
-	}
-
-}