Move servlet-specific classes to 'web' package

Fixes gh-4366

config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java

@@ -78,7 +78,7 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 		put(LogoutFilter.class, order);
 		order += STEP;
 		filterToOrder.put(
-			"org.springframework.security.oauth2.client.authentication.AuthorizationCodeRequestRedirectFilter",
+			"org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter",
 			order);
 		order += STEP;
 		put(X509AuthenticationFilter.class, order);
@@ -89,7 +89,7 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 				order);
 		order += STEP;
 		filterToOrder.put(
-			"org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProcessingFilter",
+			"org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationProcessingFilter",
 			order);
 		order += STEP;
 		put(UsernamePasswordAuthenticationFilter.class, order);

config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java

@@ -62,6 +62,8 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer;
+import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
+import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder;
 import org.springframework.security.web.DefaultSecurityFilterChain;
 import org.springframework.security.web.PortMapper;
 import org.springframework.security.web.PortMapperImpl;
@@ -943,7 +945,7 @@ public final class HttpSecurity extends
 	 *
 	 * <p>
 	 * At this point in the <i>&quot;authentication flow&quot;</i>, the configured
-	 * {@link org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger}
+	 * {@link AuthorizationGrantTokenExchanger}
 	 * will exchange the <i>Authorization Code</i> for an <i>Access Token</i> and then use it to access the protected resource
 	 * at the <i>UserInfo Endpoint</i> (via {@link org.springframework.security.oauth2.client.user.OAuth2UserService})
 	 * in order to retrieve the details of the <i>Resource Owner</i> (end-user) and establish the <i>&quot;authenticated&quot;</i> session.
@@ -1038,8 +1040,8 @@ public final class HttpSecurity extends
 	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization Response</a>
 	 * @see org.springframework.security.oauth2.client.registration.ClientRegistration
 	 * @see org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
-	 * @see org.springframework.security.oauth2.client.authentication.AuthorizationRequestUriBuilder
-	 * @see org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger
+	 * @see AuthorizationRequestUriBuilder
+	 * @see AuthorizationGrantTokenExchanger
 	 * @see org.springframework.security.oauth2.client.user.OAuth2UserService
 	 *
 	 * @return the {@link OAuth2LoginConfigurer} for further customizations

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java

@@ -20,19 +20,19 @@ import org.springframework.security.config.annotation.web.configurers.AbstractAu
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.jwt.JwtDecoder;
 import org.springframework.security.jwt.nimbus.NimbusJwtDecoderJwkSupport;
-import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProcessingFilter;
+import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationProcessingFilter;
 import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProvider;
 import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
-import org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger;
+import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
 import org.springframework.security.oauth2.client.authentication.jwt.DefaultProviderJwtDecoderRegistry;
 import org.springframework.security.oauth2.client.authentication.jwt.ProviderJwtDecoderRegistry;
-import org.springframework.security.oauth2.client.authentication.nimbus.NimbusAuthorizationCodeTokenExchanger;
+import org.springframework.security.oauth2.client.web.nimbus.NimbusAuthorizationCodeTokenExchanger;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.client.token.InMemoryAccessTokenRepository;
 import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
 import org.springframework.security.oauth2.client.user.OAuth2UserService;
-import org.springframework.security.oauth2.client.user.nimbus.NimbusOAuth2UserService;
+import org.springframework.security.oauth2.client.user.web.nimbus.NimbusOAuth2UserService;
 import org.springframework.security.oauth2.core.AccessToken;
 import org.springframework.security.oauth2.core.provider.DefaultProviderMetadata;
 import org.springframework.security.oauth2.core.provider.ProviderMetadata;

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeRequestRedirectFilterConfigurer.java

@@ -17,9 +17,9 @@ package org.springframework.security.config.annotation.web.configurers.oauth2.cl
 
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.oauth2.client.authentication.AuthorizationCodeRequestRedirectFilter;
-import org.springframework.security.oauth2.client.authentication.AuthorizationRequestUriBuilder;
-import org.springframework.security.oauth2.client.authentication.DefaultAuthorizationRequestUriBuilder;
+import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter;
+import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder;
+import org.springframework.security.oauth2.client.web.DefaultAuthorizationRequestUriBuilder;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.security.web.util.matcher.RequestVariablesExtractor;

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java

@@ -20,9 +20,9 @@ import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
-import org.springframework.security.oauth2.client.authentication.AuthorizationCodeRequestRedirectFilter;
-import org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger;
-import org.springframework.security.oauth2.client.authentication.AuthorizationRequestUriBuilder;
+import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter;
+import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
+import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
@@ -44,7 +44,7 @@ import java.util.Arrays;
 import java.util.Map;
 import java.util.stream.Collectors;
 
-import static org.springframework.security.oauth2.client.authentication.AuthorizationCodeRequestRedirectFilter.CLIENT_ALIAS_URI_VARIABLE_NAME;
+import static org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter.CLIENT_ALIAS_URI_VARIABLE_NAME;
 
 /**
  * @author Joe Grandja

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java

@@ -28,6 +28,7 @@ import org.springframework.security.oauth2.client.authentication.jwt.ProviderJwt
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
 import org.springframework.security.oauth2.client.user.OAuth2UserService;
+import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
 import org.springframework.security.oauth2.core.AccessToken;
 import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes;
 import org.springframework.security.oauth2.core.user.OAuth2User;

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/package-info.java

@@ -15,6 +15,6 @@
  */
 /**
  * Support classes/interfaces for authenticating an <i>end-user</i>
- * with an <i>authorization server</i> using the <i>authorization code grant flow</i>.
+ * with an <i>authorization server</i> using a specific <i>authorization grant flow</i>.
  */
 package org.springframework.security.oauth2.client.authentication;

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/nimbus/NimbusClientHttpResponse.java → oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/web/nimbus/NimbusClientHttpResponse.java

@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.oauth2.client.user.nimbus;
+package org.springframework.security.oauth2.client.user.web.nimbus;
 
 import com.nimbusds.oauth2.sdk.http.HTTPResponse;
 import org.springframework.http.HttpHeaders;

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/nimbus/NimbusOAuth2UserService.java → oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/web/nimbus/NimbusOAuth2UserService.java

@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.oauth2.client.user.nimbus;
+package org.springframework.security.oauth2.client.user.web.nimbus;
 
 import com.nimbusds.oauth2.sdk.ErrorObject;
 import com.nimbusds.oauth2.sdk.ParseException;

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProcessingFilter.java → oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationProcessingFilter.java

@@ -13,11 +13,15 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.oauth2.client.authentication;
+package org.springframework.security.oauth2.client.web;
 
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProvider;
+import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
+import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.client.user.OAuth2UserService;

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeRequestRedirectFilter.java → oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeRequestRedirectFilter.java

@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.oauth2.client.authentication;
+package org.springframework.security.oauth2.client.web;
 
 import org.springframework.security.crypto.keygen.StringKeyGenerator;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationGrantTokenExchanger.java → oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationGrantTokenExchanger.java

@@ -13,9 +13,11 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.oauth2.client.authentication;
+package org.springframework.security.oauth2.client.web;
 
 
+import org.springframework.security.oauth2.client.authentication.AuthorizationGrantAuthenticationToken;
+import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes;
 

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationRequestRepository.java → oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java

@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.oauth2.client.authentication;
+package org.springframework.security.oauth2.client.web;
 
 import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
 

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationRequestUriBuilder.java → oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestUriBuilder.java

@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.oauth2.client.authentication;
+package org.springframework.security.oauth2.client.web;
 
 
 import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/DefaultAuthorizationRequestUriBuilder.java → oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultAuthorizationRequestUriBuilder.java

@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.oauth2.client.authentication;
+package org.springframework.security.oauth2.client.web;
 
 import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
 import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/DefaultStateGenerator.java → oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultStateGenerator.java

@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.oauth2.client.authentication;
+package org.springframework.security.oauth2.client.web;
 
 import java.util.Base64;
 

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/HttpSessionAuthorizationRequestRepository.java → oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionAuthorizationRequestRepository.java

@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.oauth2.client.authentication;
+package org.springframework.security.oauth2.client.web;
 
 import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
 

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/nimbus/NimbusAuthorizationCodeTokenExchanger.java → oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/nimbus/NimbusAuthorizationCodeTokenExchanger.java

@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.oauth2.client.authentication.nimbus;
+package org.springframework.security.oauth2.client.web.nimbus;
 
 
 import com.nimbusds.oauth2.sdk.AccessTokenResponse;
@@ -34,7 +34,7 @@ import com.nimbusds.oauth2.sdk.id.ClientID;
 import org.springframework.http.MediaType;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
-import org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger;
+import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.AccessToken;

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProcessingFilterTests.java → oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationProcessingFilterTests.java

@@ -13,16 +13,20 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.oauth2.client.authentication;
+package org.springframework.security.oauth2.client.web;
 
+import org.assertj.core.api.Assertions;
 import org.junit.Test;
 import org.mockito.ArgumentCaptor;
+import org.mockito.Matchers;
+import org.mockito.Mockito;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.core.OAuth2Error;
@@ -38,7 +42,6 @@ import javax.servlet.http.HttpServletResponse;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Matchers.any;
 import static org.mockito.Mockito.*;
-import static org.springframework.security.oauth2.client.authentication.TestUtil.*;
 
 /**
  * Tests {@link AuthorizationCodeAuthenticationProcessingFilter}.
@@ -49,28 +52,28 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
 
 	@Test
 	public void doFilterWhenNotAuthorizationCodeResponseThenContinueChain() throws Exception {
-		ClientRegistration clientRegistration = googleClientRegistration();
+		ClientRegistration clientRegistration = TestUtil.googleClientRegistration();
 
-		AuthorizationCodeAuthenticationProcessingFilter filter = spy(setupFilter(clientRegistration));
+		AuthorizationCodeAuthenticationProcessingFilter filter = Mockito.spy(setupFilter(clientRegistration));
 
 		String requestURI = "/path";
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestURI);
 		request.setServletPath(requestURI);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		FilterChain filterChain = mock(FilterChain.class);
+		FilterChain filterChain = Mockito.mock(FilterChain.class);
 
 		filter.doFilter(request, response, filterChain);
 
-		verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
-		verify(filter, never()).attemptAuthentication(any(HttpServletRequest.class), any(HttpServletResponse.class));
+		Mockito.verify(filterChain).doFilter(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class));
+		Mockito.verify(filter, Mockito.never()).attemptAuthentication(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class));
 	}
 
 	@Test
 	public void doFilterWhenAuthorizationCodeErrorResponseThenAuthenticationFailureHandlerIsCalled() throws Exception {
-		ClientRegistration clientRegistration = githubClientRegistration();
+		ClientRegistration clientRegistration = TestUtil.githubClientRegistration();
 
-		AuthorizationCodeAuthenticationProcessingFilter filter = spy(setupFilter(clientRegistration));
-		AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class);
+		AuthorizationCodeAuthenticationProcessingFilter filter = Mockito.spy(setupFilter(clientRegistration));
+		AuthenticationFailureHandler failureHandler = Mockito.mock(AuthenticationFailureHandler.class);
 		filter.setAuthenticationFailureHandler(failureHandler);
 
 		MockHttpServletRequest request = this.setupRequest(clientRegistration);
@@ -78,25 +81,25 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
 		request.addParameter(OAuth2Parameter.ERROR, errorCode);
 		request.addParameter(OAuth2Parameter.STATE, "some state");
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		FilterChain filterChain = mock(FilterChain.class);
+		FilterChain filterChain = Mockito.mock(FilterChain.class);
 
 		filter.doFilter(request, response, filterChain);
 
-		verify(filter).attemptAuthentication(any(HttpServletRequest.class), any(HttpServletResponse.class));
-		verify(failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class),
-				any(AuthenticationException.class));
+		Mockito.verify(filter).attemptAuthentication(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class));
+		Mockito.verify(failureHandler).onAuthenticationFailure(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class),
+				Matchers.any(AuthenticationException.class));
 	}
 
 	@Test
 	public void doFilterWhenAuthorizationCodeSuccessResponseThenAuthenticationSuccessHandlerIsCalled() throws Exception {
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken("joe", "password", "user", "admin");
-		AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
-		when(authenticationManager.authenticate(any(Authentication.class))).thenReturn(authentication);
+		AuthenticationManager authenticationManager = Mockito.mock(AuthenticationManager.class);
+		Mockito.when(authenticationManager.authenticate(Matchers.any(Authentication.class))).thenReturn(authentication);
 
-		ClientRegistration clientRegistration = githubClientRegistration();
+		ClientRegistration clientRegistration = TestUtil.githubClientRegistration();
 
-		AuthorizationCodeAuthenticationProcessingFilter filter = spy(setupFilter(authenticationManager, clientRegistration));
-		AuthenticationSuccessHandler successHandler = mock(AuthenticationSuccessHandler.class);
+		AuthorizationCodeAuthenticationProcessingFilter filter = Mockito.spy(setupFilter(authenticationManager, clientRegistration));
+		AuthenticationSuccessHandler successHandler = Mockito.mock(AuthenticationSuccessHandler.class);
 		filter.setAuthenticationSuccessHandler(successHandler);
 		AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository();
 		filter.setAuthorizationRequestRepository(authorizationRequestRepository);
@@ -108,24 +111,24 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
 		request.addParameter(OAuth2Parameter.STATE, state);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		setupAuthorizationRequest(authorizationRequestRepository, request, response, clientRegistration, state);
-		FilterChain filterChain = mock(FilterChain.class);
+		FilterChain filterChain = Mockito.mock(FilterChain.class);
 
 		filter.doFilter(request, response, filterChain);
 
-		verify(filter).attemptAuthentication(any(HttpServletRequest.class), any(HttpServletResponse.class));
+		Mockito.verify(filter).attemptAuthentication(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class));
 
 		ArgumentCaptor<Authentication> authenticationArgCaptor = ArgumentCaptor.forClass(Authentication.class);
-		verify(successHandler).onAuthenticationSuccess(any(HttpServletRequest.class), any(HttpServletResponse.class),
+		Mockito.verify(successHandler).onAuthenticationSuccess(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class),
 				authenticationArgCaptor.capture());
-		assertThat(authenticationArgCaptor.getValue()).isEqualTo(authentication);
+		Assertions.assertThat(authenticationArgCaptor.getValue()).isEqualTo(authentication);
 	}
 
 	@Test
 	public void doFilterWhenAuthorizationCodeSuccessResponseAndNoMatchingAuthorizationRequestThenThrowOAuth2AuthenticationExceptionAuthorizationRequestNotFound() throws Exception {
-		ClientRegistration clientRegistration = githubClientRegistration();
+		ClientRegistration clientRegistration = TestUtil.githubClientRegistration();
 
-		AuthorizationCodeAuthenticationProcessingFilter filter = spy(setupFilter(clientRegistration));
-		AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class);
+		AuthorizationCodeAuthenticationProcessingFilter filter = Mockito.spy(setupFilter(clientRegistration));
+		AuthenticationFailureHandler failureHandler = Mockito.mock(AuthenticationFailureHandler.class);
 		filter.setAuthenticationFailureHandler(failureHandler);
 
 		MockHttpServletRequest request = this.setupRequest(clientRegistration);
@@ -134,7 +137,7 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
 		request.addParameter(OAuth2Parameter.CODE, authCode);
 		request.addParameter(OAuth2Parameter.STATE, state);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		FilterChain filterChain = mock(FilterChain.class);
+		FilterChain filterChain = Mockito.mock(FilterChain.class);
 
 		filter.doFilter(request, response, filterChain);
 
@@ -143,10 +146,10 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
 
 	@Test
 	public void doFilterWhenAuthorizationCodeSuccessResponseWithInvalidStateParamThenThrowOAuth2AuthenticationExceptionInvalidStateParameter() throws Exception {
-		ClientRegistration clientRegistration = githubClientRegistration();
+		ClientRegistration clientRegistration = TestUtil.githubClientRegistration();
 
-		AuthorizationCodeAuthenticationProcessingFilter filter = spy(setupFilter(clientRegistration));
-		AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class);
+		AuthorizationCodeAuthenticationProcessingFilter filter = Mockito.spy(setupFilter(clientRegistration));
+		AuthenticationFailureHandler failureHandler = Mockito.mock(AuthenticationFailureHandler.class);
 		filter.setAuthenticationFailureHandler(failureHandler);
 		AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository();
 		filter.setAuthorizationRequestRepository(authorizationRequestRepository);
@@ -158,7 +161,7 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
 		request.addParameter(OAuth2Parameter.STATE, state);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		setupAuthorizationRequest(authorizationRequestRepository, request, response, clientRegistration, "some state");
-		FilterChain filterChain = mock(FilterChain.class);
+		FilterChain filterChain = Mockito.mock(FilterChain.class);
 
 		filter.doFilter(request, response, filterChain);
 
@@ -167,10 +170,10 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
 
 	@Test
 	public void doFilterWhenAuthorizationCodeSuccessResponseWithInvalidRedirectUriParamThenThrowOAuth2AuthenticationExceptionInvalidRedirectUriParameter() throws Exception {
-		ClientRegistration clientRegistration = githubClientRegistration();
+		ClientRegistration clientRegistration = TestUtil.githubClientRegistration();
 
-		AuthorizationCodeAuthenticationProcessingFilter filter = spy(setupFilter(clientRegistration));
-		AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class);
+		AuthorizationCodeAuthenticationProcessingFilter filter = Mockito.spy(setupFilter(clientRegistration));
+		AuthenticationFailureHandler failureHandler = Mockito.mock(AuthenticationFailureHandler.class);
 		filter.setAuthenticationFailureHandler(failureHandler);
 		AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository();
 		filter.setAuthorizationRequestRepository(authorizationRequestRepository);
@@ -183,7 +186,7 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
 		request.addParameter(OAuth2Parameter.STATE, state);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		setupAuthorizationRequest(authorizationRequestRepository, request, response, clientRegistration, state);
-		FilterChain filterChain = mock(FilterChain.class);
+		FilterChain filterChain = Mockito.mock(FilterChain.class);
 
 		filter.doFilter(request, response, filterChain);
 
@@ -194,21 +197,21 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
 																		AuthenticationFailureHandler failureHandler,
 																		String errorCode) throws Exception {
 
-		verify(filter).attemptAuthentication(any(HttpServletRequest.class), any(HttpServletResponse.class));
+		Mockito.verify(filter).attemptAuthentication(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class));
 
 		ArgumentCaptor<AuthenticationException> authenticationExceptionArgCaptor =
 				ArgumentCaptor.forClass(AuthenticationException.class);
-		verify(failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class),
+		Mockito.verify(failureHandler).onAuthenticationFailure(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class),
 				authenticationExceptionArgCaptor.capture());
-		assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class);
+		Assertions.assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class);
 		OAuth2AuthenticationException oauth2AuthenticationException =
 				(OAuth2AuthenticationException)authenticationExceptionArgCaptor.getValue();
-		assertThat(oauth2AuthenticationException.getErrorObject()).isNotNull();
-		assertThat(oauth2AuthenticationException.getErrorObject().getErrorCode()).isEqualTo(errorCode);
+		Assertions.assertThat(oauth2AuthenticationException.getErrorObject()).isNotNull();
+		Assertions.assertThat(oauth2AuthenticationException.getErrorObject().getErrorCode()).isEqualTo(errorCode);
 	}
 
 	private AuthorizationCodeAuthenticationProcessingFilter setupFilter(ClientRegistration... clientRegistrations) throws Exception {
-		AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
+		AuthenticationManager authenticationManager = Mockito.mock(AuthenticationManager.class);
 
 		return setupFilter(authenticationManager, clientRegistrations);
 	}
@@ -216,7 +219,7 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
 	private AuthorizationCodeAuthenticationProcessingFilter setupFilter(
 			AuthenticationManager authenticationManager, ClientRegistration... clientRegistrations) throws Exception {
 
-		ClientRegistrationRepository clientRegistrationRepository = clientRegistrationRepository(clientRegistrations);
+		ClientRegistrationRepository clientRegistrationRepository = TestUtil.clientRegistrationRepository(clientRegistrations);
 
 		AuthorizationCodeAuthenticationProcessingFilter filter = new AuthorizationCodeAuthenticationProcessingFilter();
 		filter.setClientRegistrationRepository(clientRegistrationRepository);
@@ -244,11 +247,11 @@ public class AuthorizationCodeAuthenticationProcessingFilterTests {
 	}
 
 	private MockHttpServletRequest setupRequest(ClientRegistration clientRegistration) {
-		String requestURI = AUTHORIZE_BASE_URI + "/" + clientRegistration.getClientAlias();
+		String requestURI = TestUtil.AUTHORIZE_BASE_URI + "/" + clientRegistration.getClientAlias();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestURI);
-		request.setScheme(DEFAULT_SCHEME);
-		request.setServerName(DEFAULT_SERVER_NAME);
-		request.setServerPort(DEFAULT_SERVER_PORT);
+		request.setScheme(TestUtil.DEFAULT_SCHEME);
+		request.setServerName(TestUtil.DEFAULT_SERVER_NAME);
+		request.setServerPort(TestUtil.DEFAULT_SERVER_PORT);
 		request.setServletPath(requestURI);
 		return request;
 	}

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeRequestRedirectFilterTests.java → oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationCodeRequestRedirectFilterTests.java

@@ -13,9 +13,12 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.oauth2.client.authentication;
+package org.springframework.security.oauth2.client.web;
 
+import org.assertj.core.api.Assertions;
 import org.junit.Test;
+import org.mockito.Matchers;
+import org.mockito.Mockito;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
@@ -29,7 +32,6 @@ import java.net.URI;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.*;
-import static org.springframework.security.oauth2.client.authentication.TestUtil.*;
 
 /**
  * Tests {@link AuthorizationCodeRequestRedirectFilter}.
@@ -40,17 +42,17 @@ public class AuthorizationCodeRequestRedirectFilterTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
-		new AuthorizationCodeRequestRedirectFilter(null, mock(AuthorizationRequestUriBuilder.class));
+		new AuthorizationCodeRequestRedirectFilter(null, Mockito.mock(AuthorizationRequestUriBuilder.class));
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorWhenAuthorizationRequestUriBuilderIsNullThenThrowIllegalArgumentException() {
-		new AuthorizationCodeRequestRedirectFilter(mock(ClientRegistrationRepository.class), null);
+		new AuthorizationCodeRequestRedirectFilter(Mockito.mock(ClientRegistrationRepository.class), null);
 	}
 
 	@Test
 	public void doFilterWhenRequestDoesNotMatchClientThenContinueChain() throws Exception {
-		ClientRegistration clientRegistration = googleClientRegistration();
+		ClientRegistration clientRegistration = TestUtil.googleClientRegistration();
 		String authorizationUri = clientRegistration.getProviderDetails().getAuthorizationUri().toString();
 		AuthorizationCodeRequestRedirectFilter filter =
 				setupFilter(authorizationUri, clientRegistration);
@@ -59,72 +61,72 @@ public class AuthorizationCodeRequestRedirectFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestURI);
 		request.setServletPath(requestURI);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		FilterChain filterChain = mock(FilterChain.class);
+		FilterChain filterChain = Mockito.mock(FilterChain.class);
 
 		filter.doFilter(request, response, filterChain);
 
-		verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
+		Mockito.verify(filterChain).doFilter(Matchers.any(HttpServletRequest.class), Matchers.any(HttpServletResponse.class));
 	}
 
 	@Test
 	public void doFilterWhenRequestMatchesClientThenRedirectForAuthorization() throws Exception {
-		ClientRegistration clientRegistration = googleClientRegistration();
+		ClientRegistration clientRegistration = TestUtil.googleClientRegistration();
 		String authorizationUri = clientRegistration.getProviderDetails().getAuthorizationUri().toString();
 		AuthorizationCodeRequestRedirectFilter filter =
 				setupFilter(authorizationUri, clientRegistration);
 
-		String requestUri = AUTHORIZATION_BASE_URI + "/" + clientRegistration.getClientAlias();
+		String requestUri = TestUtil.AUTHORIZATION_BASE_URI + "/" + clientRegistration.getClientAlias();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		FilterChain filterChain = mock(FilterChain.class);
+		FilterChain filterChain = Mockito.mock(FilterChain.class);
 
 		filter.doFilter(request, response, filterChain);
 
-		verifyZeroInteractions(filterChain);        // Request should not proceed up the chain
+		Mockito.verifyZeroInteractions(filterChain);        // Request should not proceed up the chain
 
-		assertThat(response.getRedirectedUrl()).isEqualTo(authorizationUri);
+		Assertions.assertThat(response.getRedirectedUrl()).isEqualTo(authorizationUri);
 	}
 
 	@Test
 	public void doFilterWhenRequestMatchesClientThenAuthorizationRequestSavedInSession() throws Exception {
-		ClientRegistration clientRegistration = githubClientRegistration();
+		ClientRegistration clientRegistration = TestUtil.githubClientRegistration();
 		String authorizationUri = clientRegistration.getProviderDetails().getAuthorizationUri().toString();
 		AuthorizationCodeRequestRedirectFilter filter =
 				setupFilter(authorizationUri, clientRegistration);
 		AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository();
 		filter.setAuthorizationRequestRepository(authorizationRequestRepository);
 
-		String requestUri = AUTHORIZATION_BASE_URI + "/" + clientRegistration.getClientAlias();
+		String requestUri = TestUtil.AUTHORIZATION_BASE_URI + "/" + clientRegistration.getClientAlias();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		FilterChain filterChain = mock(FilterChain.class);
+		FilterChain filterChain = Mockito.mock(FilterChain.class);
 
 		filter.doFilter(request, response, filterChain);
 
-		verifyZeroInteractions(filterChain);        // Request should not proceed up the chain
+		Mockito.verifyZeroInteractions(filterChain);        // Request should not proceed up the chain
 
 		// The authorization request attributes are saved in the session before the redirect happens
 		AuthorizationRequestAttributes authorizationRequestAttributes =
 				authorizationRequestRepository.loadAuthorizationRequest(request);
-		assertThat(authorizationRequestAttributes).isNotNull();
-
-		assertThat(authorizationRequestAttributes.getAuthorizeUri()).isNotNull();
-		assertThat(authorizationRequestAttributes.getGrantType()).isNotNull();
-		assertThat(authorizationRequestAttributes.getResponseType()).isNotNull();
-		assertThat(authorizationRequestAttributes.getClientId()).isNotNull();
-		assertThat(authorizationRequestAttributes.getRedirectUri()).isNotNull();
-		assertThat(authorizationRequestAttributes.getScope()).isNotNull();
-		assertThat(authorizationRequestAttributes.getState()).isNotNull();
+		Assertions.assertThat(authorizationRequestAttributes).isNotNull();
+
+		Assertions.assertThat(authorizationRequestAttributes.getAuthorizeUri()).isNotNull();
+		Assertions.assertThat(authorizationRequestAttributes.getGrantType()).isNotNull();
+		Assertions.assertThat(authorizationRequestAttributes.getResponseType()).isNotNull();
+		Assertions.assertThat(authorizationRequestAttributes.getClientId()).isNotNull();
+		Assertions.assertThat(authorizationRequestAttributes.getRedirectUri()).isNotNull();
+		Assertions.assertThat(authorizationRequestAttributes.getScope()).isNotNull();
+		Assertions.assertThat(authorizationRequestAttributes.getState()).isNotNull();
 	}
 
 	private AuthorizationCodeRequestRedirectFilter setupFilter(String authorizationUri,
 																ClientRegistration... clientRegistrations) throws Exception {
 
-		AuthorizationRequestUriBuilder authorizationUriBuilder = mock(AuthorizationRequestUriBuilder.class);
+		AuthorizationRequestUriBuilder authorizationUriBuilder = Mockito.mock(AuthorizationRequestUriBuilder.class);
 		URI authorizationURI = new URI(authorizationUri);
-		when(authorizationUriBuilder.build(any(AuthorizationRequestAttributes.class))).thenReturn(authorizationURI);
+		Mockito.when(authorizationUriBuilder.build(Matchers.any(AuthorizationRequestAttributes.class))).thenReturn(authorizationURI);
 
 		return setupFilter(authorizationUriBuilder, clientRegistrations);
 	}
@@ -132,7 +134,7 @@ public class AuthorizationCodeRequestRedirectFilterTests {
 	private AuthorizationCodeRequestRedirectFilter setupFilter(AuthorizationRequestUriBuilder authorizationUriBuilder,
 																ClientRegistration... clientRegistrations) throws Exception {
 
-		ClientRegistrationRepository clientRegistrationRepository = clientRegistrationRepository(clientRegistrations);
+		ClientRegistrationRepository clientRegistrationRepository = TestUtil.clientRegistrationRepository(clientRegistrations);
 
 		AuthorizationCodeRequestRedirectFilter filter = new AuthorizationCodeRequestRedirectFilter(
 															clientRegistrationRepository, authorizationUriBuilder);

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestUtil.java → oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/TestUtil.java

@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.oauth2.client.authentication;
+package org.springframework.security.oauth2.client.web;
 
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationProperties;

samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java

@@ -36,10 +36,10 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProcessingFilter;
+import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationProcessingFilter;
 import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
-import org.springframework.security.oauth2.client.authentication.AuthorizationCodeRequestRedirectFilter;
-import org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger;
+import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter;
+import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.client.user.OAuth2UserService;