6 月之前 · 7bca17cb5a
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2018 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -65,8 +65,8 @@ public final class BearerTokenAuthenticationEntryPoint implements Authentication
 
				 		if (this.realmName != null) {
			
 
				 			parameters.put("realm", this.realmName);
			
 
				 		}
			
 
				-		if (authException instanceof OAuth2AuthenticationException) {
			
 
				-			OAuth2Error error = ((OAuth2AuthenticationException) authException).getError();
			
 
				+		if (authException instanceof OAuth2AuthenticationException oAuth2AuthenticationException) {
			
 
				+			OAuth2Error error = oAuth2AuthenticationException.getError();
			
 
				 			parameters.put("error", error.getErrorCode());
			
 
				 			if (StringUtils.hasText(error.getDescription())) {
			
 
				 				parameters.put("error_description", error.getDescription());
			
@@ -78,7 +78,7 @@ public final class BearerTokenAuthenticationEntryPoint implements Authentication
 
				 				if (StringUtils.hasText(bearerTokenError.getScope())) {
			
 
				 					parameters.put("scope", bearerTokenError.getScope());
			
 
				 				}
			
 
				-				status = ((BearerTokenError) error).getHttpStatus();
			
 
				+				status = bearerTokenError.getHttpStatus();
			
 
				 			}
			
 
				 		}
			
 
				 		String wwwAuthenticate = computeWWWAuthenticateHeaderValue(parameters);
			
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2024 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -64,7 +64,7 @@ public final class DefaultBearerTokenResolver implements BearerTokenResolver {
 
				 			return authorizationHeaderToken;
			
 
				 		}
			
 
				 		if (parameterToken != null && isParameterTokenEnabledForRequest(request)) {
			
 
				-			if (!StringUtils.hasText(parameterToken)) {
			
 
				+			if (parameterToken.isBlank()) {
			
 
				 				BearerTokenError error = BearerTokenErrors
			
 
				 					.invalidRequest("The requested token parameter is an empty string");
			
 
				 				throw new OAuth2AuthenticationException(error);
			
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2018 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -73,8 +73,8 @@ public final class BearerTokenServerAuthenticationEntryPoint implements ServerAu
 
				 		if (this.realmName != null) {
			
 
				 			parameters.put("realm", this.realmName);
			
 
				 		}
			
 
				-		if (authException instanceof OAuth2AuthenticationException) {
			
 
				-			OAuth2Error error = ((OAuth2AuthenticationException) authException).getError();
			
 
				+		if (authException instanceof OAuth2AuthenticationException oAuth2AuthenticationException) {
			
 
				+			OAuth2Error error = oAuth2AuthenticationException.getError();
			
 
				 			parameters.put("error", error.getErrorCode());
			
 
				 			if (StringUtils.hasText(error.getDescription())) {
			
 
				 				parameters.put("error_description", error.getDescription());
			
@@ -82,20 +82,19 @@ public final class BearerTokenServerAuthenticationEntryPoint implements ServerAu
 
				 			if (StringUtils.hasText(error.getUri())) {
			
 
				 				parameters.put("error_uri", error.getUri());
			
 
				 			}
			
 
				-			if (error instanceof BearerTokenError bearerTokenError) {
			
 
				-				if (StringUtils.hasText(bearerTokenError.getScope())) {
			
 
				-					parameters.put("scope", bearerTokenError.getScope());
			
 
				-				}
			
 
				+			if (error instanceof BearerTokenError bearerTokenError
			
 
				+					&& StringUtils.hasText(bearerTokenError.getScope())) {
			
 
				+				parameters.put("scope", bearerTokenError.getScope());
			
 
				 			}
			
 
				 		}
			
 
				 		return parameters;
			
 
				 	}
			
 
				 
			
 
				 	private HttpStatus getStatus(AuthenticationException authException) {
			
 
				-		if (authException instanceof OAuth2AuthenticationException) {
			
 
				-			OAuth2Error error = ((OAuth2AuthenticationException) authException).getError();
			
 
				-			if (error instanceof BearerTokenError) {
			
 
				-				return ((BearerTokenError) error).getHttpStatus();
			
 
				+		if (authException instanceof OAuth2AuthenticationException oAuth2AuthenticationException) {
			
 
				+			OAuth2Error error = oAuth2AuthenticationException.getError();
			
 
				+			if (error instanceof BearerTokenError bearerTokenError) {
			
 
				+				return bearerTokenError.getHttpStatus();
			
 
				 			}
			
 
				 		}
			
 
				 		return HttpStatus.UNAUTHORIZED;