Use OAuth2Token instead of AbstractOAuth2Token

Closes gh-10959

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,11 +25,11 @@ import org.springframework.util.Assert;
 /**
  * A composite validator
  *
- * @param <T> the type of {@link AbstractOAuth2Token} this validator validates
+ * @param <T> the type of {@link OAuth2Token} this validator validates
  * @author Josh Cummings
  * @since 5.1
  */
-public final class DelegatingOAuth2TokenValidator<T extends AbstractOAuth2Token> implements OAuth2TokenValidator<T> {
+public final class DelegatingOAuth2TokenValidator<T extends OAuth2Token> implements OAuth2TokenValidator<T> {
 
 	private final Collection<OAuth2TokenValidator<T>> tokenValidators;
 

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,7 +25,7 @@ package org.springframework.security.oauth2.core;
  * @since 5.1
  */
 @FunctionalInterface
-public interface OAuth2TokenValidator<T extends AbstractOAuth2Token> {
+public interface OAuth2TokenValidator<T extends OAuth2Token> {
 
 	/**
 	 * Verify the validity and/or constraints of the provided OAuth 2.0 Token.

oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -40,20 +40,20 @@ public class DelegatingOAuth2TokenValidatorTests {
 
 	@Test
 	public void validateWhenNoValidatorsConfiguredThenReturnsSuccessfulResult() {
-		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> tokenValidator = new DelegatingOAuth2TokenValidator<>();
-		AbstractOAuth2Token token = mock(AbstractOAuth2Token.class);
+		DelegatingOAuth2TokenValidator<OAuth2Token> tokenValidator = new DelegatingOAuth2TokenValidator<>();
+		OAuth2Token token = mock(OAuth2Token.class);
 		assertThat(tokenValidator.validate(token).hasErrors()).isFalse();
 	}
 
 	@Test
 	public void validateWhenAnyValidatorFailsThenReturnsFailureResultContainingDetailFromFailingValidator() {
-		OAuth2TokenValidator<AbstractOAuth2Token> success = mock(OAuth2TokenValidator.class);
-		OAuth2TokenValidator<AbstractOAuth2Token> failure = mock(OAuth2TokenValidator.class);
-		given(success.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success());
-		given(failure.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.failure(DETAIL));
-		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> tokenValidator = new DelegatingOAuth2TokenValidator<>(
+		OAuth2TokenValidator<OAuth2Token> success = mock(OAuth2TokenValidator.class);
+		OAuth2TokenValidator<OAuth2Token> failure = mock(OAuth2TokenValidator.class);
+		given(success.validate(any(OAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success());
+		given(failure.validate(any(OAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.failure(DETAIL));
+		DelegatingOAuth2TokenValidator<OAuth2Token> tokenValidator = new DelegatingOAuth2TokenValidator<>(
 				Arrays.asList(success, failure));
-		AbstractOAuth2Token token = mock(AbstractOAuth2Token.class);
+		OAuth2Token token = mock(OAuth2Token.class);
 		OAuth2TokenValidatorResult result = tokenValidator.validate(token);
 		assertThat(result.hasErrors()).isTrue();
 		assertThat(result.getErrors()).containsExactly(DETAIL);
@@ -61,16 +61,15 @@ public class DelegatingOAuth2TokenValidatorTests {
 
 	@Test
 	public void validateWhenMultipleValidatorsFailThenReturnsFailureResultContainingAllDetails() {
-		OAuth2TokenValidator<AbstractOAuth2Token> firstFailure = mock(OAuth2TokenValidator.class);
-		OAuth2TokenValidator<AbstractOAuth2Token> secondFailure = mock(OAuth2TokenValidator.class);
+		OAuth2TokenValidator<OAuth2Token> firstFailure = mock(OAuth2TokenValidator.class);
+		OAuth2TokenValidator<OAuth2Token> secondFailure = mock(OAuth2TokenValidator.class);
 		OAuth2Error otherDetail = new OAuth2Error("another-error");
-		given(firstFailure.validate(any(AbstractOAuth2Token.class)))
-				.willReturn(OAuth2TokenValidatorResult.failure(DETAIL));
-		given(secondFailure.validate(any(AbstractOAuth2Token.class)))
+		given(firstFailure.validate(any(OAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.failure(DETAIL));
+		given(secondFailure.validate(any(OAuth2Token.class)))
 				.willReturn(OAuth2TokenValidatorResult.failure(otherDetail));
-		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> tokenValidator = new DelegatingOAuth2TokenValidator<>(
-				firstFailure, secondFailure);
-		AbstractOAuth2Token token = mock(AbstractOAuth2Token.class);
+		DelegatingOAuth2TokenValidator<OAuth2Token> tokenValidator = new DelegatingOAuth2TokenValidator<>(firstFailure,
+				secondFailure);
+		OAuth2Token token = mock(OAuth2Token.class);
 		OAuth2TokenValidatorResult result = tokenValidator.validate(token);
 		assertThat(result.hasErrors()).isTrue();
 		assertThat(result.getErrors()).containsExactly(DETAIL, otherDetail);
@@ -78,13 +77,13 @@ public class DelegatingOAuth2TokenValidatorTests {
 
 	@Test
 	public void validateWhenAllValidatorsSucceedThenReturnsSuccessfulResult() {
-		OAuth2TokenValidator<AbstractOAuth2Token> firstSuccess = mock(OAuth2TokenValidator.class);
-		OAuth2TokenValidator<AbstractOAuth2Token> secondSuccess = mock(OAuth2TokenValidator.class);
-		given(firstSuccess.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success());
-		given(secondSuccess.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success());
-		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> tokenValidator = new DelegatingOAuth2TokenValidator<>(
+		OAuth2TokenValidator<OAuth2Token> firstSuccess = mock(OAuth2TokenValidator.class);
+		OAuth2TokenValidator<OAuth2Token> secondSuccess = mock(OAuth2TokenValidator.class);
+		given(firstSuccess.validate(any(OAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success());
+		given(secondSuccess.validate(any(OAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success());
+		DelegatingOAuth2TokenValidator<OAuth2Token> tokenValidator = new DelegatingOAuth2TokenValidator<>(
 				Arrays.asList(firstSuccess, secondSuccess));
-		AbstractOAuth2Token token = mock(AbstractOAuth2Token.class);
+		OAuth2Token token = mock(OAuth2Token.class);
 		OAuth2TokenValidatorResult result = tokenValidator.validate(token);
 		assertThat(result.hasErrors()).isFalse();
 		assertThat(result.getErrors()).isEmpty();
@@ -92,21 +91,21 @@ public class DelegatingOAuth2TokenValidatorTests {
 
 	@Test
 	public void constructorWhenInvokedWithNullValidatorListThenThrowsIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> new DelegatingOAuth2TokenValidator<>(
-				(Collection<OAuth2TokenValidator<AbstractOAuth2Token>>) null));
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new DelegatingOAuth2TokenValidator<>((Collection<OAuth2TokenValidator<OAuth2Token>>) null));
 	}
 
 	@Test
 	public void constructorsWhenInvokedWithSameInputsThenResultInSameOutputs() {
-		OAuth2TokenValidator<AbstractOAuth2Token> firstSuccess = mock(OAuth2TokenValidator.class);
-		OAuth2TokenValidator<AbstractOAuth2Token> secondSuccess = mock(OAuth2TokenValidator.class);
-		given(firstSuccess.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success());
-		given(secondSuccess.validate(any(AbstractOAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success());
-		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> firstValidator = new DelegatingOAuth2TokenValidator<>(
+		OAuth2TokenValidator<OAuth2Token> firstSuccess = mock(OAuth2TokenValidator.class);
+		OAuth2TokenValidator<OAuth2Token> secondSuccess = mock(OAuth2TokenValidator.class);
+		given(firstSuccess.validate(any(OAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success());
+		given(secondSuccess.validate(any(OAuth2Token.class))).willReturn(OAuth2TokenValidatorResult.success());
+		DelegatingOAuth2TokenValidator<OAuth2Token> firstValidator = new DelegatingOAuth2TokenValidator<>(
 				Arrays.asList(firstSuccess, secondSuccess));
-		DelegatingOAuth2TokenValidator<AbstractOAuth2Token> secondValidator = new DelegatingOAuth2TokenValidator<>(
-				firstSuccess, secondSuccess);
-		AbstractOAuth2Token token = mock(AbstractOAuth2Token.class);
+		DelegatingOAuth2TokenValidator<OAuth2Token> secondValidator = new DelegatingOAuth2TokenValidator<>(firstSuccess,
+				secondSuccess);
+		OAuth2Token token = mock(OAuth2Token.class);
 		firstValidator.validate(token);
 		secondValidator.validate(token);
 		verify(firstSuccess, times(2)).validate(token);

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/AbstractOAuth2TokenAuthenticationToken.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,8 +23,8 @@ import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.SpringSecurityCoreVersion;
-import org.springframework.security.oauth2.core.AbstractOAuth2Token;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.OAuth2Token;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.util.Assert;
 
@@ -45,7 +45,7 @@ import org.springframework.util.Assert;
  * @see <a target="_blank" href="https://tools.ietf.org/search/rfc7662#section-2.2">2.2
  * Introspection Response</a>
  */
-public abstract class AbstractOAuth2TokenAuthenticationToken<T extends AbstractOAuth2Token>
+public abstract class AbstractOAuth2TokenAuthenticationToken<T extends OAuth2Token>
 		extends AbstractAuthenticationToken {
 
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2019 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,7 +21,7 @@ import reactor.core.publisher.Mono;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.oauth2.core.AbstractOAuth2Token;
+import org.springframework.security.oauth2.core.OAuth2Token;
 import org.springframework.web.reactive.function.client.ClientRequest;
 import org.springframework.web.reactive.function.client.ClientResponse;
 import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
@@ -30,7 +30,7 @@ import org.springframework.web.reactive.function.client.ExchangeFunction;
 /**
  * An {@link ExchangeFilterFunction} that adds the
  * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
- * Token</a> from an existing {@link AbstractOAuth2Token} tied to the current
+ * Token</a> from an existing {@link OAuth2Token} tied to the current
  * {@link Authentication}.
  *
  * Suitable for Reactive applications, applying it to a typical
@@ -60,12 +60,12 @@ public final class ServerBearerExchangeFilterFunction implements ExchangeFilterF
 		// @formatter:on
 	}
 
-	private Mono<AbstractOAuth2Token> oauth2Token() {
+	private Mono<OAuth2Token> oauth2Token() {
 		// @formatter:off
 		return currentAuthentication()
-				.filter((authentication) -> authentication.getCredentials() instanceof AbstractOAuth2Token)
+				.filter((authentication) -> authentication.getCredentials() instanceof OAuth2Token)
 				.map(Authentication::getCredentials)
-				.cast(AbstractOAuth2Token.class);
+				.cast(OAuth2Token.class);
 		// @formatter:on
 	}
 
@@ -76,7 +76,7 @@ public final class ServerBearerExchangeFilterFunction implements ExchangeFilterF
 		// @formatter:on
 	}
 
-	private ClientRequest bearer(ClientRequest request, AbstractOAuth2Token token) {
+	private ClientRequest bearer(ClientRequest request, OAuth2Token token) {
 		// @formatter:off
 		return ClientRequest.from(request)
 				.headers((headers) -> headers.setBearerAuth(token.getTokenValue()))

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2019 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,7 +22,7 @@ import reactor.core.publisher.Mono;
 import reactor.util.context.Context;
 
 import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.core.AbstractOAuth2Token;
+import org.springframework.security.oauth2.core.OAuth2Token;
 import org.springframework.web.reactive.function.client.ClientRequest;
 import org.springframework.web.reactive.function.client.ClientResponse;
 import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
@@ -31,7 +31,7 @@ import org.springframework.web.reactive.function.client.ExchangeFunction;
 /**
  * An {@link ExchangeFilterFunction} that adds the
  * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
- * Token</a> from an existing {@link AbstractOAuth2Token} tied to the current
+ * Token</a> from an existing {@link OAuth2Token} tied to the current
  * {@link Authentication}.
  *
  * Suitable for Servlet applications, applying it to a typical
@@ -71,14 +71,14 @@ public final class ServletBearerExchangeFilterFunction implements ExchangeFilter
 		// @formatter:on
 	}
 
-	private Mono<AbstractOAuth2Token> oauth2Token() {
+	private Mono<OAuth2Token> oauth2Token() {
 		// @formatter:off
 		return Mono.deferContextual(Mono::just)
 				.cast(Context.class)
 				.flatMap(this::currentAuthentication)
-				.filter((authentication) -> authentication.getCredentials() instanceof AbstractOAuth2Token)
+				.filter((authentication) -> authentication.getCredentials() instanceof OAuth2Token)
 				.map(Authentication::getCredentials)
-				.cast(AbstractOAuth2Token.class);
+				.cast(OAuth2Token.class);
 		// @formatter:on
 	}
 
@@ -96,7 +96,7 @@ public final class ServletBearerExchangeFilterFunction implements ExchangeFilter
 		return attributes.get(clazz);
 	}
 
-	private ClientRequest bearer(ClientRequest request, AbstractOAuth2Token token) {
+	private ClientRequest bearer(ClientRequest request, OAuth2Token token) {
 		// @formatter:off
 		return ClientRequest.from(request)
 				.headers((headers) -> headers.setBearerAuth(token.getTokenValue()))