Update Opaque Token Sample and tests

Issue: gh-6498

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationToken.java

@@ -69,7 +69,7 @@ public class OAuth2IntrospectionAuthenticationToken
 	public OAuth2IntrospectionAuthenticationToken(OAuth2AccessToken token, OAuth2TokenAttributes attributes,
 		Collection<? extends GrantedAuthority> authorities, String name) {
 
-		super(token, attributes(attributes), token, authorities);
+		super(token, attributes, token, authorities);
 		this.attributes = attributes(attributes);
 		this.name = name == null ? (String) this.attributes.get(SUBJECT) : name;
 		setAuthenticated(true);

oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationProviderTests.java

@@ -24,6 +24,7 @@ import org.junit.Test;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.OAuth2TokenAttributes;
 import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames;
 import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException;
 import org.springframework.security.oauth2.server.resource.introspection.OAuth2TokenIntrospectionClient;
@@ -63,9 +64,9 @@ public class OAuth2IntrospectionAuthenticationProviderTests {
 		Authentication result =
 				provider.authenticate(new BearerTokenAuthenticationToken("token"));
 
-		assertThat(result.getPrincipal()).isInstanceOf(Map.class);
+		assertThat(result.getPrincipal()).isInstanceOf(OAuth2TokenAttributes.class);
 
-		Map<String, Object> attributes = (Map<String, Object>) result.getPrincipal();
+		Map<String, Object> attributes = ((OAuth2TokenAttributes) result.getPrincipal()).getAttributes();
 		assertThat(attributes)
 				.isNotNull()
 				.containsEntry(ACTIVE, true)
@@ -94,9 +95,9 @@ public class OAuth2IntrospectionAuthenticationProviderTests {
 
 		Authentication result =
 				provider.authenticate(new BearerTokenAuthenticationToken("token"));
-		assertThat(result.getPrincipal()).isInstanceOf(Map.class);
+		assertThat(result.getPrincipal()).isInstanceOf(OAuth2TokenAttributes.class);
 
-		Map<String, Object> attributes = (Map<String, Object>) result.getPrincipal();
+		Map<String, Object> attributes = ((OAuth2TokenAttributes) result.getPrincipal()).getAttributes();
 		assertThat(attributes)
 				.isNotNull()
 				.doesNotContainKey(SCOPE);

oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationTokenTests.java

@@ -93,7 +93,7 @@ public class OAuth2IntrospectionAuthenticationTokenTests {
 	public void constructorWhenAttributesAreNullOrEmptyThenThrowsException() {
 		assertThatCode(() -> new OAuth2IntrospectionAuthenticationToken(this.token, null, null))
 				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessageContaining("attributes cannot be empty");
+				.hasMessageContaining("principal cannot be null");
 
 		assertThatCode(() -> new OAuth2IntrospectionAuthenticationToken(this.token,
 									new OAuth2TokenAttributes(Collections.emptyMap()), null))

oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionReactiveAuthenticationManagerTests.java

@@ -22,6 +22,7 @@ import java.util.Arrays;
 import java.util.Map;
 
 import org.junit.Test;
+import org.springframework.security.oauth2.core.OAuth2TokenAttributes;
 import reactor.core.publisher.Mono;
 
 import org.springframework.security.core.Authentication;
@@ -62,9 +63,9 @@ public class OAuth2IntrospectionReactiveAuthenticationManagerTests {
 		Authentication result =
 				provider.authenticate(new BearerTokenAuthenticationToken("token")).block();
 
-		assertThat(result.getPrincipal()).isInstanceOf(Map.class);
+		assertThat(result.getPrincipal()).isInstanceOf(OAuth2TokenAttributes.class);
 
-		Map<String, Object> attributes = (Map<String, Object>) result.getPrincipal();
+		Map<String, Object> attributes = ((OAuth2TokenAttributes) result.getPrincipal()).getAttributes();
 		assertThat(attributes)
 				.isNotNull()
 				.containsEntry(ACTIVE, true)
@@ -93,9 +94,9 @@ public class OAuth2IntrospectionReactiveAuthenticationManagerTests {
 
 		Authentication result =
 				provider.authenticate(new BearerTokenAuthenticationToken("token")).block();
-		assertThat(result.getPrincipal()).isInstanceOf(Map.class);
+		assertThat(result.getPrincipal()).isInstanceOf(OAuth2TokenAttributes.class);
 
-		Map<String, Object> attributes = (Map<String, Object>) result.getPrincipal();
+		Map<String, Object> attributes = ((OAuth2TokenAttributes) result.getPrincipal()).getAttributes();
 		assertThat(attributes)
 				.isNotNull()
 				.doesNotContainKey(SCOPE);

samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerController.java

@@ -16,6 +16,7 @@
 package sample;
 
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.oauth2.core.OAuth2TokenAttributes;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -26,8 +27,8 @@ import org.springframework.web.bind.annotation.RestController;
 public class OAuth2ResourceServerController {
 
 	@GetMapping("/")
-	public String index(@AuthenticationPrincipal(expression="['sub']") String subject) {
-		return String.format("Hello, %s!", subject);
+	public String index(@AuthenticationPrincipal OAuth2TokenAttributes attributes) {
+		return String.format("Hello, %s!", (String) attributes.getAttribute("sub"));
 	}
 
 	@GetMapping("/message")