From 29b9dc6f0431d8f9f377d1be0296ae873cbfe410 Mon Sep 17 00:00:00 2001
From: Joe Grandja <10884212+jgrandja@users.noreply.github.com>
Date: Thu, 4 Dec 2025 15:30:22 -0500
Subject: [PATCH] Register runtime hints for authorization server

Issue gh-18251
---
 ...OAuth2AuthorizationServerRuntimeHints.java | 53 +++++++++++++++++++
 .../resources/META-INF/spring/aot.factories   |  3 ++
 2 files changed, 56 insertions(+)
 create mode 100644 oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/aot/hint/OAuth2AuthorizationServerRuntimeHints.java

diff --git a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/aot/hint/OAuth2AuthorizationServerRuntimeHints.java b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/aot/hint/OAuth2AuthorizationServerRuntimeHints.java
new file mode 100644
index 0000000000..12854d6c90
--- /dev/null
+++ b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/aot/hint/OAuth2AuthorizationServerRuntimeHints.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2004-present the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.oauth2.server.authorization.aot.hint;
+
+import org.springframework.aot.hint.MemberCategory;
+import org.springframework.aot.hint.RuntimeHints;
+import org.springframework.aot.hint.RuntimeHintsRegistrar;
+import org.springframework.aot.hint.TypeReference;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationProvider;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter;
+
+/**
+ * {@link RuntimeHintsRegistrar} that contributes the required {@link RuntimeHints} for
+ * OAuth 2.1 Authorization Server. Statically registered via
+ * META-INF/spring/aot.factories.
+ *
+ * @author Joe Grandja
+ * @since 7.0
+ */
+class OAuth2AuthorizationServerRuntimeHints implements RuntimeHintsRegistrar {
+
+	@Override
+	public void registerHints(RuntimeHints hints, ClassLoader classLoader) {
+		hints.reflection()
+			.registerType(OAuth2AuthorizationCodeRequestAuthenticationProvider.class,
+					MemberCategory.INVOKE_DECLARED_METHODS);
+		hints.reflection()
+			.registerType(OAuth2AuthorizationEndpointFilter.class, MemberCategory.INVOKE_DECLARED_METHODS);
+		hints.reflection()
+			.registerType(TypeReference
+				.of("org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter$OAuth2AuthorizationCodeRequestValidatingFilter"),
+					MemberCategory.INVOKE_DECLARED_CONSTRUCTORS);
+		hints.reflection()
+			.registerType(OAuth2AuthorizationCodeRequestAuthenticationToken.class, MemberCategory.DECLARED_FIELDS);
+
+	}
+
+}
diff --git a/oauth2/oauth2-authorization-server/src/main/resources/META-INF/spring/aot.factories b/oauth2/oauth2-authorization-server/src/main/resources/META-INF/spring/aot.factories
index a82dcb0ac9..ca7f2a4d7b 100644
--- a/oauth2/oauth2-authorization-server/src/main/resources/META-INF/spring/aot.factories
+++ b/oauth2/oauth2-authorization-server/src/main/resources/META-INF/spring/aot.factories
@@ -1,2 +1,5 @@
 org.springframework.beans.factory.aot.BeanRegistrationAotProcessor=\
  org.springframework.security.oauth2.server.authorization.aot.hint.OAuth2AuthorizationServerBeanRegistrationAotProcessor
+
+org.springframework.aot.hint.RuntimeHintsRegistrar=\
+org.springframework.security.oauth2.server.authorization.aot.hint.OAuth2AuthorizationServerRuntimeHints