Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Change interface with constants to final class 

Closes gh-10960
This commit is contained in:
Joe Grandja 2022-07-13 12:29:53 -04:00
parent 92d4f1237d
commit 7b18336c6a
14 changed files with 197 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
etc/checkstyle/checkstyle-suppressions.xml
View File

@ -16,20 +16,7 @@
<suppress files="org[\\/]springframework[\\/]security[\\/]core[\\/]ComparableVersion\.java" checks=".*"/>
<!-- InterfaceIsType rules we can't fix until a major revision due to back compatibility -->
<suppress files="JwsAlgorithms\.java" checks="InterfaceIsType"/>
<suppress files="JwtClaimNames\.java" checks="InterfaceIsType"/>
<suppress files="OAuth2ErrorCodes\.java" checks="InterfaceIsType"/>
<suppress files="OAuth2ParameterNames\.java" checks="InterfaceIsType"/>
<suppress files="PkceParameterNames\.java" checks="InterfaceIsType"/>
<suppress files="IdTokenClaimNames\.java" checks="InterfaceIsType"/>
<suppress files="OidcScopes\.java" checks="InterfaceIsType"/>
<suppress files="StandardClaimNames\.java" checks="InterfaceIsType"/>
<suppress files="OidcParameterNames\.java" checks="InterfaceIsType"/>
<suppress files="BearerTokenErrorCodes\.java" checks="InterfaceIsType"/>
<suppress files="OAuth2IntrospectionClaimNames\.java" checks="InterfaceIsType"/>
<suppress files="OAuth2TokenIntrospectionClaimNames\.java" checks="InterfaceIsType"/>
<suppress files="Saml2ErrorCodes\.java" checks="InterfaceIsType"/>
<suppress files="Saml2ParameterNames\.java" checks="InterfaceIsType"/>
<!-- Method Visibility that we can't reduce -->
<suppress files="AbstractAclVoterTests\.java" checks="SpringMethodVisibility"/>

35
oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2ErrorCodes.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -22,38 +22,38 @@ package org.springframework.security.oauth2.core;
* @author Joe Grandja
* @since 5.0
*/
public interface OAuth2ErrorCodes {
public final class OAuth2ErrorCodes {
/**
* {@code invalid_request} - The request is missing a required parameter, includes an
* invalid parameter value, includes a parameter more than once, or is otherwise
* malformed.
*/
String INVALID_REQUEST = "invalid_request";
public static final String INVALID_REQUEST = "invalid_request";
/**
* {@code unauthorized_client} - The client is not authorized to request an
* authorization code or access token using this method.
*/
String UNAUTHORIZED_CLIENT = "unauthorized_client";
public static final String UNAUTHORIZED_CLIENT = "unauthorized_client";
/**
* {@code access_denied} - The resource owner or authorization server denied the
* request.
*/
String ACCESS_DENIED = "access_denied";
public static final String ACCESS_DENIED = "access_denied";
/**
* {@code unsupported_response_type} - The authorization server does not support
* obtaining an authorization code or access token using this method.
*/
String UNSUPPORTED_RESPONSE_TYPE = "unsupported_response_type";
public static final String UNSUPPORTED_RESPONSE_TYPE = "unsupported_response_type";
/**
* {@code invalid_scope} - The requested scope is invalid, unknown, malformed or
* exceeds the scope granted by the resource owner.
*/
String INVALID_SCOPE = "invalid_scope";
public static final String INVALID_SCOPE = "invalid_scope";
/**
* {@code insufficient_scope} - The request requires higher privileges than provided
@ -64,7 +64,7 @@ public interface OAuth2ErrorCodes {
* @see <a href="https://tools.ietf.org/html/rfc6750#section-3.1">RFC-6750 - Section
* 3.1 - Error Codes</a>
*/
String INSUFFICIENT_SCOPE = "insufficient_scope";
public static final String INSUFFICIENT_SCOPE = "insufficient_scope";
/**
* {@code invalid_token} - The access token provided is expired, revoked, malformed,
@ -75,7 +75,7 @@ public interface OAuth2ErrorCodes {
* @see <a href="https://tools.ietf.org/html/rfc6750#section-3.1">RFC-6750 - Section
* 3.1 - Error Codes</a>
*/
String INVALID_TOKEN = "invalid_token";
public static final String INVALID_TOKEN = "invalid_token";
/**
* {@code server_error} - The authorization server encountered an unexpected condition
@ -83,7 +83,7 @@ public interface OAuth2ErrorCodes {
* 500 Internal Server Error HTTP status code cannot be returned to the client via a
* HTTP redirect.)
*/
String SERVER_ERROR = "server_error";
public static final String SERVER_ERROR = "server_error";
/**
* {@code temporarily_unavailable} - The authorization server is currently unable to
@ -91,7 +91,7 @@ public interface OAuth2ErrorCodes {
* (This error code is needed because a 503 Service Unavailable HTTP status code
* cannot be returned to the client via an HTTP redirect.)
*/
String TEMPORARILY_UNAVAILABLE = "temporarily_unavailable";
public static final String TEMPORARILY_UNAVAILABLE = "temporarily_unavailable";
/**
* {@code invalid_client} - Client authentication failed (e.g., unknown client, no
@ -103,7 +103,7 @@ public interface OAuth2ErrorCodes {
* include the &quot;WWW-Authenticate&quot; response header field matching the
* authentication scheme used by the client.
*/
String INVALID_CLIENT = "invalid_client";
public static final String INVALID_CLIENT = "invalid_client";
/**
* {@code invalid_grant} - The provided authorization grant (e.g., authorization code,
@ -111,13 +111,13 @@ public interface OAuth2ErrorCodes {
* match the redirection URI used in the authorization request, or was issued to
* another client.
*/
String INVALID_GRANT = "invalid_grant";
public static final String INVALID_GRANT = "invalid_grant";
/**
* {@code unsupported_grant_type} - The authorization grant type is not supported by
* the authorization server.
*/
String UNSUPPORTED_GRANT_TYPE = "unsupported_grant_type";
public static final String UNSUPPORTED_GRANT_TYPE = "unsupported_grant_type";
/**
* {@code unsupported_token_type} - The authorization server does not support the
@ -127,7 +127,7 @@ public interface OAuth2ErrorCodes {
* @see <a href="https://tools.ietf.org/html/rfc7009#section-2.2.1">RFC-7009 - Section
* 2.2.1 - Error Response</a>
*/
String UNSUPPORTED_TOKEN_TYPE = "unsupported_token_type";
public static final String UNSUPPORTED_TOKEN_TYPE = "unsupported_token_type";
/**
* {@code invalid_redirect_uri} - The value of one or more redirection URIs is
@ -137,6 +137,9 @@ public interface OAuth2ErrorCodes {
* @see <a href="https://datatracker.ietf.org/doc/html/rfc7591#section-3.2.2">RFC-7591
* - Section 3.2.2 - Client Registration Error Response</a>
*/
String INVALID_REDIRECT_URI = "invalid_redirect_uri";
public static final String INVALID_REDIRECT_URI = "invalid_redirect_uri";
private OAuth2ErrorCodes() {
}
}

31
oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenIntrospectionClaimNames.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -29,68 +29,71 @@ package org.springframework.security.oauth2.core;
* "https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-introspection-response">OAuth
* Parameters (IANA)</a>
*/
public interface OAuth2TokenIntrospectionClaimNames {
public final class OAuth2TokenIntrospectionClaimNames {
/**
* {@code active} - Indicator whether or not the token is currently active
*/
String ACTIVE = "active";
public static final String ACTIVE = "active";
/**
* {@code username} - A human-readable identifier for the resource owner that
* authorized the token
*/
String USERNAME = "username";
public static final String USERNAME = "username";
/**
* {@code client_id} - The Client identifier for the token
*/
String CLIENT_ID = "client_id";
public static final String CLIENT_ID = "client_id";
/**
* {@code scope} - The scopes for the token
*/
String SCOPE = "scope";
public static final String SCOPE = "scope";
/**
* {@code token_type} - The type of the token, for example {@code bearer}.
*/
String TOKEN_TYPE = "token_type";
public static final String TOKEN_TYPE = "token_type";
/**
* {@code exp} - A timestamp indicating when the token expires
*/
String EXP = "exp";
public static final String EXP = "exp";
/**
* {@code iat} - A timestamp indicating when the token was issued
*/
String IAT = "iat";
public static final String IAT = "iat";
/**
* {@code nbf} - A timestamp indicating when the token is not to be used before
*/
String NBF = "nbf";
public static final String NBF = "nbf";
/**
* {@code sub} - Usually a machine-readable identifier of the resource owner who
* authorized the token
*/
String SUB = "sub";
public static final String SUB = "sub";
/**
* {@code aud} - The intended audience for the token
*/
String AUD = "aud";
public static final String AUD = "aud";
/**
* {@code iss} - The issuer of the token
*/
String ISS = "iss";
public static final String ISS = "iss";
/**
* {@code jti} - The identifier for the token
*/
String JTI = "jti";
public static final String JTI = "jti";
private OAuth2TokenIntrospectionClaimNames() {
}
}

53
oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2ParameterNames.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -26,128 +26,131 @@ package org.springframework.security.oauth2.core.endpoint;
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-11.2">11.2
* OAuth Parameters Registry</a>
*/
public interface OAuth2ParameterNames {
public final class OAuth2ParameterNames {
/**
* {@code grant_type} - used in Access Token Request.
*/
String GRANT_TYPE = "grant_type";
public static final String GRANT_TYPE = "grant_type";
/**
* {@code response_type} - used in Authorization Request.
*/
String RESPONSE_TYPE = "response_type";
public static final String RESPONSE_TYPE = "response_type";
/**
* {@code client_id} - used in Authorization Request and Access Token Request.
*/
String CLIENT_ID = "client_id";
public static final String CLIENT_ID = "client_id";
/**
* {@code client_secret} - used in Access Token Request.
*/
String CLIENT_SECRET = "client_secret";
public static final String CLIENT_SECRET = "client_secret";
/**
* {@code client_assertion_type} - used in Access Token Request.
* @since 5.5
*/
String CLIENT_ASSERTION_TYPE = "client_assertion_type";
public static final String CLIENT_ASSERTION_TYPE = "client_assertion_type";
/**
* {@code client_assertion} - used in Access Token Request.
* @since 5.5
*/
String CLIENT_ASSERTION = "client_assertion";
public static final String CLIENT_ASSERTION = "client_assertion";
/**
* {@code assertion} - used in Access Token Request.
* @since 5.5
*/
String ASSERTION = "assertion";
public static final String ASSERTION = "assertion";
/**
* {@code redirect_uri} - used in Authorization Request and Access Token Request.
*/
String REDIRECT_URI = "redirect_uri";
public static final String REDIRECT_URI = "redirect_uri";
/**
* {@code scope} - used in Authorization Request, Authorization Response, Access Token
* Request and Access Token Response.
*/
String SCOPE = "scope";
public static final String SCOPE = "scope";
/**
* {@code state} - used in Authorization Request and Authorization Response.
*/
String STATE = "state";
public static final String STATE = "state";
/**
* {@code code} - used in Authorization Response and Access Token Request.
*/
String CODE = "code";
public static final String CODE = "code";
/**
* {@code access_token} - used in Authorization Response and Access Token Response.
*/
String ACCESS_TOKEN = "access_token";
public static final String ACCESS_TOKEN = "access_token";
/**
* {@code token_type} - used in Authorization Response and Access Token Response.
*/
String TOKEN_TYPE = "token_type";
public static final String TOKEN_TYPE = "token_type";
/**
* {@code expires_in} - used in Authorization Response and Access Token Response.
*/
String EXPIRES_IN = "expires_in";
public static final String EXPIRES_IN = "expires_in";
/**
* {@code refresh_token} - used in Access Token Request and Access Token Response.
*/
String REFRESH_TOKEN = "refresh_token";
public static final String REFRESH_TOKEN = "refresh_token";
/**
* {@code username} - used in Access Token Request.
*/
String USERNAME = "username";
public static final String USERNAME = "username";
/**
* {@code password} - used in Access Token Request.
*/
String PASSWORD = "password";
public static final String PASSWORD = "password";
/**
* {@code error} - used in Authorization Response and Access Token Response.
*/
String ERROR = "error";
public static final String ERROR = "error";
/**
* {@code error_description} - used in Authorization Response and Access Token
* Response.
*/
String ERROR_DESCRIPTION = "error_description";
public static final String ERROR_DESCRIPTION = "error_description";
/**
* {@code error_uri} - used in Authorization Response and Access Token Response.
*/
String ERROR_URI = "error_uri";
public static final String ERROR_URI = "error_uri";
/**
* Non-standard parameter (used internally).
*/
String REGISTRATION_ID = "registration_id";
public static final String REGISTRATION_ID = "registration_id";
/**
* {@code token} - used in Token Revocation Request.
* @since 5.5
*/
String TOKEN = "token";
public static final String TOKEN = "token";
/**
* {@code token_type_hint} - used in Token Revocation Request.
* @since 5.5
*/
String TOKEN_TYPE_HINT = "token_type_hint";
public static final String TOKEN_TYPE_HINT = "token_type_hint";
private OAuth2ParameterNames() {
}
}

13
oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/PkceParameterNames.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2019 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -26,21 +26,24 @@ package org.springframework.security.oauth2.core.endpoint;
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc7636#section-6.1">6.1
* OAuth Parameters Registry</a>
*/
public interface PkceParameterNames {
public final class PkceParameterNames {
/**
* {@code code_challenge} - used in Authorization Request.
*/
String CODE_CHALLENGE = "code_challenge";
public static final String CODE_CHALLENGE = "code_challenge";
/**
* {@code code_challenge_method} - used in Authorization Request.
*/
String CODE_CHALLENGE_METHOD = "code_challenge_method";
public static final String CODE_CHALLENGE_METHOD = "code_challenge_method";
/**
* {@code code_verifier} - used in Token Request.
*/
String CODE_VERIFIER = "code_verifier";
public static final String CODE_VERIFIER = "code_verifier";
private PkceParameterNames() {
}
}

31
oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimNames.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2017 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -27,68 +27,71 @@ package org.springframework.security.oauth2.core.oidc;
* "https://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
*/
public interface IdTokenClaimNames {
public final class IdTokenClaimNames {
/**
* {@code iss} - the Issuer identifier
*/
String ISS = "iss";
public static final String ISS = "iss";
/**
* {@code sub} - the Subject identifier
*/
String SUB = "sub";
public static final String SUB = "sub";
/**
* {@code aud} - the Audience(s) that the ID Token is intended for
*/
String AUD = "aud";
public static final String AUD = "aud";
/**
* {@code exp} - the Expiration time on or after which the ID Token MUST NOT be
* accepted
*/
String EXP = "exp";
public static final String EXP = "exp";
/**
* {@code iat} - the time at which the ID Token was issued
*/
String IAT = "iat";
public static final String IAT = "iat";
/**
* {@code auth_time} - the time when the End-User authentication occurred
*/
String AUTH_TIME = "auth_time";
public static final String AUTH_TIME = "auth_time";
/**
* {@code nonce} - a {@code String} value used to associate a Client session with an
* ID Token, and to mitigate replay attacks.
*/
String NONCE = "nonce";
public static final String NONCE = "nonce";
/**
* {@code acr} - the Authentication Context Class Reference
*/
String ACR = "acr";
public static final String ACR = "acr";
/**
* {@code amr} - the Authentication Methods References
*/
String AMR = "amr";
public static final String AMR = "amr";
/**
* {@code azp} - the Authorized party to which the ID Token was issued
*/
String AZP = "azp";
public static final String AZP = "azp";
/**
* {@code at_hash} - the Access Token hash value
*/
String AT_HASH = "at_hash";
public static final String AT_HASH = "at_hash";
/**
* {@code c_hash} - the Authorization Code hash value
*/
String C_HASH = "c_hash";
public static final String C_HASH = "c_hash";
private IdTokenClaimNames() {
}
}

17
oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcScopes.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2017 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -33,35 +33,38 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
* "https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims">Requesting Claims
* using Scope Values</a>
*/
public interface OidcScopes {
public final class OidcScopes {
/**
* The {@code openid} scope is required for OpenID Connect Authentication Requests.
*/
String OPENID = "openid";
public static final String OPENID = "openid";
/**
* The {@code profile} scope requests access to the default profile claims, which are:
* {@code name, family_name, given_name, middle_name, nickname, preferred_username,
* profile, picture, website, gender, birthdate, zoneinfo, locale, updated_at}.
*/
String PROFILE = "profile";
public static final String PROFILE = "profile";
/**
* The {@code email} scope requests access to the {@code email} and
* {@code email_verified} claims.
*/
String EMAIL = "email";
public static final String EMAIL = "email";
/**
* The {@code address} scope requests access to the {@code address} claim.
*/
String ADDRESS = "address";
public static final String ADDRESS = "address";
/**
* The {@code phone} scope requests access to the {@code phone_number} and
* {@code phone_number_verified} claims.
*/
String PHONE = "phone";
public static final String PHONE = "phone";
private OidcScopes() {
}
}

47
oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimNames.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2017 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -31,110 +31,113 @@ package org.springframework.security.oauth2.core.oidc;
* @see <a target="_blank" href=
* "https://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
*/
public interface StandardClaimNames {
public final class StandardClaimNames {
/**
* {@code sub} - the Subject identifier
*/
String SUB = "sub";
public static final String SUB = "sub";
/**
* {@code name} - the user's full name
*/
String NAME = "name";
public static final String NAME = "name";
/**
* {@code given_name} - the user's given name(s) or first name(s)
*/
String GIVEN_NAME = "given_name";
public static final String GIVEN_NAME = "given_name";
/**
* {@code family_name} - the user's surname(s) or last name(s)
*/
String FAMILY_NAME = "family_name";
public static final String FAMILY_NAME = "family_name";
/**
* {@code middle_name} - the user's middle name(s)
*/
String MIDDLE_NAME = "middle_name";
public static final String MIDDLE_NAME = "middle_name";
/**
* {@code nickname} - the user's nick name that may or may not be the same as the
* {@code given_name}
*/
String NICKNAME = "nickname";
public static final String NICKNAME = "nickname";
/**
* {@code preferred_username} - the preferred username that the user wishes to be
* referred to
*/
String PREFERRED_USERNAME = "preferred_username";
public static final String PREFERRED_USERNAME = "preferred_username";
/**
* {@code profile} - the URL of the user's profile page
*/
String PROFILE = "profile";
public static final String PROFILE = "profile";
/**
* {@code picture} - the URL of the user's profile picture
*/
String PICTURE = "picture";
public static final String PICTURE = "picture";
/**
* {@code website} - the URL of the user's web page or blog
*/
String WEBSITE = "website";
public static final String WEBSITE = "website";
/**
* {@code email} - the user's preferred e-mail address
*/
String EMAIL = "email";
public static final String EMAIL = "email";
/**
* {@code email_verified} - {@code true} if the user's e-mail address has been
* verified, otherwise {@code false}
*/
String EMAIL_VERIFIED = "email_verified";
public static final String EMAIL_VERIFIED = "email_verified";
/**
* {@code gender} - the user's gender
*/
String GENDER = "gender";
public static final String GENDER = "gender";
/**
* {@code birthdate} - the user's birth date
*/
String BIRTHDATE = "birthdate";
public static final String BIRTHDATE = "birthdate";
/**
* {@code zoneinfo} - the user's time zone
*/
String ZONEINFO = "zoneinfo";
public static final String ZONEINFO = "zoneinfo";
/**
* {@code locale} - the user's locale
*/
String LOCALE = "locale";
public static final String LOCALE = "locale";
/**
* {@code phone_number} - the user's preferred phone number
*/
String PHONE_NUMBER = "phone_number";
public static final String PHONE_NUMBER = "phone_number";
/**
* {@code phone_number_verified} - {@code true} if the user's phone number has been
* verified, otherwise {@code false}
*/
String PHONE_NUMBER_VERIFIED = "phone_number_verified";
public static final String PHONE_NUMBER_VERIFIED = "phone_number_verified";
/**
* {@code address} - the user's preferred postal address
*/
String ADDRESS = "address";
public static final String ADDRESS = "address";
/**
* {@code updated_at} - the time the user's information was last updated
*/
String UPDATED_AT = "updated_at";
public static final String UPDATED_AT = "updated_at";
private StandardClaimNames() {
}
}

11
oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameterNames.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2019 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -27,16 +27,19 @@ package org.springframework.security.oauth2.core.oidc.endpoint;
* "https://openid.net/specs/openid-connect-core-1_0.html#OAuthParametersRegistry">18.2
* OAuth Parameters Registration</a>
*/
public interface OidcParameterNames {
public final class OidcParameterNames {
/**
* {@code id_token} - used in the Access Token Response.
*/
String ID_TOKEN = "id_token";
public static final String ID_TOKEN = "id_token";
/**
* {@code nonce} - used in the Authentication Request.
*/
String NONCE = "nonce";
public static final String NONCE = "nonce";
private OidcParameterNames() {
}
}

31
oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/JwsAlgorithms.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2017 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -31,66 +31,69 @@ package org.springframework.security.oauth2.jose.jws;
* "https://tools.ietf.org/html/rfc7518#section-3">Cryptographic Algorithms for Digital
* Signatures and MACs</a>
*/
public interface JwsAlgorithms {
public final class JwsAlgorithms {
/**
* HMAC using SHA-256 (Required)
*/
String HS256 = "HS256";
public static final String HS256 = "HS256";
/**
* HMAC using SHA-384 (Optional)
*/
String HS384 = "HS384";
public static final String HS384 = "HS384";
/**
* HMAC using SHA-512 (Optional)
*/
String HS512 = "HS512";
public static final String HS512 = "HS512";
/**
* RSASSA-PKCS1-v1_5 using SHA-256 (Recommended)
*/
String RS256 = "RS256";
public static final String RS256 = "RS256";
/**
* RSASSA-PKCS1-v1_5 using SHA-384 (Optional)
*/
String RS384 = "RS384";
public static final String RS384 = "RS384";
/**
* RSASSA-PKCS1-v1_5 using SHA-512 (Optional)
*/
String RS512 = "RS512";
public static final String RS512 = "RS512";
/**
* ECDSA using P-256 and SHA-256 (Recommended+)
*/
String ES256 = "ES256";
public static final String ES256 = "ES256";
/**
* ECDSA using P-384 and SHA-384 (Optional)
*/
String ES384 = "ES384";
public static final String ES384 = "ES384";
/**
* ECDSA using P-521 and SHA-512 (Optional)
*/
String ES512 = "ES512";
public static final String ES512 = "ES512";
/**
* RSASSA-PSS using SHA-256 and MGF1 with SHA-256 (Optional)
*/
String PS256 = "PS256";
public static final String PS256 = "PS256";
/**
* RSASSA-PSS using SHA-384 and MGF1 with SHA-384 (Optional)
*/
String PS384 = "PS384";
public static final String PS384 = "PS384";
/**
* RSASSA-PSS using SHA-512 and MGF1 with SHA-512 (Optional)
*/
String PS512 = "PS512";
public static final String PS512 = "PS512";
private JwsAlgorithms() {
}
}

21
oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimNames.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2017 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -26,45 +26,48 @@ package org.springframework.security.oauth2.jwt;
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc7519#section-4">JWT
* Claims</a>
*/
public interface JwtClaimNames {
public final class JwtClaimNames {
/**
* {@code iss} - the Issuer claim identifies the principal that issued the JWT
*/
String ISS = "iss";
public static final String ISS = "iss";
/**
* {@code sub} - the Subject claim identifies the principal that is the subject of the
* JWT
*/
String SUB = "sub";
public static final String SUB = "sub";
/**
* {@code aud} - the Audience claim identifies the recipient(s) that the JWT is
* intended for
*/
String AUD = "aud";
public static final String AUD = "aud";
/**
* {@code exp} - the Expiration time claim identifies the expiration time on or after
* which the JWT MUST NOT be accepted for processing
*/
String EXP = "exp";
public static final String EXP = "exp";
/**
* {@code nbf} - the Not Before claim identifies the time before which the JWT MUST
* NOT be accepted for processing
*/
String NBF = "nbf";
public static final String NBF = "nbf";
/**
* {@code iat} - The Issued at claim identifies the time at which the JWT was issued
*/
String IAT = "iat";
public static final String IAT = "iat";
/**
* {@code jti} - The JWT ID claim provides a unique identifier for the JWT
*/
String JTI = "jti";
public static final String JTI = "jti";
private JwtClaimNames() {
}
}

13
oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorCodes.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2018 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -25,25 +25,28 @@ package org.springframework.security.oauth2.server.resource;
* @see <a href="https://tools.ietf.org/html/rfc6750#section-3.1" target="_blank">RFC 6750
* Section 3.1: Error Codes</a>
*/
public interface BearerTokenErrorCodes {
public final class BearerTokenErrorCodes {
/**
* {@code invalid_request} - The request is missing a required parameter, includes an
* unsupported parameter or parameter value, repeats the same parameter, uses more
* than one method for including an access token, or is otherwise malformed.
*/
String INVALID_REQUEST = "invalid_request";
public static final String INVALID_REQUEST = "invalid_request";
/**
* {@code invalid_token} - The access token provided is expired, revoked, malformed,
* or invalid for other reasons.
*/
String INVALID_TOKEN = "invalid_token";
public static final String INVALID_TOKEN = "invalid_token";
/**
* {@code insufficient_scope} - The request requires higher privileges than provided
* by the access token.
*/
String INSUFFICIENT_SCOPE = "insufficient_scope";
public static final String INSUFFICIENT_SCOPE = "insufficient_scope";
private BearerTokenErrorCodes() {
}
}

35
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2ErrorCodes.java
View File

@ -21,7 +21,7 @@ package org.springframework.security.saml2.core;
*
* @since 5.2
*/
public interface Saml2ErrorCodes {
public final class Saml2ErrorCodes {
/**
* SAML Data does not represent a SAML 2 Response object. A valid XML object was
@ -29,34 +29,34 @@ public interface Saml2ErrorCodes {
* {@code ResponseType} per specification
* https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=46
*/
String UNKNOWN_RESPONSE_CLASS = "unknown_response_class";
public static final String UNKNOWN_RESPONSE_CLASS = "unknown_response_class";
/**
* The serialized AuthNRequest could not be deserialized correctly.
*
* @since 5.7
*/
String MALFORMED_REQUEST_DATA = "malformed_request_data";
public static final String MALFORMED_REQUEST_DATA = "malformed_request_data";
/**
* The response data is malformed or incomplete. An invalid XML object was received,
* and XML unmarshalling failed.
*/
String MALFORMED_RESPONSE_DATA = "malformed_response_data";
public static final String MALFORMED_RESPONSE_DATA = "malformed_response_data";
/**
* Request is invalid in a general way.
*
* @since 5.6
*/
String INVALID_REQUEST = "invalid_request";
public static final String INVALID_REQUEST = "invalid_request";
/**
* Response is invalid in a general way.
*
* @since 5.5
*/
String INVALID_RESPONSE = "invalid_response";
public static final String INVALID_RESPONSE = "invalid_response";
/**
* Response destination does not match the request URL. A SAML 2 response object was
@ -64,20 +64,20 @@ public interface Saml2ErrorCodes {
* attribute in the Response object.
* https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=38
*/
String INVALID_DESTINATION = "invalid_destination";
public static final String INVALID_DESTINATION = "invalid_destination";
/**
* The assertion was not valid. The assertion used for authentication failed
* validation. Details around the failure will be present in the error description.
*/
String INVALID_ASSERTION = "invalid_assertion";
public static final String INVALID_ASSERTION = "invalid_assertion";
/**
* The signature of response or assertion was invalid. Either the response or the
* assertion was missing a signature or the signature could not be verified using the
* system's configured credentials. Most commonly the IDP's X509 certificate.
*/
String INVALID_SIGNATURE = "invalid_signature";
public static final String INVALID_SIGNATURE = "invalid_signature";
/**
* The assertion did not contain a subject element. The subject element, type
@ -86,7 +86,7 @@ public interface Saml2ErrorCodes {
*
* https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=18
*/
String SUBJECT_NOT_FOUND = "subject_not_found";
public static final String SUBJECT_NOT_FOUND = "subject_not_found";
/**
* The subject did not contain a user identifier The assertion contained a subject
@ -95,7 +95,7 @@ public interface Saml2ErrorCodes {
*
* https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=18
*/
String USERNAME_NOT_FOUND = "username_not_found";
public static final String USERNAME_NOT_FOUND = "username_not_found";
/**
* The system failed to decrypt an assertion or a name identifier. This error code
@ -103,31 +103,34 @@ public interface Saml2ErrorCodes {
* {@code EncryptedID} fails.
* https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=17
*/
String DECRYPTION_ERROR = "decryption_error";
public static final String DECRYPTION_ERROR = "decryption_error";
/**
* An Issuer element contained a value that didn't
* https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=15
*/
String INVALID_ISSUER = "invalid_issuer";
public static final String INVALID_ISSUER = "invalid_issuer";
/**
* An error happened during validation. Used when internal, non classified, errors are
* caught during the authentication process.
*/
String INTERNAL_VALIDATION_ERROR = "internal_validation_error";
public static final String INTERNAL_VALIDATION_ERROR = "internal_validation_error";
/**
* The relying party registration was not found. The registration ID did not
* correspond to any relying party registration.
*/
String RELYING_PARTY_REGISTRATION_NOT_FOUND = "relying_party_registration_not_found";
public static final String RELYING_PARTY_REGISTRATION_NOT_FOUND = "relying_party_registration_not_found";
/**
* The InResponseTo content of the response does not match the ID of the AuthNRequest.
*
* @since 5.7
*/
String INVALID_IN_RESPONSE_TO = "invalid_in_response_to";
public static final String INVALID_IN_RESPONSE_TO = "invalid_in_response_to";
private Saml2ErrorCodes() {
}
}

17
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2ParameterNames.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -27,17 +27,17 @@ package org.springframework.security.saml2.core;
* "https://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf">SAML 2.0
* Bindings</a>
*/
public interface Saml2ParameterNames {
public final class Saml2ParameterNames {
/**
* {@code SAMLRequest} - used to request authentication or request logout
*/
String SAML_REQUEST = "SAMLRequest";
public static final String SAML_REQUEST = "SAMLRequest";
/**
* {@code SAMLResponse} - used to respond to an authentication or logout request
*/
String SAML_RESPONSE = "SAMLResponse";
public static final String SAML_RESPONSE = "SAMLResponse";
/**
* {@code RelayState} - used to communicate shared state between the relying and
@ -46,17 +46,20 @@ public interface Saml2ParameterNames {
* "https://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf#page=8">3.1.1
* Use of RelayState</a>
*/
String RELAY_STATE = "RelayState";
public static final String RELAY_STATE = "RelayState";
/**
* {@code SigAlg} - used to communicate which signature algorithm to use to verify
* signature
*/
String SIG_ALG = "SigAlg";
public static final String SIG_ALG = "SigAlg";
/**
* {@code Signature} - used to supply cryptographic signature on any SAML 2.0 payload
*/
String SIGNATURE = "Signature";
public static final String SIGNATURE = "Signature";
private Saml2ParameterNames() {
}
}