diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java index 1d4e1daf0d..036347bd8e 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java @@ -97,9 +97,7 @@ public abstract class AbstractOAuth2Token implements Serializable { if (obj == null || this.getClass() != obj.getClass()) { return false; } - AbstractOAuth2Token other = (AbstractOAuth2Token) obj; - if (!this.getTokenValue().equals(other.getTokenValue())) { return false; } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java index 849033bdfa..70998b06e4 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java @@ -97,10 +97,8 @@ public interface ClaimAccessor { } Object claimValue = getClaims().get(claim); Instant convertedValue = ClaimConversionService.getSharedInstance().convert(claimValue, Instant.class); - if (convertedValue == null) { - throw new IllegalArgumentException( - "Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to Instant."); - } + Assert.isTrue(convertedValue != null, + () -> "Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to Instant."); return convertedValue; } @@ -115,10 +113,8 @@ public interface ClaimAccessor { } Object claimValue = getClaims().get(claim); URL convertedValue = ClaimConversionService.getSharedInstance().convert(claimValue, URL.class); - if (convertedValue == null) { - throw new IllegalArgumentException( - "Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to URL."); - } + Assert.isTrue(convertedValue != null, + () -> "Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to URL."); return convertedValue; } @@ -140,10 +136,8 @@ public interface ClaimAccessor { Object claimValue = getClaims().get(claim); Map convertedValue = (Map) ClaimConversionService.getSharedInstance() .convert(claimValue, sourceDescriptor, targetDescriptor); - if (convertedValue == null) { - throw new IllegalArgumentException( - "Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to Map."); - } + Assert.isTrue(convertedValue != null, + () -> "Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to Map."); return convertedValue; } @@ -165,10 +159,8 @@ public interface ClaimAccessor { Object claimValue = getClaims().get(claim); List convertedValue = (List) ClaimConversionService.getSharedInstance().convert(claimValue, sourceDescriptor, targetDescriptor); - if (convertedValue == null) { - throw new IllegalArgumentException( - "Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to List."); - } + Assert.isTrue(convertedValue != null, + () -> "Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to List."); return convertedValue; } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java index e537ad953d..aaacad14a6 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java @@ -48,7 +48,6 @@ public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2Authenti */ public DefaultOAuth2AuthenticatedPrincipal(Map attributes, Collection authorities) { - this(null, attributes, authorities); } @@ -61,7 +60,6 @@ public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2Authenti */ public DefaultOAuth2AuthenticatedPrincipal(String name, Map attributes, Collection authorities) { - Assert.notEmpty(attributes, "attributes cannot be empty"); this.attributes = Collections.unmodifiableMap(attributes); this.authorities = (authorities != null) ? Collections.unmodifiableCollection(authorities) @@ -78,17 +76,11 @@ public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2Authenti return this.attributes; } - /** - * {@inheritDoc} - */ @Override public Collection getAuthorities() { return this.authorities; } - /** - * {@inheritDoc} - */ @Override public String getName() { return this.name; diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidator.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidator.java index 3a37ec669f..e16cf7fef3 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidator.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidator.java @@ -40,7 +40,6 @@ public final class DelegatingOAuth2TokenValidator */ public DelegatingOAuth2TokenValidator(Collection> tokenValidators) { Assert.notNull(tokenValidators, "tokenValidators cannot be null"); - this.tokenValidators = new ArrayList<>(tokenValidators); } @@ -53,17 +52,12 @@ public final class DelegatingOAuth2TokenValidator this(Arrays.asList(tokenValidators)); } - /** - * {@inheritDoc} - */ @Override public OAuth2TokenValidatorResult validate(T token) { Collection errors = new ArrayList<>(); - for (OAuth2TokenValidator validator : this.tokenValidators) { errors.addAll(validator.validate(token).getErrors()); } - return OAuth2TokenValidatorResult.failure(errors); } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResult.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResult.java index 4a7b4bc1cc..a8baab9c4f 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResult.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResult.java @@ -80,11 +80,7 @@ public final class OAuth2TokenValidatorResult { * @return an {@link OAuth2TokenValidatorResult} with the errors specified */ public static OAuth2TokenValidatorResult failure(Collection errors) { - if (errors.isEmpty()) { - return NO_ERRORS; - } - - return new OAuth2TokenValidatorResult(errors); + return (errors.isEmpty()) ? NO_ERRORS : new OAuth2TokenValidatorResult(errors); } } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java index 9f03f1f1f2..1eb661f2a4 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java @@ -52,7 +52,6 @@ public final class ClaimTypeConverter implements Converter, if (CollectionUtils.isEmpty(claims)) { return claims; } - Map result = new HashMap<>(claims); this.claimTypeConverters.forEach((claimName, typeConverter) -> { if (claims.containsKey(claimName)) { @@ -63,7 +62,6 @@ public final class ClaimTypeConverter implements Converter, } } }); - return result; } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java index ebfcc40d80..fefa9eb7c3 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java @@ -45,39 +45,45 @@ public final class MapOAuth2AccessTokenResponseConverter @Override public OAuth2AccessTokenResponse convert(Map tokenResponseParameters) { String accessToken = tokenResponseParameters.get(OAuth2ParameterNames.ACCESS_TOKEN); - - OAuth2AccessToken.TokenType accessTokenType = null; - if (OAuth2AccessToken.TokenType.BEARER.getValue() - .equalsIgnoreCase(tokenResponseParameters.get(OAuth2ParameterNames.TOKEN_TYPE))) { - accessTokenType = OAuth2AccessToken.TokenType.BEARER; - } - - long expiresIn = 0; - if (tokenResponseParameters.containsKey(OAuth2ParameterNames.EXPIRES_IN)) { - try { - expiresIn = Long.parseLong(tokenResponseParameters.get(OAuth2ParameterNames.EXPIRES_IN)); - } - catch (NumberFormatException ex) { - } - } - - Set scopes = Collections.emptySet(); - if (tokenResponseParameters.containsKey(OAuth2ParameterNames.SCOPE)) { - String scope = tokenResponseParameters.get(OAuth2ParameterNames.SCOPE); - scopes = new HashSet<>(Arrays.asList(StringUtils.delimitedListToStringArray(scope, " "))); - } - + OAuth2AccessToken.TokenType accessTokenType = getAccessTokenType(tokenResponseParameters); + long expiresIn = getExpiresIn(tokenResponseParameters); + Set scopes = getScopes(tokenResponseParameters); String refreshToken = tokenResponseParameters.get(OAuth2ParameterNames.REFRESH_TOKEN); - Map additionalParameters = new LinkedHashMap<>(); for (Map.Entry entry : tokenResponseParameters.entrySet()) { if (!TOKEN_RESPONSE_PARAMETER_NAMES.contains(entry.getKey())) { additionalParameters.put(entry.getKey(), entry.getValue()); } } - return OAuth2AccessTokenResponse.withToken(accessToken).tokenType(accessTokenType).expiresIn(expiresIn) .scopes(scopes).refreshToken(refreshToken).additionalParameters(additionalParameters).build(); } + private OAuth2AccessToken.TokenType getAccessTokenType(Map tokenResponseParameters) { + if (OAuth2AccessToken.TokenType.BEARER.getValue() + .equalsIgnoreCase(tokenResponseParameters.get(OAuth2ParameterNames.TOKEN_TYPE))) { + return OAuth2AccessToken.TokenType.BEARER; + } + return null; + } + + private long getExpiresIn(Map tokenResponseParameters) { + if (tokenResponseParameters.containsKey(OAuth2ParameterNames.EXPIRES_IN)) { + try { + return Long.parseLong(tokenResponseParameters.get(OAuth2ParameterNames.EXPIRES_IN)); + } + catch (NumberFormatException ex) { + } + } + return 0; + } + + private Set getScopes(Map tokenResponseParameters) { + if (tokenResponseParameters.containsKey(OAuth2ParameterNames.SCOPE)) { + String scope = tokenResponseParameters.get(OAuth2ParameterNames.SCOPE); + return new HashSet<>(Arrays.asList(StringUtils.delimitedListToStringArray(scope, " "))); + } + return Collections.emptySet(); + } + } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java index 6d5197350a..c09f36e909 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java @@ -187,7 +187,6 @@ public final class OAuth2AccessTokenResponse { public OAuth2AccessTokenResponse build() { Instant issuedAt = getIssuedAt(); Instant expiresAt = getExpiresAt(); - OAuth2AccessTokenResponse accessTokenResponse = new OAuth2AccessTokenResponse(); accessTokenResponse.accessToken = new OAuth2AccessToken(this.tokenType, this.tokenValue, issuedAt, expiresAt, this.scopes); diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java index 03a55c808f..443f03ccee 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java @@ -39,15 +39,9 @@ public final class OAuth2AccessTokenResponseMapConverter @Override public Map convert(OAuth2AccessTokenResponse tokenResponse) { Map parameters = new HashMap<>(); - - long expiresIn = -1; - if (tokenResponse.getAccessToken().getExpiresAt() != null) { - expiresIn = ChronoUnit.SECONDS.between(Instant.now(), tokenResponse.getAccessToken().getExpiresAt()); - } - parameters.put(OAuth2ParameterNames.ACCESS_TOKEN, tokenResponse.getAccessToken().getTokenValue()); parameters.put(OAuth2ParameterNames.TOKEN_TYPE, tokenResponse.getAccessToken().getTokenType().getValue()); - parameters.put(OAuth2ParameterNames.EXPIRES_IN, String.valueOf(expiresIn)); + parameters.put(OAuth2ParameterNames.EXPIRES_IN, String.valueOf(getExpiresIn(tokenResponse))); if (!CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) { parameters.put(OAuth2ParameterNames.SCOPE, StringUtils.collectionToDelimitedString(tokenResponse.getAccessToken().getScopes(), " ")); @@ -60,8 +54,14 @@ public final class OAuth2AccessTokenResponseMapConverter parameters.put(entry.getKey(), entry.getValue().toString()); } } - return parameters; } + private long getExpiresIn(OAuth2AccessTokenResponse tokenResponse) { + if (tokenResponse.getAccessToken().getExpiresAt() != null) { + return ChronoUnit.SECONDS.between(Instant.now(), tokenResponse.getAccessToken().getExpiresAt()); + } + return -1; + } + } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java index b86c189a65..ec04c68a55 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java @@ -215,7 +215,6 @@ public final class OAuth2AuthorizationRequest implements Serializable { */ public static Builder from(OAuth2AuthorizationRequest authorizationRequest) { Assert.notNull(authorizationRequest, "authorizationRequest cannot be null"); - return new Builder(authorizationRequest.getGrantType()) .authorizationUri(authorizationRequest.getAuthorizationUri()) .clientId(authorizationRequest.getClientId()).redirectUri(authorizationRequest.getRedirectUri()) @@ -440,7 +439,6 @@ public final class OAuth2AuthorizationRequest implements Serializable { if (AuthorizationGrantType.IMPLICIT.equals(this.authorizationGrantType)) { Assert.hasText(this.redirectUri, "redirectUri cannot be empty"); } - OAuth2AuthorizationRequest authorizationRequest = new OAuth2AuthorizationRequest(); authorizationRequest.authorizationUri = this.authorizationUri; authorizationRequest.authorizationGrantType = this.authorizationGrantType; @@ -454,7 +452,6 @@ public final class OAuth2AuthorizationRequest implements Serializable { authorizationRequest.attributes = Collections.unmodifiableMap(this.attributes); authorizationRequest.authorizationRequestUri = StringUtils.hasText(this.authorizationRequestUri) ? this.authorizationRequestUri : this.buildAuthorizationRequestUri(); - return authorizationRequest; } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java index 6a09409aec..d0142d046d 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java @@ -205,7 +205,6 @@ public final class OAuth2AuthorizationResponse { throw new IllegalArgumentException("code and errorCode cannot both be set"); } Assert.hasText(this.redirectUri, "redirectUri cannot be empty"); - OAuth2AuthorizationResponse authorizationResponse = new OAuth2AuthorizationResponse(); authorizationResponse.redirectUri = this.redirectUri; authorizationResponse.state = this.state; diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java index e80d147d1a..b95d1e8a63 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java @@ -52,10 +52,10 @@ final class HttpMessageConverters { if (jackson2Present) { return new MappingJackson2HttpMessageConverter(); } - else if (gsonPresent) { + if (gsonPresent) { return new GsonHttpMessageConverter(); } - else if (jsonbPresent) { + if (jsonbPresent) { return new JsonbHttpMessageConverter(); } return null; diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java index f714634822..5203ce484c 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java @@ -50,7 +50,7 @@ public class OAuth2AccessTokenResponseHttpMessageConverter private static final Charset DEFAULT_CHARSET = StandardCharsets.UTF_8; - private static final ParameterizedTypeReference> PARAMETERIZED_RESPONSE_TYPE = new ParameterizedTypeReference>() { + private static final ParameterizedTypeReference> STRING_OBJECT_MAP = new ParameterizedTypeReference>() { }; private GenericHttpMessageConverter jsonMessageConverter = HttpMessageConverters.getJsonMessageConverter(); @@ -69,16 +69,14 @@ public class OAuth2AccessTokenResponseHttpMessageConverter } @Override + @SuppressWarnings("unchecked") protected OAuth2AccessTokenResponse readInternal(Class clazz, HttpInputMessage inputMessage) throws HttpMessageNotReadableException { - try { - // gh-6463 - // Parse parameter values as Object in order to handle potential JSON Object - // and then convert values to String - @SuppressWarnings("unchecked") + // gh-6463: Parse parameter values as Object in order to handle potential JSON + // Object and then convert values to String Map tokenResponseParameters = (Map) this.jsonMessageConverter - .read(PARAMETERIZED_RESPONSE_TYPE.getType(), null, inputMessage); + .read(STRING_OBJECT_MAP.getType(), null, inputMessage); return this.tokenResponseConverter.convert(tokenResponseParameters.entrySet().stream() .collect(Collectors.toMap(Map.Entry::getKey, (entry) -> String.valueOf(entry.getValue())))); } @@ -92,10 +90,9 @@ public class OAuth2AccessTokenResponseHttpMessageConverter @Override protected void writeInternal(OAuth2AccessTokenResponse tokenResponse, HttpOutputMessage outputMessage) throws HttpMessageNotWritableException { - try { Map tokenResponseParameters = this.tokenResponseParametersConverter.convert(tokenResponse); - this.jsonMessageConverter.write(tokenResponseParameters, PARAMETERIZED_RESPONSE_TYPE.getType(), + this.jsonMessageConverter.write(tokenResponseParameters, STRING_OBJECT_MAP.getType(), MediaType.APPLICATION_JSON, outputMessage); } catch (Exception ex) { diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java index 9ed1069af5..aa82f778f9 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java @@ -49,7 +49,7 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte private static final Charset DEFAULT_CHARSET = StandardCharsets.UTF_8; - private static final ParameterizedTypeReference> PARAMETERIZED_RESPONSE_TYPE = new ParameterizedTypeReference>() { + private static final ParameterizedTypeReference> STRING_OBJECT_MAP = new ParameterizedTypeReference>() { }; private GenericHttpMessageConverter jsonMessageConverter = HttpMessageConverters.getJsonMessageConverter(); @@ -68,16 +68,14 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte } @Override + @SuppressWarnings("unchecked") protected OAuth2Error readInternal(Class clazz, HttpInputMessage inputMessage) throws HttpMessageNotReadableException { - try { - // gh-8157 - // Parse parameter values as Object in order to handle potential JSON Object - // and then convert values to String - @SuppressWarnings("unchecked") + // gh-8157: Parse parameter values as Object in order to handle potential JSON + // Object and then convert values to String Map errorParameters = (Map) this.jsonMessageConverter - .read(PARAMETERIZED_RESPONSE_TYPE.getType(), null, inputMessage); + .read(STRING_OBJECT_MAP.getType(), null, inputMessage); return this.errorConverter.convert(errorParameters.entrySet().stream() .collect(Collectors.toMap(Map.Entry::getKey, (entry) -> String.valueOf(entry.getValue())))); } @@ -90,11 +88,10 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte @Override protected void writeInternal(OAuth2Error oauth2Error, HttpOutputMessage outputMessage) throws HttpMessageNotWritableException { - try { Map errorParameters = this.errorParametersConverter.convert(oauth2Error); - this.jsonMessageConverter.write(errorParameters, PARAMETERIZED_RESPONSE_TYPE.getType(), - MediaType.APPLICATION_JSON, outputMessage); + this.jsonMessageConverter.write(errorParameters, STRING_OBJECT_MAP.getType(), MediaType.APPLICATION_JSON, + outputMessage); } catch (Exception ex) { throw new HttpMessageNotWritableException( @@ -136,7 +133,6 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte String errorCode = parameters.get(OAuth2ParameterNames.ERROR); String errorDescription = parameters.get(OAuth2ParameterNames.ERROR_DESCRIPTION); String errorUri = parameters.get(OAuth2ParameterNames.ERROR_URI); - return new OAuth2Error(errorCode, errorDescription, errorUri); } @@ -151,7 +147,6 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte @Override public Map convert(OAuth2Error oauth2Error) { Map parameters = new HashMap<>(); - parameters.put(OAuth2ParameterNames.ERROR, oauth2Error.getErrorCode()); if (StringUtils.hasText(oauth2Error.getDescription())) { parameters.put(OAuth2ParameterNames.ERROR_DESCRIPTION, oauth2Error.getDescription()); @@ -159,7 +154,6 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte if (StringUtils.hasText(oauth2Error.getUri())) { parameters.put(OAuth2ParameterNames.ERROR_URI, oauth2Error.getUri()); } - return parameters; } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java index e5ffcdc544..5d6a59cf97 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java @@ -80,9 +80,7 @@ public final class DefaultAddressStandardClaim implements AddressStandardClaim { if (obj == null || !AddressStandardClaim.class.isAssignableFrom(obj.getClass())) { return false; } - AddressStandardClaim other = (AddressStandardClaim) obj; - if ((this.getFormatted() != null) ? !this.getFormatted().equals(other.getFormatted()) : other.getFormatted() != null) { return false; @@ -238,7 +236,6 @@ public final class DefaultAddressStandardClaim implements AddressStandardClaim { address.region = this.region; address.postalCode = this.postalCode; address.country = this.country; - return address; } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java index e0086500e1..812a03ddd7 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java @@ -74,9 +74,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable { if (obj == null || this.getClass() != obj.getClass()) { return false; } - OidcUserInfo that = (OidcUserInfo) obj; - return this.getClaims().equals(that.getClaims()); } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java index fb57773904..73bcdf624d 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java @@ -98,9 +98,7 @@ public class OidcUserAuthority extends OAuth2UserAuthority { if (!super.equals(obj)) { return false; } - OidcUserAuthority that = (OidcUserAuthority) obj; - if (!this.getIdToken().equals(that.getIdToken())) { return false; } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java index 2d621c1ae6..31fb080f50 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java @@ -106,9 +106,7 @@ public class DefaultOAuth2User implements OAuth2User, Serializable { if (obj == null || this.getClass() != obj.getClass()) { return false; } - DefaultOAuth2User that = (DefaultOAuth2User) obj; - if (!this.getName().equals(that.getName())) { return false; } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java index 7f6ebbd0f6..ead74cbaff 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java @@ -81,9 +81,7 @@ public class OAuth2UserAuthority implements GrantedAuthority { if (obj == null || this.getClass() != obj.getClass()) { return false; } - OAuth2UserAuthority that = (OAuth2UserAuthority) obj; - if (!this.getAuthority().equals(that.getAuthority())) { return false; } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java index 1cb8553fc7..5154cb07a8 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java @@ -53,18 +53,20 @@ class OAuth2AccessTokenResponseBodyExtractor private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response"; + private static final ParameterizedTypeReference> STRING_OBJECT_MAP = new ParameterizedTypeReference>() { + }; + OAuth2AccessTokenResponseBodyExtractor() { } @Override public Mono extract(ReactiveHttpInputMessage inputMessage, Context context) { - ParameterizedTypeReference> type = new ParameterizedTypeReference>() { - }; - BodyExtractor>, ReactiveHttpInputMessage> delegate = BodyExtractors.toMono(type); + BodyExtractor>, ReactiveHttpInputMessage> delegate = BodyExtractors + .toMono(STRING_OBJECT_MAP); return delegate.extract(inputMessage, context) - .onErrorMap((e) -> new OAuth2AuthorizationException( - invalidTokenResponse("An error occurred parsing the Access Token response: " + e.getMessage()), - e)) + .onErrorMap((ex) -> new OAuth2AuthorizationException( + invalidTokenResponse("An error occurred parsing the Access Token response: " + ex.getMessage()), + ex)) .switchIfEmpty(Mono.error(() -> new OAuth2AuthorizationException( invalidTokenResponse("Empty OAuth 2.0 Access Token Response")))) .map(OAuth2AccessTokenResponseBodyExtractor::parse) @@ -76,10 +78,10 @@ class OAuth2AccessTokenResponseBodyExtractor try { return TokenResponse.parse(new JSONObject(json)); } - catch (ParseException pe) { + catch (ParseException ex) { OAuth2Error oauth2Error = invalidTokenResponse( - "An error occurred parsing the Access Token response: " + pe.getMessage()); - throw new OAuth2AuthorizationException(oauth2Error, pe); + "An error occurred parsing the Access Token response: " + ex.getMessage()); + throw new OAuth2AuthorizationException(oauth2Error, ex); } } @@ -93,19 +95,20 @@ class OAuth2AccessTokenResponseBodyExtractor } TokenErrorResponse tokenErrorResponse = (TokenErrorResponse) tokenResponse; ErrorObject errorObject = tokenErrorResponse.getErrorObject(); - OAuth2Error oauth2Error; - if (errorObject == null) { - oauth2Error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR); - } - else { - oauth2Error = new OAuth2Error( - (errorObject.getCode() != null) ? errorObject.getCode() : OAuth2ErrorCodes.SERVER_ERROR, - errorObject.getDescription(), - (errorObject.getURI() != null) ? errorObject.getURI().toString() : null); - } + OAuth2Error oauth2Error = getOAuth2Error(errorObject); return Mono.error(new OAuth2AuthorizationException(oauth2Error)); } + private static OAuth2Error getOAuth2Error(ErrorObject errorObject) { + if (errorObject == null) { + return new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR); + } + String code = (errorObject.getCode() != null) ? errorObject.getCode() : OAuth2ErrorCodes.SERVER_ERROR; + String description = errorObject.getDescription(); + String uri = (errorObject.getURI() != null) ? errorObject.getURI().toString() : null; + return new OAuth2Error(code, description, uri); + } + private static OAuth2AccessTokenResponse oauth2AccessTokenResponse(AccessTokenResponse accessTokenResponse) { AccessToken accessToken = accessTokenResponse.getTokens().getAccessToken(); OAuth2AccessToken.TokenType accessTokenType = null; @@ -113,17 +116,13 @@ class OAuth2AccessTokenResponseBodyExtractor accessTokenType = OAuth2AccessToken.TokenType.BEARER; } long expiresIn = accessToken.getLifetime(); - Set scopes = (accessToken.getScope() != null) ? new LinkedHashSet<>(accessToken.getScope().toStringList()) : Collections.emptySet(); - String refreshToken = null; if (accessTokenResponse.getTokens().getRefreshToken() != null) { refreshToken = accessTokenResponse.getTokens().getRefreshToken().getValue(); } - Map additionalParameters = new LinkedHashMap<>(accessTokenResponse.getCustomParameters()); - return OAuth2AccessTokenResponse.withToken(accessToken.getValue()).tokenType(accessTokenType) .expiresIn(expiresIn).scopes(scopes).refreshToken(refreshToken) .additionalParameters(additionalParameters).build();