From ccb1f68bfe3561400317a1f5b8c2f9d7184f70f6 Mon Sep 17 00:00:00 2001
From: Marcus Da Coregio <marcusdacoregio@gmail.com>
Date: Wed, 2 Feb 2022 14:51:05 -0300
Subject: [PATCH] Fix member variable using Java 9+ feature

This causes compile errors when trying to build using JDK 8

Issue gh-10695
---
 .../resource/OAuth2ResourceServerConfigurer.java      | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
index ca7ef5720d..0f26791597 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.web.configurers.oauth2.se
 
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.function.Supplier;
@@ -27,6 +28,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.springframework.context.ApplicationContext;
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationManagerResolver;
@@ -159,13 +161,18 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 	private OpaqueTokenConfigurer opaqueTokenConfigurer;
 
 	private AccessDeniedHandler accessDeniedHandler = new DelegatingAccessDeniedHandler(
-			new LinkedHashMap<>(Map.of(CsrfException.class, new AccessDeniedHandlerImpl())),
-			new BearerTokenAccessDeniedHandler());
+			new LinkedHashMap<>(createAccessDeniedHandlers()), new BearerTokenAccessDeniedHandler());
 
 	private AuthenticationEntryPoint authenticationEntryPoint = new BearerTokenAuthenticationEntryPoint();
 
 	private BearerTokenRequestMatcher requestMatcher = new BearerTokenRequestMatcher();
 
+	private static Map<Class<? extends AccessDeniedException>, AccessDeniedHandler> createAccessDeniedHandlers() {
+		Map<Class<? extends AccessDeniedException>, AccessDeniedHandler> handlers = new HashMap<>();
+		handlers.put(CsrfException.class, new AccessDeniedHandlerImpl());
+		return handlers;
+	}
+
 	public OAuth2ResourceServerConfigurer(ApplicationContext context) {
 		Assert.notNull(context, "context cannot be null");
 		this.context = context;