Rename AuthorizationCodeAuthorizationResponseAttributes -> AuthorizationResponse

Fixes gh-4593

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationFilter.java

@@ -27,11 +27,11 @@ import org.springframework.security.oauth2.client.authentication.OAuth2UserAuthe
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationIdentifierStrategy;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
-import org.springframework.security.oauth2.client.web.converter.AuthorizationCodeAuthorizationResponseAttributesConverter;
+import org.springframework.security.oauth2.client.web.converter.AuthorizationResponseConverter;
 import org.springframework.security.oauth2.client.web.converter.ErrorResponseAttributesConverter;
 import org.springframework.security.oauth2.core.OAuth2Error;
-import org.springframework.security.oauth2.core.endpoint.AuthorizationCodeAuthorizationResponseAttributes;
 import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
+import org.springframework.security.oauth2.core.endpoint.AuthorizationResponse;
 import org.springframework.security.oauth2.core.endpoint.ErrorResponseAttributes;
 import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
 import org.springframework.security.oauth2.core.user.OAuth2User;
@@ -87,8 +87,7 @@ public class AuthorizationCodeAuthenticationFilter extends AbstractAuthenticatio
 	private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
 	private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter";
 	private final ErrorResponseAttributesConverter errorResponseConverter = new ErrorResponseAttributesConverter();
-	private final AuthorizationCodeAuthorizationResponseAttributesConverter authorizationCodeResponseConverter =
+	private final AuthorizationResponseConverter authorizationResponseConverter = new AuthorizationResponseConverter();
-		new AuthorizationCodeAuthorizationResponseAttributesConverter();
 	private ClientRegistrationRepository clientRegistrationRepository;
 	private RequestMatcher authorizationResponseMatcher = new AuthorizationResponseMatcher();
 	private AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository();
@@ -125,11 +124,10 @@ public class AuthorizationCodeAuthenticationFilter extends AbstractAuthenticatio
 			.redirectUri(matchingAuthorizationRequest.getRedirectUri())
 			.build();
 
-		AuthorizationCodeAuthorizationResponseAttributes authorizationCodeResponseAttributes =
+		AuthorizationResponse authorizationResponse = this.authorizationResponseConverter.apply(request);
-				this.authorizationCodeResponseConverter.apply(request);
 
 		AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = new AuthorizationCodeAuthenticationToken(
-				authorizationCodeResponseAttributes.getCode(), clientRegistration, matchingAuthorizationRequest);
+				authorizationResponse.getCode(), clientRegistration, matchingAuthorizationRequest);
 		authorizationCodeAuthentication.setDetails(this.authenticationDetailsSource.buildDetails(request));
 
 		OAuth2ClientAuthenticationToken oauth2ClientAuthentication =

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/converter/AuthorizationResponseConverter.java

@@ -15,7 +15,7 @@
  */
 package org.springframework.security.oauth2.client.web.converter;
 
-import org.springframework.security.oauth2.core.endpoint.AuthorizationCodeAuthorizationResponseAttributes;
+import org.springframework.security.oauth2.core.endpoint.AuthorizationResponse;
 import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
 import org.springframework.util.Assert;
 
@@ -24,26 +24,24 @@ import java.util.function.Function;
 
 /**
  * A <code>Function</code> that converts an <i>OAuth 2.0 Authorization Code Grant Response</i>
- * (in the form of a {@link HttpServletRequest}) to a {@link AuthorizationCodeAuthorizationResponseAttributes}.
+ * (in the form of a {@link HttpServletRequest}) to a {@link AuthorizationResponse}.
  *
  * @author Joe Grandja
  * @since 5.0
- * @see AuthorizationCodeAuthorizationResponseAttributes
+ * @see AuthorizationResponse
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization Code Grant Response</a>
  */
-public final class AuthorizationCodeAuthorizationResponseAttributesConverter implements Function<HttpServletRequest, AuthorizationCodeAuthorizationResponseAttributes> {
+public final class AuthorizationResponseConverter implements Function<HttpServletRequest, AuthorizationResponse> {
 
 	@Override
-	public AuthorizationCodeAuthorizationResponseAttributes apply(HttpServletRequest request) {
+	public AuthorizationResponse apply(HttpServletRequest request) {
-		AuthorizationCodeAuthorizationResponseAttributes response;
-
 		String code = request.getParameter(OAuth2Parameter.CODE);
 		Assert.hasText(code, OAuth2Parameter.CODE + " attribute is required");
 
 		String state = request.getParameter(OAuth2Parameter.STATE);
 
-		response = new AuthorizationCodeAuthorizationResponseAttributes(code, state);
+		return AuthorizationResponse.success(code)
-
+			.state(state)
-		return response;
+			.build();
 	}
 }

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationCodeAuthorizationResponseAttributes.java

@@ -1,44 +0,0 @@
-/*
- * Copyright 2012-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.endpoint;
-
-import org.springframework.util.Assert;
-
-/**
- * A representation of an <i>OAuth 2.0 Authorization Response</i> for the authorization code grant type.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization Response</a>
- */
-public final class AuthorizationCodeAuthorizationResponseAttributes {
-	private final String code;
-	private final String state;
-
-	public AuthorizationCodeAuthorizationResponseAttributes(String code, String state) {
-		Assert.notNull(code, "code cannot be null");
-		this.code = code;
-		this.state = state;
-	}
-
-	public String getCode() {
-		return this.code;
-	}
-
-	public String getState() {
-		return this.state;
-	}
-}

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationResponse.java

@@ -0,0 +1,117 @@
+/*
+ * Copyright 2012-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.core.endpoint;
+
+import org.springframework.security.oauth2.core.OAuth2Error;
+import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+
+/**
+ * A representation of an <i>OAuth 2.0 Authorization Response</i> for the authorization code grant type.
+ *
+ * @author Joe Grandja
+ * @since 5.0
+ * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization Response</a>
+ */
+public final class AuthorizationResponse {
+	private String code;
+	private String state;
+	private OAuth2Error error;
+
+	private AuthorizationResponse() {
+	}
+
+	public String getCode() {
+		return this.code;
+	}
+
+	public String getState() {
+		return this.state;
+	}
+
+	public OAuth2Error getError() {
+		return this.error;
+	}
+
+	public boolean statusOk() {
+		return !this.statusError();
+	}
+
+	public boolean statusError() {
+		return this.error != null && this.error.getErrorCode() != null;
+	}
+
+	public static Builder success(String code) {
+		Assert.hasText(code, "code cannot be empty");
+		return new Builder().code(code);
+	}
+
+	public static Builder error(String errorCode) {
+		Assert.hasText(errorCode, "errorCode cannot be empty");
+		return new Builder().errorCode(errorCode);
+	}
+
+	public static class Builder {
+		private String code;
+		private String state;
+		private String errorCode;
+		private String errorDescription;
+		private String errorUri;
+
+		private Builder() {
+		}
+
+		public Builder code(String code) {
+			this.code = code;
+			return this;
+		}
+
+		public Builder state(String state) {
+			this.state = state;
+			return this;
+		}
+
+		public Builder errorCode(String errorCode) {
+			this.errorCode = errorCode;
+			return this;
+		}
+
+		public Builder errorDescription(String errorDescription) {
+			this.errorDescription = errorDescription;
+			return this;
+		}
+
+		public Builder errorUri(String errorUri) {
+			this.errorUri = errorUri;
+			return this;
+		}
+
+		public AuthorizationResponse build() {
+			if (StringUtils.hasText(this.code) && StringUtils.hasText(this.errorCode)) {
+				throw new IllegalArgumentException("code and errorCode cannot both be set");
+			}
+			AuthorizationResponse authorizationResponse = new AuthorizationResponse();
+			if (StringUtils.hasText(this.code)) {
+				authorizationResponse.code = this.code;
+			} else {
+				authorizationResponse.error = new OAuth2Error(
+					this.errorCode, this.errorDescription, this.errorUri);
+			}
+			authorizationResponse.state = this.state;
+			return authorizationResponse;
+		}
+	}
+}

oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationCodeAuthorizationResponseAttributesTest.java

@@ -1,31 +0,0 @@
-/*
- * Copyright 2012-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.endpoint;
-
-import org.junit.Test;
-
-/**
- * Tests {@link AuthorizationCodeAuthorizationResponseAttributes}
- *
- * @author Luander Ribeiro
- */
-public class AuthorizationCodeAuthorizationResponseAttributesTest {
-
-	@Test(expected = IllegalArgumentException.class)
-	public void constructorWhenCodeIsNullThenThrowIllegalArgumentException() {
-		new AuthorizationCodeAuthorizationResponseAttributes(null, "xyz");
-	}
-}