From d554b06a43472c5e183540e5a04877ca44597cb2 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Tue, 17 Oct 2017 22:17:09 -0500
Subject: [PATCH] OAuth use ConcurrentHashMap

Fixes gh-4647
---
 .../client/authentication/jwt/NimbusJwtDecoderRegistry.java   | 4 ++--
 .../registration/InMemoryClientRegistrationRepository.java    | 4 ++--
 .../oauth2/client/token/InMemoryAccessTokenRepository.java    | 3 ++-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/jwt/NimbusJwtDecoderRegistry.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/jwt/NimbusJwtDecoderRegistry.java
index df1ca3b2d9..33b02176fc 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/jwt/NimbusJwtDecoderRegistry.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/jwt/NimbusJwtDecoderRegistry.java
@@ -21,8 +21,8 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
-import java.util.HashMap;
 import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
 
 /**
  * A {@link JwtDecoderRegistry} that creates/manages instances of
@@ -35,7 +35,7 @@ import java.util.Map;
  * @see <a target="_blank" href="https://connect2id.com/products/nimbus-jose-jwt">Nimbus JOSE + JWT SDK</a>
  */
 public class NimbusJwtDecoderRegistry implements JwtDecoderRegistry {
-	private final Map<String, JwtDecoder> jwtDecoders = new HashMap<>();
+	private final Map<String, JwtDecoder> jwtDecoders = new ConcurrentHashMap<>();
 
 	@Override
 	public JwtDecoder getJwtDecoder(ClientRegistration registration) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java
index 5707813cfd..5fa4de0fe9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java
@@ -18,10 +18,10 @@ package org.springframework.security.oauth2.client.registration;
 import org.springframework.util.Assert;
 
 import java.util.Collections;
-import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
 
 /**
  * A {@link ClientRegistrationRepository} that stores {@link ClientRegistration}(s) <i>in-memory</i>.
@@ -36,7 +36,7 @@ public final class InMemoryClientRegistrationRepository implements ClientRegistr
 
 	public InMemoryClientRegistrationRepository(List<ClientRegistration> registrations) {
 		Assert.notEmpty(registrations, "registrations cannot be empty");
-		Map<String, ClientRegistration> registrationsMap = new HashMap<>();
+		Map<String, ClientRegistration> registrationsMap = new ConcurrentHashMap<>();
 		registrations.forEach(registration -> {
 			if (registrationsMap.containsKey(registration.getRegistrationId())) {
 				throw new IllegalArgumentException("ClientRegistration must be unique. Found duplicate registrationId: " +
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/InMemoryAccessTokenRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/InMemoryAccessTokenRepository.java
index 37e865b807..7f33bedb20 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/InMemoryAccessTokenRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/InMemoryAccessTokenRepository.java
@@ -23,6 +23,7 @@ import org.springframework.util.Assert;
 import java.util.Base64;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
 
 /**
  * A {@link SecurityTokenRepository} that associates an {@link AccessToken}
@@ -36,7 +37,7 @@ import java.util.Map;
  */
 public final class InMemoryAccessTokenRepository implements SecurityTokenRepository<AccessToken> {
 	private final ClientRegistrationIdentifierStrategy<String> identifierStrategy = new AuthorizedClientIdentifierStrategy();
-	private final Map<String, AccessToken> accessTokens = new HashMap<>();
+	private final Map<String, AccessToken> accessTokens = new ConcurrentHashMap<>();
 
 	@Override
 	public AccessToken loadSecurityToken(ClientRegistration registration) {