Polish ServerAuthenticationConverter

Update changes for ServerAuthenticationConverter to be passive.

Issue: gh-5338

config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java

@@ -485,7 +485,7 @@ public class ServerHttpSecurity {
 
 			AuthenticationWebFilter authenticationFilter = new AuthenticationWebFilter(manager);
 			authenticationFilter.setRequiresAuthenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/login/oauth2/code/{registrationId}"));
-			authenticationFilter.setAuthenticationConverter(new ServerOAuth2LoginAuthenticationTokenConverter(clientRegistrationRepository));
+			authenticationFilter.setServerAuthenticationConverter(new ServerOAuth2LoginAuthenticationTokenConverter(clientRegistrationRepository));
 
 			RedirectServerAuthenticationSuccessHandler redirectHandler = new RedirectServerAuthenticationSuccessHandler();
 
@@ -651,7 +651,7 @@ public class ServerHttpSecurity {
 					JwtReactiveAuthenticationManager authenticationManager = new JwtReactiveAuthenticationManager(
 							this.jwtDecoder);
 					AuthenticationWebFilter oauth2 = new AuthenticationWebFilter(authenticationManager);
-					oauth2.setAuthenticationConverter(new ServerBearerTokenAuthenticationConverter());
+					oauth2.setServerAuthenticationConverter(new ServerBearerTokenAuthenticationConverter());
 					oauth2.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint));
 					http
 						.exceptionHandling()

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/ServerOAuth2LoginAuthenticationTokenConverter.java

@@ -38,9 +38,10 @@ import reactor.core.publisher.Mono;
  * converter does not validate any errors it only performs a conversion.
  * @author Rob Winch
  * @since 5.1
- * @see org.springframework.security.web.server.authentication.AuthenticationWebFilter#setAuthenticationConverter(ServerAuthenticationConverter)
+ * @see org.springframework.security.web.server.authentication.AuthenticationWebFilter#setServerAuthenticationConverter(ServerAuthenticationConverter)
  */
-public class ServerOAuth2LoginAuthenticationTokenConverter implements ServerAuthenticationConverter {
+public class ServerOAuth2LoginAuthenticationTokenConverter
+		implements ServerAuthenticationConverter {
 
 	static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found";
 

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/ServerOAuth2LoginAuthenticationTokenConverterTest.java

@@ -102,7 +102,8 @@ public class ServerOAuth2LoginAuthenticationTokenConverterTest {
 
 		assertThatThrownBy(() -> applyConverter())
 				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining(ServerOAuth2LoginAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
+				.hasMessageContaining(
+						ServerOAuth2LoginAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
 	}
 
 	@Test
@@ -112,7 +113,8 @@ public class ServerOAuth2LoginAuthenticationTokenConverterTest {
 
 		assertThatThrownBy(() -> applyConverter())
 				.isInstanceOf(OAuth2AuthenticationException.class)
-				.hasMessageContaining(ServerOAuth2LoginAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
+				.hasMessageContaining(
+						ServerOAuth2LoginAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
 	}
 
 	@Test

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java

@@ -41,7 +41,8 @@ import java.util.regex.Pattern;
  * @since 5.1
  * @see <a href="https://tools.ietf.org/html/rfc6750#section-2" target="_blank">RFC 6750 Section 2: Authenticated Requests</a>
  */
-public class ServerBearerTokenAuthenticationConverter implements ServerAuthenticationConverter {
+public class ServerBearerTokenAuthenticationConverter
+		implements ServerAuthenticationConverter {
 	private static final Pattern authorizationPattern = Pattern.compile("^Bearer (?<token>[a-zA-Z0-9-._~+/]+)=*$");
 
 	private boolean allowUriQueryParameter = false;

web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java

@@ -24,6 +24,8 @@ import org.springframework.security.core.Authentication;
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.server.ServerWebExchange;
 
+import java.util.function.Function;
+
 /**
  * Converts a ServerWebExchange into a UsernamePasswordAuthenticationToken from the form
  * data HTTP parameters.
@@ -31,7 +33,9 @@ import org.springframework.web.server.ServerWebExchange;
  * @author Rob Winch
  * @since 5.0
  */
-public class ServerFormLoginAuthenticationConverter implements ServerAuthenticationConverter {
+public class ServerFormLoginAuthenticationConverter implements
+		ServerAuthenticationConverter,
+		Function<ServerWebExchange, Mono<Authentication>> {
 
 	private String usernameParameter = "username";
 
@@ -43,6 +47,18 @@ public class ServerFormLoginAuthenticationConverter implements ServerAuthenticat
 			.map( data -> createAuthentication(data));
 	}
 
+	/**
+	 * Alias for {@link #convert(ServerWebExchange)}
+	 * @param exchange the {@link ServerWebExchange} to use
+	 * @return the {@link Authentication}
+	 * @deprecated Use {@link #convert(ServerWebExchange)}
+	 */
+	@Override
+	@Deprecated
+	public Mono<Authentication> apply(ServerWebExchange exchange) {
+		return convert(exchange);
+	}
+
 	private UsernamePasswordAuthenticationToken createAuthentication(
 		MultiValueMap<String, String> data) {
 		String username = data.getFirst(this.usernameParameter);

web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java

@@ -16,6 +16,7 @@
 package org.springframework.security.web.server;
 
 import java.util.Base64;
+import java.util.function.Function;
 
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.server.reactive.ServerHttpRequest;
@@ -32,7 +33,9 @@ import reactor.core.publisher.Mono;
  * @author Rob Winch
  * @since 5.0
  */
-public class ServerHttpBasicAuthenticationConverter implements ServerAuthenticationConverter {
+public class ServerHttpBasicAuthenticationConverter implements
+		ServerAuthenticationConverter,
+		Function<ServerWebExchange, Mono<Authentication>> {
 
 	public static final String BASIC = "Basic ";
 
@@ -61,6 +64,18 @@ public class ServerHttpBasicAuthenticationConverter implements ServerAuthenticat
 		return Mono.just(new UsernamePasswordAuthenticationToken(username, password));
 	}
 
+	/**
+	 * Alias for {@link #convert(ServerWebExchange)}
+	 * @param exchange the {@link ServerWebExchange} to use
+	 * @return the {@link Authentication}
+	 * @deprecated Use {@link #convert(ServerWebExchange)}
+	 */
+	@Override
+	@Deprecated
+	public Mono<Authentication> apply(ServerWebExchange exchange) {
+		return convert(exchange);
+	}
+
 	private byte[] base64Decode(String value) {
 		try {
 			return Base64.getDecoder().decode(value);

web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java

@@ -138,13 +138,13 @@ public class AuthenticationWebFilter implements WebFilter {
 	 * that no authentication attempt should be made. The default converter is
 	 * {@link ServerHttpBasicAuthenticationConverter}
 	 * @param authenticationConverter the converter to use
-	 * @deprecated As of 5.1 in favor of {@link #setAuthenticationConverter(ServerAuthenticationConverter)}
-	 * @see #setAuthenticationConverter(ServerAuthenticationConverter)
+	 * @deprecated As of 5.1 in favor of {@link #setServerAuthenticationConverter(ServerAuthenticationConverter)}
+	 * @see #setServerAuthenticationConverter(ServerAuthenticationConverter)
 	 */
 	@Deprecated
 	public void setAuthenticationConverter(Function<ServerWebExchange, Mono<Authentication>> authenticationConverter) {
 		Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
-		setAuthenticationConverter((ServerAuthenticationConverter) authenticationConverter);
+		setServerAuthenticationConverter(authenticationConverter::apply);
 	}
 
 	/**
@@ -155,7 +155,8 @@ public class AuthenticationWebFilter implements WebFilter {
 	 * @param authenticationConverter the converter to use
 	 * @since 5.1
 	 */
-	public void setAuthenticationConverter(ServerAuthenticationConverter authenticationConverter) {
+	public void setServerAuthenticationConverter(
+			ServerAuthenticationConverter authenticationConverter) {
 		Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
 		this.authenticationConverter = authenticationConverter;
 	}
@@ -172,7 +173,7 @@ public class AuthenticationWebFilter implements WebFilter {
 
 	/**
 	 * Sets the matcher used to determine when creating an {@link Authentication} from
-	 * {@link #setAuthenticationConverter(ServerAuthenticationConverter)} to be authentication. If the converter returns an empty
+	 * {@link #setServerAuthenticationConverter(ServerAuthenticationConverter)} to be authentication. If the converter returns an empty
 	 * result, then no authentication is attempted. The default is any request
 	 * @param requiresAuthenticationMatcher the matcher to use. Cannot be null.
 	 */

web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java

@@ -61,7 +61,7 @@ public class AuthenticationWebFilterTests {
 	public void setup() {
 		this.filter = new AuthenticationWebFilter(this.authenticationManager);
 		this.filter.setAuthenticationSuccessHandler(this.successHandler);
-		this.filter.setAuthenticationConverter(this.authenticationConverter);
+		this.filter.setServerAuthenticationConverter(this.authenticationConverter);
 		this.filter.setSecurityContextRepository(this.securityContextRepository);
 		this.filter.setAuthenticationFailureHandler(this.failureHandler);
 	}