Flatten HttpSecurity.oauth2()

Fixes gh-5715

config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java

@@ -48,8 +48,9 @@ import org.springframework.security.config.annotation.web.configurers.SecurityCo
 import org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer;
 import org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer;
 import org.springframework.security.config.annotation.web.configurers.X509Configurer;
-import org.springframework.security.config.annotation.web.configurers.oauth2.OAuth2Configurer;
+import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer;
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer;
+import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
 import org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContext;
@@ -111,6 +112,7 @@ import java.util.Map;
  * </pre>
  *
  * @author Rob Winch
+ * @author Joe Grandja
  * @since 3.2
  * @see EnableWebSecurity
  */
@@ -978,7 +980,6 @@ public final class HttpSecurity extends
 	 * <p>
 	 * For more advanced configuration, see {@link OAuth2LoginConfigurer} for available options to customize the defaults.
 	 *
-	 * @author Joe Grandja
 	 * @since 5.0
 	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant</a>
 	 * @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">Section 3.1 Authorization Code Flow</a>
@@ -992,15 +993,29 @@ public final class HttpSecurity extends
 	}
 
 	/**
-	 * Configures support for the <a target="_blank" href="https://tools.ietf.org/html/rfc6749">OAuth 2.0 Authorization Framework</a>.
+	 * Configures OAuth 2.0 Client support.
 	 *
-	 * @author Joe Grandja
 	 * @since 5.1
-	 * @return the {@link OAuth2Configurer} for further customizations
+	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization Framework</a>
+	 * @return the {@link OAuth2ClientConfigurer} for further customizations
 	 * @throws Exception
 	 */
-	public OAuth2Configurer<HttpSecurity> oauth2() throws Exception {
+	public OAuth2ClientConfigurer<HttpSecurity> oauth2Client() throws Exception {
-		OAuth2Configurer<HttpSecurity> configurer = getOrApply(new OAuth2Configurer<>());
+		OAuth2ClientConfigurer<HttpSecurity> configurer = getOrApply(new OAuth2ClientConfigurer<>());
+		this.postProcess(configurer);
+		return configurer;
+	}
+
+	/**
+	 * Configures OAuth 2.0 Resource Server support.
+	 *
+	 * @since 5.1
+	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization Framework</a>
+	 * @return the {@link OAuth2ResourceServerConfigurer} for further customizations
+	 * @throws Exception
+	 */
+	public OAuth2ResourceServerConfigurer<HttpSecurity> oauth2ResourceServer() throws Exception {
+		OAuth2ResourceServerConfigurer<HttpSecurity> configurer = getOrApply(new OAuth2ResourceServerConfigurer<>(getContext()));
 		this.postProcess(configurer);
 		return configurer;
 	}

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/OAuth2Configurer.java

@@ -1,105 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.config.annotation.web.configurers.oauth2;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.security.config.annotation.ObjectPostProcessor;
-import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer;
-import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
-
-/**
- * An {@link AbstractHttpConfigurer} that provides support for the
- * <a target="_blank" href="https://tools.ietf.org/html/rfc6749">OAuth 2.0 Authorization Framework</a>.
- *
- * @author Joe Grandja
- * @since 5.1
- * @see HttpSecurity#oauth2()
- * @see OAuth2ClientConfigurer
- * @see AbstractHttpConfigurer
- */
-public final class OAuth2Configurer<B extends HttpSecurityBuilder<B>>
-		extends AbstractHttpConfigurer<OAuth2Configurer<B>, B> {
-
-	@Autowired
-	private ObjectPostProcessor<Object> objectPostProcessor;
-
-	private OAuth2ClientConfigurer<B> clientConfigurer;
-
-	private OAuth2ResourceServerConfigurer<B> resourceServerConfigurer;
-
-	/**
-	 * Returns the {@link OAuth2ClientConfigurer} for configuring OAuth 2.0 Client support.
-	 *
-	 * @return the {@link OAuth2ClientConfigurer}
-	 */
-	public OAuth2ClientConfigurer<B> client() {
-		if (this.clientConfigurer == null) {
-			this.initClientConfigurer();
-		}
-		return this.clientConfigurer;
-	}
-
-	/**
-	 * Returns the {@link OAuth2ResourceServerConfigurer} for configuring OAuth 2.0 Resource Server support.
-	 *
-	 * @return the {@link OAuth2ResourceServerConfigurer}
-	 */
-	public OAuth2ResourceServerConfigurer<B> resourceServer() {
-		if (this.resourceServerConfigurer == null) {
-			this.initResourceServerConfigurer();
-		}
-		return this.resourceServerConfigurer;
-	}
-
-	@Override
-	public void init(B builder) throws Exception {
-		if (this.clientConfigurer != null) {
-			this.clientConfigurer.init(builder);
-		}
-
-		if (this.resourceServerConfigurer != null) {
-			this.resourceServerConfigurer.init(builder);
-		}
-	}
-
-	@Override
-	public void configure(B builder) throws Exception {
-		if (this.clientConfigurer != null) {
-			this.clientConfigurer.configure(builder);
-		}
-
-		if (this.resourceServerConfigurer != null) {
-			this.resourceServerConfigurer.configure(builder);
-		}
-	}
-
-	private void initClientConfigurer() {
-		this.clientConfigurer = new OAuth2ClientConfigurer<>();
-		this.clientConfigurer.setBuilder(this.getBuilder());
-		this.clientConfigurer.addObjectPostProcessor(this.objectPostProcessor);
-	}
-
-	private void initResourceServerConfigurer() {
-		ApplicationContext context = getBuilder().getSharedObject(ApplicationContext.class);
-		this.resourceServerConfigurer = new OAuth2ResourceServerConfigurer<>(context);
-		this.resourceServerConfigurer.setBuilder(this.getBuilder());
-		this.resourceServerConfigurer.addObjectPostProcessor(this.objectPostProcessor);
-	}
-}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java

@@ -218,11 +218,10 @@ public class OAuth2ClientConfigurerTests {
 				.requestCache()
 					.requestCache(requestCache)
 					.and()
-				.oauth2()
+				.oauth2Client()
-					.client()
+					.authorizationCodeGrant()
-						.authorizationCodeGrant()
+						.authorizationRequestResolver(authorizationRequestResolver)
-							.authorizationRequestResolver(authorizationRequestResolver)
+						.accessTokenResponseClient(accessTokenResponseClient);
-							.accessTokenResponseClient(accessTokenResponseClient);
 		}
 
 		@Bean

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java

@@ -1043,10 +1043,9 @@ public class OAuth2ResourceServerConfigurerTests {
 					.antMatchers("/requires-read-scope").access("hasAuthority('SCOPE_message:read')")
 					.anyRequest().authenticated()
 					.and()
-				.oauth2()
+				.oauth2ResourceServer()
-					.resourceServer()
+					.jwt()
-						.jwt()
+						.jwkSetUri(this.uri);
-							.jwkSetUri(this.uri);
 			// @formatter:on
 		}
 	}
@@ -1064,10 +1063,9 @@ public class OAuth2ResourceServerConfigurerTests {
 					.anyRequest().authenticated()
 					.and()
 				.csrf().disable()
-				.oauth2()
+				.oauth2ResourceServer()
-					.resourceServer()
+					.jwt()
-						.jwt()
+						.jwkSetUri(this.uri);
-							.jwkSetUri(this.uri);
 			// @formatter:on
 		}
 	}
@@ -1084,10 +1082,9 @@ public class OAuth2ResourceServerConfigurerTests {
 				.authorizeRequests()
 					.anyRequest().authenticated()
 					.and()
-				.oauth2()
+				.oauth2ResourceServer()
-					.resourceServer()
+					.jwt()
-						.jwt()
+						.jwkSetUri(this.uri);
-							.jwkSetUri(this.uri);
 			// @formatter:on
 		}
 	}
@@ -1101,8 +1098,7 @@ public class OAuth2ResourceServerConfigurerTests {
 				.authorizeRequests()
 					.anyRequest().authenticated()
 					.and()
-				.oauth2()
+				.oauth2ResourceServer();
-					.resourceServer();
 			// @formatter:on
 		}
 	}
@@ -1116,10 +1112,9 @@ public class OAuth2ResourceServerConfigurerTests {
 				.authorizeRequests()
 					.anyRequest().authenticated()
 					.and()
-				.oauth2()
+				.oauth2ResourceServer()
-					.resourceServer()
+					.authenticationEntryPoint(authenticationEntryPoint())
-						.authenticationEntryPoint(authenticationEntryPoint())
+					.jwt();
-						.jwt();
 			// @formatter:on
 		}
 
@@ -1140,10 +1135,9 @@ public class OAuth2ResourceServerConfigurerTests {
 				.authorizeRequests()
 					.anyRequest().denyAll()
 					.and()
-				.oauth2()
+				.oauth2ResourceServer()
-					.resourceServer()
+					.accessDeniedHandler(accessDeniedHandler())
-						.accessDeniedHandler(accessDeniedHandler())
+					.jwt();
-						.jwt();
 			// @formatter:on
 		}
 
@@ -1169,9 +1163,8 @@ public class OAuth2ResourceServerConfigurerTests {
 					.and()
 				.httpBasic()
 					.and()
-				.oauth2()
+				.oauth2ResourceServer()
-					.resourceServer()
+					.jwt();
-						.jwt();
 			// @formatter:on
 		}
 
@@ -1198,10 +1191,9 @@ public class OAuth2ResourceServerConfigurerTests {
 				.authorizeRequests()
 					.anyRequest().authenticated()
 					.and()
-				.oauth2()
+				.oauth2ResourceServer()
-					.resourceServer()
+					.jwt()
-						.jwt()
+						.jwtAuthenticationConverter(getJwtAuthenticationConverter());
-							.jwtAuthenticationConverter(getJwtAuthenticationConverter());
 
 			// @formatter:on
 		}
@@ -1221,10 +1213,9 @@ public class OAuth2ResourceServerConfigurerTests {
 				.authorizeRequests()
 					.antMatchers("/requires-read-scope").access("hasAuthority('message:read')")
 					.and()
-				.oauth2()
+				.oauth2ResourceServer()
-					.resourceServer()
+					.jwt()
-						.jwt()
+						.jwtAuthenticationConverter(getJwtAuthenticationConverter());
-							.jwtAuthenticationConverter(getJwtAuthenticationConverter());
 
 			// @formatter:on
 		}
@@ -1252,10 +1243,9 @@ public class OAuth2ResourceServerConfigurerTests {
 					.and()
 				.httpBasic()
 					.and()
-				.oauth2()
+				.oauth2ResourceServer()
-					.resourceServer()
+					.jwt()
-						.jwt()
+						.jwkSetUri(this.uri);
-							.jwkSetUri(this.uri);
 			// @formatter:on
 		}
 
@@ -1279,9 +1269,8 @@ public class OAuth2ResourceServerConfigurerTests {
 				.authorizeRequests()
 					.anyRequest().authenticated()
 					.and()
-				.oauth2()
+				.oauth2ResourceServer()
-					.resourceServer()
+					.jwt(); // missing key configuration, e.g. jwkSetUri
-						.jwt(); // missing key configuration, e.g. jwkSetUri
 			// @formatter:on
 		}
 	}
@@ -1297,10 +1286,9 @@ public class OAuth2ResourceServerConfigurerTests {
 				.sessionManagement()
 					.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
 					.and()
-				.oauth2()
+				.oauth2ResourceServer()
-					.resourceServer()
+					.jwt()
-						.jwt()
+						.jwkSetUri(this.uri);
-							.jwkSetUri(this.uri);
 			// @formatter:on
 		}
 	}
@@ -1314,10 +1302,9 @@ public class OAuth2ResourceServerConfigurerTests {
 				.authorizeRequests()
 					.anyRequest().authenticated()
 					.and()
-				.oauth2()
+				.oauth2ResourceServer()
-					.resourceServer()
+					.bearerTokenResolver(allowRequestBody())
-						.bearerTokenResolver(allowRequestBody())
+					.jwt();
-						.jwt();
 			// @formatter:on
 		}
 
@@ -1337,9 +1324,8 @@ public class OAuth2ResourceServerConfigurerTests {
 				.authorizeRequests()
 					.anyRequest().authenticated()
 					.and()
-				.oauth2()
+				.oauth2ResourceServer()
-					.resourceServer()
+					.jwt();
-						.jwt();
 			// @formatter:on
 		}
 
@@ -1360,9 +1346,8 @@ public class OAuth2ResourceServerConfigurerTests {
 				.authorizeRequests()
 					.anyRequest().authenticated()
 					.and()
-				.oauth2()
+				.oauth2ResourceServer()
-					.resourceServer()
+					.jwt();
-						.jwt();
 			// @formatter:on
 		}
 
@@ -1392,10 +1377,9 @@ public class OAuth2ResourceServerConfigurerTests {
 				.authorizeRequests()
 					.anyRequest().authenticated()
 					.and()
-				.oauth2()
+				.oauth2ResourceServer()
-					.resourceServer()
+					.jwt()
-						.jwt()
+						.decoder(decoder());
-							.decoder(decoder());
 			// @formatter:on
 		}
 
@@ -1413,9 +1397,8 @@ public class OAuth2ResourceServerConfigurerTests {
 				.authorizeRequests()
 					.anyRequest().authenticated()
 					.and()
-				.oauth2()
+				.oauth2ResourceServer()
-					.resourceServer()
+					.jwt();
-						.jwt();
 			// @formatter:on
 		}
 
@@ -1439,10 +1422,9 @@ public class OAuth2ResourceServerConfigurerTests {
 
 			// @formatter:off
 			http
-				.oauth2()
+				.oauth2ResourceServer()
-					.resourceServer()
+					.jwt()
-						.jwt()
+						.decoder(jwtDecoder);
-							.decoder(jwtDecoder);
 			// @formatter:on
 		}
 
@@ -1467,10 +1449,9 @@ public class OAuth2ResourceServerConfigurerTests {
 
 			// @formatter:off
 			http
-				.oauth2()
+				.oauth2ResourceServer()
-					.resourceServer()
+					.jwt()
-						.jwt()
+						.decoder(jwtDecoder);
-							.decoder(jwtDecoder);
 			// @formatter:on
 		}
 	}
@@ -1491,10 +1472,9 @@ public class OAuth2ResourceServerConfigurerTests {
 
 			// @formatter:off
 			http
-				.oauth2()
+				.oauth2ResourceServer()
-					.resourceServer()
+					.jwt()
-						.jwt()
+						.decoder(jwtDecoder);
-							.decoder(jwtDecoder);
 			// @formatter:on
 		}
 	}

samples/boot/authcodegrant/src/integration-test/java/org/springframework/security/samples/OAuth2AuthorizationCodeGrantApplicationTests.java

@@ -147,10 +147,9 @@ public class OAuth2AuthorizationCodeGrantApplicationTests {
 				.authorizeRequests()
 					.anyRequest().authenticated()
 					.and()
-				.oauth2()
+				.oauth2Client()
-					.client()
+					.authorizationCodeGrant()
-						.authorizationCodeGrant()
+						.accessTokenResponseClient(this.accessTokenResponseClient());
-							.accessTokenResponseClient(this.accessTokenResponseClient());
 		}
 		// @formatter:on
 

samples/boot/authcodegrant/src/main/java/sample/config/SecurityConfig.java

@@ -41,8 +41,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 				.and()
 			.formLogin()
 				.and()
-			.oauth2()
+			.oauth2Client();
-				.client();
 	}
 
 	@Bean

samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java

@@ -36,10 +36,9 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
 				.antMatchers("/message/**").access("hasAuthority('SCOPE_message:read')")
 				.anyRequest().authenticated()
 				.and()
-			.oauth2()
+			.oauth2ResourceServer()
-				.resourceServer()
+				.jwt()
-					.jwt()
+					.jwkSetUri(this.jwkSetUri);
-						.jwkSetUri(this.jwkSetUri);
 		// @formatter:on
 	}
 }