ObjectToListStringConverter and ObjectToMapStringObjectConverter were checking if the source object is of type List or Map and if the first element or key is a String. If we have a JSONArray containing Strings the above check will pass, meaning that a JSONArray will be returned which is not serializable (same applies to JSONObject)
With this change, even if the check is passing a new List or Map will be returned.
Closes gh-9210
The new method is intended to replace ClaimAccessor#containsClaim, the
return type of which was non-primitive Boolean. The existing
containsClaim method is now deprecated.
Closes gh-9201
Consistently use `assertThatExceptionOfType(...).isThrownBy(...)`
rather than `assertThatCode` or `assertThatThrownBy`. This aligns with
Spring Boot and Spring Cloud. It also allows the convenience
`assertThatIllegalArgument` and `assertThatIllegalState` methods to
be used.
Issue gh-8945
Remove all blank lines from test code so that test methods are
visually grouped together. This generally helps to make the test
classes easer to scan, however, the "given" / "when" / "then"
blocks used by some tests are now not as easy to discern.
Issue gh-8945
Update all ternary expressions so that the condition is always in
parentheses and "not equals" is used in the test. This helps to bring
consistency across the codebase which makes ternary expression easier
to scan.
For example: `a = (a != null) ? a : b`
Issue gh-8945
Use regular expression search/replace to ensure all single-arg
lambdas have parenthesis. This aligns with the style used in Spring
Boot and ensure that single-arg and multi-arg lambdas are consistent.
Issue gh-8945
Update all utility classes so that they have a private constructor. This
prevents users from accidentally creating an instance, when they should
just use the static methods directly.
Issue gh-8945
Add an additional lines after the copyright header and before the
`package` declaration. This aligns with the style used by Spring
Framework.
Issue gh-8945
Replace static imports with class referenced methods. With the exception
of a few well known static imports, checkstyle restricts the static
imports that a class can use. For example, `asList(...)` would be
replaced with `Arrays.asList(...)`.
Issue gh-8945
Migrate Mockito imports to use the BDD variant. This aligns better with
the "given" / "when" / "then" style used in most tests since the "given"
block now uses Mockito `given(...)` calls.
The commit also updates a few tests that were accidentally using
Power Mockito when regular Mockito could be used.
Issue gh-8945
Apply an Eclipse cleanup rules to ensure that fields are always accessed
using `this.`. This aligns with the style used by Spring Framework and
helps users quickly see the difference between a local and member
variable.
Issue gh-8945
Update classes that have private constructors so that they are also
declared final. In a few cases, inner-classes used private constructors
but were subclassed. These have now been changed to have package-private
constructors.
Issue gh-8945
If the authorization URL in the OAuth2 provider configuration contained query parameters with escaped characters, these characters were escaped a second time. This commit fixes it.
It is relevant to support the OIDC claims parameter (see https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter).
Fixes gh-7871
Since these converters no longer have a direct reference to the HTTP
stack, it would be better to move them into another package. Also, now
that the converters are public, we should follow the prevailing
converter naming convention, which is to call it STConverter for an
implementation of Converter<S, T>.
All ReactiveOAuth2AuthorizedClientManagers now have authorization success/failure handlers.
A success handler is provided to save authorized clients for future requests.
A failure handler is provided to remove previously saved authorized clients.
ServerOAuth2AuthorizedClientExchangeFilterFunction also makes use of a
failure handler in the case of unauthorized or forbidden http status code.
The main use cases now handled are
- remove authorized client when an authorization server indicates that a refresh token is no longer valid (when authorization server returns invalid_grant)
- remove authorized client when a resource server indicates that an access token is no longer valid (when resource server returns invalid_token)
Introduced ClientAuthorizationException to capture details needed when removing an authorized client.
All ReactiveOAuth2AccessTokenResponseClients now throw a ClientAuthorizationException on failures.
Created AbstractWebClientReactiveOAuth2AccessTokenResponseClient to unify common logic between all ReactiveOAuth2AccessTokenResponseClients.
Fixes gh-7699
