Rename OAuth2TokenIntrospectionClient

Renamed to OpaqueTokenIntrospector

Fixes gh-7245

Author: jzheaux

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java

@@ -38,8 +38,8 @@
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider;
 import org.springframework.security.oauth2.server.resource.authentication.OAuth2IntrospectionAuthenticationProvider;
-import org.springframework.security.oauth2.server.resource.introspection.NimbusOAuth2TokenIntrospectionClient;
-import org.springframework.security.oauth2.server.resource.introspection.OAuth2TokenIntrospectionClient;
+import org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector;
+import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
 import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint;
 import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter;
 import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
@@ -339,7 +339,7 @@ public class OpaqueTokenConfigurer {
 		private String introspectionUri;
 		private String clientId;
 		private String clientSecret;
-		private Supplier<OAuth2TokenIntrospectionClient> introspectionClient;
+		private Supplier<OpaqueTokenIntrospector> introspector;
 
 		OpaqueTokenConfigurer(ApplicationContext context) {
 			this.context = context;
@@ -354,8 +354,8 @@ public OpaqueTokenConfigurer authenticationManager(AuthenticationManager authent
 		public OpaqueTokenConfigurer introspectionUri(String introspectionUri) {
 			Assert.notNull(introspectionUri, "introspectionUri cannot be null");
 			this.introspectionUri = introspectionUri;
-			this.introspectionClient = () ->
-					new NimbusOAuth2TokenIntrospectionClient(this.introspectionUri, this.clientId, this.clientSecret);
+			this.introspector = () ->
+					new NimbusOpaqueTokenIntrospector(this.introspectionUri, this.clientId, this.clientSecret);
 			return this;
 		}
 
@@ -364,32 +364,32 @@ public OpaqueTokenConfigurer introspectionClientCredentials(String clientId, Str
 			Assert.notNull(clientSecret, "clientSecret cannot be null");
 			this.clientId = clientId;
 			this.clientSecret = clientSecret;
-			this.introspectionClient = () ->
-					new NimbusOAuth2TokenIntrospectionClient(this.introspectionUri, this.clientId, this.clientSecret);
+			this.introspector = () ->
+					new NimbusOpaqueTokenIntrospector(this.introspectionUri, this.clientId, this.clientSecret);
 			return this;
 		}
 
-		public OpaqueTokenConfigurer introspectionClient(OAuth2TokenIntrospectionClient introspectionClient) {
-			Assert.notNull(introspectionClient, "introspectionClient cannot be null");
-			this.introspectionClient = () -> introspectionClient;
+		public OpaqueTokenConfigurer introspector(OpaqueTokenIntrospector introspector) {
+			Assert.notNull(introspector, "introspector cannot be null");
+			this.introspector = () -> introspector;
 			return this;
 		}
 
-		OAuth2TokenIntrospectionClient getIntrospectionClient() {
-			if (this.introspectionClient != null) {
-				return this.introspectionClient.get();
+		OpaqueTokenIntrospector getIntrospector() {
+			if (this.introspector != null) {
+				return this.introspector.get();
 			}
-			return this.context.getBean(OAuth2TokenIntrospectionClient.class);
+			return this.context.getBean(OpaqueTokenIntrospector.class);
 		}
 
 		AuthenticationManager getAuthenticationManager(H http) {
 			if (this.authenticationManager != null) {
 				return this.authenticationManager;
 			}
 
-			OAuth2TokenIntrospectionClient introspectionClient = getIntrospectionClient();
+			OpaqueTokenIntrospector introspector = getIntrospector();
 			OAuth2IntrospectionAuthenticationProvider provider =
-					new OAuth2IntrospectionAuthenticationProvider(introspectionClient);
+					new OAuth2IntrospectionAuthenticationProvider(introspector);
 			http.authenticationProvider(provider);
 
 			return http.getSharedObject(AuthenticationManager.class);

config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java

@@ -32,7 +32,6 @@
 import java.util.function.Function;
 import java.util.function.Supplier;
 
-import org.springframework.security.config.Customizer;
 import reactor.core.publisher.Mono;
 import reactor.util.context.Context;
 
@@ -53,6 +52,7 @@
 import org.springframework.security.authorization.AuthorityReactiveAuthorizationManager;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.ReactiveAuthorizationManager;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
@@ -90,8 +90,8 @@
 import org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager;
 import org.springframework.security.oauth2.server.resource.authentication.OAuth2IntrospectionReactiveAuthenticationManager;
 import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter;
-import org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOAuth2TokenIntrospectionClient;
-import org.springframework.security.oauth2.server.resource.introspection.ReactiveOAuth2TokenIntrospectionClient;
+import org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOpaqueTokenIntrospector;
+import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
 import org.springframework.security.oauth2.server.resource.web.access.server.BearerTokenServerAccessDeniedHandler;
 import org.springframework.security.oauth2.server.resource.web.server.BearerTokenServerAuthenticationEntryPoint;
 import org.springframework.security.oauth2.server.resource.web.server.ServerBearerTokenAuthenticationConverter;
@@ -1820,7 +1820,7 @@ public class OpaqueTokenSpec {
 			private String introspectionUri;
 			private String clientId;
 			private String clientSecret;
-			private Supplier<ReactiveOAuth2TokenIntrospectionClient> introspectionClient;
+			private Supplier<ReactiveOpaqueTokenIntrospector> introspector;
 
 			/**
 			 * Configures the URI of the Introspection endpoint
@@ -1830,8 +1830,8 @@ public class OpaqueTokenSpec {
 			public OpaqueTokenSpec introspectionUri(String introspectionUri) {
 				Assert.hasText(introspectionUri, "introspectionUri cannot be empty");
 				this.introspectionUri = introspectionUri;
-				this.introspectionClient = () ->
-						new NimbusReactiveOAuth2TokenIntrospectionClient(
+				this.introspector = () ->
+						new NimbusReactiveOpaqueTokenIntrospector(
 								this.introspectionUri, this.clientId, this.clientSecret);
 				return this;
 			}
@@ -1847,15 +1847,15 @@ public OpaqueTokenSpec introspectionClientCredentials(String clientId, String cl
 				Assert.notNull(clientSecret, "clientSecret cannot be null");
 				this.clientId = clientId;
 				this.clientSecret = clientSecret;
-				this.introspectionClient = () ->
-						new NimbusReactiveOAuth2TokenIntrospectionClient(
+				this.introspector = () ->
+						new NimbusReactiveOpaqueTokenIntrospector(
 								this.introspectionUri, this.clientId, this.clientSecret);
 				return this;
 			}
 
-			public OpaqueTokenSpec introspectionClient(ReactiveOAuth2TokenIntrospectionClient introspectionClient) {
-				Assert.notNull(introspectionClient, "introspectionClient cannot be null");
-				this.introspectionClient = () -> introspectionClient;
+			public OpaqueTokenSpec introspector(ReactiveOpaqueTokenIntrospector introspector) {
+				Assert.notNull(introspector, "introspector cannot be null");
+				this.introspector = () -> introspector;
 				return this;
 			}
 
@@ -1868,14 +1868,14 @@ public OAuth2ResourceServerSpec and() {
 			}
 
 			protected ReactiveAuthenticationManager getAuthenticationManager() {
-				return new OAuth2IntrospectionReactiveAuthenticationManager(getIntrospectionClient());
+				return new OAuth2IntrospectionReactiveAuthenticationManager(getIntrospector());
 			}
 
-			protected ReactiveOAuth2TokenIntrospectionClient getIntrospectionClient() {
-				if (this.introspectionClient != null) {
-					return this.introspectionClient.get();
+			protected ReactiveOpaqueTokenIntrospector getIntrospector() {
+				if (this.introspector != null) {
+					return this.introspector.get();
 				}
-				return getBean(ReactiveOAuth2TokenIntrospectionClient.class);
+				return getBean(ReactiveOpaqueTokenIntrospector.class);
 			}
 
 			protected void configure(ServerHttpSecurity http) {

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java

@@ -92,8 +92,8 @@
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.authentication.OAuth2IntrospectionAuthenticationToken;
-import org.springframework.security.oauth2.server.resource.introspection.NimbusOAuth2TokenIntrospectionClient;
-import org.springframework.security.oauth2.server.resource.introspection.OAuth2TokenIntrospectionClient;
+import org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector;
+import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
 import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint;
 import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
 import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver;
@@ -1182,38 +1182,38 @@ public void getIntrospectionClientWhenConfiguredWithClientAndIntrospectionUriThe
 		OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer opaqueTokenConfigurer =
 				new OAuth2ResourceServerConfigurer(context).opaqueToken();
 
-		OAuth2TokenIntrospectionClient client = mock(OAuth2TokenIntrospectionClient.class);
+		OpaqueTokenIntrospector client = mock(OpaqueTokenIntrospector.class);
 
 		opaqueTokenConfigurer.introspectionUri(INTROSPECTION_URI);
 		opaqueTokenConfigurer.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET);
-		opaqueTokenConfigurer.introspectionClient(client);
+		opaqueTokenConfigurer.introspector(client);
 
-		assertThat(opaqueTokenConfigurer.getIntrospectionClient()).isEqualTo(client);
+		assertThat(opaqueTokenConfigurer.getIntrospector()).isEqualTo(client);
 
 		opaqueTokenConfigurer =
 				new OAuth2ResourceServerConfigurer(context).opaqueToken();
 
-		opaqueTokenConfigurer.introspectionClient(client);
+		opaqueTokenConfigurer.introspector(client);
 		opaqueTokenConfigurer.introspectionUri(INTROSPECTION_URI);
 		opaqueTokenConfigurer.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET);
 
-		assertThat(opaqueTokenConfigurer.getIntrospectionClient())
-				.isInstanceOf(NimbusOAuth2TokenIntrospectionClient.class);
+		assertThat(opaqueTokenConfigurer.getIntrospector())
+				.isInstanceOf(NimbusOpaqueTokenIntrospector.class);
 
 	}
 
 	@Test
 	public void getIntrospectionClientWhenDslAndBeanWiredThenDslTakesPrecedence() {
 		GenericApplicationContext context = new GenericApplicationContext();
-		registerMockBean(context, "introspectionClientOne", OAuth2TokenIntrospectionClient.class);
-		registerMockBean(context, "introspectionClientTwo", OAuth2TokenIntrospectionClient.class);
+		registerMockBean(context, "introspectionClientOne", OpaqueTokenIntrospector.class);
+		registerMockBean(context, "introspectionClientTwo", OpaqueTokenIntrospector.class);
 
 		OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer opaqueToken =
 				new OAuth2ResourceServerConfigurer(context).opaqueToken();
 		opaqueToken.introspectionUri(INTROSPECTION_URI);
 		opaqueToken.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET);
 
-		assertThat(opaqueToken.getIntrospectionClient()).isNotNull();
+		assertThat(opaqueToken.getIntrospector()).isNotNull();
 	}
 
 	// -- In combination with other authentication providers
@@ -1327,7 +1327,7 @@ public void getAuthenticationManagerWhenConfiguredAuthenticationManagerThenTakes
 		oauth2ResourceServer
 			.opaqueToken()
 				.authenticationManager(authenticationManager)
-				.introspectionClient(mock(OAuth2TokenIntrospectionClient.class));
+				.introspector(mock(OpaqueTokenIntrospector.class));
 		assertThat(oauth2ResourceServer.getAuthenticationManager(http)).isSameAs(authenticationManager);
 		verify(http, never()).authenticationProvider(any(AuthenticationProvider.class));
 	}
@@ -2164,8 +2164,8 @@ NimbusJwtDecoder jwtDecoder() {
 		}
 
 		@Bean
-		NimbusOAuth2TokenIntrospectionClient tokenIntrospectionClient() {
-			return new NimbusOAuth2TokenIntrospectionClient("https://example.org/introspect", this.rest);
+		NimbusOpaqueTokenIntrospector tokenIntrospectionClient() {
+			return new NimbusOpaqueTokenIntrospector("https://example.org/introspect", this.rest);
 		}
 	}
 

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationProvider.java

@@ -34,7 +34,7 @@
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.OAuth2TokenAttributes;
 import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException;
-import org.springframework.security.oauth2.server.resource.introspection.OAuth2TokenIntrospectionClient;
+import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
 import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.BearerTokenError;
 import org.springframework.util.Assert;
@@ -69,14 +69,14 @@ public final class OAuth2IntrospectionAuthenticationProvider implements Authenti
 	private static final BearerTokenError DEFAULT_INVALID_TOKEN =
 			invalidToken("An error occurred while attempting to introspect the token: Invalid token");
 
-	private OAuth2TokenIntrospectionClient introspectionClient;
+	private OpaqueTokenIntrospector introspectionClient;
 
 	/**
 	 * Creates a {@code OAuth2IntrospectionAuthenticationProvider} with the provided parameters
 	 *
-	 * @param introspectionClient The {@link OAuth2TokenIntrospectionClient} to use
+	 * @param introspectionClient The {@link OpaqueTokenIntrospector} to use
 	 */
-	public OAuth2IntrospectionAuthenticationProvider(OAuth2TokenIntrospectionClient introspectionClient) {
+	public OAuth2IntrospectionAuthenticationProvider(OpaqueTokenIntrospector introspectionClient) {
 		Assert.notNull(introspectionClient, "introspectionClient cannot be null");
 		this.introspectionClient = introspectionClient;
 	}

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionReactiveAuthenticationManager.java

@@ -35,7 +35,7 @@
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException;
-import org.springframework.security.oauth2.server.resource.introspection.ReactiveOAuth2TokenIntrospectionClient;
+import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
 import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.BearerTokenError;
 import org.springframework.util.Assert;
@@ -70,14 +70,14 @@ public class OAuth2IntrospectionReactiveAuthenticationManager implements Reactiv
 	private static final BearerTokenError DEFAULT_INVALID_TOKEN =
 			invalidToken("An error occurred while attempting to introspect the token: Invalid token");
 
-	private ReactiveOAuth2TokenIntrospectionClient introspectionClient;
+	private ReactiveOpaqueTokenIntrospector introspectionClient;
 
 	/**
 	 * Creates a {@code OAuth2IntrospectionReactiveAuthenticationManager} with the provided parameters
 	 *
-	 * @param introspectionClient The {@link ReactiveOAuth2TokenIntrospectionClient} to use
+	 * @param introspectionClient The {@link ReactiveOpaqueTokenIntrospector} to use
 	 */
-	public OAuth2IntrospectionReactiveAuthenticationManager(ReactiveOAuth2TokenIntrospectionClient introspectionClient) {
+	public OAuth2IntrospectionReactiveAuthenticationManager(ReactiveOpaqueTokenIntrospector introspectionClient) {
 		Assert.notNull(introspectionClient, "introspectionClient cannot be null");
 		this.introspectionClient = introspectionClient;
 	}

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOAuth2TokenIntrospectionClient.java renamed to oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospector.java

@@ -52,13 +52,15 @@
 import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.SCOPE;
 
 /**
- * A Nimbus implementation of {@link OAuth2TokenIntrospectionClient}.
+ * A Nimbus implementation of {@link OpaqueTokenIntrospector} that verifies and introspects
+ * a token using the configured
+ * <a href="https://tools.ietf.org/html/rfc7662" target="_blank">OAuth 2.0 Introspection Endpoint</a>.
  *
  * @author Josh Cummings
  * @author MD Sayem Ahmed
  * @since 5.2
  */
-public class NimbusOAuth2TokenIntrospectionClient implements OAuth2TokenIntrospectionClient {
+public class NimbusOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
 	private Converter<String, RequestEntity<?>> requestEntityConverter;
 	private RestOperations restOperations;
 
@@ -69,7 +71,7 @@ public class NimbusOAuth2TokenIntrospectionClient implements OAuth2TokenIntrospe
 	 * @param clientId The client id authorized to introspect
 	 * @param clientSecret The client's secret
 	 */
-	public NimbusOAuth2TokenIntrospectionClient(String introspectionUri, String clientId, String clientSecret) {
+	public NimbusOpaqueTokenIntrospector(String introspectionUri, String clientId, String clientSecret) {
 		Assert.notNull(introspectionUri, "introspectionUri cannot be null");
 		Assert.notNull(clientId, "clientId cannot be null");
 		Assert.notNull(clientSecret, "clientSecret cannot be null");
@@ -89,7 +91,7 @@ public NimbusOAuth2TokenIntrospectionClient(String introspectionUri, String clie
 	 * @param introspectionUri The introspection endpoint uri
 	 * @param restOperations The client for performing the introspection request
 	 */
-	public NimbusOAuth2TokenIntrospectionClient(String introspectionUri, RestOperations restOperations) {
+	public NimbusOpaqueTokenIntrospector(String introspectionUri, RestOperations restOperations) {
 		Assert.notNull(introspectionUri, "introspectionUri cannot be null");
 		Assert.notNull(restOperations, "restOperations cannot be null");
 

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOAuth2TokenIntrospectionClient.java renamed to oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java

@@ -46,12 +46,14 @@
 import static org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames.SCOPE;
 
 /**
- * A Nimbus implementation of {@link ReactiveOAuth2TokenIntrospectionClient}
+ * A Nimbus implementation of {@link ReactiveOpaqueTokenIntrospector} that verifies and introspects
+ * a token using the configured
+ * <a href="https://tools.ietf.org/html/rfc7662" target="_blank">OAuth 2.0 Introspection Endpoint</a>.
  *
  * @author Josh Cummings
  * @since 5.2
  */
-public class NimbusReactiveOAuth2TokenIntrospectionClient implements ReactiveOAuth2TokenIntrospectionClient {
+public class NimbusReactiveOpaqueTokenIntrospector implements ReactiveOpaqueTokenIntrospector {
 	private URI introspectionUri;
 	private WebClient webClient;
 
@@ -62,7 +64,7 @@ public class NimbusReactiveOAuth2TokenIntrospectionClient implements ReactiveOAu
 	 * @param clientId The client id authorized to introspect
 	 * @param clientSecret The client secret for the authorized client
 	 */
-	public NimbusReactiveOAuth2TokenIntrospectionClient(String introspectionUri, String clientId, String clientSecret) {
+	public NimbusReactiveOpaqueTokenIntrospector(String introspectionUri, String clientId, String clientSecret) {
 		Assert.hasText(introspectionUri, "introspectionUri cannot be empty");
 		Assert.hasText(clientId, "clientId cannot be empty");
 		Assert.notNull(clientSecret, "clientSecret cannot be null");
@@ -79,7 +81,7 @@ public NimbusReactiveOAuth2TokenIntrospectionClient(String introspectionUri, Str
 	 * @param introspectionUri The introspection endpoint uri
 	 * @param webClient The client for performing the introspection request
 	 */
-	public NimbusReactiveOAuth2TokenIntrospectionClient(String introspectionUri, WebClient webClient) {
+	public NimbusReactiveOpaqueTokenIntrospector(String introspectionUri, WebClient webClient) {
 		Assert.hasText(introspectionUri, "introspectionUri cannot be null");
 		Assert.notNull(webClient, "webClient cannot be null");