Post-review fixes

Signed-off-by: wheleph <[email protected]>

Author: wheleph

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcClientRegistrationTests.java

@@ -15,6 +15,27 @@
  */
 package org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.hamcrest.CoreMatchers.containsString;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.willAnswer;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.reset;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoInteractions;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.jwt;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import com.nimbusds.jose.jwk.JWKSet;
+import com.nimbusds.jose.jwk.source.JWKSource;
+import com.nimbusds.jose.proc.SecurityContext;
+import jakarta.servlet.http.HttpServletResponse;
 import java.time.Duration;
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
@@ -23,13 +44,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.function.Consumer;
-
 import javax.crypto.spec.SecretKeySpec;
-
-import com.nimbusds.jose.jwk.JWKSet;
-import com.nimbusds.jose.jwk.source.JWKSource;
-import com.nimbusds.jose.proc.SecurityContext;
-import jakarta.servlet.http.HttpServletResponse;
 import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.MockWebServer;
 import org.assertj.core.data.TemporalUnitWithinOffset;
@@ -40,7 +55,6 @@
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.ArgumentCaptor;
-
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -111,23 +125,6 @@
 import org.springframework.util.CollectionUtils;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.hamcrest.CoreMatchers.containsString;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.BDDMockito.given;
-import static org.mockito.BDDMockito.willAnswer;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.reset;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyNoInteractions;
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.jwt;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
-
 /**
  * Integration tests for OpenID Connect Dynamic Client Registration 1.0.
  *
@@ -531,8 +528,8 @@ public void requestWhenClientRegistersWithSecretExpirationThenClientRegistration
 
 		OidcClientRegistration clientRegistrationResponse = registerClient(clientRegistration);
 
-		var expectedSecretExpiryDate = Instant.now().plus(Duration.ofHours(24));
-		var allowedDelta = new TemporalUnitWithinOffset(1, ChronoUnit.MINUTES);
+		Instant expectedSecretExpiryDate = Instant.now().plus(Duration.ofHours(24));
+		TemporalUnitWithinOffset allowedDelta = new TemporalUnitWithinOffset(1, ChronoUnit.MINUTES);
 
 		// Returned response contains expiration date
 		assertThat(clientRegistrationResponse.getClientSecretExpiresAt())
@@ -685,40 +682,52 @@ public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity h
 
 	@EnableWebSecurity
 	@Configuration(proxyBeanMethods = false)
-	static class CustomClientMetadataConfiguration extends ClientRegistrationConvertersConfiguration {
-
-		private static final List<String> supportedCustomClientMetadata = List.of("custom-metadata-name-1", "custom-metadata-name-2");
+	static class CustomClientMetadataConfiguration extends AuthorizationServerConfiguration {
 
+		// @formatter:off
+		@Bean
 		@Override
-		protected Converter<OidcClientRegistration, RegisteredClient> registeredClientConverter() {
-			return new CustomRegisteredClientConverter(supportedCustomClientMetadata);
+		public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
+			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
+					OAuth2AuthorizationServerConfigurer.authorizationServer();
+			http
+					.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+					.with(authorizationServerConfigurer, (authorizationServer) ->
+							authorizationServer
+									.oidc((oidc) ->
+											oidc
+													.clientRegistrationEndpoint((clientRegistration) ->
+															clientRegistration
+																	.authenticationProviders(configureClientRegistrationConverters())
+													)
+									)
+					)
+					.authorizeHttpRequests((authorize) ->
+							authorize.anyRequest().authenticated()
+					);
+			return http.build();
 		}
+		// @formatter:on
 
-		@Override
-		protected Converter<RegisteredClient, OidcClientRegistration> oidcClientRegistrationConverter() {
-			return new CustomClientRegistrationConverter(supportedCustomClientMetadata);
+		private Consumer<List<AuthenticationProvider>> configureClientRegistrationConverters() {
+			// @formatter:off
+			return (authenticationProviders) ->
+					authenticationProviders.forEach((authenticationProvider) -> {
+						List<String> supportedCustomClientMetadata = List.of("custom-metadata-name-1", "custom-metadata-name-2");
+						if (authenticationProvider instanceof OidcClientRegistrationAuthenticationProvider provider) {
+							provider.setRegisteredClientConverter(new CustomRegisteredClientConverter(supportedCustomClientMetadata));
+							provider.setClientRegistrationConverter(new CustomClientRegistrationConverter(supportedCustomClientMetadata));
+						}
+					});
+			// @formatter:on
 		}
 
 	}
 
 	@EnableWebSecurity
 	@Configuration(proxyBeanMethods = false)
-	static class ClientSecretExpirationConfiguration extends ClientRegistrationConvertersConfiguration {
-
-		@Override
-		protected Converter<OidcClientRegistration, RegisteredClient> registeredClientConverter() {
-			return new ClientSecretExpirationRegisteredClientConverter();
-		}
+	static class ClientSecretExpirationConfiguration extends AuthorizationServerConfiguration {
 
-	}
-
-	/**
-	 * This test configuration allows to override {@code RegisteredClient} -> {@code OidcClientRegistration} and
-	 * {@code OidcClientRegistration} -> {@code RegisteredClient} converters
-	 */
-	@EnableWebSecurity
-	@Configuration(proxyBeanMethods = false)
-	static class ClientRegistrationConvertersConfiguration extends AuthorizationServerConfiguration {
 		// @formatter:off
 		@Bean
 		@Override
@@ -749,26 +758,12 @@ private Consumer<List<AuthenticationProvider>> configureClientRegistrationConver
 			return (authenticationProviders) ->
 					authenticationProviders.forEach((authenticationProvider) -> {
 						if (authenticationProvider instanceof OidcClientRegistrationAuthenticationProvider provider) {
-							var registeredClientConverter = registeredClientConverter();
-							if (registeredClientConverter != null) {
-								provider.setRegisteredClientConverter(registeredClientConverter);
-							}
-							var oidcClientRegistrationConverter = oidcClientRegistrationConverter();
-							if (oidcClientRegistrationConverter != null) {
-								provider.setClientRegistrationConverter(oidcClientRegistrationConverter);
-							}
+							provider.setRegisteredClientConverter(new ClientSecretExpirationRegisteredClientConverter());
 						}
 					});
 			// @formatter:on
 		}
 
-		protected Converter<OidcClientRegistration, RegisteredClient> registeredClientConverter() {
-			return null;
-		}
-
-		protected Converter<RegisteredClient, OidcClientRegistration> oidcClientRegistrationConverter() {
-			return null;
-		}
 	}
 
 	@EnableWebSecurity
@@ -921,5 +916,4 @@ public RegisteredClient convert(OidcClientRegistration clientRegistration) {
 			return registeredClientBuilder.build();
 		}
 	}
-
 }