Merge branch '1.2.x'

Closes gh-1657
2 years ago · ce76f5c23d
2 changed files with 26 additions and 7 deletions
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 the original author or authors.
+ * Copyright 2020-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -174,11 +174,13 @@ public class JdbcRegisteredClientRepository implements RegisteredClientRepositor
 			throw new IllegalArgumentException("Registered client must be unique. "
 					+ "Found duplicate client identifier: " + registeredClient.getClientId());
 		}
-		count = this.jdbcOperations.queryForObject(COUNT_REGISTERED_CLIENT_SQL + "client_secret = ?", Integer.class,
+		if (StringUtils.hasText(registeredClient.getClientSecret())) {
-				registeredClient.getClientSecret());
+			count = this.jdbcOperations.queryForObject(COUNT_REGISTERED_CLIENT_SQL + "client_secret = ?", Integer.class,
-		if (count != null && count > 0) {
+					registeredClient.getClientSecret());
-			throw new IllegalArgumentException("Registered client must be unique. "
+			if (count != null && count > 0) {
-					+ "Found duplicate client secret for identifier: " + registeredClient.getId());
+				throw new IllegalArgumentException("Registered client must be unique. "
 						+ "Found duplicate client secret for identifier: " + registeredClient.getId());
 			}
 		}
 	}
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepositoryTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepositoryTests.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 the original author or authors.
+ * Copyright 2020-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -168,6 +168,23 @@ public class JdbcRegisteredClientRepositoryTests {
 		assertThat(registeredClient).isEqualTo(expectedRegisteredClient);
 	}
 	// gh-1641
 	@Test
 	public void saveWhenMultipleWithClientSecretEmptyThenSaved() {
 		RegisteredClient registeredClient1 = TestRegisteredClients.registeredClient()
 			.id("registration-1")
 			.clientId("client-1")
 			.clientSecret("")
 			.build();
 		this.registeredClientRepository.save(registeredClient1);
 		RegisteredClient registeredClient2 = TestRegisteredClients.registeredClient()
 			.id("registration-2")
 			.clientId("client-2")
 			.clientSecret("")
 			.build();
 		this.registeredClientRepository.save(registeredClient2);
 	}
 	@Test
 	public void saveWhenExistingClientIdThenThrowIllegalArgumentException() {
 		RegisteredClient registeredClient1 = TestRegisteredClients.registeredClient()