Merge branch '1.0.x' into 1.1.x

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/JdbcOAuth2AuthorizationConsentService.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2021 the original author or authors.
+ * Copyright 2020-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -43,11 +43,17 @@ import org.springframework.util.StringUtils;
  * {@link JdbcOperations} for {@link OAuth2AuthorizationConsent} persistence.
  *
  * <p>
- * <b>NOTE:</b> This {@code OAuth2AuthorizationConsentService} depends on the table definition
+ * <b>IMPORTANT:</b> This {@code OAuth2AuthorizationConsentService} depends on the table definition
  * described in
  * "classpath:org/springframework/security/oauth2/server/authorization/oauth2-authorization-consent-schema.sql" and
  * therefore MUST be defined in the database schema.
  *
+ * <p>
+ * <b>NOTE:</b> This {@code OAuth2AuthorizationConsentService} is a simplified JDBC implementation that MAY be used in a production environment.
+ * However, it does have limitations as it likely won't perform well in an environment requiring high throughput.
+ * The expectation is that the consuming application will provide their own implementation of {@code OAuth2AuthorizationConsentService}
+ * that meets the performance requirements for its deployment environment.
+ *
  * @author Ovidiu Popa
  * @since 0.1.2
  * @see OAuth2AuthorizationConsentService

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/JdbcOAuth2AuthorizationService.java

@@ -68,11 +68,17 @@ import org.springframework.util.StringUtils;
  * {@link JdbcOperations} for {@link OAuth2Authorization} persistence.
  *
  * <p>
- * <b>NOTE:</b> This {@code OAuth2AuthorizationService} depends on the table definition
+ * <b>IMPORTANT:</b> This {@code OAuth2AuthorizationService} depends on the table definition
  * described in
  * "classpath:org/springframework/security/oauth2/server/authorization/oauth2-authorization-schema.sql" and
  * therefore MUST be defined in the database schema.
  *
+ * <p>
+ * <b>NOTE:</b> This {@code OAuth2AuthorizationService} is a simplified JDBC implementation that MAY be used in a production environment.
+ * However, it does have limitations as it likely won't perform well in an environment requiring high throughput.
+ * The expectation is that the consuming application will provide their own implementation of {@code OAuth2AuthorizationService}
+ * that meets the performance requirements for its deployment environment.
+ *
  * @author Ovidiu Popa
  * @author Joe Grandja
  * @since 0.1.2

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository.java

@@ -52,10 +52,16 @@ import org.springframework.util.StringUtils;
  * {@link JdbcOperations} for {@link RegisteredClient} persistence.
  *
  * <p>
- * <b>NOTE:</b> This {@code RegisteredClientRepository} depends on the table definition described in
+ * <b>IMPORTANT:</b> This {@code RegisteredClientRepository} depends on the table definition described in
  * "classpath:org/springframework/security/oauth2/server/authorization/client/oauth2-registered-client-schema.sql" and
  * therefore MUST be defined in the database schema.
  *
+ * <p>
+ * <b>NOTE:</b> This {@code RegisteredClientRepository} is a simplified JDBC implementation that MAY be used in a production environment.
+ * However, it does have limitations as it likely won't perform well in an environment requiring high throughput.
+ * The expectation is that the consuming application will provide their own implementation of {@code RegisteredClientRepository}
+ * that meets the performance requirements for its deployment environment.
+ *
  * @author Rafal Lewczuk
  * @author Joe Grandja
  * @author Ovidiu Popa