diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationService.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationService.java index bd762533..46b4fd6e 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationService.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationService.java @@ -97,10 +97,12 @@ public final class InMemoryOAuth2AuthorizationService implements OAuth2Authoriza @Override public OAuth2Authorization findByToken(String token, @Nullable OAuth2TokenType tokenType) { Assert.hasText(token, "token cannot be empty"); - return this.authorizations.values().stream() - .filter(authorization -> hasToken(authorization, token, tokenType)) - .findFirst() - .orElse(null); + for (OAuth2Authorization authorization : this.authorizations.values()) { + if (hasToken(authorization, token, tokenType)) { + return authorization; + } + } + return null; } private static boolean hasToken(OAuth2Authorization authorization, String token, @Nullable OAuth2TokenType tokenType) { diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2Authorization.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2Authorization.java index cf020a32..5e0faf09 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2Authorization.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2Authorization.java @@ -150,11 +150,12 @@ public class OAuth2Authorization implements Serializable { @SuppressWarnings("unchecked") public Token getToken(String tokenValue) { Assert.hasText(tokenValue, "tokenValue cannot be empty"); - Token token = this.tokens.values().stream() - .filter(t -> t.getToken().getTokenValue().equals(tokenValue)) - .findFirst() - .orElse(null); - return token != null ? (Token) token : null; + for (Token token : this.tokens.values()) { + if (token.getToken().getTokenValue().equals(tokenValue)) { + return (Token) token; + } + } + return null; } /** diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationConsent.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationConsent.java index dbe2fe2e..51d3d709 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationConsent.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationConsent.java @@ -21,7 +21,6 @@ import java.util.HashSet; import java.util.Objects; import java.util.Set; import java.util.function.Consumer; -import java.util.stream.Collectors; import org.springframework.lang.NonNull; import org.springframework.security.core.GrantedAuthority; @@ -91,11 +90,13 @@ public final class OAuth2AuthorizationConsent implements Serializable { * @return the {@code scope}s granted to the client by the principal. */ public Set getScopes() { - return getAuthorities().stream() - .map(GrantedAuthority::getAuthority) - .filter(authority -> authority.startsWith(AUTHORITIES_SCOPE_PREFIX)) - .map(scope -> scope.replaceFirst(AUTHORITIES_SCOPE_PREFIX, "")) - .collect(Collectors.toSet()); + Set authorities = new HashSet<>(); + for (GrantedAuthority authority : getAuthorities()) { + if (authority.getAuthority().startsWith(AUTHORITIES_SCOPE_PREFIX)) { + authorities.add(authority.getAuthority().replaceFirst(AUTHORITIES_SCOPE_PREFIX, "")); + } + } + return authorities; } @Override diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java index 7644c7ca..e1bcacda 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java @@ -18,7 +18,6 @@ package org.springframework.security.oauth2.server.authorization.authentication; import java.security.Principal; import java.time.Instant; import java.time.temporal.ChronoUnit; -import java.util.Arrays; import java.util.Base64; import java.util.Collections; import java.util.HashMap; @@ -448,7 +447,10 @@ public final class OAuth2AuthorizationCodeRequestAuthenticationProvider implemen return false; } try { - int[] address = Arrays.stream(ipv4Octets).mapToInt(Integer::parseInt).toArray(); + int[] address = new int[ipv4Octets.length]; + for (int i=0; i < ipv4Octets.length; i++) { + address[i] = Integer.parseInt(ipv4Octets[i]); + } return address[0] == 127 && address[1] >= 0 && address[1] <= 255 && address[2] >= 0 && address[2] <= 255 && address[3] >= 1 && address[3] <= 255; } catch (NumberFormatException ex) { diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java index 763af390..980191de 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java @@ -18,7 +18,6 @@ package org.springframework.security.oauth2.server.authorization.authentication; import java.util.LinkedHashSet; import java.util.Set; import java.util.function.Consumer; -import java.util.stream.Collectors; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.AuthenticationProvider; @@ -34,12 +33,12 @@ import org.springframework.security.oauth2.jwt.JoseHeader; import org.springframework.security.oauth2.jwt.Jwt; import org.springframework.security.oauth2.jwt.JwtClaimsSet; import org.springframework.security.oauth2.jwt.JwtEncoder; +import org.springframework.security.oauth2.server.authorization.JwtEncodingContext; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; +import org.springframework.security.oauth2.server.authorization.OAuth2TokenCustomizer; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.config.ProviderSettings; -import org.springframework.security.oauth2.server.authorization.JwtEncodingContext; -import org.springframework.security.oauth2.server.authorization.OAuth2TokenCustomizer; import org.springframework.util.Assert; import org.springframework.util.CollectionUtils; @@ -112,11 +111,10 @@ public final class OAuth2ClientCredentialsAuthenticationProvider implements Auth Set authorizedScopes = registeredClient.getScopes(); // Default to configured scopes if (!CollectionUtils.isEmpty(clientCredentialsAuthentication.getScopes())) { - Set unauthorizedScopes = clientCredentialsAuthentication.getScopes().stream() - .filter(requestedScope -> !registeredClient.getScopes().contains(requestedScope)) - .collect(Collectors.toSet()); - if (!CollectionUtils.isEmpty(unauthorizedScopes)) { - throw new OAuth2AuthenticationException(new OAuth2Error(OAuth2ErrorCodes.INVALID_SCOPE)); + for (String requestedScope : clientCredentialsAuthentication.getScopes()) { + if (!registeredClient.getScopes().contains(requestedScope)) { + throw new OAuth2AuthenticationException(new OAuth2Error(OAuth2ErrorCodes.INVALID_SCOPE)); + } } authorizedScopes = new LinkedHashSet<>(clientCredentialsAuthentication.getScopes()); } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenIntrospectionEndpointFilter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenIntrospectionEndpointFilter.java index 53baae3c..935608cf 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenIntrospectionEndpointFilter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenIntrospectionEndpointFilter.java @@ -16,8 +16,8 @@ package org.springframework.security.oauth2.server.authorization.web; import java.io.IOException; +import java.util.HashMap; import java.util.Map; -import java.util.stream.Collectors; import javax.servlet.FilterChain; import javax.servlet.ServletException; @@ -161,14 +161,13 @@ public final class OAuth2TokenIntrospectionEndpointFilter extends OncePerRequest throwError(OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ParameterNames.TOKEN_TYPE_HINT); } - // @formatter:off - Map additionalParameters = parameters - .entrySet() - .stream() - .filter(e -> !e.getKey().equals(OAuth2ParameterNames.TOKEN) && - !e.getKey().equals(OAuth2ParameterNames.TOKEN_TYPE_HINT)) - .collect(Collectors.toMap(Map.Entry::getKey, e -> e.getValue().get(0))); - // @formatter:on + Map additionalParameters = new HashMap<>(); + parameters.forEach((key, value) -> { + if (!key.equals(OAuth2ParameterNames.TOKEN) && + !key.equals(OAuth2ParameterNames.TOKEN_TYPE_HINT)) { + additionalParameters.put(key, value.get(0)); + } + }); return new OAuth2TokenIntrospectionAuthenticationToken( token, clientPrincipal, tokenTypeHint, additionalParameters); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/DelegatingAuthenticationConverter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/DelegatingAuthenticationConverter.java index d9b7b659..71f91193 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/DelegatingAuthenticationConverter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/DelegatingAuthenticationConverter.java @@ -18,7 +18,6 @@ package org.springframework.security.oauth2.server.authorization.web.authenticat import java.util.Collections; import java.util.LinkedList; import java.util.List; -import java.util.Objects; import javax.servlet.http.HttpServletRequest; @@ -56,12 +55,12 @@ public final class DelegatingAuthenticationConverter implements AuthenticationCo @Override public Authentication convert(HttpServletRequest request) { Assert.notNull(request, "request cannot be null"); - // @formatter:off - return this.converters.stream() - .map(converter -> converter.convert(request)) - .filter(Objects::nonNull) - .findFirst() - .orElse(null); - // @formatter:on + for (AuthenticationConverter converter : this.converters) { + Authentication authentication = converter.convert(request); + if (authentication != null) { + return authentication; + } + } + return null; } } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeAuthenticationConverter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeAuthenticationConverter.java index 8e695519..bd534891 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeAuthenticationConverter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeAuthenticationConverter.java @@ -15,8 +15,8 @@ */ package org.springframework.security.oauth2.server.authorization.web.authentication; +import java.util.HashMap; import java.util.Map; -import java.util.stream.Collectors; import javax.servlet.http.HttpServletRequest; @@ -78,16 +78,15 @@ public final class OAuth2AuthorizationCodeAuthenticationConverter implements Aut OAuth2EndpointUtils.ACCESS_TOKEN_REQUEST_ERROR_URI); } - // @formatter:off - Map additionalParameters = parameters - .entrySet() - .stream() - .filter(e -> !e.getKey().equals(OAuth2ParameterNames.GRANT_TYPE) && - !e.getKey().equals(OAuth2ParameterNames.CLIENT_ID) && - !e.getKey().equals(OAuth2ParameterNames.CODE) && - !e.getKey().equals(OAuth2ParameterNames.REDIRECT_URI)) - .collect(Collectors.toMap(Map.Entry::getKey, e -> e.getValue().get(0))); - // @formatter:on + Map additionalParameters = new HashMap<>(); + parameters.forEach((key, value) -> { + if (!key.equals(OAuth2ParameterNames.GRANT_TYPE) && + !key.equals(OAuth2ParameterNames.CLIENT_ID) && + !key.equals(OAuth2ParameterNames.CODE) && + !key.equals(OAuth2ParameterNames.REDIRECT_URI)) { + additionalParameters.put(key, value.get(0)); + } + }); return new OAuth2AuthorizationCodeAuthenticationToken( code, clientPrincipal, redirectUri, additionalParameters); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeRequestAuthenticationConverter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeRequestAuthenticationConverter.java index c1ccd21b..222a97ca 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeRequestAuthenticationConverter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeRequestAuthenticationConverter.java @@ -16,10 +16,10 @@ package org.springframework.security.oauth2.server.authorization.web.authentication; import java.util.Arrays; +import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Set; -import java.util.stream.Collectors; import javax.servlet.http.HttpServletRequest; @@ -139,17 +139,16 @@ public final class OAuth2AuthorizationCodeRequestAuthenticationConverter impleme throwError(OAuth2ErrorCodes.INVALID_REQUEST, PkceParameterNames.CODE_CHALLENGE_METHOD, PKCE_ERROR_URI); } - // @formatter:off - Map additionalParameters = parameters - .entrySet() - .stream() - .filter(e -> !e.getKey().equals(OAuth2ParameterNames.RESPONSE_TYPE) && - !e.getKey().equals(OAuth2ParameterNames.CLIENT_ID) && - !e.getKey().equals(OAuth2ParameterNames.REDIRECT_URI) && - !e.getKey().equals(OAuth2ParameterNames.SCOPE) && - !e.getKey().equals(OAuth2ParameterNames.STATE)) - .collect(Collectors.toMap(Map.Entry::getKey, e -> e.getValue().get(0))); - // @formatter:on + Map additionalParameters = new HashMap<>(); + parameters.forEach((key, value) -> { + if (!key.equals(OAuth2ParameterNames.RESPONSE_TYPE) && + !key.equals(OAuth2ParameterNames.CLIENT_ID) && + !key.equals(OAuth2ParameterNames.REDIRECT_URI) && + !key.equals(OAuth2ParameterNames.SCOPE) && + !key.equals(OAuth2ParameterNames.STATE)) { + additionalParameters.put(key, value.get(0)); + } + }); return OAuth2AuthorizationCodeRequestAuthenticationToken.with(clientId, principal) .authorizationUri(authorizationUri) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2ClientCredentialsAuthenticationConverter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2ClientCredentialsAuthenticationConverter.java index 1b0d7c11..5bf12514 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2ClientCredentialsAuthenticationConverter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2ClientCredentialsAuthenticationConverter.java @@ -16,10 +16,10 @@ package org.springframework.security.oauth2.server.authorization.web.authentication; import java.util.Arrays; +import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Set; -import java.util.stream.Collectors; import javax.servlet.http.HttpServletRequest; @@ -75,14 +75,13 @@ public final class OAuth2ClientCredentialsAuthenticationConverter implements Aut Arrays.asList(StringUtils.delimitedListToStringArray(scope, " "))); } - // @formatter:off - Map additionalParameters = parameters - .entrySet() - .stream() - .filter(e -> !e.getKey().equals(OAuth2ParameterNames.GRANT_TYPE) && - !e.getKey().equals(OAuth2ParameterNames.SCOPE)) - .collect(Collectors.toMap(Map.Entry::getKey, e -> e.getValue().get(0))); - // @formatter:on + Map additionalParameters = new HashMap<>(); + parameters.forEach((key, value) -> { + if (!key.equals(OAuth2ParameterNames.GRANT_TYPE) && + !key.equals(OAuth2ParameterNames.SCOPE)) { + additionalParameters.put(key, value.get(0)); + } + }); return new OAuth2ClientCredentialsAuthenticationToken( clientPrincipal, requestedScopes, additionalParameters); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2RefreshTokenAuthenticationConverter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2RefreshTokenAuthenticationConverter.java index f9841e7c..20882163 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2RefreshTokenAuthenticationConverter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2RefreshTokenAuthenticationConverter.java @@ -16,10 +16,10 @@ package org.springframework.security.oauth2.server.authorization.web.authentication; import java.util.Arrays; +import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Set; -import java.util.stream.Collectors; import javax.servlet.http.HttpServletRequest; @@ -85,15 +85,14 @@ public final class OAuth2RefreshTokenAuthenticationConverter implements Authenti Arrays.asList(StringUtils.delimitedListToStringArray(scope, " "))); } - // @formatter:off - Map additionalParameters = parameters - .entrySet() - .stream() - .filter(e -> !e.getKey().equals(OAuth2ParameterNames.GRANT_TYPE) && - !e.getKey().equals(OAuth2ParameterNames.REFRESH_TOKEN) && - !e.getKey().equals(OAuth2ParameterNames.SCOPE)) - .collect(Collectors.toMap(Map.Entry::getKey, e -> e.getValue().get(0))); - // @formatter:on + Map additionalParameters = new HashMap<>(); + parameters.forEach((key, value) -> { + if (!key.equals(OAuth2ParameterNames.GRANT_TYPE) && + !key.equals(OAuth2ParameterNames.REFRESH_TOKEN) && + !key.equals(OAuth2ParameterNames.SCOPE)) { + additionalParameters.put(key, value.get(0)); + } + }); return new OAuth2RefreshTokenAuthenticationToken( refreshToken, clientPrincipal, requestedScopes, additionalParameters); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationCodeGrantTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationCodeGrantTests.java index 0c1fecb2..0bd9a4a7 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationCodeGrantTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationCodeGrantTests.java @@ -24,9 +24,9 @@ import java.text.MessageFormat; import java.time.Instant; import java.time.temporal.ChronoUnit; import java.util.Base64; +import java.util.HashSet; import java.util.List; import java.util.Set; -import java.util.stream.Collectors; import com.nimbusds.jose.jwk.JWKSet; import com.nimbusds.jose.jwk.source.JWKSource; @@ -273,9 +273,11 @@ public class OAuth2AuthorizationCodeGrantTests { Jwt jwt = this.jwtDecoder.decode(accessTokenResponse.getAccessToken().getTokenValue()); List authoritiesClaim = jwt.getClaim(AUTHORITIES_CLAIM); Authentication principal = authorization.getAttribute(Principal.class.getName()); - Set userAuthorities = principal.getAuthorities().stream() - .map(GrantedAuthority::getAuthority) - .collect(Collectors.toSet()); + Set userAuthorities = new HashSet<>(); + for (GrantedAuthority authority : principal.getAuthorities()) { + userAuthorities.add(authority.getAuthority()); + } + assertThat(authoritiesClaim).containsExactlyInAnyOrderElementsOf(userAuthorities); } @@ -612,9 +614,10 @@ public class OAuth2AuthorizationCodeGrantTests { if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(context.getAuthorizationGrantType()) && OAuth2TokenType.ACCESS_TOKEN.equals(context.getTokenType())) { Authentication principal = context.getPrincipal(); - Set authorities = principal.getAuthorities().stream() - .map(GrantedAuthority::getAuthority) - .collect(Collectors.toSet()); + Set authorities = new HashSet<>(); + for (GrantedAuthority authority : principal.getAuthorities()) { + authorities.add(authority.getAuthority()); + } context.getClaims().claim(AUTHORITIES_CLAIM, authorities); } }; diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2RefreshTokenGrantTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2RefreshTokenGrantTests.java index 53300f6a..9473cd13 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2RefreshTokenGrantTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2RefreshTokenGrantTests.java @@ -19,9 +19,9 @@ import java.net.URLEncoder; import java.nio.charset.StandardCharsets; import java.security.Principal; import java.util.Base64; +import java.util.HashSet; import java.util.List; import java.util.Set; -import java.util.stream.Collectors; import com.nimbusds.jose.jwk.JWKSet; import com.nimbusds.jose.jwk.source.JWKSource; @@ -174,9 +174,10 @@ public class OAuth2RefreshTokenGrantTests { Jwt jwt = jwtDecoder.decode(accessTokenResponse.getAccessToken().getTokenValue()); List authoritiesClaim = jwt.getClaim(AUTHORITIES_CLAIM); Authentication principal = authorization.getAttribute(Principal.class.getName()); - Set userAuthorities = principal.getAuthorities().stream() - .map(GrantedAuthority::getAuthority) - .collect(Collectors.toSet()); + Set userAuthorities = new HashSet<>(); + for (GrantedAuthority authority : principal.getAuthorities()) { + userAuthorities.add(authority.getAuthority()); + } assertThat(authoritiesClaim).containsExactlyInAnyOrderElementsOf(userAuthorities); } @@ -231,9 +232,10 @@ public class OAuth2RefreshTokenGrantTests { return context -> { if (AuthorizationGrantType.REFRESH_TOKEN.equals(context.getAuthorizationGrantType())) { Authentication principal = context.getPrincipal(); - Set authorities = principal.getAuthorities().stream() - .map(GrantedAuthority::getAuthority) - .collect(Collectors.toSet()); + Set authorities = new HashSet<>(); + for (GrantedAuthority authority : principal.getAuthorities()) { + authorities.add(authority.getAuthority()); + } context.getClaims().claim(AUTHORITIES_CLAIM, authorities); } }; diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcTests.java index 60d91d20..76f63a1b 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcTests.java @@ -21,9 +21,9 @@ import java.net.URLEncoder; import java.nio.charset.StandardCharsets; import java.security.Principal; import java.util.Base64; +import java.util.HashSet; import java.util.List; import java.util.Set; -import java.util.stream.Collectors; import com.nimbusds.jose.jwk.JWKSet; import com.nimbusds.jose.jwk.source.JWKSource; @@ -223,9 +223,10 @@ public class OidcTests { Jwt idToken = this.jwtDecoder.decode((String) accessTokenResponse.getAdditionalParameters().get(OidcParameterNames.ID_TOKEN)); List authoritiesClaim = idToken.getClaim(AUTHORITIES_CLAIM); Authentication principal = authorization.getAttribute(Principal.class.getName()); - Set userAuthorities = principal.getAuthorities().stream() - .map(GrantedAuthority::getAuthority) - .collect(Collectors.toSet()); + Set userAuthorities = new HashSet<>(); + for (GrantedAuthority authority : principal.getAuthorities()) { + userAuthorities.add(authority.getAuthority()); + } assertThat(authoritiesClaim).containsExactlyInAnyOrderElementsOf(userAuthorities); } @@ -304,9 +305,10 @@ public class OidcTests { return context -> { if (context.getTokenType().getValue().equals(OidcParameterNames.ID_TOKEN)) { Authentication principal = context.getPrincipal(); - Set authorities = principal.getAuthorities().stream() - .map(GrantedAuthority::getAuthority) - .collect(Collectors.toSet()); + Set authorities = new HashSet<>(); + for (GrantedAuthority authority : principal.getAuthorities()) { + authorities.add(authority.getAuthority()); + } context.getClaims().claim(AUTHORITIES_CLAIM, authorities); } }; diff --git a/samples/boot/oauth2-integration/authorizationserver-custom-consent-page/src/main/java/sample/web/AuthorizationConsentController.java b/samples/boot/oauth2-integration/authorizationserver-custom-consent-page/src/main/java/sample/web/AuthorizationConsentController.java index 9aa4f8f5..18c50c4b 100644 --- a/samples/boot/oauth2-integration/authorizationserver-custom-consent-page/src/main/java/sample/web/AuthorizationConsentController.java +++ b/samples/boot/oauth2-integration/authorizationserver-custom-consent-page/src/main/java/sample/web/AuthorizationConsentController.java @@ -21,7 +21,6 @@ import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Set; -import java.util.stream.Collectors; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent; @@ -84,10 +83,12 @@ public class AuthorizationConsentController { } private static Set withDescription(Set scopes) { - return scopes - .stream() - .map(ScopeWithDescription::new) - .collect(Collectors.toSet()); + Set scopeWithDescriptions = new HashSet<>(); + for (String scope : scopes) { + scopeWithDescriptions.add(new ScopeWithDescription(scope)); + + } + return scopeWithDescriptions; } public static class ScopeWithDescription {