Update Opaque Token Client Name following upstream changes

Closes gh-17846

Author: mbhave

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerAutoConfiguration.java

@@ -29,7 +29,7 @@
 import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
 import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.authentication.OAuth2IntrospectionAuthenticationToken;
-import org.springframework.security.oauth2.server.resource.introspection.ReactiveOAuth2TokenIntrospectionClient;
+import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
 
 /**
  * {@link EnableAutoConfiguration Auto-configuration} for Reactive OAuth2 resource server
@@ -54,7 +54,7 @@ static class JwtConfiguration {
 	}
 
 	@Configuration(proxyBeanMethods = false)
-	@ConditionalOnClass({ OAuth2IntrospectionAuthenticationToken.class, ReactiveOAuth2TokenIntrospectionClient.class })
+	@ConditionalOnClass({ OAuth2IntrospectionAuthenticationToken.class, ReactiveOpaqueTokenIntrospector.class })
 	@Import({ ReactiveOAuth2ResourceServerOpaqueTokenConfiguration.OpaqueTokenIntrospectionClientConfiguration.class,
 			ReactiveOAuth2ResourceServerOpaqueTokenConfiguration.WebSecurityConfiguration.class })
 	static class OpaqueTokenConfiguration {

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerOpaqueTokenConfiguration.java

@@ -24,29 +24,28 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec;
-import org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOAuth2TokenIntrospectionClient;
-import org.springframework.security.oauth2.server.resource.introspection.ReactiveOAuth2TokenIntrospectionClient;
+import org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOpaqueTokenIntrospector;
+import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 
 /**
- * Configures a {@link ReactiveOAuth2TokenIntrospectionClient} when a token introspection
+ * Configures a {@link ReactiveOpaqueTokenIntrospector} when a token introspection
  * endpoint is available. Also configures a {@link SecurityWebFilterChain} if a
- * {@link ReactiveOAuth2TokenIntrospectionClient} bean is found.
+ * {@link ReactiveOpaqueTokenIntrospector} bean is found.
  *
  * @author Madhura Bhave
  */
 class ReactiveOAuth2ResourceServerOpaqueTokenConfiguration {
 
 	@Configuration(proxyBeanMethods = false)
-	@ConditionalOnMissingBean(ReactiveOAuth2TokenIntrospectionClient.class)
+	@ConditionalOnMissingBean(ReactiveOpaqueTokenIntrospector.class)
 	static class OpaqueTokenIntrospectionClientConfiguration {
 
 		@Bean
 		@ConditionalOnProperty(name = "spring.security.oauth2.resourceserver.opaquetoken.introspection-uri")
-		NimbusReactiveOAuth2TokenIntrospectionClient oAuth2TokenIntrospectionClient(
-				OAuth2ResourceServerProperties properties) {
+		NimbusReactiveOpaqueTokenIntrospector opaqueTokenIntrospector(OAuth2ResourceServerProperties properties) {
 			OAuth2ResourceServerProperties.Opaquetoken opaqueToken = properties.getOpaquetoken();
-			return new NimbusReactiveOAuth2TokenIntrospectionClient(opaqueToken.getIntrospectionUri(),
+			return new NimbusReactiveOpaqueTokenIntrospector(opaqueToken.getIntrospectionUri(),
 					opaqueToken.getClientId(), opaqueToken.getClientSecret());
 		}
 
@@ -57,7 +56,7 @@ NimbusReactiveOAuth2TokenIntrospectionClient oAuth2TokenIntrospectionClient(
 	static class WebSecurityConfiguration {
 
 		@Bean
-		@ConditionalOnBean(ReactiveOAuth2TokenIntrospectionClient.class)
+		@ConditionalOnBean(ReactiveOpaqueTokenIntrospector.class)
 		SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 			http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated());
 			http.oauth2ResourceServer(OAuth2ResourceServerSpec::opaqueToken);

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfiguration.java

@@ -28,7 +28,7 @@
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.authentication.OAuth2IntrospectionAuthenticationToken;
-import org.springframework.security.oauth2.server.resource.introspection.OAuth2TokenIntrospectionClient;
+import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
 
 /**
  * {@link EnableAutoConfiguration Auto-configuration} for OAuth2 resource server support.
@@ -52,7 +52,7 @@ static class JwtConfiguration {
 	}
 
 	@Configuration(proxyBeanMethods = false)
-	@ConditionalOnClass({ OAuth2IntrospectionAuthenticationToken.class, OAuth2TokenIntrospectionClient.class })
+	@ConditionalOnClass({ OAuth2IntrospectionAuthenticationToken.class, OpaqueTokenIntrospector.class })
 	@Import({ OAuth2ResourceServerOpaqueTokenConfiguration.OpaqueTokenIntrospectionClientConfiguration.class,
 			OAuth2ResourceServerOpaqueTokenConfiguration.OAuth2WebSecurityConfigurerAdapter.class })
 	static class OpaqueTokenConfiguration {

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerOpaqueTokenConfiguration.java

@@ -24,29 +24,29 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
-import org.springframework.security.oauth2.server.resource.introspection.NimbusOAuth2TokenIntrospectionClient;
-import org.springframework.security.oauth2.server.resource.introspection.OAuth2TokenIntrospectionClient;
+import org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector;
+import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
 
 /**
- * Configures a {@link OAuth2TokenIntrospectionClient} when a token introspection endpoint
- * is available. Also configures a {@link WebSecurityConfigurerAdapter} if a
- * {@link OAuth2TokenIntrospectionClient} bean is found.
+ * Configures a {@link OpaqueTokenIntrospector} when a token introspection endpoint is
+ * available. Also configures a {@link WebSecurityConfigurerAdapter} if a
+ * {@link OpaqueTokenIntrospector} bean is found.
  *
  * @author Madhura Bhave
  */
 @Configuration(proxyBeanMethods = false)
 class OAuth2ResourceServerOpaqueTokenConfiguration {
 
 	@Configuration(proxyBeanMethods = false)
-	@ConditionalOnMissingBean(OAuth2TokenIntrospectionClient.class)
+	@ConditionalOnMissingBean(OpaqueTokenIntrospector.class)
 	static class OpaqueTokenIntrospectionClientConfiguration {
 
 		@Bean
 		@ConditionalOnProperty(name = "spring.security.oauth2.resourceserver.opaquetoken.introspection-uri")
-		NimbusOAuth2TokenIntrospectionClient oAuth2TokenIntrospectionClient(OAuth2ResourceServerProperties properties) {
+		NimbusOpaqueTokenIntrospector opaqueTokenIntrospector(OAuth2ResourceServerProperties properties) {
 			OAuth2ResourceServerProperties.Opaquetoken opaqueToken = properties.getOpaquetoken();
-			return new NimbusOAuth2TokenIntrospectionClient(opaqueToken.getIntrospectionUri(),
-					opaqueToken.getClientId(), opaqueToken.getClientSecret());
+			return new NimbusOpaqueTokenIntrospector(opaqueToken.getIntrospectionUri(), opaqueToken.getClientId(),
+					opaqueToken.getClientSecret());
 		}
 
 	}
@@ -56,7 +56,7 @@ NimbusOAuth2TokenIntrospectionClient oAuth2TokenIntrospectionClient(OAuth2Resour
 	static class OAuth2WebSecurityConfigurerAdapter {
 
 		@Bean
-		@ConditionalOnBean(OAuth2TokenIntrospectionClient.class)
+		@ConditionalOnBean(OpaqueTokenIntrospector.class)
 		WebSecurityConfigurerAdapter opaqueTokenWebSecurityConfigurerAdapter() {
 			return new WebSecurityConfigurerAdapter() {
 

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveUserDetailsServiceAutoConfiguration.java

@@ -48,9 +48,9 @@
  */
 @Configuration(proxyBeanMethods = false)
 @ConditionalOnClass({ ReactiveAuthenticationManager.class })
-@ConditionalOnMissingBean(value = { ReactiveAuthenticationManager.class, ReactiveUserDetailsService.class }, type = {
-		"org.springframework.security.oauth2.jwt.ReactiveJwtDecoder",
-		"org.springframework.security.oauth2.server.resource.introspection.ReactiveOAuth2TokenIntrospectionClient" })
+@ConditionalOnMissingBean(value = { ReactiveAuthenticationManager.class, ReactiveUserDetailsService.class },
+		type = { "org.springframework.security.oauth2.jwt.ReactiveJwtDecoder",
+				"org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector" })
 @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
 public class ReactiveUserDetailsServiceAutoConfiguration {
 

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfiguration.java

@@ -58,7 +58,7 @@
 @ConditionalOnMissingBean(
 		value = { AuthenticationManager.class, AuthenticationProvider.class, UserDetailsService.class },
 		type = { "org.springframework.security.oauth2.jwt.JwtDecoder",
-				"org.springframework.security.oauth2.server.resource.introspection.OAuth2TokenIntrospectionClient" })
+				"org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector" })
 public class UserDetailsServiceAutoConfiguration {
 
 	private static final String NOOP_PASSWORD_PREFIX = "{noop}";

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerAutoConfigurationTests.java

@@ -48,8 +48,7 @@
 import org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager;
 import org.springframework.security.oauth2.server.resource.authentication.OAuth2IntrospectionAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.authentication.OAuth2IntrospectionReactiveAuthenticationManager;
-import org.springframework.security.oauth2.server.resource.introspection.OAuth2TokenIntrospectionClient;
-import org.springframework.security.oauth2.server.resource.introspection.ReactiveOAuth2TokenIntrospectionClient;
+import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
 import org.springframework.security.web.server.MatcherSecurityWebFilterChain;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
@@ -252,17 +251,17 @@ void autoConfigurationWhenIntrospectionUriAvailableShouldConfigureIntrospectionC
 						"spring.security.oauth2.resourceserver.opaquetoken.client-id=my-client-id",
 						"spring.security.oauth2.resourceserver.opaquetoken.client-secret=my-client-secret")
 				.run((context) -> {
-					assertThat(context).hasSingleBean(ReactiveOAuth2TokenIntrospectionClient.class);
+					assertThat(context).hasSingleBean(ReactiveOpaqueTokenIntrospector.class);
 					assertFilterConfiguredWithOpaqueTokenAuthenticationManager(context);
 				});
 	}
 
 	@Test
-	void oAuth2TokenIntrospectionClientIsConditionalOnMissingBean() {
+	void opaqueTokenIntrospectorIsConditionalOnMissingBean() {
 		this.contextRunner
 				.withPropertyValues(
 						"spring.security.oauth2.resourceserver.opaquetoken.introspection-uri=https://check-token.com")
-				.withUserConfiguration(OAuth2TokenIntrospectionClientConfig.class)
+				.withUserConfiguration(OpaqueTokenIntrospectorConfig.class)
 				.run((this::assertFilterConfiguredWithOpaqueTokenAuthenticationManager));
 	}
 
@@ -286,7 +285,7 @@ void autoConfigurationWhenIntrospectionUriAvailableShouldBeConditionalOnClass()
 						"spring.security.oauth2.resourceserver.opaquetoken.introspection-uri=https://check-token.com",
 						"spring.security.oauth2.resourceserver.opaquetoken.client-id=my-client-id",
 						"spring.security.oauth2.resourceserver.opaquetoken.client-secret=my-client-secret")
-				.run((context) -> assertThat(context).doesNotHaveBean(OAuth2TokenIntrospectionClient.class));
+				.run((context) -> assertThat(context).doesNotHaveBean(ReactiveOpaqueTokenIntrospector.class));
 	}
 
 	@Test
@@ -406,11 +405,11 @@ ReactiveJwtDecoder decoder() {
 	}
 
 	@Configuration(proxyBeanMethods = false)
-	static class OAuth2TokenIntrospectionClientConfig {
+	static class OpaqueTokenIntrospectorConfig {
 
 		@Bean
-		ReactiveOAuth2TokenIntrospectionClient decoder() {
-			return mock(ReactiveOAuth2TokenIntrospectionClient.class);
+		ReactiveOpaqueTokenIntrospector decoder() {
+			return mock(ReactiveOpaqueTokenIntrospector.class);
 		}
 
 	}

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java

@@ -44,7 +44,7 @@
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.authentication.OAuth2IntrospectionAuthenticationToken;
-import org.springframework.security.oauth2.server.resource.introspection.OAuth2TokenIntrospectionClient;
+import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
 import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter;
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.security.web.SecurityFilterChain;
@@ -266,17 +266,17 @@ void autoConfigurationWhenIntrospectionUriAvailableShouldConfigureIntrospectionC
 						"spring.security.oauth2.resourceserver.opaquetoken.client-id=my-client-id",
 						"spring.security.oauth2.resourceserver.opaquetoken.client-secret=my-client-secret")
 				.run((context) -> {
-					assertThat(context).hasSingleBean(OAuth2TokenIntrospectionClient.class);
+					assertThat(context).hasSingleBean(OpaqueTokenIntrospector.class);
 					assertThat(getBearerTokenFilter(context)).isNotNull();
 				});
 	}
 
 	@Test
-	void oAuth2TokenIntrospectionClientIsConditionalOnMissingBean() {
+	void opaqueTokenIntrospectorIsConditionalOnMissingBean() {
 		this.contextRunner
 				.withPropertyValues(
 						"spring.security.oauth2.resourceserver.opaquetoken.introspection-uri=https://check-token.com")
-				.withUserConfiguration(OAuth2TokenIntrospectionClientConfig.class)
+				.withUserConfiguration(OpaqueTokenIntrospectorConfig.class)
 				.run((context) -> assertThat(getBearerTokenFilter(context)).isNotNull());
 	}
 
@@ -287,7 +287,7 @@ void autoConfigurationWhenIntrospectionUriAvailableShouldBeConditionalOnClass()
 						"spring.security.oauth2.resourceserver.opaquetoken.introspection-uri=https://check-token.com",
 						"spring.security.oauth2.resourceserver.opaquetoken.client-id=my-client-id",
 						"spring.security.oauth2.resourceserver.opaquetoken.client-secret=my-client-secret")
-				.run((context) -> assertThat(context).doesNotHaveBean(OAuth2TokenIntrospectionClient.class));
+				.run((context) -> assertThat(context).doesNotHaveBean(OpaqueTokenIntrospector.class));
 	}
 
 	@Test
@@ -387,11 +387,11 @@ JwtDecoder decoder() {
 
 	@Configuration(proxyBeanMethods = false)
 	@EnableWebSecurity
-	static class OAuth2TokenIntrospectionClientConfig {
+	static class OpaqueTokenIntrospectorConfig {
 
 		@Bean
-		OAuth2TokenIntrospectionClient decoder() {
-			return mock(OAuth2TokenIntrospectionClient.class);
+		OpaqueTokenIntrospector decoder() {
+			return mock(OpaqueTokenIntrospector.class);
 		}
 
 	}

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveUserDetailsServiceAutoConfigurationTests.java

@@ -35,7 +35,7 @@
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
-import org.springframework.security.oauth2.server.resource.introspection.ReactiveOAuth2TokenIntrospectionClient;
+import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
@@ -86,11 +86,10 @@ void doesNotConfigureDefaultUserIfResourceServerWithJWTIsUsed() {
 
 	@Test
 	void doesNotConfigureDefaultUserIfResourceServerWithOpaqueIsUsed() {
-		this.contextRunner.withUserConfiguration(ReactiveOAuth2TokenIntrospectionClientConfiguration.class)
-				.run((context) -> {
-					assertThat(context).hasSingleBean(ReactiveOAuth2TokenIntrospectionClient.class);
-					assertThat(context).doesNotHaveBean(ReactiveUserDetailsService.class);
-				});
+		this.contextRunner.withUserConfiguration(ReactiveOpaqueTokenIntrospectorConfiguration.class).run((context) -> {
+			assertThat(context).hasSingleBean(ReactiveOpaqueTokenIntrospector.class);
+			assertThat(context).doesNotHaveBean(ReactiveUserDetailsService.class);
+		});
 	}
 
 	@Test
@@ -180,11 +179,11 @@ ReactiveJwtDecoder jwtDecoder() {
 	}
 
 	@Configuration(proxyBeanMethods = false)
-	static class ReactiveOAuth2TokenIntrospectionClientConfiguration {
+	static class ReactiveOpaqueTokenIntrospectorConfiguration {
 
 		@Bean
-		ReactiveOAuth2TokenIntrospectionClient introspectionClient() {
-			return mock(ReactiveOAuth2TokenIntrospectionClient.class);
+		ReactiveOpaqueTokenIntrospector introspectionClient() {
+			return mock(ReactiveOpaqueTokenIntrospector.class);
 		}
 
 	}

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfigurationTests.java

@@ -43,7 +43,7 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
-import org.springframework.security.oauth2.server.resource.introspection.OAuth2TokenIntrospectionClient;
+import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -105,7 +105,7 @@ void defaultUserNotCreatedIfAuthenticationProviderBeanPresent(CapturedOutput out
 	@Test
 	void defaultUserNotCreatedIfResourceServerWithOpaqueIsUsed() {
 		this.contextRunner.withUserConfiguration(TestConfigWithIntrospectionClient.class).run((context) -> {
-			assertThat(context).hasSingleBean(OAuth2TokenIntrospectionClient.class);
+			assertThat(context).hasSingleBean(OpaqueTokenIntrospector.class);
 			assertThat(context).doesNotHaveBean(UserDetailsService.class);
 		});
 	}
@@ -243,8 +243,8 @@ JwtDecoder jwtDecoder() {
 	static class TestConfigWithIntrospectionClient {
 
 		@Bean
-		OAuth2TokenIntrospectionClient introspectionClient() {
-			return mock(OAuth2TokenIntrospectionClient.class);
+		OpaqueTokenIntrospector introspectionClient() {
+			return mock(OpaqueTokenIntrospector.class);
 		}
 
 	}

spring-boot-project/spring-boot-dependencies/pom.xml

@@ -191,7 +191,7 @@
 		<spring-plugin.version>2.0.0.M1</spring-plugin.version>
 		<spring-restdocs.version>2.0.3.RELEASE</spring-restdocs.version>
 		<spring-retry.version>1.2.4.RELEASE</spring-retry.version>
-		<spring-security.version>5.2.0.M4</spring-security.version>
+		<spring-security.version>5.2.0.BUILD-SNAPSHOT</spring-security.version>
 		<spring-session-bom.version>Corn-M3</spring-session-bom.version>
 		<spring-ws.version>3.0.7.RELEASE</spring-ws.version>
 		<sqlite-jdbc.version>3.28.0</sqlite-jdbc.version>

spring-boot-project/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc

@@ -3805,8 +3805,8 @@ to validate tokens via introspection:
 
 Again, the same properties are applicable for both servlet and reactive applications.
 
-Alternatively, you can define your own `OAuth2TokenIntrospectionClient` bean for servlet applications
-or a `ReactiveOAuth2TokenIntrospectionClient` for reactive applications.
+Alternatively, you can define your own `OpaqueTokenIntrospector` bean for servlet applications
+or a `ReactiveOpaqueTokenIntrospector` for reactive applications.
 
 ==== Authorization Server
 Currently, Spring Security does not provide support for implementing an OAuth 2.0