Add AuthenticationConverter interface

Jenkinsfile

@@ -39,27 +39,12 @@ try {
 			}
 		}
 	},
-	springio: {
-		stage('Spring IO') {
-			node {
-				checkout scm
-				try {
-					sh "./gradlew clean springIoCheck -PplatformVersion=Cairo-BUILD-SNAPSHOT -PexcludeProjects='**/samples/**' --refresh-dependencies --no-daemon --stacktrace"
-				} catch(Exception e) {
-					currentBuild.result = 'FAILED: springio'
-					throw e
-				} finally {
-					junit '**/build/spring-io*-results/*.xml'
-				}
-			}
-		}
-	},
 	snapshots: {
 		stage('Snapshot Tests') {
 			node {
 				checkout scm
 				try {
-					sh "./gradlew clean test -PspringVersion='5.+' -PreactorVersion=Bismuth-BUILD-SNAPSHOT -PspringDataVersion=Kay-BUILD-SNAPSHOT --refresh-dependencies --no-daemon --stacktrace"
+					sh "./gradlew clean test -PspringVersion='5.+' -PreactorVersion=Californium-BUILD-SNAPSHOT -PspringDataVersion=Lovelace-BUILD-SNAPSHOT --refresh-dependencies --no-daemon --stacktrace"
 				} catch(Exception e) {
 					currentBuild.result = 'FAILED: snapshots'
 					throw e
@@ -73,7 +58,7 @@ try {
 				checkout scm
 				try {
 					withEnv(["JAVA_HOME=${ tool 'jdk9' }"]) {
-						sh "./gradlew clean test --no-daemon --stacktrace"
+						sh "./gradlew clean test --refresh-dependencies --no-daemon --stacktrace"
 					}
 				} catch(Exception e) {
 					currentBuild.result = 'FAILED: jdk9'
@@ -88,7 +73,7 @@ try {
 				checkout scm
 				try {
 					withEnv(["JAVA_HOME=${ tool 'jdk10' }"]) {
-						sh "./gradlew clean test --no-daemon --stacktrace"
+						sh "./gradlew clean test --refresh-dependencies --no-daemon --stacktrace"
 					}
 				} catch(Exception e) {
 					currentBuild.result = 'FAILED: jdk10'
@@ -103,7 +88,7 @@ try {
 				 checkout scm
 				 try {
 					 withEnv(["JAVA_HOME=${ tool 'jdk11' }"]) {
-						 sh "./gradlew clean test --no-daemon --stacktrace"
+						 sh "./gradlew clean test --refresh-dependencies --no-daemon --stacktrace"
 					 }
 				 } catch(Exception e) {
 					 currentBuild.result = 'FAILED: jdk11'

acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java

@@ -154,11 +154,11 @@ public void testDiskSerializationOfMutableAclObjectInstance() throws Exception {
 
 		Object retrieved1 = FieldUtils.getProtectedFieldValue("aclAuthorizationStrategy",
 				retrieved);
-		assertThat(retrieved1).isEqualTo(null);
+		assertThat(retrieved1).isNull();
 
 		Object retrieved2 = FieldUtils.getProtectedFieldValue(
 				"permissionGrantingStrategy", retrieved);
-		assertThat(retrieved2).isEqualTo(null);
+		assertThat(retrieved2).isNull();
 	}
 
 	@Test

build.gradle

@@ -1,6 +1,6 @@
 buildscript {
 	dependencies {
-		classpath 'io.spring.gradle:spring-build-conventions:0.0.15.RELEASE'
+		classpath 'io.spring.gradle:spring-build-conventions:0.0.16.RELEASE'
 		classpath "org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion"
 	}
 	repositories {

cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java

@@ -353,7 +353,7 @@ public void ignoresClassesItDoesNotSupport() throws Exception {
 		assertThat(cap.supports(TestingAuthenticationToken.class)).isFalse();
 
 		// Try it anyway
-		assertThat(cap.authenticate(token)).isEqualTo(null);
+		assertThat(cap.authenticate(token)).isNull();
 	}
 
 	@Test
@@ -370,7 +370,7 @@ public void ignoresUsernamePasswordAuthenticationTokensWithoutCasIdentifiersAsPr
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
 				"some_normal_user", "password",
 				AuthorityUtils.createAuthorityList("ROLE_A"));
-		assertThat(cap.authenticate(token)).isEqualTo(null);
+		assertThat(cap.authenticate(token)).isNull();
 	}
 
 	@Test

config/spring-security-config.gradle

@@ -13,6 +13,7 @@ dependencies {
 	optional project(':spring-security-messaging')
 	optional project(':spring-security-oauth2-client')
 	optional project(':spring-security-oauth2-jose')
+	optional project(':spring-security-oauth2-resource-server')
 	optional project(':spring-security-openid')
 	optional project(':spring-security-web')
 	optional 'io.projectreactor:reactor-core'
@@ -34,7 +35,9 @@ dependencies {
 	testCompile apachedsDependencies
 	testCompile powerMock2Dependencies
 	testCompile spockDependencies
+	testCompile 'com.squareup.okhttp3:mockwebserver'
 	testCompile 'ch.qos.logback:logback-classic'
+	testCompile 'io.projectreactor.netty:reactor-netty'
 	testCompile 'javax.annotation:jsr250-api:1.0'
 	testCompile 'javax.xml.bind:jaxb-api'
 	testCompile 'ldapsdk:ldapsdk:4.1'

config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java

@@ -122,7 +122,7 @@ public O getOrBuild() {
 	 * invokes {@link SecurityConfigurerAdapter#setBuilder(SecurityBuilder)}.
 	 *
 	 * @param configurer
-	 * @return
+	 * @return the {@link SecurityConfigurerAdapter} for further customizations
 	 * @throws Exception
 	 */
 	@SuppressWarnings("unchecked")
@@ -140,7 +140,7 @@ public <C extends SecurityConfigurerAdapter<O, B>> C apply(C configurer)
 	 * are not considered.
 	 *
 	 * @param configurer
-	 * @return
+	 * @return the {@link SecurityConfigurerAdapter} for further customizations
 	 * @throws Exception
 	 */
 	public <C extends SecurityConfigurer<O, B>> C apply(C configurer) throws Exception {
@@ -172,7 +172,7 @@ public <C> C getSharedObject(Class<C> sharedType) {
 
 	/**
 	 * Gets the shared objects
-	 * @return
+	 * @return the shared Objects
 	 */
 	public Map<Class<? extends Object>, Object> getSharedObjects() {
 		return Collections.unmodifiableMap(this.sharedObjects);
@@ -214,7 +214,7 @@ private <C extends SecurityConfigurer<O, B>> void add(C configurer) throws Excep
 	 * List if not found. Note that object hierarchies are not considered.
 	 *
 	 * @param clazz the {@link SecurityConfigurer} class to look for
-	 * @return
+	 * @return a list of {@link SecurityConfigurer}s for further customization
 	 */
 	@SuppressWarnings("unchecked")
 	public <C extends SecurityConfigurer<O, B>> List<C> getConfigurers(Class<C> clazz) {
@@ -230,7 +230,7 @@ public <C extends SecurityConfigurer<O, B>> List<C> getConfigurers(Class<C> claz
 	 * List if not found. Note that object hierarchies are not considered.
 	 *
 	 * @param clazz the {@link SecurityConfigurer} class to look for
-	 * @return
+	 * @return a list of {@link SecurityConfigurer}s for further customization
 	 */
 	@SuppressWarnings("unchecked")
 	public <C extends SecurityConfigurer<O, B>> List<C> removeConfigurers(Class<C> clazz) {
@@ -246,7 +246,7 @@ public <C extends SecurityConfigurer<O, B>> List<C> removeConfigurers(Class<C> c
 	 * found. Note that object hierarchies are not considered.
 	 *
 	 * @param clazz
-	 * @return
+	 * @return the {@link SecurityConfigurer} for further customizations
 	 */
 	@SuppressWarnings("unchecked")
 	public <C extends SecurityConfigurer<O, B>> C getConfigurer(Class<C> clazz) {
@@ -359,7 +359,7 @@ protected void beforeConfigure() throws Exception {
 	/**
 	 * Subclasses must implement this method to build the object that is being returned.
 	 *
-	 * @return
+	 * @return the Object to be buit or null if the implementation allows it
 	 */
 	protected abstract O performBuild() throws Exception;
 

config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java

@@ -51,7 +51,7 @@ public void configure(B builder) throws Exception {
 	 * Return the {@link SecurityBuilder} when done using the {@link SecurityConfigurer}.
 	 * This is useful for method chaining.
 	 *
-	 * @return
+	 * @return the {@link SecurityBuilder} for further customizations
 	 */
 	public B and() {
 		return getBuilder();

config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java

@@ -258,7 +258,7 @@ protected ProviderManager performBuild() throws Exception {
 	 * default configuration in the {@link SecurityConfigurer#configure(SecurityBuilder)}
 	 * method.
 	 *
-	 * @return
+	 * @return true, if {@link AuthenticationManagerBuilder} is configured, otherwise false
 	 */
 	public boolean isConfigured() {
 		return !authenticationProviders.isEmpty() || parentAuthenticationManager != null;

config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java

@@ -289,6 +289,11 @@ public boolean matches(CharSequence rawPassword,
 			return getPasswordEncoder().matches(rawPassword, encodedPassword);
 		}
 
+		@Override
+		public boolean upgradeEncoding(String encodedPassword) {
+			return getPasswordEncoder().upgradeEncoding(encodedPassword);
+		}
+
 		private PasswordEncoder getPasswordEncoder() {
 			if (this.passwordEncoder != null) {
 				return this.passwordEncoder;

config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java

@@ -22,6 +22,7 @@
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.core.userdetails.UserDetailsPasswordService;
 
 /**
  * Lazily initializes the global authentication with a {@link UserDetailsService} if it is
@@ -65,12 +66,16 @@ public void configure(AuthenticationManagerBuilder auth) throws Exception {
 			}
 
 			PasswordEncoder passwordEncoder = getBeanOrNull(PasswordEncoder.class);
+			UserDetailsPasswordService passwordManager = getBeanOrNull(UserDetailsPasswordService.class);
 
 			DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
 			provider.setUserDetailsService(userDetailsService);
 			if (passwordEncoder != null) {
 				provider.setPasswordEncoder(passwordEncoder);
 			}
+			if (passwordManager != null) {
+				provider.setUserDetailsPasswordService(passwordManager);
+			}
 			provider.afterPropertiesSet();
 
 			auth.authenticationProvider(provider);
@@ -90,4 +95,4 @@ private <T> T getBeanOrNull(Class<T> type) {
 					.getBean(userDetailsBeanNames[0], type);
 		}
 	}
-}
+}

config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java

@@ -302,7 +302,7 @@ public LdapAuthenticationProviderConfigurer<B> userDetailsContextMapper(
 	/**
 	 * Specifies the attribute name which contains the role name. Default is "cn".
 	 * @param groupRoleAttribute the attribute name that maps a group to a role.
-	 * @return
+	 * @return the {@link LdapAuthenticationProviderConfigurer} for further customizations
 	 */
 	public LdapAuthenticationProviderConfigurer<B> groupRoleAttribute(
 			String groupRoleAttribute) {
@@ -384,11 +384,11 @@ public void configure(B builder) throws Exception {
 	 */
 	public final class PasswordCompareConfigurer {
 
-		/**
+		/**Us
 		 * Allows specifying the {@link PasswordEncoder} to use. The default is
 		 * {@link org.springframework.security.crypto.password.NoOpPasswordEncoder}.
 		 * @param passwordEncoder the {@link PasswordEncoder} to use
-		 * @return the {@link PasswordEncoder} to use
+		 * @return the {@link PasswordCompareConfigurer} for further customizations
 		 */
 		public PasswordCompareConfigurer passwordEncoder(PasswordEncoder passwordEncoder) {
 			LdapAuthenticationProviderConfigurer.this.passwordEncoder = passwordEncoder;
@@ -602,7 +602,7 @@ private BaseLdapPathContextSource getContextSource() throws Exception {
 	}
 
 	/**
-	 * @return
+	 * @return the {@link PasswordCompareConfigurer} for further customizations
 	 */
 	public PasswordCompareConfigurer passwordCompare() {
 		return new PasswordCompareConfigurer().passwordAttribute("password")

config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/JdbcUserDetailsManagerConfigurer.java

@@ -63,7 +63,7 @@ public JdbcUserDetailsManagerConfigurer() {
 	 * Populates the {@link DataSource} to be used. This is the only required attribute.
 	 *
 	 * @param dataSource the {@link DataSource} to be used. Cannot be null.
-	 * @return
+	 * @return The {@link JdbcUserDetailsManagerConfigurer} used for additional customizations
 	 * @throws Exception
 	 */
 	public JdbcUserDetailsManagerConfigurer<B> dataSource(DataSource dataSource)
@@ -142,7 +142,7 @@ public JdbcUserDetailsManagerConfigurer<B> groupAuthoritiesByUsername(String que
 	 * storage (default is "").
 	 *
 	 * @param rolePrefix
-	 * @return
+	 * @return The {@link JdbcUserDetailsManagerConfigurer} used for additional customizations
 	 * @throws Exception
 	 */
 	public JdbcUserDetailsManagerConfigurer<B> rolePrefix(String rolePrefix)

config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurer.java

@@ -69,7 +69,7 @@ protected void initUserDetailsService() throws Exception {
 	 * method can be invoked multiple times to add multiple users.
 	 *
 	 * @param userDetails the user to add. Cannot be null.
-	 * @return
+	 * @return the {@link UserDetailsBuilder} for further customizations
 	 */
 	@SuppressWarnings("unchecked")
 	public final C withUser(UserDetails userDetails) {
@@ -82,7 +82,7 @@ public final C withUser(UserDetails userDetails) {
 	 * method can be invoked multiple times to add multiple users.
 	 *
 	 * @param userBuilder the user to add. Cannot be null.
-	 * @return
+	 * @return the {@link UserDetailsBuilder} for further customizations
 	 */
 	@SuppressWarnings("unchecked")
 	public final C withUser(User.UserBuilder userBuilder) {
@@ -95,7 +95,7 @@ public final C withUser(User.UserBuilder userBuilder) {
 	 * method can be invoked multiple times to add multiple users.
 	 *
 	 * @param username the username for the user being added. Cannot be null.
-	 * @return
+	 * @return the {@link UserDetailsBuilder} for further customizations
 	 */
 	@SuppressWarnings("unchecked")
 	public final UserDetailsBuilder withUser(String username) {

config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java

@@ -21,6 +21,7 @@
 import org.springframework.security.config.annotation.authentication.ProviderManagerBuilder;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.core.userdetails.UserDetailsPasswordService;
 
 /**
  * Allows configuring a {@link DaoAuthenticationProvider}
@@ -46,6 +47,9 @@ abstract class AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuil
 	protected AbstractDaoAuthenticationConfigurer(U userDetailsService) {
 		this.userDetailsService = userDetailsService;
 		provider.setUserDetailsService(userDetailsService);
+		if (userDetailsService instanceof UserDetailsPasswordService) {
+			this.provider.setUserDetailsPasswordService((UserDetailsPasswordService) userDetailsService);
+		}
 	}
 
 	/**
@@ -65,14 +69,19 @@ public C withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) {
 	 * {@link DaoAuthenticationProvider}. The default is to use plain text.
 	 *
 	 * @param passwordEncoder The {@link PasswordEncoder} to use.
-	 * @return
+	 * @return the {@link AbstractDaoAuthenticationConfigurer} for further customizations
 	 */
 	@SuppressWarnings("unchecked")
 	public C passwordEncoder(PasswordEncoder passwordEncoder) {
 		provider.setPasswordEncoder(passwordEncoder);
 		return (C) this;
 	}
 
+	public C userDetailsPasswordManager(UserDetailsPasswordService passwordManager) {
+		provider.setUserDetailsPasswordService(passwordManager);
+		return (C) this;
+	}
+
 	@Override
 	public void configure(B builder) throws Exception {
 		provider = postProcess(provider);