From 42a89d15b151c9ea3d226f690854cafbf847ae7a Mon Sep 17 00:00:00 2001
From: Joe Grandja <jgrandja@vmware.com>
Date: Fri, 11 Dec 2020 11:48:59 -0500
Subject: [PATCH] Remove unused OAuth2AuthorizationService from
 OAuth2TokenEndpointFilter

---
 .../OAuth2AuthorizationServerConfigurer.java    |  1 -
 .../web/OAuth2TokenEndpointFilter.java          | 17 ++++-------------
 .../web/OAuth2TokenEndpointFilterTests.java     | 16 +++-------------
 3 files changed, 7 insertions(+), 27 deletions(-)

diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.java b/oauth2-authorization-server/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.java
index 5a81d1e..a593f1a 100644
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.java
@@ -243,7 +243,6 @@ public final class OAuth2AuthorizationServerConfigurer<B extends HttpSecurityBui
 		OAuth2TokenEndpointFilter tokenEndpointFilter =
 				new OAuth2TokenEndpointFilter(
 						authenticationManager,
-						getAuthorizationService(builder),
 						providerSettings.tokenEndpoint());
 		builder.addFilterAfter(postProcess(tokenEndpointFilter), FilterSecurityInterceptor.class);
 
diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilter.java
index 1fe0d5a..d45abdd 100644
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilter.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilter.java
@@ -33,7 +33,6 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
 import org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter;
-import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationProvider;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationToken;
@@ -79,7 +78,7 @@ import java.util.stream.Collectors;
  *
  * <p>
  * The default endpoint {@code URI} {@code /oauth2/token} may be overridden
- * via the constructor {@link #OAuth2TokenEndpointFilter(AuthenticationManager, OAuth2AuthorizationService, String)}.
+ * via the constructor {@link #OAuth2TokenEndpointFilter(AuthenticationManager, String)}.
  *
  * @author Joe Grandja
  * @author Madhu Bhat
@@ -89,7 +88,6 @@ import java.util.stream.Collectors;
  * @see OAuth2AuthorizationCodeAuthenticationProvider
  * @see OAuth2RefreshTokenAuthenticationProvider
  * @see OAuth2ClientCredentialsAuthenticationProvider
- * @see OAuth2AuthorizationService
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-3.2">Section 3.2 Token Endpoint</a>
  */
 public class OAuth2TokenEndpointFilter extends OncePerRequestFilter {
@@ -99,7 +97,6 @@ public class OAuth2TokenEndpointFilter extends OncePerRequestFilter {
 	public static final String DEFAULT_TOKEN_ENDPOINT_URI = "/oauth2/token";
 
 	private final AuthenticationManager authenticationManager;
-	private final OAuth2AuthorizationService authorizationService;
 	private final RequestMatcher tokenEndpointMatcher;
 	private final Converter<HttpServletRequest, Authentication> authorizationGrantAuthenticationConverter;
 	private final HttpMessageConverter<OAuth2AccessTokenResponse> accessTokenHttpResponseConverter =
@@ -111,27 +108,21 @@ public class OAuth2TokenEndpointFilter extends OncePerRequestFilter {
 	 * Constructs an {@code OAuth2TokenEndpointFilter} using the provided parameters.
 	 *
 	 * @param authenticationManager the authentication manager
-	 * @param authorizationService the authorization service
 	 */
-	public OAuth2TokenEndpointFilter(AuthenticationManager authenticationManager,
-			OAuth2AuthorizationService authorizationService) {
-		this(authenticationManager, authorizationService, DEFAULT_TOKEN_ENDPOINT_URI);
+	public OAuth2TokenEndpointFilter(AuthenticationManager authenticationManager) {
+		this(authenticationManager, DEFAULT_TOKEN_ENDPOINT_URI);
 	}
 
 	/**
 	 * Constructs an {@code OAuth2TokenEndpointFilter} using the provided parameters.
 	 *
 	 * @param authenticationManager the authentication manager
-	 * @param authorizationService the authorization service
 	 * @param tokenEndpointUri the endpoint {@code URI} for access token requests
 	 */
-	public OAuth2TokenEndpointFilter(AuthenticationManager authenticationManager,
-			OAuth2AuthorizationService authorizationService, String tokenEndpointUri) {
+	public OAuth2TokenEndpointFilter(AuthenticationManager authenticationManager, String tokenEndpointUri) {
 		Assert.notNull(authenticationManager, "authenticationManager cannot be null");
-		Assert.notNull(authorizationService, "authorizationService cannot be null");
 		Assert.hasText(tokenEndpointUri, "tokenEndpointUri cannot be empty");
 		this.authenticationManager = authenticationManager;
-		this.authorizationService = authorizationService;
 		this.tokenEndpointMatcher = new AntPathRequestMatcher(tokenEndpointUri, HttpMethod.POST.name());
 		Map<AuthorizationGrantType, Converter<HttpServletRequest, Authentication>> converters = new HashMap<>();
 		converters.put(AuthorizationGrantType.AUTHORIZATION_CODE, new AuthorizationCodeAuthenticationConverter());
diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilterTests.java
index 223c8c7..d2a97d5 100644
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilterTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilterTests.java
@@ -38,7 +38,6 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
 import org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter;
-import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
@@ -76,7 +75,6 @@ import static org.mockito.Mockito.when;
  */
 public class OAuth2TokenEndpointFilterTests {
 	private AuthenticationManager authenticationManager;
-	private OAuth2AuthorizationService authorizationService;
 	private OAuth2TokenEndpointFilter filter;
 	private final HttpMessageConverter<OAuth2Error> errorHttpResponseConverter =
 			new OAuth2ErrorHttpMessageConverter();
@@ -86,8 +84,7 @@ public class OAuth2TokenEndpointFilterTests {
 	@Before
 	public void setUp() {
 		this.authenticationManager = mock(AuthenticationManager.class);
-		this.authorizationService = mock(OAuth2AuthorizationService.class);
-		this.filter = new OAuth2TokenEndpointFilter(this.authenticationManager, this.authorizationService);
+		this.filter = new OAuth2TokenEndpointFilter(this.authenticationManager);
 	}
 
 	@After
@@ -97,21 +94,14 @@ public class OAuth2TokenEndpointFilterTests {
 
 	@Test
 	public void constructorWhenAuthenticationManagerNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2TokenEndpointFilter(null, this.authorizationService))
+		assertThatThrownBy(() -> new OAuth2TokenEndpointFilter(null, "tokenEndpointUri"))
 				.isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("authenticationManager cannot be null");
 	}
 
-	@Test
-	public void constructorWhenAuthorizationServiceNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2TokenEndpointFilter(this.authenticationManager, null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("authorizationService cannot be null");
-	}
-
 	@Test
 	public void constructorWhenTokenEndpointUriNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2TokenEndpointFilter(this.authenticationManager, this.authorizationService, null))
+		assertThatThrownBy(() -> new OAuth2TokenEndpointFilter(this.authenticationManager, null))
 				.isInstanceOf(IllegalArgumentException.class)
 				.hasMessage("tokenEndpointUri cannot be empty");
 	}