renaming 'verification code' to 'authorization code' to align with oa…

…uth spec terminology

sparklr2/src/main/java/org/springframework/security/oauth/examples/sparklr/mvc/AccessConfirmationController.java

@@ -4,8 +4,8 @@
 import org.springframework.security.oauth2.provider.ClientAuthenticationToken;
 import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.security.oauth2.provider.ClientDetailsService;
-import org.springframework.security.oauth2.provider.verification.ClientAuthenticationCache;
-import org.springframework.security.oauth2.provider.verification.DefaultClientAuthenticationCache;
+import org.springframework.security.oauth2.provider.authorization_code.ClientAuthenticationCache;
+import org.springframework.security.oauth2.provider.authorization_code.DefaultClientAuthenticationCache;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.servlet.ModelAndView;

sparklr2/src/main/webapp/WEB-INF/applicationContext.xml

@@ -34,7 +34,7 @@
   </beans:bean>
 
   <oauth:provider client-details-service-ref="clientDetails" token-services-ref="tokenServices" >
-    <oauth:verification-code user-approval-page="/oauth/confirm_access" />
+    <oauth:authorization-code user-approval-page="/oauth/confirm_access" />
   </oauth:provider>
 
   <oauth:client-details-service id="clientDetails">

sparklr2/src/main/webapp/WEB-INF/jsp/access_confirmation.jsp

@@ -1,7 +1,7 @@
 <%@ page import="org.springframework.security.core.AuthenticationException" %>
 <%@ page import="org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter" %>
-<%@ page import="org.springframework.security.oauth2.provider.verification.BasicUserApprovalFilter" %>
-<%@ page import="org.springframework.security.oauth2.provider.verification.VerificationCodeFilter" %>
+<%@ page import="org.springframework.security.oauth2.provider.authorization_code.BasicUserApprovalFilter" %>
+<%@ page import="org.springframework.security.oauth2.provider.authorization_code.AuthorizationCodeFilter" %>
 <%@ page import="org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException" %>
 <%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags" %>
 <%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
@@ -33,11 +33,11 @@
 
       <p>You hereby authorize "<c:out value="${client.clientId}"/>" to access your protected resources.</p>
 
-      <form id="confirmationForm" name="confirmationForm" action="<%=request.getContextPath() + VerificationCodeFilter.DEFAULT_PROCESSING_URL%>" method="POST">
+      <form id="confirmationForm" name="confirmationForm" action="<%=request.getContextPath() + AuthorizationCodeFilter.DEFAULT_PROCESSING_URL%>" method="POST">
         <input name="<%=BasicUserApprovalFilter.DEFAULT_APPROVAL_REQUEST_PARAMETER%>" value="<%=BasicUserApprovalFilter.DEFAULT_APPROVAL_PARAMETER_VALUE%>" type="hidden"/>
         <label><input name="authorize" value="Authorize" type="submit"></label>
       </form>
-      <form id="denialForm" name="denialForm" action="<%=request.getContextPath() + VerificationCodeFilter.DEFAULT_PROCESSING_URL%>" method="POST">
+      <form id="denialForm" name="denialForm" action="<%=request.getContextPath() + AuthorizationCodeFilter.DEFAULT_PROCESSING_URL%>" method="POST">
         <input name="<%=BasicUserApprovalFilter.DEFAULT_APPROVAL_REQUEST_PARAMETER%>" value="not_<%=BasicUserApprovalFilter.DEFAULT_APPROVAL_PARAMETER_VALUE%>" type="hidden"/>
         <label><input name="deny" value="Deny" type="submit"></label>
       </form>

sparklr2/src/test/java/org/springframework/security/oauth2/provider/TestWebServerProfile.java

@@ -112,7 +112,7 @@ public void testBasicWebServerProfile() throws Exception {
 		assertEquals("mystateid", state);
 		assertNotNull(code);
 
-		// we've got the verification code. now we should be able to get an access token.
+		// we've got the authorization code. now we should be able to get an access token.
 		Client client = Client.create();
 		client.setFollowRedirects(false);
 		MultivaluedMap<String, String> formData = new MultivaluedMapImpl();
@@ -129,7 +129,7 @@ public void testBasicWebServerProfile() throws Exception {
 		OAuth2AccessToken accessToken = serializationService
 				.deserializeJsonAccessToken(response.getEntityInputStream());
 
-		// let's try that request again and make sure we can't re-use the verification code...
+		// let's try that request again and make sure we can't re-use the authorization code...
 		response = client.resource(serverRunning.getUrl("/sparklr/oauth/authorize"))
 				.type(MediaType.APPLICATION_FORM_URLENCODED_TYPE).post(ClientResponse.class, formData);
 		assertEquals(401, response.getClientResponseStatus().getStatusCode());
@@ -222,7 +222,7 @@ public void testFailureIfSomeParametersAreMissing() throws Exception {
 
 		assertNotNull(code);
 
-		// we've got the verification code. now let's make sure we get an error if we attempt to use a different
+		// we've got the authorization code. now let's make sure we get an error if we attempt to use a different
 		// redirect uri
 		Client client = Client.create();
 		client.setFollowRedirects(false);

spring-security-oauth/src/main/java/org/springframework/security/oauth2/common/DefaultOAuth2SerializationService.java

@@ -181,7 +181,7 @@ else if ("unsupported_response_type".equals(errorCode)) {
       ex = new UnsupportedResponseTypeException(errorMessage);
     }
     else if ("access_denied".equals(errorCode)) {
-      ex = new UserDeniedVerificationException(errorMessage);
+      ex = new UserDeniedAuthorizationException(errorMessage);
     }
     else {
       ex = new OAuth2Exception(errorMessage);

spring-security-oauth/src/main/java/org/springframework/security/oauth2/common/exceptions/UserDeniedAuthorizationException.java

@@ -0,0 +1,25 @@
+package org.springframework.security.oauth2.common.exceptions;
+
+/**
+ * @author Ryan Heaton
+ */
+public class UserDeniedAuthorizationException extends OAuth2Exception {
+
+  public UserDeniedAuthorizationException(String msg, Throwable t) {
+    super(msg, t);
+  }
+
+  public UserDeniedAuthorizationException(String msg) {
+    super(msg);
+  }
+
+  public UserDeniedAuthorizationException(String msg, Object extraInformation) {
+    super(msg, extraInformation);
+  }
+
+  @Override
+  public String getOAuth2ErrorCode() {
+    return "access_denied";
+  }
+
+}

spring-security-oauth/src/main/java/org/springframework/security/oauth2/config/OAuth2ProviderBeanDefinitionParser.java

@@ -27,14 +27,14 @@
 import org.springframework.security.config.BeanIds;
 import org.springframework.security.oauth.config.ConfigUtils;
 import org.springframework.security.oauth2.provider.*;
+import org.springframework.security.oauth2.provider.authorization_code.InMemoryAuthorizationCodeServices;
 import org.springframework.security.oauth2.provider.client.ClientCredentialsAuthenticationProvider;
 import org.springframework.security.oauth2.provider.password.ClientPasswordAuthenticationProvider;
 import org.springframework.security.oauth2.provider.refresh.RefreshAuthenticationProvider;
 import org.springframework.security.oauth2.provider.token.InMemoryOAuth2ProviderTokenServices;
-import org.springframework.security.oauth2.provider.verification.BasicUserApprovalFilter;
-import org.springframework.security.oauth2.provider.verification.InMemoryVerificationCodeServices;
-import org.springframework.security.oauth2.provider.verification.VerificationCodeAuthenticationProvider;
-import org.springframework.security.oauth2.provider.verification.VerificationCodeFilter;
+import org.springframework.security.oauth2.provider.authorization_code.BasicUserApprovalFilter;
+import org.springframework.security.oauth2.provider.authorization_code.UnconfirmedAuthorizationCodeAuthenticationProvider;
+import org.springframework.security.oauth2.provider.authorization_code.AuthorizationCodeFilter;
 import org.springframework.security.web.access.ExceptionTranslationFilter;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import org.springframework.util.StringUtils;
@@ -100,19 +100,25 @@ public BeanDefinition parse(Element element, ParserContext parserContext) {
     parserContext.getRegistry().registerBeanDefinition("oauth2ExceptionHandlerFilter", exceptionHandler.getBeanDefinition());
     filterChain.add(filterIndex++, new RuntimeBeanReference("oauth2ExceptionHandlerFilter"));
 
+
     Element verificationCodeElement = DomUtils.getChildElementByTagName(element, "verification-code");
-    if (verificationCodeElement == null || !"true".equalsIgnoreCase(verificationCodeElement.getAttribute("disabled"))) {
-      //verification code profile configuration.
-      String approvalPage = verificationCodeElement == null ? null : verificationCodeElement.getAttribute("user-approval-page");
-      String approvalParameter = verificationCodeElement == null ? null : verificationCodeElement.getAttribute("approval-parameter-name");
-      String verificationServicesRef = verificationCodeElement == null ? null : verificationCodeElement.getAttribute("services-ref");
-      String redirectResolverRef = verificationCodeElement == null ? null : verificationCodeElement.getAttribute("redirect-resolver-ref");
-      String authenticationCacheRef = verificationCodeElement == null ? null : verificationCodeElement.getAttribute("authentication-cache-ref");
-      String approvalFilterRef = verificationCodeElement == null ? null : verificationCodeElement.getAttribute("user-approval-filter-ref");
-      String approvalHandlerRef = verificationCodeElement == null ? null : verificationCodeElement.getAttribute("approval-handler-ref");
-      String verificationCodeRedirectStrategyRef = verificationCodeElement == null ? null : verificationCodeElement.getAttribute("redirect-strategy-ref");
-      if (!StringUtils.hasText(verificationCodeRedirectStrategyRef)) {
-        verificationCodeRedirectStrategyRef = redirectStrategyRef;
+    if (verificationCodeElement != null) {
+      parserContext.getReaderContext().error("The 'verification-code' element has been renamed to 'authorization-code'", verificationCodeElement);
+    }
+
+    Element authorizationCodeElement = DomUtils.getChildElementByTagName(element, "authorization-code");
+    if (authorizationCodeElement == null || !"true".equalsIgnoreCase(authorizationCodeElement.getAttribute("disabled"))) {
+      //authorization code grant configuration.
+      String approvalPage = authorizationCodeElement == null ? null : authorizationCodeElement.getAttribute("user-approval-page");
+      String approvalParameter = authorizationCodeElement == null ? null : authorizationCodeElement.getAttribute("approval-parameter-name");
+      String authorizationCodeServices = authorizationCodeElement == null ? null : authorizationCodeElement.getAttribute("services-ref");
+      String redirectResolverRef = authorizationCodeElement == null ? null : authorizationCodeElement.getAttribute("redirect-resolver-ref");
+      String authenticationCacheRef = authorizationCodeElement == null ? null : authorizationCodeElement.getAttribute("authentication-cache-ref");
+      String approvalFilterRef = authorizationCodeElement == null ? null : authorizationCodeElement.getAttribute("user-approval-filter-ref");
+      String approvalHandlerRef = authorizationCodeElement == null ? null : authorizationCodeElement.getAttribute("approval-handler-ref");
+      String authorizationCodeRedirectStrategyRef = authorizationCodeElement == null ? null : authorizationCodeElement.getAttribute("redirect-strategy-ref");
+      if (!StringUtils.hasText(authorizationCodeRedirectStrategyRef)) {
+        authorizationCodeRedirectStrategyRef = redirectStrategyRef;
       }
 
       if (!StringUtils.hasText(approvalFilterRef)) {
@@ -136,50 +142,50 @@ public BeanDefinition parse(Element element, ParserContext parserContext) {
         parserContext.getRegistry().registerBeanDefinition(approvalHandlerRef, approvalHandler.getBeanDefinition());
       }
 
-      if (!StringUtils.hasText(verificationServicesRef)) {
-        verificationServicesRef = "oauth2VerificationServices";
-        BeanDefinitionBuilder verificationServices = BeanDefinitionBuilder.rootBeanDefinition(InMemoryVerificationCodeServices .class);
-        parserContext.getRegistry().registerBeanDefinition(verificationServicesRef, verificationServices.getBeanDefinition());
+      if (!StringUtils.hasText(authorizationCodeServices)) {
+        authorizationCodeServices = "oauth2AuthorizationCodeServices";
+        BeanDefinitionBuilder authorizationCodeServicesBean = BeanDefinitionBuilder.rootBeanDefinition(InMemoryAuthorizationCodeServices.class);
+        parserContext.getRegistry().registerBeanDefinition(authorizationCodeServices, authorizationCodeServicesBean.getBeanDefinition());
       }
 
-      BeanDefinitionBuilder verificationCodeFilterBean = BeanDefinitionBuilder.rootBeanDefinition(VerificationCodeFilter.class);
+      BeanDefinitionBuilder authorizationCodeFilterBean = BeanDefinitionBuilder.rootBeanDefinition(AuthorizationCodeFilter.class);
       if (StringUtils.hasText(clientDetailsRef)) {
-        verificationCodeFilterBean.addPropertyReference("clientDetailsService", clientDetailsRef);
+        authorizationCodeFilterBean.addPropertyReference("clientDetailsService", clientDetailsRef);
       }
       if (StringUtils.hasText(redirectResolverRef)) {
-        verificationCodeFilterBean.addPropertyReference("redirectResolver", redirectResolverRef);
+        authorizationCodeFilterBean.addPropertyReference("redirectResolver", redirectResolverRef);
       }
       if (StringUtils.hasText(authenticationCacheRef)) {
-        verificationCodeFilterBean.addPropertyReference("authenticationCache", authenticationCacheRef);
+        authorizationCodeFilterBean.addPropertyReference("authenticationCache", authenticationCacheRef);
       }
-      if (StringUtils.hasText(verificationCodeRedirectStrategyRef)) {
-        verificationCodeFilterBean.addPropertyReference("redirectStrategy", verificationCodeRedirectStrategyRef);
+      if (StringUtils.hasText(authorizationCodeRedirectStrategyRef)) {
+        authorizationCodeFilterBean.addPropertyReference("redirectStrategy", authorizationCodeRedirectStrategyRef);
       }
       if (StringUtils.hasText(approvalPage)) {
         SimpleUrlAuthenticationFailureHandler approvalPageHandler = new SimpleUrlAuthenticationFailureHandler();
         approvalPageHandler.setDefaultFailureUrl(approvalPage);
-        verificationCodeFilterBean.addPropertyValue("unapprovedAuthenticationHandler", approvalPageHandler);
+        authorizationCodeFilterBean.addPropertyValue("unapprovedAuthenticationHandler", approvalPageHandler);
       }
       if (StringUtils.hasText(userAuthUrl)) {
-        verificationCodeFilterBean.addPropertyValue("filterProcessesUrl", userAuthUrl);
+        authorizationCodeFilterBean.addPropertyValue("filterProcessesUrl", userAuthUrl);
       }
-      verificationCodeFilterBean.addPropertyReference("verificationServices", verificationServicesRef);
-      verificationCodeFilterBean.addPropertyReference("userApprovalHandler", approvalHandlerRef);
+      authorizationCodeFilterBean.addPropertyReference("authorizationCodeServices", authorizationCodeServices);
+      authorizationCodeFilterBean.addPropertyReference("userApprovalHandler", approvalHandlerRef);
 
-      BeanDefinitionBuilder verificationCodeProvider = BeanDefinitionBuilder.rootBeanDefinition(VerificationCodeAuthenticationProvider.class);
-      verificationCodeProvider.addPropertyReference("authenticationManager", OAUTH2_AUTHENTICATION_MANAGER);
-      verificationCodeProvider.addPropertyReference("verificationServices", verificationServicesRef);
+      BeanDefinitionBuilder authorizationCodeProvider = BeanDefinitionBuilder.rootBeanDefinition(UnconfirmedAuthorizationCodeAuthenticationProvider.class);
+      authorizationCodeProvider.addPropertyReference("authenticationManager", OAUTH2_AUTHENTICATION_MANAGER);
+      authorizationCodeProvider.addPropertyReference("authorizationCodeServices", authorizationCodeServices);
 
-      providers.add(verificationCodeProvider.getBeanDefinition());
+      providers.add(authorizationCodeProvider.getBeanDefinition());
 
       //add the approval filter to the beginning of the chain so that those who want to combine it with other authentication filters can do so.
       filterChain.add(0, new RuntimeBeanReference(approvalFilterRef));
       filterIndex++;//increment the insert index since we added something at the beginning of the list.
 
-      parserContext.getRegistry().registerBeanDefinition("oauth2VerificationCodeFilter", verificationCodeFilterBean.getBeanDefinition());
-      filterChain.add(filterIndex++, new RuntimeBeanReference("oauth2VerificationCodeFilter"));
+      parserContext.getRegistry().registerBeanDefinition("oauth2AuthorizationCodeFilter", authorizationCodeFilterBean.getBeanDefinition());
+      filterChain.add(filterIndex++, new RuntimeBeanReference("oauth2AuthorizationCodeFilter"));
 
-      //end verification code profile configuration.
+      //end authorization code profile configuration.
     }
 
     //configure the client password mechanism.

spring-security-oauth/src/main/java/org/springframework/security/oauth2/provider/DefaultOAuth2GrantManager.java

@@ -6,7 +6,7 @@
 import org.springframework.security.oauth2.provider.client.ClientCredentialsAuthenticationToken;
 import org.springframework.security.oauth2.provider.password.ClientPasswordAuthenticationToken;
 import org.springframework.security.oauth2.provider.refresh.RefreshAuthenticationToken;
-import org.springframework.security.oauth2.provider.verification.AuthorizationCodeAuthenticationToken;
+import org.springframework.security.oauth2.provider.authorization_code.AuthorizationCodeAuthenticationToken;
 
 import javax.servlet.http.HttpServletRequest;
 import java.io.UnsupportedEncodingException;

spring-security-oauth/src/main/java/org/springframework/security/oauth2/provider/verification/AuthorizationCodeAuthenticationToken.java → spring-security-oauth/src/main/java/org/springframework/security/oauth2/provider/authorization_code/AuthorizationCodeAuthenticationToken.java

@@ -1,27 +1,27 @@
-package org.springframework.security.oauth2.provider.verification;
+package org.springframework.security.oauth2.provider.authorization_code;
 
 import org.springframework.security.oauth2.provider.ClientAuthenticationToken;
 
 import java.util.Set;
 
 /**
- * Authentication token for a request for authorization of a verification code.
+ * Authentication token for a request for authorization of an as-yet-unconfirmed authorization code.
  *
  * @author Ryan Heaton
  */
 public class AuthorizationCodeAuthenticationToken extends ClientAuthenticationToken {
 
-  private final String verificationCode;
+  private final String authorizationCode;
   private final String requestedRedirect;
 
-  public AuthorizationCodeAuthenticationToken(String clientId, String clientSecret, Set<String> scope, String verificationCode, String requestedRedirect) {
+  public AuthorizationCodeAuthenticationToken(String clientId, String clientSecret, Set<String> scope, String authorizationCode, String requestedRedirect) {
     super(clientId, clientSecret, scope);
-    this.verificationCode = verificationCode;
+    this.authorizationCode = authorizationCode;
     this.requestedRedirect = requestedRedirect;
   }
 
-  public String getVerificationCode() {
-    return verificationCode;
+  public String getAuthorizationCode() {
+    return authorizationCode;
   }
 
   public String getRequestedRedirect() {