Factor out non-filter concerns into *Endpoints*

There should be no need for @lazy @scope @beans and most
of the old AuthorizationServerConfiguration was nothing to
do with Security, so we have split out the non-security
concerns and made a new method in the configurer.

docs/oauth2.md

@@ -37,7 +37,8 @@ As you configure the Authorization Server, you have to consider the grant type t
 The `@EnableAuthorizationServer` annotation is used to configure the OAuth 2.0 Authorization Server mechanism, together with any `@Beans` that implement `AuthorizationServerConfigurer` (there is a hander adapter implementation with empty methods). The following features are delegated to separate configurers that are created by Spring and passed into the `AuthorizationServerConfigurer`:
 
 * `ClientDetailsServiceConfigurer`: a configurer that defines the client details service. Client details can be initialized, or you can just refer to an existing store.
-* `AuthorizationServerSecurityConfigurer`: defines the authorization and token endpoints and the token services.
+* `AuthorizationServerSecurityConfigurer`: defines the security constraints on the token endpoint.
+* `AuthorizationServerEndpointsConfigurer`: defines the authorization and token endpoints and the token services.
 
 An important aspect of the provider configuration is the way that an authorization code is supplied to an OAuth client (in the authorization code grant). A authorization code is obtained by the OAuth client by directing the end-user to an authorization page where the user can enter her credentials, resulting in a redirection from the provider authorization server back to the OAuth client with the authorization code. Examples of this are elaborated in the OAuth 2 specification.
 
@@ -67,7 +68,7 @@ When creating your `AuthorizationServerTokenServices` implementation, you may wa
 ### Grant Types
 
 The grant types supported by the `AuthorizationEndpoint` can be
-configured via the `AuthorizationServerSecurityConfigurer`. By default
+configured via the `AuthorizationServerEndpointsConfigurer`. By default
 all grant types are supported except password (see below for details of how to switch it on). The
 following properties affect grant types:
 
@@ -80,7 +81,7 @@ In XML grant types are included as child elements of the `authorization-server`.
 
 ### Configuring the Endpoint URLs
 
-The `AuthorizationServerSecurityConfigurer` has a `pathMapping()` method. It takes two arguments:
+The `AuthorizationServerEndpointsConfigurer` has a `pathMapping()` method. It takes two arguments:
 
 * The default (framework implementation) URL path for the endpoint
 * The custom path required (starting with a "/") 

samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/OAuth2ServerConfig.java

@@ -20,6 +20,9 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.context.annotation.Scope;
+import org.springframework.context.annotation.ScopedProxyMode;
 import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -31,12 +34,14 @@
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
 import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
 import org.springframework.security.oauth2.provider.approval.ApprovalStore;
 import org.springframework.security.oauth2.provider.approval.TokenApprovalStore;
+import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
 import org.springframework.security.oauth2.provider.token.InMemoryTokenStore;
 import org.springframework.security.oauth2.provider.token.TokenStore;
 
@@ -48,7 +53,7 @@
 public class OAuth2ServerConfig {
 
 	private static final String SPARKLR_RESOURCE_ID = "sparklr";
-	
+
 	@Configuration
 	@Order(10)
 	protected static class UiResourceConfiguration extends WebSecurityConfigurerAdapter {
@@ -67,7 +72,7 @@ protected void configure(HttpSecurity http) throws Exception {
 			// @formatter:on
 		}
 	}
-	
+
 	@Configuration
 	@EnableResourceServer
 	protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@@ -108,18 +113,15 @@ protected static class AuthorizationServerConfiguration extends AuthorizationSer
 		private TokenStore tokenStore;
 
 		@Autowired
-		private OAuth2RequestFactory requestFactory;
+		private UserApprovalHandler userApprovalHandler;
 
 		@Autowired
 		@Qualifier("authenticationManagerBean")
 		private AuthenticationManager authenticationManager;
 
-		@Autowired
-		private ClientDetailsService clientDetailsService;
-
 		@Value("${tonr.redirect:http://localhost:8080/tonr2/sparklr/redirect}")
 		private String tonrRedirectUri;
-		
+
 		@Override
 		public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
 
@@ -171,34 +173,53 @@ public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
 			// @formatter:on
 		}
 
-		@Bean
-		public SparklrUserApprovalHandler userApprovalHandler() throws Exception {
-			SparklrUserApprovalHandler handler = new SparklrUserApprovalHandler();
-			handler.setApprovalStore(approvalStore());
-			handler.setRequestFactory(requestFactory);
-			handler.setClientDetailsService(clientDetailsService);
-			handler.setUseApprovalStore(true);
-			return handler;
-		}
-
 		@Bean
 		public TokenStore tokenStore() {
 			return new InMemoryTokenStore();
 		}
 
+		@Override
+		public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+			endpoints.tokenStore(tokenStore).userApprovalHandler(userApprovalHandler)
+					.authenticationManager(authenticationManager);
+		}
+
+		@Override
+		public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
+			oauthServer.realm("sparklr2/client");
+		}
+
+	}
+
+	protected static class Stuff {
+
+		@Autowired
+		private ClientDetailsService clientDetailsService;
+
+		@Autowired
+		private TokenStore tokenStore;
+
+		@Autowired
+		private OAuth2RequestFactory requestFactory;
+
 		@Bean
 		public ApprovalStore approvalStore() throws Exception {
 			TokenApprovalStore store = new TokenApprovalStore();
 			store.setTokenStore(tokenStore);
 			return store;
 		}
 
-		@Override
-		public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
-			oauthServer.tokenStore(tokenStore).userApprovalHandler(userApprovalHandler())
-					.authenticationManager(authenticationManager).realm("sparklr2/client");
+		@Bean
+		@Lazy
+		@Scope(proxyMode=ScopedProxyMode.TARGET_CLASS)
+		public SparklrUserApprovalHandler userApprovalHandler() throws Exception {
+			SparklrUserApprovalHandler handler = new SparklrUserApprovalHandler();
+			handler.setApprovalStore(approvalStore());
+			handler.setRequestFactory(requestFactory);
+			handler.setClientDetailsService(clientDetailsService);
+			handler.setUseApprovalStore(true);
+			return handler;
 		}
-
 	}
 
 }

samples/oauth2/sparklr/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java → samples/oauth2/sparklr/src/test/java/org/springframework/security/samples/config/ApplicationConfigurationTests.java

@@ -36,7 +36,7 @@
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration
 @WebAppConfiguration
-public class SecurityConfigTests {
+public class ApplicationConfigurationTests {
 
     @Configuration
     @ComponentScan(basePackageClasses = SecurityConfiguration.class)