Remove Nimbus(Reactive)OpaqueTokenIntrospector

Closes gh-17302 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2026-05-22 21:33:16 +00:00 · 2025-06-22 01:42:55 +07:00
parent 519ae241f4
commit 21036c94b4
8 changed files with 21 additions and 1244 deletions
@@ -123,9 +123,9 @@ import org.springframework.security.oauth2.server.resource.authentication.Bearer
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver;
-import org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector;
 import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenAuthenticationConverter;
 import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
+import org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector;
 import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint;
 import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
 import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver;
@@ -2754,8 +2754,8 @@ public class OAuth2ResourceServerConfigurerTests {
 		}

 		@Bean
-		NimbusOpaqueTokenIntrospector tokenIntrospectionClient() {
-			return new NimbusOpaqueTokenIntrospector("https://example.org/introspect", this.rest);
+		OpaqueTokenIntrospector tokenIntrospectionClient() {
+			return new SpringOpaqueTokenIntrospector("https://example.org/introspect", this.rest);
 		}

 	}
@@ -86,9 +86,9 @@ import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
 import org.springframework.security.oauth2.jwt.TestJwts;
 import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
-import org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector;
 import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenAuthenticationConverter;
 import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
+import org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector;
 import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
 import org.springframework.security.test.context.annotation.SecurityTestExecutionListeners;
 import org.springframework.security.web.authentication.AuthenticationConverter;
@@ -1064,7 +1064,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {

 		@Override
 		public OpaqueTokenIntrospector getObject() throws Exception {
-			return new NimbusOpaqueTokenIntrospector("https://idp.example.org", this.rest);
+			return new SpringOpaqueTokenIntrospector("https://idp.example.org", this.rest);
 		}

 		@Override
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -24,6 +24,7 @@ import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
+import org.springframework.core.ParameterizedTypeReference
 import org.springframework.http.HttpHeaders
 import org.springframework.http.HttpStatus
 import org.springframework.http.MediaType
@@ -41,7 +42,6 @@ import org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrinci
 import org.springframework.security.oauth2.core.TestOAuth2AccessTokens
 import org.springframework.security.oauth2.jwt.JwtClaimNames
 import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication
-import org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector
 import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector
 import org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector
 import org.springframework.security.web.SecurityFilterChain
@@ -84,15 +84,15 @@ class OpaqueTokenDslTests {
        val headers = HttpHeaders().apply {
            contentType = MediaType.APPLICATION_JSON
        }
-        val entity = ResponseEntity("{\n" +
-                "  \"active\" : true,\n" +
-                "  \"sub\": \"test-subject\",\n" +
-                "  \"scope\": \"message:read\",\n" +
-                "  \"exp\": 4683883211\n" +
-                "}", headers, HttpStatus.OK)
+        val responseBody: Map<String, Any> = mapOf(
+            "active" to true,
+            "sub" to "test-subject",
+            "scope" to "message:read",
+            "exp" to 4683883211
+        )
        every {
-            DefaultOpaqueConfig.REST.exchange(any(), eq(String::class.java))
-        } returns entity
+            DefaultOpaqueConfig.REST.exchange(any(), any<ParameterizedTypeReference<Map<String, Any>>>())
+        } returns ResponseEntity(responseBody, headers, HttpStatus.OK)

        this.mockMvc.get("/authenticated") {
            header("Authorization", "Bearer token")
@@ -127,8 +127,8 @@ class OpaqueTokenDslTests {
        open fun rest(): RestOperations = REST

        @Bean
-        open fun tokenIntrospectionClient(): NimbusOpaqueTokenIntrospector {
-            return NimbusOpaqueTokenIntrospector("https://example.org/introspect", REST)
+        open fun tokenIntrospectionClient(): OpaqueTokenIntrospector {
+            return SpringOpaqueTokenIntrospector("https://example.org/introspect", REST)
        }
    }

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -28,8 +28,8 @@ import org.springframework.http.HttpHeaders
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
-import org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOpaqueTokenIntrospector
 import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector
+import org.springframework.security.oauth2.server.resource.introspection.SpringReactiveOpaqueTokenIntrospector
 import org.springframework.security.web.server.SecurityWebFilterChain
 import org.springframework.test.web.reactive.server.WebTestClient
 import org.springframework.web.reactive.config.EnableWebFlux
@@ -103,7 +103,7 @@ class ServerOpaqueTokenDslTests {

        @Bean
        open fun tokenIntrospectionClient(): ReactiveOpaqueTokenIntrospector {
-            return NimbusReactiveOpaqueTokenIntrospector(mockWebServer().url("/introspect").toString(), "client", "secret")
+            return SpringReactiveOpaqueTokenIntrospector(mockWebServer().url("/introspect").toString(), "client", "secret")
        }
    }

@@ -138,7 +138,7 @@ class ServerOpaqueTokenDslTests {
                }
                oauth2ResourceServer {
                    opaqueToken {
-                        introspector = NimbusReactiveOpaqueTokenIntrospector(mockWebServer().url("/introspector").toString(), "client", "secret")
+                        introspector = SpringReactiveOpaqueTokenIntrospector(mockWebServer().url("/introspector").toString(), "client", "secret")
                    }
                }
            }