Tidy up some oauth2 features and add a test for request-scoped context

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/OAuth2AutoConfiguration.java

@@ -23,7 +23,7 @@ import org.springframework.boot.autoconfigure.AutoConfigureBefore;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
-import org.springframework.boot.autoconfigure.security.oauth2.authserver.SpringSecurityOAuth2AuthorizationServerConfiguration;
+import org.springframework.boot.autoconfigure.security.oauth2.authserver.OAuth2AuthorizationServerConfiguration;
 import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2RestOperationsConfiguration;
 import org.springframework.boot.autoconfigure.security.oauth2.method.OAuth2MethodSecurityConfiguration;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerConfiguration;
@@ -46,7 +46,7 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter
  */
 @Configuration
 @ConditionalOnClass({ OAuth2AccessToken.class, WebMvcConfigurerAdapter.class })
-@Import({ SpringSecurityOAuth2AuthorizationServerConfiguration.class,
+@Import({ OAuth2AuthorizationServerConfiguration.class,
 		OAuth2MethodSecurityConfiguration.class, OAuth2ResourceServerConfiguration.class,
 		OAuth2RestOperationsConfiguration.class })
 @AutoConfigureBefore(WebMvcAutoConfiguration.class)

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/authserver/OAuth2AuthorizationServerConfiguration.java

@@ -60,11 +60,11 @@ import org.springframework.security.oauth2.provider.token.TokenStore;
 @ConditionalOnMissingBean(AuthorizationServerConfigurer.class)
 @ConditionalOnBean(AuthorizationServerEndpointsConfiguration.class)
 @EnableConfigurationProperties
-public class SpringSecurityOAuth2AuthorizationServerConfiguration extends
+public class OAuth2AuthorizationServerConfiguration extends
 		AuthorizationServerConfigurerAdapter {
 
 	private static final Log logger = LogFactory
-			.getLog(SpringSecurityOAuth2AuthorizationServerConfiguration.class);
+			.getLog(OAuth2AuthorizationServerConfiguration.class);
 
 	@Autowired
 	private BaseClientDetails details;

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/EnableOAuth2Sso.java

@@ -23,6 +23,7 @@ import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
 import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerTokenServicesConfiguration;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Import;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
@@ -42,6 +43,7 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.E
 @Retention(RetentionPolicy.RUNTIME)
 @Documented
 @EnableOAuth2Client
+@EnableConfigurationProperties(OAuth2SsoProperties.class)
 @Import({ OAuth2SsoDefaultConfiguration.class, OAuth2SsoCustomConfiguration.class,
 		ResourceServerTokenServicesConfiguration.class })
 public @interface EnableOAuth2Sso {

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2RestOperationsConfiguration.java

@@ -138,7 +138,7 @@ public class OAuth2RestOperationsConfiguration {
 	protected static class RequestScopedConfiguration extends BaseConfiguration {
 
 		@Bean
-		@Scope(value = "session", proxyMode = ScopedProxyMode.INTERFACES)
+		@Scope(value = "request", proxyMode = ScopedProxyMode.INTERFACES)
 		public OAuth2ClientContext oauth2ClientContext() {
 			DefaultOAuth2ClientContext context = new DefaultOAuth2ClientContext(
 					new DefaultAccessTokenRequest());

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2SsoDefaultConfiguration.java

@@ -21,7 +21,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
 import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
 import org.springframework.boot.autoconfigure.security.SecurityProperties;
-import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2SsoDefaultConfiguration.NeedsWebSecurityCondition;
 import org.springframework.context.annotation.ConditionContext;
 import org.springframework.context.annotation.Conditional;
 import org.springframework.context.annotation.Configuration;
@@ -41,46 +41,39 @@ import org.springframework.util.ClassUtils;
  * @since 1.3.0
  */
 @Configuration
-@EnableConfigurationProperties(OAuth2SsoProperties.class)
+@Conditional(NeedsWebSecurityCondition.class)
-public class OAuth2SsoDefaultConfiguration {
+public class OAuth2SsoDefaultConfiguration extends WebSecurityConfigurerAdapter implements
+		Ordered {
 
-	@Configuration
+	@Autowired
-	@Conditional(NeedsWebSecurityCondition.class)
+	BeanFactory beanFactory;
-	protected static class WebSecurityConfiguration extends WebSecurityConfigurerAdapter
-			implements Ordered {
 
-		@Autowired
+	@Autowired
-		BeanFactory beanFactory;
+	OAuth2SsoProperties sso;
 
-		@Autowired
+	@Override
-		OAuth2SsoProperties sso;
+	protected void configure(HttpSecurity http) throws Exception {
+		http.antMatcher("/**").authorizeRequests().anyRequest().authenticated();
+		new SsoSecurityConfigurer(this.beanFactory).configure(http);
+	}
 
-		@Override
+	@Override
-		protected void configure(HttpSecurity http) throws Exception {
+	public int getOrder() {
-			http.antMatcher("/**").authorizeRequests().anyRequest().authenticated();
+		if (this.sso.getFilterOrder() != null) {
-			new SsoSecurityConfigurer(this.beanFactory).configure(http);
+			return this.sso.getFilterOrder();
 		}
-
+		if (ClassUtils
-		@Override
+				.isPresent(
-		public int getOrder() {
+						"org.springframework.boot.actuate.autoconfigure.ManagementServerProperties",
-			if (this.sso.getFilterOrder() != null) {
+						null)) {
-				return this.sso.getFilterOrder();
+			// If > BASIC_AUTH_ORDER then the existing rules for the actuator
-			}
+			// endpoints will take precedence. This value is < BASIC_AUTH_ORDER.
-			if (ClassUtils
+			return SecurityProperties.ACCESS_OVERRIDE_ORDER - 5;
-					.isPresent(
-							"org.springframework.boot.actuate.autoconfigure.ManagementServerProperties",
-							null)) {
-				// If > BASIC_AUTH_ORDER then the existing rules for the actuator
-				// endpoints
-				// will take precedence. This value is < BASIC_AUTH_ORDER.
-				return SecurityProperties.ACCESS_OVERRIDE_ORDER - 5;
-			}
-			return SecurityProperties.ACCESS_OVERRIDE_ORDER;
 		}
-
+		return SecurityProperties.ACCESS_OVERRIDE_ORDER;
 	}
 
-	private static class NeedsWebSecurityCondition extends SpringBootCondition {
+	protected static class NeedsWebSecurityCondition extends SpringBootCondition {
 
 		@Override
 		public ConditionOutcome getMatchOutcome(ConditionContext context,

spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/SpringSecurityOAuth2AutoConfigurationTests.java

@@ -24,7 +24,7 @@ import org.junit.Test;
 import org.springframework.aop.support.AopUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.oauth2.authserver.SpringSecurityOAuth2AuthorizationServerConfiguration;
+import org.springframework.boot.autoconfigure.security.oauth2.authserver.OAuth2AuthorizationServerConfiguration;
 import org.springframework.boot.autoconfigure.security.oauth2.method.OAuth2MethodSecurityConfiguration;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerConfiguration;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
@@ -104,7 +104,7 @@ public class SpringSecurityOAuth2AutoConfigurationTests {
 
 	private static final Class<?> RESOURCE_SERVER_CONFIG = OAuth2ResourceServerConfiguration.class;
 
-	private static final Class<?> AUTHORIZATION_SERVER_CONFIG = SpringSecurityOAuth2AuthorizationServerConfiguration.class;
+	private static final Class<?> AUTHORIZATION_SERVER_CONFIG = OAuth2AuthorizationServerConfiguration.class;
 
 	private AnnotationConfigEmbeddedWebApplicationContext context;
 

spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfigurationTests.java

@@ -19,12 +19,16 @@ package org.springframework.boot.autoconfigure.security.oauth2.resource;
 import org.junit.After;
 import org.junit.Test;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.config.BeanDefinition;
+import org.springframework.beans.factory.support.BeanDefinitionRegistry;
 import org.springframework.boot.autoconfigure.PropertyPlaceholderAutoConfiguration;
 import org.springframework.boot.autoconfigure.security.oauth2.OAuth2ClientProperties;
+import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2RestOperationsConfiguration;
 import org.springframework.boot.autoconfigure.social.FacebookAutoConfiguration;
 import org.springframework.boot.autoconfigure.social.SocialWebAutoConfiguration;
 import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory;
+import org.springframework.boot.context.embedded.MockEmbeddedServletContainerFactory;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.boot.test.EnvironmentTestUtils;
 import org.springframework.context.ConfigurableApplicationContext;
@@ -37,6 +41,7 @@ import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
 import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
 import org.springframework.social.connect.ConnectionFactoryLocator;
 
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.mockito.Mockito.mock;
 
@@ -96,6 +101,19 @@ public class ResourceServerTokenServicesConfigurationTests {
 		assertNotNull(services);
 	}
 
+	@Test
+	public void userInfoNoClient() {
+		EnvironmentTestUtils.addEnvironment(this.environment,
+				"spring.oauth2.client.clientId=acme",
+				"spring.oauth2.resource.userInfoUri:http://example.com",
+				"server.port=-1", "debug=true");
+		this.context = new SpringApplicationBuilder(ResourceNoClientConfiguration.class)
+				.environment(this.environment).web(true).run();
+		BeanDefinition bean = ((BeanDefinitionRegistry) this.context)
+				.getBeanDefinition("scopedTarget.oauth2ClientContext");
+		assertEquals("request", bean.getScope());
+	}
+
 	@Test
 	public void preferUserInfo() {
 		EnvironmentTestUtils.addEnvironment(this.environment,
@@ -154,6 +172,16 @@ public class ResourceServerTokenServicesConfigurationTests {
 
 	}
 
+	@Import({ OAuth2RestOperationsConfiguration.class })
+	protected static class ResourceNoClientConfiguration extends ResourceConfiguration {
+
+		@Bean
+		public MockEmbeddedServletContainerFactory embeddedServletContainerFactory() {
+			return new MockEmbeddedServletContainerFactory();
+		}
+
+	}
+
 	@Configuration
 	protected static class ResourceServerPropertiesConfiguration {