Added responseTypes parameter to OAuth2Request

spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/AuthorizationRequest.java

@@ -103,7 +103,7 @@ public AuthorizationRequest(Map<String, String> authorizationParameters, Map<Str
 	}
 
 	public OAuth2Request createOAuth2Request() {
-		return new OAuth2Request(getApprovalParameters(), getClientId(), getAuthorities(), isApproved(), getScope(), getResourceIds(), getRedirectUri(), getExtensions());
+		return new OAuth2Request(getApprovalParameters(), getClientId(), getAuthorities(), isApproved(), getScope(), getResourceIds(), getRedirectUri(), getResponseTypes(), getExtensions());
 	}
 
 	/**

spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2Request.java

@@ -47,6 +47,12 @@ public class OAuth2Request extends BaseRequest implements Serializable {
 	 * the Client's default registered value.
 	 */
 	private String redirectUri;
+
+	/**
+	 * Resolved requested response types initialized (by the OAuth2RequestFactory) with the response types originally
+	 * requested.
+	 */
+	private Set<String> responseTypes = new HashSet<String>();
 
 	/**
 	 * Extension point for custom processing classes which may wish to store additional information about the OAuth2
@@ -56,7 +62,7 @@ public class OAuth2Request extends BaseRequest implements Serializable {
 
 	public OAuth2Request(Map<String, String> requestParameters, String clientId,
 			Collection<? extends GrantedAuthority> authorities, boolean approved, Set<String> scope,
-			Set<String> resourceIds, String redirectUri, Map<String, Serializable> extensionProperties) {
+			Set<String> resourceIds, String redirectUri, Set<String> responseTypes, Map<String, Serializable> extensionProperties) {
 		super.setClientId(clientId);
 		super.setRequestParameters(requestParameters);
 		super.setScope(scope);
@@ -68,6 +74,9 @@ public OAuth2Request(Map<String, String> requestParameters, String clientId,
 		}
 		this.approved = approved;
 		this.resourceIds = resourceIds;
+		if (responseTypes != null) {
+			this.responseTypes = new HashSet<String>(responseTypes);
+		}
 		this.redirectUri = redirectUri;
 		if (extensionProperties != null) {
 			this.extensions = extensionProperties;
@@ -76,7 +85,7 @@ public OAuth2Request(Map<String, String> requestParameters, String clientId,
 
 	protected OAuth2Request(OAuth2Request other) {
 		this(other.getRequestParameters(), other.getClientId(), other.getAuthorities(), other.isApproved(), other
-				.getScope(), other.getResourceIds(), other.getRedirectUri(), other.getExtensions());
+				.getScope(), other.getResourceIds(), other.getRedirectUri(), other.getResponseTypes(), other.getExtensions());
 	}
 
 	protected OAuth2Request(String clientId) {
@@ -90,6 +99,10 @@ protected OAuth2Request() {
 	public String getRedirectUri() {
 		return redirectUri;
 	}
+
+	public Set<String> getResponseTypes() {
+		return responseTypes;
+	}
 
 	public Collection<? extends GrantedAuthority> getAuthorities() {
 		return authorities;
@@ -136,15 +149,15 @@ protected void setScope(Collection<String> scope) {
     protected void setRequestParameters(Map<String, String> requestParameters) {
     	throw new IllegalStateException("Can't set request parameters on OAuth2Request");
     }
-
+    
 	/**
 	 * Update the request parameters and return a new object with the same properties except the parameters.
 	 * @param parameters new parameters replacing the existing ones
 	 * @return a new OAuth2Request
 	 */
 	public OAuth2Request createOAuth2Request(Map<String, String> parameters) {
 		return new OAuth2Request(parameters, getClientId(), authorities, approved, getScope(), resourceIds,
-				redirectUri, extensions);
+				redirectUri, responseTypes, extensions);
 	}
 
 	//
@@ -168,20 +181,26 @@ private void readObject(ObjectInputStream in) throws ClassNotFoundException, IOE
 	@Override
 	public int hashCode() {
 		final int prime = 31;
-		int result = 1;
+		int result = super.hashCode();
 		result = prime * result + (approved ? 1231 : 1237);
-		result = prime * result + ((authorities == null) ? 0 : authorities.hashCode());
-		result = prime * result + ((extensions == null) ? 0 : extensions.hashCode());
-		result = prime * result + ((redirectUri == null) ? 0 : redirectUri.hashCode());
-		result = prime * result + ((resourceIds == null) ? 0 : resourceIds.hashCode());
+		result = prime * result
+				+ ((authorities == null) ? 0 : authorities.hashCode());
+		result = prime * result
+				+ ((extensions == null) ? 0 : extensions.hashCode());
+		result = prime * result
+				+ ((redirectUri == null) ? 0 : redirectUri.hashCode());
+		result = prime * result
+				+ ((resourceIds == null) ? 0 : resourceIds.hashCode());
+		result = prime * result
+				+ ((responseTypes == null) ? 0 : responseTypes.hashCode());
 		return result;
 	}
 
 	@Override
 	public boolean equals(Object obj) {
 		if (this == obj)
 			return true;
-		if (obj == null)
+		if (!super.equals(obj))
 			return false;
 		if (getClass() != obj.getClass())
 			return false;
@@ -191,26 +210,27 @@ public boolean equals(Object obj) {
 		if (authorities == null) {
 			if (other.authorities != null)
 				return false;
-		}
-		else if (!authorities.equals(other.authorities))
+		} else if (!authorities.equals(other.authorities))
 			return false;
 		if (extensions == null) {
 			if (other.extensions != null)
 				return false;
-		}
-		else if (!extensions.equals(other.extensions))
+		} else if (!extensions.equals(other.extensions))
 			return false;
 		if (redirectUri == null) {
 			if (other.redirectUri != null)
 				return false;
-		}
-		else if (!redirectUri.equals(other.redirectUri))
+		} else if (!redirectUri.equals(other.redirectUri))
 			return false;
 		if (resourceIds == null) {
 			if (other.resourceIds != null)
 				return false;
-		}
-		else if (!resourceIds.equals(other.resourceIds))
+		} else if (!resourceIds.equals(other.resourceIds))
+			return false;
+		if (responseTypes == null) {
+			if (other.responseTypes != null)
+				return false;
+		} else if (!responseTypes.equals(other.responseTypes))
 			return false;
 		return true;
 	}

spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/TokenRequest.java

@@ -77,7 +77,7 @@ public OAuth2Request createOAuth2Request(ClientDetails client) {
 		Map<String,String> requestParameters = getRequestParameters();
 		HashMap<String, String> modifiable = new HashMap<String, String>(requestParameters);
 		modifiable.remove("password");
-		return new OAuth2Request(modifiable, client.getClientId(), client.getAuthorities(), true, this.getScope(), null, null, null);
+		return new OAuth2Request(modifiable, client.getClientId(), client.getAuthorities(), true, this.getScope(), null, null, null, null);
 	}
 
 }

spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/filter/TestOAuth2ClientAuthenticationProcessingFilter.java

@@ -54,7 +54,7 @@ public void testAuthentication() throws Exception {
 		Mockito.when(restTemplate.getAccessToken()).thenReturn(new DefaultOAuth2AccessToken("FOO"));
 		Set<String> scopes = new HashSet<String>();
 		scopes.addAll(Arrays.asList("read", "write"));
-		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(null, "client", null, false, scopes, null, null, null);
+		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(null, "client", null, false, scopes, null, null, null, null);
 		this.authentication = new OAuth2Authentication(storedOAuth2Request, null);
 		Mockito.when(tokenServices.loadAuthentication("FOO")).thenReturn(authentication);
 		Authentication authentication = filter.attemptAuthentication(null, null);

spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/RequestTokenFactory.java

@@ -30,9 +30,9 @@ public class RequestTokenFactory {
 
 	public static OAuth2Request createOAuth2Request(Map<String, String> requestParameters, String clientId,
 			Collection<? extends GrantedAuthority> authorities, boolean approved, Set<String> scope,
-			Set<String> resourceIds, String redirectUri, Map<String, Serializable> extensionProperties) {
+			Set<String> resourceIds, String redirectUri, Set<String> responseTypes, Map<String, Serializable> extensionProperties) {
 		return new OAuth2Request(requestParameters, clientId, authorities, approved, scope, resourceIds, redirectUri,
-				extensionProperties);
+				responseTypes, extensionProperties);
 	}
 
 }

spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/TestOAuth2Authentication.java

@@ -16,7 +16,7 @@
 public class TestOAuth2Authentication {
 
 	private OAuth2Request request = RequestTokenFactory.createOAuth2Request(null, "id", null, false,
-			Collections.singleton("read"), null, null, null);
+			Collections.singleton("read"), null, null, null, null);
 
 	private UsernamePasswordAuthenticationToken userAuthentication = new UsernamePasswordAuthenticationToken("foo",
 			"bar", Collections.singleton(new SimpleGrantedAuthority("ROLE_USER")));
@@ -25,7 +25,7 @@ public class TestOAuth2Authentication {
 	@Rollback
 	public void testIsAuthenticated() {
 		request = RequestTokenFactory.createOAuth2Request(null, "id", null, true, Collections.singleton("read"), null,
-				null, null);
+				null, null, null);
 		OAuth2Authentication authentication = new OAuth2Authentication(request, userAuthentication);
 		assertTrue(authentication.isAuthenticated());
 	}

spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/authentication/TestOAuth2AuthenticationManager.java

@@ -37,7 +37,7 @@ public class TestOAuth2AuthenticationManager {
 
 	private Authentication userAuthentication = new UsernamePasswordAuthenticationToken("marissa", "koala");
 
-	private OAuth2Authentication authentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request(null, "foo", null, false, null, null, null, null), userAuthentication);
+	private OAuth2Authentication authentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request(null, "foo", null, false, null, null, null, null, null), userAuthentication);
 
 	{
 		manager.setTokenServices(tokenServices);

spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/authentication/TestOAuth2AuthenticationProcessingFilter.java

@@ -43,7 +43,7 @@ public class TestOAuth2AuthenticationProcessingFilter {
 
 	private Authentication userAuthentication = new UsernamePasswordAuthenticationToken("marissa", "koala");
 
-	private OAuth2Authentication authentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request(null, "foo", null, false, null, null, null, null), userAuthentication);
+	private OAuth2Authentication authentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request(null, "foo", null, false, null, null, null, null, null), userAuthentication);
 
 	private FilterChain chain = Mockito.mock(FilterChain.class);
 

spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/code/TestAuthorizationCodeServicesBase.java

@@ -17,7 +17,7 @@ public abstract class TestAuthorizationCodeServicesBase {
 
 	@Test
 	public void testCreateAuthorizationCode() {
-		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(null, "id", null, false, null, null, null, null);
+		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(null, "id", null, false, null, null, null, null, null);
 		OAuth2Authentication expectedAuthentication = new OAuth2Authentication(
 				storedOAuth2Request, new TestAuthentication(
 						"test2", false)); 
@@ -31,7 +31,7 @@ storedOAuth2Request, new TestAuthentication(
 
 	@Test
 	public void testConsumeRemovesCode() {
-		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(null, "id", null, false, null, null, null, null);
+		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(null, "id", null, false, null, null, null, null, null);
 		OAuth2Authentication expectedAuthentication = new OAuth2Authentication(
 				storedOAuth2Request, new TestAuthentication(
 						"test2", false));

spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/code/TestAuthorizationCodeTokenGranter.java

@@ -78,7 +78,7 @@ public void testAuthorizationCodeGrant() {
 		parameters.clear();
 		parameters.put(OAuth2Utils.CLIENT_ID, "foo");
 		parameters.put(OAuth2Utils.SCOPE, "scope");
-		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(parameters, "foo", null, true, Collections.singleton("scope"), null, null, null);
+		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(parameters, "foo", null, true, Collections.singleton("scope"), null, null, null, null);
 
 		String code = authorizationCodeServices.createAuthorizationCode(new OAuth2Authentication(
 				storedOAuth2Request, userAuthentication));
@@ -100,7 +100,7 @@ public void testAuthorizationParametersPreserved() {
 		parameters.put("foo", "bar");
 		parameters.put(OAuth2Utils.CLIENT_ID, "foo");
 		parameters.put(OAuth2Utils.SCOPE, "scope");
-		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(parameters, "foo", null, true, Collections.singleton("scope"), null, null, null);
+		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(parameters, "foo", null, true, Collections.singleton("scope"), null, null, null, null);
 
 		Authentication userAuthentication = new UsernamePasswordAuthenticationToken("marissa", "koala",
 				AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
@@ -125,7 +125,7 @@ public void testAuthorizationRequestPreserved() {
 		parameters.clear();
 		parameters.put(OAuth2Utils.CLIENT_ID, "foo");
 		parameters.put(OAuth2Utils.SCOPE, "read");
-		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(parameters, "foo", null, true, Collections.singleton("read"), Collections.singleton("resource"), null, null);
+		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(parameters, "foo", null, true, Collections.singleton("read"), Collections.singleton("resource"), null, null, null);
 
 		Authentication userAuthentication = new UsernamePasswordAuthenticationToken("marissa", "koala",
 				AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
@@ -151,7 +151,7 @@ public void testAuthorizationCodeGrantWithNoClientAuthorities() {
 		parameters.clear();
 		parameters.put(OAuth2Utils.CLIENT_ID, "foo");
 		parameters.put(OAuth2Utils.SCOPE, "scope");
-		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(parameters, "foo", Collections.<GrantedAuthority> emptySet(), true, Collections.singleton("scope"), null, null, null);
+		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(parameters, "foo", Collections.<GrantedAuthority> emptySet(), true, Collections.singleton("scope"), null, null, null, null);
 
 		Authentication userAuthentication = new UsernamePasswordAuthenticationToken("marissa", "koala",
 				AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
@@ -176,7 +176,7 @@ public void testAuthorizationRedirectMismatch() {
 		parameters.clear();
 		parameters.put(OAuth2Utils.REDIRECT_URI, "https://redirectMe");
 		parameters.put(OAuth2Utils.CLIENT_ID, "foo");
-		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(parameters, "foo", null, true, null, null, "https://redirectMe", null);
+		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(parameters, "foo", null, true, null, null, "https://redirectMe", null, null);
 
 		Authentication userAuthentication = new UsernamePasswordAuthenticationToken("marissa", "koala",
 				AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));

spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/expression/TestOAuth2MethodSecurityExpressionHandler.java

@@ -52,7 +52,7 @@ public void testOauthClient() throws Exception {
 		Authentication userAuthentication = null;
 
 		OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request(request.getRequestParameters(), request.getClientId(), request.getAuthorities(), request.isApproved(), request.getScope(), request.getResourceIds(),
-				request.getRedirectUri(), request.getExtensions());
+				request.getRedirectUri(), request.getResponseTypes(), request.getExtensions());
 
 		OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
 		MethodInvocation invocation = new SimpleMethodInvocation(this, ReflectionUtils.findMethod(getClass(),
@@ -66,7 +66,7 @@ public void testOauthClient() throws Exception {
 	@Test
 	public void testScopes() throws Exception {
 
-		OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request(null, "foo", null, false, Collections.singleton("read"), null, null, null);
+		OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request(null, "foo", null, false, Collections.singleton("read"), null, null, null, null);
 
 		Authentication userAuthentication = null;
 		OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
@@ -107,7 +107,7 @@ public void testReEvaluationWithDifferentRoot() throws Exception {
 		EvaluationContext context = handler.createEvaluationContext(clientAuthentication, invocation);
 		assertFalse((Boolean) expression.getValue(context));
 
-		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(null, "foo", null, true, Collections.singleton("read"), null, null, null);
+		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(null, "foo", null, true, Collections.singleton("read"), null, null, null, null);
 
 		OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(storedOAuth2Request, null);
 		EvaluationContext anotherContext = handler.createEvaluationContext(oAuth2Authentication, invocation);