BREAKING CHANGE: refresh controller enabled by default

Close: #242

security-jwt/src/main/java/io/micronaut/security/token/jwt/endpoints/OauthController.java

@@ -46,7 +46,8 @@
  * @author Graeme Rocher
  * @since 1.0
  */
-@Requires(property = OauthControllerConfigurationProperties.PREFIX + ".enabled", value = StringUtils.TRUE)
+@Requires(property = OauthControllerConfigurationProperties.PREFIX + ".enabled", notEquals = StringUtils.FALSE, defaultValue = StringUtils.TRUE)
+@Requires(beans = AccessRefreshTokenGenerator.class)
 @Requires(beans = RefreshTokenPersistence.class)
 @Requires(beans = RefreshTokenValidator.class)
 @Controller("${" + OauthControllerConfigurationProperties.PREFIX + ".path:/oauth/access_token}")

security-jwt/src/main/java/io/micronaut/security/token/jwt/endpoints/OauthControllerConfigurationProperties.java

@@ -26,7 +26,7 @@
  * @author Sergio del Amo
  * @since 1.0
  */
-@Requires(property = OauthControllerConfigurationProperties.PREFIX + ".enabled", value = StringUtils.TRUE)
+@Requires(property = OauthControllerConfigurationProperties.PREFIX + ".enabled", notEquals = StringUtils.FALSE, defaultValue = StringUtils.TRUE)
 @ConfigurationProperties(OauthControllerConfigurationProperties.PREFIX)
 public class OauthControllerConfigurationProperties implements OauthControllerConfiguration {
 
@@ -36,7 +36,7 @@ public class OauthControllerConfigurationProperties implements OauthControllerCo
      * The default enable value.
      */
     @SuppressWarnings("WeakerAccess")
-    public static final boolean DEFAULT_ENABLED = false;
+    public static final boolean DEFAULT_ENABLED = true;
 
     /**
      * The default path.

security-jwt/src/test/groovy/io/micronaut/security/token/jwt/endpoints/OauthControllerEnabledSpec.groovy

@@ -1,18 +1,41 @@
 package io.micronaut.security.token.jwt.endpoints
 
-
+import io.micronaut.context.annotation.Requires
 import io.micronaut.context.exceptions.NoSuchBeanException
+import io.micronaut.security.authentication.UserDetails
+import io.micronaut.security.token.event.RefreshTokenGeneratedEvent
+import io.micronaut.security.token.generator.RefreshTokenGenerator
+import io.micronaut.security.token.jwt.generator.AccessRefreshTokenGenerator
+import io.micronaut.security.token.refresh.RefreshTokenPersistence
+import io.micronaut.security.token.validator.RefreshTokenValidator
 import io.micronaut.testutils.ApplicationContextSpecification
+import org.reactivestreams.Publisher
 import spock.lang.Unroll
 
+import javax.inject.Singleton
+
 class OauthControllerEnabledSpec extends ApplicationContextSpecification {
+
+    @Override
+    String getSpecName() {
+        'OauthControllerEnabledSpec'
+    }
+
     @Override
     Map<String, Object> getConfiguration() {
-        super.configuration + ['micronaut.security.endpoints.oauth.enabled': false,]
+        super.configuration + [
+                'micronaut.security.endpoints.oauth.enabled': false,
+                'micronaut.security.token.jwt.generator.refresh-token.secret': 'pleaseChangeThisSecretForANewOne',
+        ]
     }
 
     @Unroll("bean #description is not loaded if micronaut.security.endpoints.oauth.enabled=false")
     void "if micronaut.security.endpoints.oauth.enabled=false security related beans are not loaded"(Class clazz, String description) {
+        expect:
+        applicationContext.containsBean(AccessRefreshTokenGenerator)
+        applicationContext.containsBean(RefreshTokenPersistence)
+        applicationContext.containsBean(RefreshTokenValidator)
+
         when:
         applicationContext.getBean(clazz)
 
@@ -26,8 +49,21 @@ class OauthControllerEnabledSpec extends ApplicationContextSpecification {
                 OauthControllerConfiguration,
                 OauthControllerConfigurationProperties,
         ]
-
         description = clazz.simpleName
     }
 
+    @Requires(property = 'spec.name', value = 'OauthControllerEnabledSpec')
+    @Singleton
+    static class CustomRefreshTokenPersistence implements RefreshTokenPersistence {
+
+        @Override
+        void persistToken(RefreshTokenGeneratedEvent event) {
+
+        }
+
+        @Override
+        Publisher<UserDetails> getUserDetails(String refreshToken) {
+            return null
+        }
+    }
 }

security-jwt/src/test/groovy/io/micronaut/security/token/jwt/endpoints/OauthControllerPathConfigurableSpec.groovy

@@ -23,7 +23,6 @@ class OauthControllerPathConfigurableSpec extends EmbeddedServerSpecification {
     @Override
     Map<String, Object> getConfiguration() {
         super.configuration + [
-            'micronaut.security.endpoints.oauth.enabled': true,
             'micronaut.security.token.jwt.generator.refresh-token.secret': 'pleaseChangeThisSecretForANewOne',
             'micronaut.security.endpoints.oauth.path': '/newtoken',
         ]

security-jwt/src/test/groovy/io/micronaut/security/token/jwt/endpoints/OauthControllerSpec.groovy

@@ -47,7 +47,6 @@ class OauthControllerSpec extends EmbeddedServerSpecification {
     Map<String, Object> getConfiguration() {
         super.configuration + [
                 'micronaut.security.endpoints.login.enabled': true,
-                'micronaut.security.endpoints.oauth.enabled': true,
                 'micronaut.security.token.jwt.signatures.secret.generator.secret': 'qrD6h8K6S9503Q06Y6Rfk21TErImPYqa',
                 'micronaut.security.token.jwt.generator.refresh-token.secret': 'pleaseChangeThisSecretForANewOne',
          ] as Map<String, Object>

src/main/docs/guide/endpoints/refresh.adoc

@@ -28,7 +28,9 @@ The api:security.token.refresh.RefreshTokenPersistence[] implementation will rec
 
 ### Refreshing the Token
 
-Micronaut security comes with a controller to allow for the refresh of access tokens. The api:security.token.jwt.endpoints.OauthController[controller] can be enabled with a configuration property.
+Micronaut security comes with a controller to allow for the refresh of access tokens. The context loads the api:security.token.jwt.endpoints.OauthController[OauthController] if your context contains beans of type: api:io.micronaut.security.token.jwt.generator.AccessRefreshTokenGenerator[], api:security.token.refresh.RefreshTokenPersistence[], api:security.token.validator.RefreshTokenValidator[]
+
+Moreover, the controller can be configured with:
 
 include::{includedir}configurationProperties/io.micronaut.security.token.jwt.endpoints.OauthControllerConfigurationProperties.adoc[]