Fix OAuth2ResourceServerLambdaDsl for Kotlin code#916
Merged
Conversation
The recipe was incorrectly transforming Kotlin code when run multiple times. After the first cycle transformed methods like jwt() and opaqueToken() to lambda DSL style, subsequent cycles would incorrectly detect them as applicable for transformation again because the method type information didn't reflect the added lambda argument. This caused the recipe to nest opaqueToken inside jwt's lambda and lose the jwkSetUri configuration. Changes: - Add check in isApplicableMethod() to skip methods that already have a lambda argument, preventing duplicate transformations - Enhance isAndMethod() with fallback type checking using the select's method return type for cases where return types aren't fully resolved - Update test to remove @ExpectedToFail and match actual recipe output Fixes moderneinc/customer-requests#1765
MBoegers
commented
Jan 27, 2026
...nrewrite/java/spring/security6/oauth2/server/resource/OAuth2ResourceServerLambdaDslTest.java
Show resolved
Hide resolved
The Kotlin parser doesn't provide complete type information for method invocations like server.jwt(), causing LST type validation to fail. Other Kotlin tests in this file already use TypeValidation.none() to work around this limitation.
MBoegers
commented
Jan 27, 2026
...nrewrite/java/spring/security6/oauth2/server/resource/OAuth2ResourceServerLambdaDslTest.java
Outdated
Show resolved
Hide resolved
timtebeek
approved these changes
Jan 28, 2026
github-project-automation
bot
moved this from In Progress
to Ready to Review
in OpenRewrite
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Problem
The
OAuth2ResourceServerLambdaDslrecipe was incorrectly transforming Kotlin code. When run on Kotlin files like:The recipe would mangle the output, nesting
opaqueTokeninsidejwt's lambda and losing thejwkSetUriconfiguration. The root cause was that after the first transformation cycle, subsequent cycles would incorrectly detect already-transformed methods (with lambda arguments) as still applicable for transformation.Solution
isApplicableMethod()to skip methods that already have a lambda argument, preventing duplicate transformations in subsequent recipe cyclesisAndMethod()with fallback type checking using the select's method return type for cases where Kotlin return types aren't fully resolvedKnown Limitation
The generated lambdas use parenthesized syntax
.jwt({jwt -> ...})instead of Kotlin's idiomatic trailing lambda syntax.jwt { jwt -> ... }. This is because the recipe createsJ.Lambda(Java AST) nodes which print with parentheses in Kotlin.A future improvement would be to detect Kotlin source files and create
K.FunctionLiteralnodes instead, producing idiomatic trailing lambda syntax. The current output is valid Kotlin and functionally correct, just not stylistically ideal.Test plan
OAuth2ResourceServerLambdaDslTest.advanced())OAuth2ResourceServerLambdaDslTest.Kotlin.preservesCustomJwtConfiguration())ConvertToSecurityDslVisitorstill work (HttpSecurityLambdaDsl, OAuth2ClientLambdaDsl, etc.)Fixes moderneinc/customer-requests#1765