diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthentication.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthentication.java index 0da2633c7a8..59c230ecf7e 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthentication.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthentication.java @@ -53,7 +53,7 @@ public class BearerTokenAuthentication extends AbstractOAuth2TokenAuthentication public BearerTokenAuthentication(OAuth2AuthenticatedPrincipal principal, OAuth2AccessToken credentials, Collection authorities) { super(credentials, principal, credentials, authorities); - Assert.isTrue(credentials.getTokenType() == OAuth2AccessToken.TokenType.BEARER, + Assert.isTrue(OAuth2AccessToken.TokenType.BEARER.equals(credentials.getTokenType()), "credentials must be a bearer token"); this.attributes = Collections.unmodifiableMap(new LinkedHashMap<>(principal.getAttributes())); setAuthenticated(true); @@ -121,7 +121,8 @@ public B credentials(@Nullable Object token) { */ @Override public B token(OAuth2AccessToken token) { - Assert.isTrue(token.getTokenType() == OAuth2AccessToken.TokenType.BEARER, "token must be a bearer token"); + Assert.isTrue(OAuth2AccessToken.TokenType.BEARER.equals(token.getTokenType()), + "token must be a bearer token"); super.credentials(token); return super.token(token); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationTests.java index 9ae84282d1d..424b84285c4 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationTests.java @@ -173,4 +173,32 @@ public void toBuilderWhenApplyThenCopies() { assertThat(authorities).containsExactlyInAnyOrder("FACTOR_ONE", "FACTOR_TWO"); } + // gh-19377 + @Test + public void compareCredentialsHasBearerTokenType() { + Instant current = Instant.now(); + Instant after1hour = Instant.now().plusSeconds(3600); + OAuth2AccessToken oAuth2AccessToken = new OAuth2AccessToken(new OAuth2AccessToken.TokenType("Bearer"), "token", + current, after1hour); + BearerTokenAuthentication authenticated = new BearerTokenAuthentication(this.principal, oAuth2AccessToken, + this.authorities); + assertThat(authenticated.getName()).isEqualTo(this.name); + assertThat(authenticated.getCredentials()) + .isEqualTo(new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", current, after1hour)); + } + + // gh-19377 + @Test + public void toBuilderCompareCredentialsHasBearerTokenType() { + Instant current = Instant.now(); + Instant after1hour = Instant.now().plusSeconds(3600); + OAuth2AccessToken oAuth2AccessToken = new OAuth2AccessToken(new OAuth2AccessToken.TokenType("Bearer"), "token", + current, after1hour); + BearerTokenAuthentication token = new BearerTokenAuthentication(this.principal, this.token, this.authorities); + BearerTokenAuthentication authenticated = token.toBuilder().token(oAuth2AccessToken).build(); + assertThat(authenticated.getName()).isEqualTo(this.name); + assertThat(authenticated.getCredentials()) + .isEqualTo(new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", current, after1hour)); + } + }