Updated SECOAUTH reference, made required alterations to our configuration

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java

@@ -42,7 +42,8 @@ import org.springframework.security.oauth2.provider.AuthorizationRequest;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.token.TokenEnhancer;
 import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
+
+import com.google.common.collect.Sets;
 
 
 /**
@@ -83,8 +84,11 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 		    // attach the client
 	    	token.setClient(client);
 	    	
-		    // inherit the scope from the auth
+		    // inherit the scope from the auth, but make a new set so it is 
-		    token.setScope(clientAuth.getScope());
+	    	//not unmodifiable. Unmodifiables don't play nicely with Eclipselink, which 
+	    	//wants to use the clone operation.
+	    	Set<String> scopes = Sets.newHashSet(clientAuth.getScope());
+		    token.setScope(scopes);
 
 		    // make it expire if necessary
 		    // TODO: pending upstream updates, check for 0 or -1 value here

openid-connect-server/src/main/webapp/WEB-INF/application-context.xml

@@ -47,12 +47,12 @@
 
 	<oauth:resource-server id="resourceServerFilter" token-services-ref="defaultOAuth2ProviderTokenService" />
 
-	<security:http pattern="/oauth/token" 
+	<security:http pattern="/token" 
 		create-session="stateless"
 		authentication-manager-ref="clientAuthenticationManager"
 		entry-point-ref="oauthAuthenticationEntryPoint">
 		
-		<security:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
+		<security:intercept-url pattern="/token" access="IS_AUTHENTICATED_FULLY" />
 		<security:anonymous enabled="false" />
 		<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
 		<!-- include this only if you need to authenticate clients via request parameters -->
@@ -101,6 +101,7 @@
 
 	<bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
 		<property name="authenticationManager" ref="clientAuthenticationManager" />
+		<property name="filterProcessesUrl" value="/token"/>
 	</bean>
 
 	<authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">

openid-connect-server/src/main/webapp/WEB-INF/web.xml

@@ -18,20 +18,6 @@
 	
 	<!-- filter through Spring Security -->
 
-	<filter>
-	    <filter-name>oauth2EndpointUrlFilter</filter-name>
-	    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-	    <init-param>
-	        <param-name>contextAttribute</param-name>
-	        <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
-	    </init-param>
-	</filter>
-	
-	<filter-mapping>
-	    <filter-name>oauth2EndpointUrlFilter</filter-name>
-	    <url-pattern>/*</url-pattern>
-	</filter-mapping>
-
 	<filter>
 		<filter-name>clientCredentialsTokenEndpointFilter</filter-name>
 		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
@@ -52,7 +38,7 @@
 
 	<filter-mapping>
 		<filter-name>clientCredentialsTokenEndpointFilter</filter-name>
-		<url-pattern>/oauth/token</url-pattern>
+		<url-pattern>/token</url-pattern>
 	</filter-mapping>
 
 	<filter-mapping>

spring-security-oauth

@@ -1 +1 @@
-Subproject commit 2a3e2636d0c85620fbd495b40c5ef8fe11a94eba
+Subproject commit 9615bd9a62da1946e2291a6b2663c0258bda4f82