Remove authorities -> AuthorizationGrantAuthenticationToken constructor

jgrandja · jgrandja · commit dec0bce100a0 · 2017-10-05T20:22:50.000-04:00
Fixes gh-4602
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationToken.java
@@ -15,7 +15,6 @@
  */
 package org.springframework.security.oauth2.client.authentication;
 
-import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
@@ -39,7 +38,7 @@ public class AuthorizationCodeAuthenticationToken extends AuthorizationGrantAuth
 	public AuthorizationCodeAuthenticationToken(String authorizationCode,
 												ClientRegistration clientRegistration,
 												AuthorizationRequestAttributes authorizationRequest) {
-		super(AuthorizationGrantType.AUTHORIZATION_CODE, AuthorityUtils.NO_AUTHORITIES);
+		super(AuthorizationGrantType.AUTHORIZATION_CODE);
 		Assert.hasText(authorizationCode, "authorizationCode cannot be empty");
 		Assert.notNull(clientRegistration, "clientRegistration cannot be null");
 		Assert.notNull(authorizationRequest, "authorizationRequest cannot be null");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationGrantAuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationGrantAuthenticationToken.java
@@ -16,12 +16,11 @@
 package org.springframework.security.oauth2.client.authentication;
 
 import org.springframework.security.authentication.AbstractAuthenticationToken;
-import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.util.Assert;
 
-import java.util.Collection;
+import java.util.Collections;
 
 /**
  * Base implementation of an {@link AbstractAuthenticationToken} that holds
@@ -36,10 +35,8 @@ public abstract class AuthorizationGrantAuthenticationToken extends AbstractAuth
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 	private final AuthorizationGrantType authorizationGrantType;
 
-	protected AuthorizationGrantAuthenticationToken(AuthorizationGrantType authorizationGrantType,
-													Collection<? extends GrantedAuthority> authorities) {
-
-		super(authorities);
+	protected AuthorizationGrantAuthenticationToken(AuthorizationGrantType authorizationGrantType) {
+		super(Collections.emptyList());
 		Assert.notNull(authorizationGrantType, "authorizationGrantType cannot be null");
 		this.authorizationGrantType = authorizationGrantType;
 	}
