Polish

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,7 +18,6 @@ package org.springframework.boot.autoconfigure.security.oauth2.resource;
 
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.BeansException;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanPostProcessor;
 import org.springframework.boot.autoconfigure.condition.ConditionMessage;
 import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
@@ -106,9 +105,8 @@ public class OAuth2ResourceServerConfiguration {
 	public static class ResourceServerFilterChainOrderProcessor
 			implements BeanPostProcessor {
 
-		private ResourceServerProperties resource;
+		private final ResourceServerProperties resource;
 
-		@Autowired
 		public ResourceServerFilterChainOrderProcessor(
 				ResourceServerProperties resource) {
 			this.resource = resource;

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerProperties.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/OAuth2AutoConfigurationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,7 +21,6 @@ import java.util.Arrays;
 import java.util.List;
 
 import com.fasterxml.jackson.databind.JsonNode;
-
 import org.junit.Test;
 
 import org.springframework.aop.support.AopUtils;

spring-boot-dependencies/pom.xml

@@ -1,4 +1,6 @@
-<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.springframework.boot</groupId>
 	<artifactId>spring-boot-dependencies</artifactId>
@@ -2654,4 +2656,4 @@
 			<id>integration-test</id>
 		</profile>
 	</profiles>
-</project>
+</project>

spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc

@@ -454,6 +454,7 @@ content into your application; rather pick only the properties that you need.
 	security.oauth2.client.client-secret= # OAuth2 client secret. A random secret is generated by default
 
 	# SECURITY OAUTH2 RESOURCES ({sc-spring-boot-autoconfigure}/security/oauth2/resource/ResourceServerProperties.{sc-ext}[ResourceServerProperties])
+	security.oauth2.resource.filter-order= # The order of the filter chain used to authenticate tokens.
 	security.oauth2.resource.id= # Identifier of the resource.
 	security.oauth2.resource.jwt.key-uri= # The URI of the JWT token. Can be set if the value is not available and the key is public.
 	security.oauth2.resource.jwt.key-value= # The verification key of the JWT token. Can either be a symmetric secret or PEM-encoded RSA public key.

spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc

@@ -2529,9 +2529,10 @@ needs to be running when your application starts up. It will log a warning if it
 find the key, and tell you what to do to fix it.
 
 OAuth2 resources are protected by a filter chain with order
-`security.oauth2.resource.filter-order` and the default is after the
+`security.oauth2.resource.filter-order` and the default is after the filter protecting the
-filter protecting the actuator endpoints by default (so actuator
+actuator endpoints by default (so actuator endpoints will stay on HTTP Basic unless you
-endpoints will stay on HTTP Basic unless you change the order).
+change the order).
+
 
 
 [[boot-features-security-oauth2-token-type]]

spring-boot-samples/spring-boot-sample-secure-oauth2-actuator/src/test/java/sample/secure/oauth2/resource/SampleSecureOAuth2ResourceApplicationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -48,10 +48,10 @@ import static org.springframework.test.web.servlet.setup.MockMvcBuilders.webAppC
 public class SampleSecureOAuth2ResourceApplicationTests {
 
 	@Autowired
-	WebApplicationContext context;
+	private WebApplicationContext context;
 
 	@Autowired
-	FilterChainProxy filterChain;
+	private FilterChainProxy filterChain;
 
 	private MockMvc mvc;
 

spring-boot-samples/spring-boot-sample-secure-oauth2-resource/pom.xml

@@ -1,5 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<!-- Your own application should inherit from spring-boot-starter-parent -->

spring-boot-samples/spring-boot-sample-secure-oauth2-resource/src/main/java/sample/secure/oauth2/resource/Flight.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2015 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

spring-boot-samples/spring-boot-sample-secure-oauth2-resource/src/main/java/sample/secure/oauth2/resource/FlightRepository.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2015 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

spring-boot-samples/spring-boot-sample-secure-oauth2-resource/src/main/java/sample/secure/oauth2/resource/SampleSecureOAuth2ResourceApplication.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2015 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

spring-boot-samples/spring-boot-sample-secure-oauth2-resource/src/test/java/sample/secure/oauth2/resource/SampleSecureOAuth2ResourceApplicationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -40,16 +40,17 @@ import static org.springframework.test.web.servlet.setup.MockMvcBuilders.webAppC
  * OAuth2-secured system
  *
  * @author Greg Turnquist
+ * @author Dave Syer
  */
 @RunWith(SpringRunner.class)
 @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
 public class SampleSecureOAuth2ResourceApplicationTests {
 
 	@Autowired
-	WebApplicationContext context;
+	private WebApplicationContext context;
 
 	@Autowired
-	FilterChainProxy filterChain;
+	private FilterChainProxy filterChain;
 
 	private MockMvc mvc;
 

spring-boot-samples/spring-boot-sample-secure-oauth2/src/test/java/sample/secure/oauth2/SampleSecureOAuth2ApplicationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.secure.oauth2;
 
 import java.util.Map;
@@ -54,10 +55,10 @@ import static org.springframework.test.web.servlet.setup.MockMvcBuilders.webAppC
 public class SampleSecureOAuth2ApplicationTests {
 
 	@Autowired
-	WebApplicationContext context;
+	private WebApplicationContext context;
 
 	@Autowired
-	FilterChainProxy filterChain;
+	private FilterChainProxy filterChain;
 
 	private MockMvc mvc;