Move OAuth2 Core Server Classes to UAA namespace

[strehle]

• Moved Endpoints for OAuth2 from library to UAA. Main OIDC endpoints are in UAA implemented, so changes needed.

• Core-Beans for Server start. Entry point OAuth2SecurityNamespaceHandler.java, which supports XML key words in spring-servlet.xml. (moved to server)

• Moved spring schema handlers to server - support usage of spring-servlet.xml

  • server/src/main/resources/META-INF/spring.handlers
  • server/src/main/resources/META-INF/spring.schemas

• Client Token Creation, Main class OAuth2RestTemplate (moved to model)

• Not Moved / OPEN. Client Annotation. UAA does not need it

Statistics

• Sonar : https://sonarcloud.io/summary/new_code?id=cloudfoundry-identity-parent&pullRequest=2813
• CodeQL green now. Issue in Annotation , thus removed support for it
• Tests not forked yet. PR without tests has 522 changes. 170 NEW Files (moved from spring-security-oauth2 to uaa)

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/187364134

The labels on this github issue will be updated when the story is started.

[Tallicia]

@strehle I see the sonar link showing:
Failed Last analysis 23 hours ago 13.85%. Coverage: Required ≥ 80.0%
Is this still in progress?

[strehle]

Is this still in progress?

No it is ready. The issues are solved, the coverage needs tests but I have putted the forked tests into another PR, see
#2843 (comment)

-> PR 2848 is this PR plus tests
-> https://sonarcloud.io/summary/new_code?id=cloudfoundry-identity-parent&pullRequest=2848

Why: because then this PR would have even more changes

[Tallicia]

All existing tests are passing. ✅
want to run against new tests at strehle:eol/oauth2/core-server-plus-tests next

[Tallicia]

Tests from strehle:eol/oauth2/core-server-plus-tests passing. ✅ #2843

[Tallicia]

Making progress, about 1/3rd of the way through so far.

[Tallicia]

Approximately 2/3rd the way through (315 of 488 files).

So far everything is looking good with some comments and questions in the review.

I am out of time today, but expect I will have this completed tomorrow and ready for approval and merging. It looks like this and the PR with tests need to go together.

[Tallicia]

This is approved. There are some comments and questions I would appreciate some updates and responses on before merging if possible or shortly after.

[strehle]

@Tallicia I hope I have done all comments... / questions. If you have open questions , things I do not have answered, please let me know

[strehle]

Statistics:

Moved ca. 170 classes from https://github.com/spring-attic/spring-security-oauth/tree/main/spring-security-oauth2 to UAA
into model and server sub projects.

Moved ca. 70 tests from https://github.com/spring-attic/spring-security-oauth/tree/main/spring-security-oauth2 into UAA

Did code cleanup based on CodeQL and Sonar findings.

Refactored existing UAA forks , e.g. Token Endpoints

uaa.war now includes 134 external libraries (before 136)
uaa.war now has 61 MB (before 64 MB)

Summary. UAA now has all code to run as OAuth2/OIDC Server in this project, so that further refactoring can be done,
e.g.

• refactor loading and caching of oauth_client_details (should be loaded per thread only once, similar to IdentityZone)
• refactor token granter - UAA loads base grant types internally and then extend this via https://github.com/cloudfoundry/uaa/blob/develop/uaa/src/main/webapp/WEB-INF/spring/oauth-endpoints.xml#L40-L56. Support more / further grant types in future, e.g. token-exchange grant type https://datatracker.ietf.org/doc/html/rfc8693