The following issues were found

oauth2-authorization-server/src/main/java/org/springframework/security/config/annotation/web/configuration/RegisterMissingBeanPostProcessor.java
3 issues
Found non-transient, non-static member. Please mark as transient or provide accessors.
Error

Line: 42 

               * @since 0.2.0
 */
final class RegisterMissingBeanPostProcessor implements BeanDefinitionRegistryPostProcessor, BeanFactoryAware {
	private final AnnotationBeanNameGenerator beanNameGenerator = new AnnotationBeanNameGenerator();
	private final List<AbstractBeanDefinition> beanDefinitions = new ArrayList<>();
	private BeanFactory beanFactory;

	@Override
	public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException {

Reported by PMD.

Found non-transient, non-static member. Please mark as transient or provide accessors.
Error

Line: 43 

               */
final class RegisterMissingBeanPostProcessor implements BeanDefinitionRegistryPostProcessor, BeanFactoryAware {
	private final AnnotationBeanNameGenerator beanNameGenerator = new AnnotationBeanNameGenerator();
	private final List<AbstractBeanDefinition> beanDefinitions = new ArrayList<>();
	private BeanFactory beanFactory;

	@Override
	public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException {
		for (AbstractBeanDefinition beanDefinition : this.beanDefinitions) {

Reported by PMD.

Found non-transient, non-static member. Please mark as transient or provide accessors.
Error

Line: 44 

              final class RegisterMissingBeanPostProcessor implements BeanDefinitionRegistryPostProcessor, BeanFactoryAware {
	private final AnnotationBeanNameGenerator beanNameGenerator = new AnnotationBeanNameGenerator();
	private final List<AbstractBeanDefinition> beanDefinitions = new ArrayList<>();
	private BeanFactory beanFactory;

	@Override
	public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException {
		for (AbstractBeanDefinition beanDefinition : this.beanDefinitions) {
			String[] beanNames = BeanFactoryUtils.beanNamesForTypeIncludingAncestors(

Reported by PMD.

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimsSet.java
3 issues
Found non-transient, non-static member. Please mark as transient or provide accessors.
Error

Line: 74 

              	 * A builder for {@link JwtClaimsSet}.
	 */
	public static final class Builder {
		private final Map<String, Object> claims = new HashMap<>();

		private Builder() {
		}

		private Builder(JwtClaimsSet claims) {

Reported by PMD.

Field claims has the same name as a method
Error

Line: 74 

              	 * A builder for {@link JwtClaimsSet}.
	 */
	public static final class Builder {
		private final Map<String, Object> claims = new HashMap<>();

		private Builder() {
		}

		private Builder(JwtClaimsSet claims) {

Reported by PMD.

Potential violation of Law of Demeter (method chain calls)
Design

Line: 193 

              			// Attempt to convert to URL.
			Object issuer = this.claims.get(JwtClaimNames.ISS);
			if (issuer != null) {
				URL convertedValue = ClaimConversionService.getSharedInstance().convert(issuer, URL.class);
				if (convertedValue != null) {
					this.claims.put(JwtClaimNames.ISS, convertedValue);
				}
			}

Reported by PMD.

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/UnmodifiableMapDeserializer.java
3 issues
Potential violation of Law of Demeter (object not created locally)
Design

Line: 47 

              	@Override
	public Map<?, ?> deserialize(JsonParser parser, DeserializationContext context) throws IOException {
		ObjectMapper mapper = (ObjectMapper) parser.getCodec();
		JsonNode mapNode = mapper.readTree(parser);
		Map<String, Object> result = new LinkedHashMap<>();
		if (mapNode != null && mapNode.isObject()) {
			Iterable<Map.Entry<String, JsonNode>> fields = mapNode::fields;
			for (Map.Entry<String, JsonNode> field : fields) {
				result.put(field.getKey(), mapper.readValue(field.getValue().traverse(mapper), Object.class));

Reported by PMD.

Potential violation of Law of Demeter (object not created locally)
Design

Line: 49 

              		ObjectMapper mapper = (ObjectMapper) parser.getCodec();
		JsonNode mapNode = mapper.readTree(parser);
		Map<String, Object> result = new LinkedHashMap<>();
		if (mapNode != null && mapNode.isObject()) {
			Iterable<Map.Entry<String, JsonNode>> fields = mapNode::fields;
			for (Map.Entry<String, JsonNode> field : fields) {
				result.put(field.getKey(), mapper.readValue(field.getValue().traverse(mapper), Object.class));
			}
		}

Reported by PMD.

Potential violation of Law of Demeter (method chain calls)
Design

Line: 52 

              		if (mapNode != null && mapNode.isObject()) {
			Iterable<Map.Entry<String, JsonNode>> fields = mapNode::fields;
			for (Map.Entry<String, JsonNode> field : fields) {
				result.put(field.getKey(), mapper.readValue(field.getValue().traverse(mapper), Object.class));
			}
		}
		return Collections.unmodifiableMap(result);
	}

Reported by PMD.

buildSrc/src/main/java/lock/GlobalLockTask.java
3 issues
Potential violation of Law of Demeter (method chain calls)
Design

Line: 18 

              	@TaskAction
	public void lock() {
		Project taskProject = getProject();
		if (!taskProject.getGradle().getStartParameter().isWriteDependencyLocks()) {
			throw new IllegalStateException("You just specify --write-locks argument");
		}
		writeLocksFor(taskProject);
		taskProject.getSubprojects().forEach(new Consumer<Project>() {
			@Override

Reported by PMD.

Potential violation of Law of Demeter (method chain calls)
Design

Line: 18 

              	@TaskAction
	public void lock() {
		Project taskProject = getProject();
		if (!taskProject.getGradle().getStartParameter().isWriteDependencyLocks()) {
			throw new IllegalStateException("You just specify --write-locks argument");
		}
		writeLocksFor(taskProject);
		taskProject.getSubprojects().forEach(new Consumer<Project>() {
			@Override

Reported by PMD.

Potential violation of Law of Demeter (object not created locally)
Design

Line: 18 

              	@TaskAction
	public void lock() {
		Project taskProject = getProject();
		if (!taskProject.getGradle().getStartParameter().isWriteDependencyLocks()) {
			throw new IllegalStateException("You just specify --write-locks argument");
		}
		writeLocksFor(taskProject);
		taskProject.getSubprojects().forEach(new Consumer<Project>() {
			@Override

Reported by PMD.

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/InMemoryRegisteredClientRepository.java
3 issues
Found non-transient, non-static member. Please mark as transient or provide accessors.
Error

Line: 41 

               * @since 0.0.1
 */
public final class InMemoryRegisteredClientRepository implements RegisteredClientRepository {
	private final Map<String, RegisteredClient> idRegistrationMap;
	private final Map<String, RegisteredClient> clientIdRegistrationMap;

	/**
	 * Constructs an {@code InMemoryRegisteredClientRepository} using the provided parameters.
	 *

Reported by PMD.

Found non-transient, non-static member. Please mark as transient or provide accessors.
Error

Line: 42 

               */
public final class InMemoryRegisteredClientRepository implements RegisteredClientRepository {
	private final Map<String, RegisteredClient> idRegistrationMap;
	private final Map<String, RegisteredClient> clientIdRegistrationMap;

	/**
	 * Constructs an {@code InMemoryRegisteredClientRepository} using the provided parameters.
	 *
	 * @param registrations the client registration(s)

Reported by PMD.

Potential violation of Law of Demeter (method chain calls)
Design

Line: 95 

              	}

	private void assertUniqueIdentifiers(RegisteredClient registeredClient, Map<String, RegisteredClient> registrations) {
		registrations.values().forEach(registration -> {
			if (registeredClient.getId().equals(registration.getId())) {
				throw new IllegalArgumentException("Registered client must be unique. " +
						"Found duplicate identifier: " + registeredClient.getId());
			}
			if (registeredClient.getClientId().equals(registration.getClientId())) {

Reported by PMD.

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientAuthenticationToken.java
3 issues
The class 'OAuth2ClientAuthenticationToken' is suspected to be a Data Class (WOC=14.286%, NOPA=0, NOAM=4, WMC=8)
Design

Line: 40 

               * @see RegisteredClient
 * @see OAuth2ClientAuthenticationProvider
 */
public class OAuth2ClientAuthenticationToken extends AbstractAuthenticationToken {
	private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
	private final String clientId;
	private final RegisteredClient registeredClient;
	private final ClientAuthenticationMethod clientAuthenticationMethod;
	private final Object credentials;

Reported by PMD.

Found non-transient, non-static member. Please mark as transient or provide accessors.
Error

Line: 42 

               */
public class OAuth2ClientAuthenticationToken extends AbstractAuthenticationToken {
	private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
	private final String clientId;
	private final RegisteredClient registeredClient;
	private final ClientAuthenticationMethod clientAuthenticationMethod;
	private final Object credentials;
	private final Map<String, Object> additionalParameters;

Reported by PMD.

Assigning an Object to null is a code smell. Consider refactoring.
Error

Line: 62 

              		Assert.hasText(clientId, "clientId cannot be empty");
		Assert.notNull(clientAuthenticationMethod, "clientAuthenticationMethod cannot be null");
		this.clientId = clientId;
		this.registeredClient = null;
		this.clientAuthenticationMethod = clientAuthenticationMethod;
		this.credentials = credentials;
		this.additionalParameters = Collections.unmodifiableMap(
				additionalParameters != null ? additionalParameters : Collections.emptyMap());
	}

Reported by PMD.

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/AbstractSettings.java
3 issues
Potential violation of Law of Demeter (method chain calls)
Design

Line: 53 

              	@SuppressWarnings("unchecked")
	public <T> T getSetting(String name) {
		Assert.hasText(name, "name cannot be empty");
		return (T) getSettings().get(name);
	}

	/**
	 * Returns a {@code Map} of the configuration settings.
	 *

Reported by PMD.

Field settings has the same name as a method
Error

Line: 93 

              	 * A builder for subclasses of {@link AbstractSettings}.
	 */
	protected static abstract class AbstractBuilder<T extends AbstractSettings, B extends AbstractBuilder<T, B>> {
		private final Map<String, Object> settings = new HashMap<>();

		protected AbstractBuilder() {
		}

		/**

Reported by PMD.

Potential violation of Law of Demeter (method chain calls)
Design

Line: 108 

              		public B setting(String name, Object value) {
			Assert.hasText(name, "name cannot be empty");
			Assert.notNull(value, "value cannot be null");
			getSettings().put(name, value);
			return getThis();
		}

		/**
		 * A {@code Consumer} of the configuration settings {@code Map}

Reported by PMD.

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/core/oidc/OidcClientRegistration.java
3 issues
This class has too many methods, consider refactoring it.
Design

Line: 86 

              	/**
	 * Helps configure an {@link OidcClientRegistration}.
	 */
	public static class Builder {
		private final Map<String, Object> claims = new LinkedHashMap<>();

		private Builder() {
		}

Reported by PMD.

Field claims has the same name as a method
Error

Line: 87 

              	 * Helps configure an {@link OidcClientRegistration}.
	 */
	public static class Builder {
		private final Map<String, Object> claims = new LinkedHashMap<>();

		private Builder() {
		}

		/**

Reported by PMD.

Found non-transient, non-static member. Please mark as transient or provide accessors.
Error

Line: 87 

              	 * Helps configure an {@link OidcClientRegistration}.
	 */
	public static class Builder {
		private final Map<String, Object> claims = new LinkedHashMap<>();

		private Builder() {
		}

		/**

Reported by PMD.

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2TokenIntrospectionAuthenticationToken.java
3 issues
The class 'OAuth2TokenIntrospectionAuthenticationToken' is suspected to be a Data Class (WOC=25.000%, NOPA=0, NOAM=4, WMC=9)
Design

Line: 39 

               * @see OAuth2TokenIntrospection
 * @see OAuth2TokenIntrospectionAuthenticationProvider
 */
public class OAuth2TokenIntrospectionAuthenticationToken extends AbstractAuthenticationToken {
	private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
	private final String token;
	private final Authentication clientPrincipal;
	private final String tokenTypeHint;
	private final Map<String, Object> additionalParameters;

Reported by PMD.

Found non-transient, non-static member. Please mark as transient or provide accessors.
Error

Line: 42 

              public class OAuth2TokenIntrospectionAuthenticationToken extends AbstractAuthenticationToken {
	private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
	private final String token;
	private final Authentication clientPrincipal;
	private final String tokenTypeHint;
	private final Map<String, Object> additionalParameters;
	private final OAuth2TokenIntrospection tokenClaims;

	/**

Reported by PMD.

Assigning an Object to null is a code smell. Consider refactoring.
Error

Line: 83 

              		Assert.notNull(tokenClaims, "tokenClaims cannot be null");
		this.token = token;
		this.clientPrincipal = clientPrincipal;
		this.tokenTypeHint = null;
		this.additionalParameters = Collections.emptyMap();
		this.tokenClaims = tokenClaims;
		// Indicates that the request was authenticated, even though the token might not be active
		setAuthenticated(true);
	}

Reported by PMD.

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/jackson2/TestingAuthenticationTokenMixin.java
3 issues
Avoid unused constructor parameters such as 'principal'.
Design

Line: 43 

              public class TestingAuthenticationTokenMixin {

	@JsonCreator
	TestingAuthenticationTokenMixin(@JsonProperty("principal") Object principal,
			@JsonProperty("credentials") Object credentials,
			@JsonProperty("authorities") List<GrantedAuthority> authorities) {
	}

}

Reported by PMD.

Avoid unused constructor parameters such as 'credentials'.
Design

Line: 44 

              
	@JsonCreator
	TestingAuthenticationTokenMixin(@JsonProperty("principal") Object principal,
			@JsonProperty("credentials") Object credentials,
			@JsonProperty("authorities") List<GrantedAuthority> authorities) {
	}

}

Reported by PMD.

Avoid unused constructor parameters such as 'authorities'.
Design

Line: 45 

              	@JsonCreator
	TestingAuthenticationTokenMixin(@JsonProperty("principal") Object principal,
			@JsonProperty("credentials") Object credentials,
			@JsonProperty("authorities") List<GrantedAuthority> authorities) {
	}

}

Reported by PMD.