A field was added to org.apache.cxf.rs.security.oauth2.services.AbstractTokenService:
private ClientSecretVerifier clientSecretVerifier;
But no setter was added with it. When I tried to set it via the context XML like such:
<bean id="hashedSecretVerifier" class="org.apache.cxf.rs.security.oauth2.provider.ClientSecretHashVerifier" />
<bean id="accessTokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
<property name="clientSecretVerifier" ref="hashedSecretVerifier" />
I get a failure when the application attempts to start. Removing it resolves the issue.