Example 1 with AccessTokenRequiredException
use of org.springframework.security.oauth.consumer.AccessTokenRequiredException in project spring-security-oauth by spring-projects.
the class OAuthConsumerContextFilter method checkForResourceThatNeedsAuthorization.
/**
* Check the given exception for the resource that needs authorization. If the exception was not thrown because a resource needed authorization, then rethrow
* the exception.
*
* @param ex The exception.
* @return The resource that needed authorization (never null).
* @throws ServletException in the case of an underlying Servlet API exception
* @throws IOException in the case of general IO exceptions
*/
protected ProtectedResourceDetails checkForResourceThatNeedsAuthorization(Exception ex) throws ServletException, IOException {
Throwable[] causeChain = getThrowableAnalyzer().determineCauseChain(ex);
AccessTokenRequiredException ase = (AccessTokenRequiredException) getThrowableAnalyzer().getFirstThrowableOfType(AccessTokenRequiredException.class, causeChain);
ProtectedResourceDetails resourceThatNeedsAuthorization;
if (ase != null) {
resourceThatNeedsAuthorization = ase.getResource();
if (resourceThatNeedsAuthorization == null) {
throw new OAuthRequestFailedException(ase.getMessage());
}
} else {
// Rethrow ServletExceptions and RuntimeExceptions as-is
if (ex instanceof ServletException) {
throw (ServletException) ex;
}
if (ex instanceof IOException) {
throw (IOException) ex;
} else if (ex instanceof RuntimeException) {
throw (RuntimeException) ex;
}
// Wrap other Exceptions. These are not expected to happen
throw new RuntimeException(ex);
}
return resourceThatNeedsAuthorization;
}
Also used :
ServletException(javax.servlet.ServletException)
AccessTokenRequiredException(org.springframework.security.oauth.consumer.AccessTokenRequiredException)
IOException(java.io.IOException)
OAuthRequestFailedException(org.springframework.security.oauth.consumer.OAuthRequestFailedException)
ProtectedResourceDetails(org.springframework.security.oauth.consumer.ProtectedResourceDetails)
Example 2 with AccessTokenRequiredException
use of org.springframework.security.oauth.consumer.AccessTokenRequiredException in project spring-security-oauth by spring-projects.
the class OAuthConsumerProcessingFilter method doFilter.
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
Set<String> accessTokenDeps = getAccessTokenDependencies(request, response, chain);
if (!accessTokenDeps.isEmpty()) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (isRequireAuthenticated() && !authentication.isAuthenticated()) {
throw new InsufficientAuthenticationException("An authenticated principal must be present.");
}
OAuthSecurityContext context = OAuthSecurityContextHolder.getContext();
if (context == null) {
throw new IllegalStateException("No OAuth security context has been established. Unable to access resources.");
}
Map<String, OAuthConsumerToken> accessTokens = context.getAccessTokens();
for (String dependency : accessTokenDeps) {
if (!accessTokens.containsKey(dependency)) {
throw new AccessTokenRequiredException(getProtectedResourceDetailsService().loadProtectedResourceDetailsById(dependency));
}
}
chain.doFilter(request, response);
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("No access token dependencies for request.");
}
chain.doFilter(servletRequest, servletResponse);
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Authentication(org.springframework.security.core.Authentication)
AccessTokenRequiredException(org.springframework.security.oauth.consumer.AccessTokenRequiredException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
OAuthSecurityContext(org.springframework.security.oauth.consumer.OAuthSecurityContext)
InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException)
OAuthConsumerToken(org.springframework.security.oauth.consumer.OAuthConsumerToken)
Example 3 with AccessTokenRequiredException
use of org.springframework.security.oauth.consumer.AccessTokenRequiredException in project spring-security-oauth by spring-projects.
the class OAuthConsumerContextFilterTests method testDoFilter.
/**
* tests the filter.
*/
@Test
public void testDoFilter() throws Exception {
final OAuthRememberMeServices rememberMeServices = new NoOpOAuthRememberMeServices();
final BaseProtectedResourceDetails resource = new BaseProtectedResourceDetails();
resource.setId("dep1");
OAuthConsumerContextFilter filter = new OAuthConsumerContextFilter() {
@Override
protected String getCallbackURL(HttpServletRequest request) {
return "urn:callback";
}
@Override
protected String getUserAuthorizationRedirectURL(ProtectedResourceDetails details, OAuthConsumerToken requestToken, String callbackURL) {
return callbackURL + "&" + requestToken.getResourceId();
}
};
filter.setRedirectStrategy(new RedirectStrategy() {
public void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url) throws IOException {
response.sendRedirect(url);
}
});
filter.setTokenServices(tokenServices);
filter.setConsumerSupport(support);
filter.setRememberMeServices(rememberMeServices);
doThrow(new AccessTokenRequiredException(resource)).when(filterChain).doFilter(request, response);
when(tokenServices.getToken("dep1")).thenReturn(null);
when(request.getParameter("oauth_verifier")).thenReturn(null);
when(response.encodeRedirectURL("urn:callback")).thenReturn("urn:callback?query");
OAuthConsumerToken token = new OAuthConsumerToken();
token.setAccessToken(false);
token.setResourceId(resource.getId());
when(support.getUnauthorizedRequestToken("dep1", "urn:callback?query")).thenReturn(token);
filter.doFilter(request, response, filterChain);
verify(filterChain).doFilter(request, response);
verify(tokenServices).storeToken("dep1", token);
verify(response).sendRedirect("urn:callback?query&dep1");
verify(request, times(2)).setAttribute(anyString(), anyObject());
reset(request, response, filterChain);
doThrow(new AccessTokenRequiredException(resource)).when(filterChain).doFilter(request, response);
when(tokenServices.getToken("dep1")).thenReturn(token);
when(request.getParameter(OAuthProviderParameter.oauth_verifier.toString())).thenReturn("verifier");
OAuthConsumerToken accessToken = new OAuthConsumerToken();
when(support.getAccessToken(token, "verifier")).thenReturn(accessToken);
when(response.isCommitted()).thenReturn(false);
filter.doFilter(request, response, filterChain);
verify(filterChain, times(2)).doFilter(request, response);
verify(tokenServices).removeToken("dep1");
verify(tokenServices).storeToken("dep1", accessToken);
verify(request, times(2)).setAttribute(anyString(), anyObject());
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
OAuthRememberMeServices(org.springframework.security.oauth.consumer.rememberme.OAuthRememberMeServices)
NoOpOAuthRememberMeServices(org.springframework.security.oauth.consumer.rememberme.NoOpOAuthRememberMeServices)
BaseProtectedResourceDetails(org.springframework.security.oauth.consumer.BaseProtectedResourceDetails)
AccessTokenRequiredException(org.springframework.security.oauth.consumer.AccessTokenRequiredException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
NoOpOAuthRememberMeServices(org.springframework.security.oauth.consumer.rememberme.NoOpOAuthRememberMeServices)
Matchers.anyString(org.mockito.Matchers.anyString)
IOException(java.io.IOException)
RedirectStrategy(org.springframework.security.web.RedirectStrategy)
ProtectedResourceDetails(org.springframework.security.oauth.consumer.ProtectedResourceDetails)
BaseProtectedResourceDetails(org.springframework.security.oauth.consumer.BaseProtectedResourceDetails)
OAuthConsumerToken(org.springframework.security.oauth.consumer.OAuthConsumerToken)
Test(org.junit.Test)
Aggregations
AccessTokenRequiredException (org.springframework.security.oauth.consumer.AccessTokenRequiredException)3
IOException (java.io.IOException)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
OAuthConsumerToken (org.springframework.security.oauth.consumer.OAuthConsumerToken)2
ProtectedResourceDetails (org.springframework.security.oauth.consumer.ProtectedResourceDetails)2
ServletException (javax.servlet.ServletException)1
Test (org.junit.Test)1
Matchers.anyString (org.mockito.Matchers.anyString)1
InsufficientAuthenticationException (org.springframework.security.authentication.InsufficientAuthenticationException)1
Authentication (org.springframework.security.core.Authentication)1
BaseProtectedResourceDetails (org.springframework.security.oauth.consumer.BaseProtectedResourceDetails)1
OAuthRequestFailedException (org.springframework.security.oauth.consumer.OAuthRequestFailedException)1
OAuthSecurityContext (org.springframework.security.oauth.consumer.OAuthSecurityContext)1
NoOpOAuthRememberMeServices (org.springframework.security.oauth.consumer.rememberme.NoOpOAuthRememberMeServices)1
OAuthRememberMeServices (org.springframework.security.oauth.consumer.rememberme.OAuthRememberMeServices)1
RedirectStrategy (org.springframework.security.web.RedirectStrategy)1
