Example 6 with InvalidOAuthParametersException
use of org.springframework.security.oauth.provider.InvalidOAuthParametersException in project spring-security-oauth by spring-projects.
the class UserAuthorizationProcessingFilter method attemptAuthentication.
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
String requestToken = request.getParameter(getTokenParameterName());
if (requestToken == null) {
throw new InvalidOAuthParametersException("An OAuth token id is required.");
}
OAuthProviderToken token = getTokenServices().getToken(requestToken);
if (token == null) {
throw new InvalidOAuthTokenException("No callback value has been provided for request token " + requestToken + ".");
}
String callbackURL = token.getCallbackUrl();
if (isRequire10a() && callbackURL == null) {
throw new InvalidOAuthTokenException("No callback value has been provided for request token " + requestToken + ".");
}
if (callbackURL != null) {
request.setAttribute(CALLBACK_ATTRIBUTE, callbackURL);
}
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null || !authentication.isAuthenticated()) {
throw new InsufficientAuthenticationException("User must be authenticated before authorizing a request token.");
}
String verifier = getVerifierServices().createVerifier();
request.setAttribute(VERIFIER_ATTRIBUTE, verifier);
getTokenServices().authorizeRequestToken(requestToken, verifier, authentication);
return authentication;
}
Also used :
OAuthProviderToken(org.springframework.security.oauth.provider.token.OAuthProviderToken)
InvalidOAuthParametersException(org.springframework.security.oauth.provider.InvalidOAuthParametersException)
Authentication(org.springframework.security.core.Authentication)
InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException)
InvalidOAuthTokenException(org.springframework.security.oauth.provider.token.InvalidOAuthTokenException)
Example 7 with InvalidOAuthParametersException
use of org.springframework.security.oauth.provider.InvalidOAuthParametersException in project spring-security-oauth by spring-projects.
the class AccessTokenProcessingFilter method validateAdditionalParameters.
@Override
protected void validateAdditionalParameters(ConsumerDetails consumerDetails, Map<String, String> oauthParams) {
super.validateAdditionalParameters(consumerDetails, oauthParams);
String token = oauthParams.get(OAuthConsumerParameter.oauth_token.toString());
if (token == null) {
throw new InvalidOAuthParametersException(messages.getMessage("AccessTokenProcessingFilter.missingToken", "Missing token."));
}
if (isRequire10a()) {
String verifier = oauthParams.get(OAuthConsumerParameter.oauth_verifier.toString());
if (verifier == null) {
throw new InvalidOAuthParametersException(messages.getMessage("AccessTokenProcessingFilter.missingVerifier", "Missing verifier."));
}
OAuthProviderToken requestToken = getTokenServices().getToken(token);
if (!verifier.equals(requestToken.getVerifier())) {
throw new InvalidOAuthParametersException(messages.getMessage("AccessTokenProcessingFilter.missingVerifier", "Invalid verifier."));
}
}
}
Also used :
OAuthProviderToken(org.springframework.security.oauth.provider.token.OAuthProviderToken)
InvalidOAuthParametersException(org.springframework.security.oauth.provider.InvalidOAuthParametersException)
Example 8 with InvalidOAuthParametersException
use of org.springframework.security.oauth.provider.InvalidOAuthParametersException in project spring-security-oauth by spring-projects.
the class ProtectedResourceProcessingFilter method onValidSignature.
protected void onValidSignature(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
ConsumerAuthentication authentication = (ConsumerAuthentication) SecurityContextHolder.getContext().getAuthentication();
String token = authentication.getConsumerCredentials().getToken();
OAuthAccessProviderToken accessToken = null;
if (StringUtils.hasText(token)) {
OAuthProviderToken authToken = getTokenServices().getToken(token);
if (authToken == null) {
throw new AccessDeniedException("Invalid access token.");
} else if (!authToken.isAccessToken()) {
throw new AccessDeniedException("Token should be an access token.");
} else if (authToken instanceof OAuthAccessProviderToken) {
accessToken = (OAuthAccessProviderToken) authToken;
}
} else if ((!(authentication.getConsumerDetails() instanceof ExtraTrustConsumerDetails)) || ((ExtraTrustConsumerDetails) authentication.getConsumerDetails()).isRequiredToObtainAuthenticatedToken()) {
throw new InvalidOAuthParametersException(messages.getMessage("ProtectedResourceProcessingFilter.missingToken", "Missing auth token."));
}
Authentication userAuthentication = authHandler.createAuthentication(request, authentication, accessToken);
SecurityContextHolder.getContext().setAuthentication(userAuthentication);
chain.doFilter(request, response);
}
Also used :
OAuthProviderToken(org.springframework.security.oauth.provider.token.OAuthProviderToken)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
InvalidOAuthParametersException(org.springframework.security.oauth.provider.InvalidOAuthParametersException)
ConsumerAuthentication(org.springframework.security.oauth.provider.ConsumerAuthentication)
Authentication(org.springframework.security.core.Authentication)
ConsumerAuthentication(org.springframework.security.oauth.provider.ConsumerAuthentication)
ExtraTrustConsumerDetails(org.springframework.security.oauth.provider.ExtraTrustConsumerDetails)
OAuthAccessProviderToken(org.springframework.security.oauth.provider.token.OAuthAccessProviderToken)
Aggregations
InvalidOAuthParametersException (org.springframework.security.oauth.provider.InvalidOAuthParametersException)8
Authentication (org.springframework.security.core.Authentication)4
HttpServletRequest (javax.servlet.http.HttpServletRequest)3
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
Test (org.junit.Test)3
ConsumerAuthentication (org.springframework.security.oauth.provider.ConsumerAuthentication)3
ConsumerDetails (org.springframework.security.oauth.provider.ConsumerDetails)3
OAuthProviderToken (org.springframework.security.oauth.provider.token.OAuthProviderToken)3
HashMap (java.util.HashMap)2
FilterChain (javax.servlet.FilterChain)2
AuthenticationException (org.springframework.security.core.AuthenticationException)2
OAuthVersionUnsupportedException (org.springframework.security.oauth.provider.OAuthVersionUnsupportedException)2
Map (java.util.Map)1
AccessDeniedException (org.springframework.security.access.AccessDeniedException)1
InsufficientAuthenticationException (org.springframework.security.authentication.InsufficientAuthenticationException)1
GrantedAuthority (org.springframework.security.core.GrantedAuthority)1
ConsumerCredentials (org.springframework.security.oauth.provider.ConsumerCredentials)1
ExtraTrustConsumerDetails (org.springframework.security.oauth.provider.ExtraTrustConsumerDetails)1
AccessTokenProcessingFilter (org.springframework.security.oauth.provider.filter.AccessTokenProcessingFilter)1
OAuthNonceServices (org.springframework.security.oauth.provider.nonce.OAuthNonceServices)1
