Example 1 with OAuth2AccessDeniedException
use of org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException in project spring-security-oauth by spring-projects.
the class AbstractResourceOwnerPasswordProviderTests method testTokenEndpointWrongPassword.
@Test
@OAuth2ContextConfiguration(value = ResourceOwner.class, initialize = false)
public void testTokenEndpointWrongPassword() throws Exception {
ResourceOwnerPasswordResourceDetails resource = (ResourceOwnerPasswordResourceDetails) context.getResource();
resource.setPassword("bogus");
try {
new OAuth2RestTemplate(resource).getAccessToken();
} catch (OAuth2AccessDeniedException e) {
String summary = ((OAuth2Exception) e.getCause()).getSummary();
assertTrue("Wrong summary: " + summary, summary.contains("Bad credentials"));
}
}
Also used :
ResourceOwnerPasswordResourceDetails(org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordResourceDetails)
OAuth2AccessDeniedException(org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException)
OAuth2RestTemplate(org.springframework.security.oauth2.client.OAuth2RestTemplate)
OAuth2ContextConfiguration(org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration)
Test(org.junit.Test)
Example 2 with OAuth2AccessDeniedException
use of org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException in project spring-security-oauth by spring-projects.
the class OAuth2AuthenticationManager method checkClientDetails.
private void checkClientDetails(OAuth2Authentication auth) {
if (clientDetailsService != null) {
ClientDetails client;
try {
client = clientDetailsService.loadClientByClientId(auth.getOAuth2Request().getClientId());
} catch (ClientRegistrationException e) {
throw new OAuth2AccessDeniedException("Invalid token contains invalid client id");
}
Set<String> allowed = client.getScope();
for (String scope : auth.getOAuth2Request().getScope()) {
if (!allowed.contains(scope)) {
throw new OAuth2AccessDeniedException("Invalid token contains disallowed scope (" + scope + ") for this client");
}
}
}
}
Also used :
ClientDetails(org.springframework.security.oauth2.provider.ClientDetails)
OAuth2AccessDeniedException(org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException)
ClientRegistrationException(org.springframework.security.oauth2.provider.ClientRegistrationException)
Example 3 with OAuth2AccessDeniedException
use of org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException in project spring-security-oauth by spring-projects.
the class OAuth2RestTemplate method doExecute.
@Override
protected <T> T doExecute(URI url, HttpMethod method, RequestCallback requestCallback, ResponseExtractor<T> responseExtractor) throws RestClientException {
OAuth2AccessToken accessToken = context.getAccessToken();
RuntimeException rethrow = null;
try {
return super.doExecute(url, method, requestCallback, responseExtractor);
} catch (AccessTokenRequiredException e) {
rethrow = e;
} catch (OAuth2AccessDeniedException e) {
rethrow = e;
} catch (InvalidTokenException e) {
// Don't reveal the token value in case it is logged
rethrow = new OAuth2AccessDeniedException("Invalid token for client=" + getClientId());
}
if (accessToken != null && retryBadAccessTokens) {
context.setAccessToken(null);
try {
return super.doExecute(url, method, requestCallback, responseExtractor);
} catch (InvalidTokenException e) {
// Don't reveal the token value in case it is logged
rethrow = new OAuth2AccessDeniedException("Invalid token for client=" + getClientId());
}
}
throw rethrow;
}
Also used :
InvalidTokenException(org.springframework.security.oauth2.common.exceptions.InvalidTokenException)
OAuth2AccessDeniedException(org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
AccessTokenRequiredException(org.springframework.security.oauth2.client.http.AccessTokenRequiredException)
Example 4 with OAuth2AccessDeniedException
use of org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException in project spring-security-oauth by spring-projects.
the class OAuth2AccessTokenSupport method retrieveToken.
protected OAuth2AccessToken retrieveToken(AccessTokenRequest request, OAuth2ProtectedResourceDetails resource, MultiValueMap<String, String> form, HttpHeaders headers) throws OAuth2AccessDeniedException {
try {
// Prepare headers and form before going into rest template call in case the URI is affected by the result
authenticationHandler.authenticateTokenRequest(resource, form, headers);
// Opportunity to customize form and headers
tokenRequestEnhancer.enhance(request, resource, form, headers);
final AccessTokenRequest copy = request;
final ResponseExtractor<OAuth2AccessToken> delegate = getResponseExtractor();
ResponseExtractor<OAuth2AccessToken> extractor = new ResponseExtractor<OAuth2AccessToken>() {
@Override
public OAuth2AccessToken extractData(ClientHttpResponse response) throws IOException {
if (response.getHeaders().containsKey("Set-Cookie")) {
copy.setCookie(response.getHeaders().getFirst("Set-Cookie"));
}
return delegate.extractData(response);
}
};
return getRestTemplate().execute(getAccessTokenUri(resource, form), getHttpMethod(), getRequestCallback(resource, form, headers), extractor, form.toSingleValueMap());
} catch (OAuth2Exception oe) {
throw new OAuth2AccessDeniedException("Access token denied.", resource, oe);
} catch (RestClientException rce) {
throw new OAuth2AccessDeniedException("Error requesting access token.", resource, rce);
}
}
Also used :
OAuth2AccessDeniedException(org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
RestClientException(org.springframework.web.client.RestClientException)
ResponseExtractor(org.springframework.web.client.ResponseExtractor)
ClientHttpResponse(org.springframework.http.client.ClientHttpResponse)
OAuth2Exception(org.springframework.security.oauth2.common.exceptions.OAuth2Exception)
Example 5 with OAuth2AccessDeniedException
use of org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException in project spring-security-oauth by spring-projects.
the class AuthorizationCodeAccessTokenProvider method obtainAuthorizationCode.
public String obtainAuthorizationCode(OAuth2ProtectedResourceDetails details, AccessTokenRequest request) throws UserRedirectRequiredException, UserApprovalRequiredException, AccessDeniedException, OAuth2AccessDeniedException {
AuthorizationCodeResourceDetails resource = (AuthorizationCodeResourceDetails) details;
HttpHeaders headers = getHeadersForAuthorizationRequest(request);
MultiValueMap<String, String> form = new LinkedMultiValueMap<String, String>();
if (request.containsKey(OAuth2Utils.USER_OAUTH_APPROVAL)) {
form.set(OAuth2Utils.USER_OAUTH_APPROVAL, request.getFirst(OAuth2Utils.USER_OAUTH_APPROVAL));
for (String scope : details.getScope()) {
form.set(scopePrefix + scope, request.getFirst(OAuth2Utils.USER_OAUTH_APPROVAL));
}
} else {
form.putAll(getParametersForAuthorizeRequest(resource, request));
}
authorizationRequestEnhancer.enhance(request, resource, form, headers);
final AccessTokenRequest copy = request;
final ResponseExtractor<ResponseEntity<Void>> delegate = getAuthorizationResponseExtractor();
ResponseExtractor<ResponseEntity<Void>> extractor = new ResponseExtractor<ResponseEntity<Void>>() {
@Override
public ResponseEntity<Void> extractData(ClientHttpResponse response) throws IOException {
if (response.getHeaders().containsKey("Set-Cookie")) {
copy.setCookie(response.getHeaders().getFirst("Set-Cookie"));
}
return delegate.extractData(response);
}
};
// Instead of using restTemplate.exchange we use an explicit response extractor here so it can be overridden by
// subclasses
ResponseEntity<Void> response = getRestTemplate().execute(resource.getUserAuthorizationUri(), HttpMethod.POST, getRequestCallback(resource, form, headers), extractor, form.toSingleValueMap());
if (response.getStatusCode() == HttpStatus.OK) {
// Need to re-submit with approval...
throw getUserApprovalSignal(resource, request);
}
URI location = response.getHeaders().getLocation();
String query = location.getQuery();
Map<String, String> map = OAuth2Utils.extractMap(query);
if (map.containsKey("state")) {
request.setStateKey(map.get("state"));
if (request.getPreservedState() == null) {
String redirectUri = resource.getRedirectUri(request);
if (redirectUri != null) {
request.setPreservedState(redirectUri);
} else {
request.setPreservedState(new Object());
}
}
}
String code = map.get("code");
if (code == null) {
throw new UserRedirectRequiredException(location.toString(), form.toSingleValueMap());
}
request.set("code", code);
return code;
}
Also used :
HttpHeaders(org.springframework.http.HttpHeaders)
LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap)
ResponseExtractor(org.springframework.web.client.ResponseExtractor)
URI(java.net.URI)
UserRedirectRequiredException(org.springframework.security.oauth2.client.resource.UserRedirectRequiredException)
ResponseEntity(org.springframework.http.ResponseEntity)
AccessTokenRequest(org.springframework.security.oauth2.client.token.AccessTokenRequest)
ClientHttpResponse(org.springframework.http.client.ClientHttpResponse)
Aggregations
OAuth2AccessDeniedException (org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException)6
ClientHttpResponse (org.springframework.http.client.ClientHttpResponse)3
InvalidTokenException (org.springframework.security.oauth2.common.exceptions.InvalidTokenException)3
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)2
OAuth2Exception (org.springframework.security.oauth2.common.exceptions.OAuth2Exception)2
ResponseExtractor (org.springframework.web.client.ResponseExtractor)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
InputStream (java.io.InputStream)1
URI (java.net.URI)1
Test (org.junit.Test)1
HttpHeaders (org.springframework.http.HttpHeaders)1
ResponseEntity (org.springframework.http.ResponseEntity)1
HttpMessageConversionException (org.springframework.http.converter.HttpMessageConversionException)1
OAuth2RestTemplate (org.springframework.security.oauth2.client.OAuth2RestTemplate)1
AccessTokenRequiredException (org.springframework.security.oauth2.client.http.AccessTokenRequiredException)1
UserRedirectRequiredException (org.springframework.security.oauth2.client.resource.UserRedirectRequiredException)1
OAuth2ContextConfiguration (org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration)1
AccessTokenRequest (org.springframework.security.oauth2.client.token.AccessTokenRequest)1
ResourceOwnerPasswordResourceDetails (org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordResourceDetails)1
UserDeniedAuthorizationException (org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException)1
