Examples with OAuth2Exception org.springframework.security.oauth2.common.exceptions.OAuth2Exception used on opensource projects

Example 16 with OAuth2Exception

use of org.springframework.security.oauth2.common.exceptions.OAuth2Exception in project spring-security-oauth by spring-projects.

the class OAuth2AuthenticationProcessingFilter method doFilter.

public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    final boolean debug = logger.isDebugEnabled();
    final HttpServletRequest request = (HttpServletRequest) req;
    final HttpServletResponse response = (HttpServletResponse) res;
    try {
        Authentication authentication = tokenExtractor.extract(request);
        if (authentication == null) {
            if (stateless && isAuthenticated()) {
                if (debug) {
                    logger.debug("Clearing security context.");
                }
                SecurityContextHolder.clearContext();
            }
            if (debug) {
                logger.debug("No token in request, will continue chain.");
            }
        } else {
            request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE, authentication.getPrincipal());
            if (authentication instanceof AbstractAuthenticationToken) {
                AbstractAuthenticationToken needsDetails = (AbstractAuthenticationToken) authentication;
                needsDetails.setDetails(authenticationDetailsSource.buildDetails(request));
            }
            Authentication authResult = authenticationManager.authenticate(authentication);
            if (debug) {
                logger.debug("Authentication success: " + authResult);
            }
            eventPublisher.publishAuthenticationSuccess(authResult);
            SecurityContextHolder.getContext().setAuthentication(authResult);
        }
    } catch (OAuth2Exception failed) {
        SecurityContextHolder.clearContext();
        if (debug) {
            logger.debug("Authentication request failed: " + failed);
        }
        eventPublisher.publishAuthenticationFailure(new BadCredentialsException(failed.getMessage(), failed), new PreAuthenticatedAuthenticationToken("access-token", "N/A"));
        authenticationEntryPoint.commence(request, response, new InsufficientAuthenticationException(failed.getMessage(), failed));
        return;
    }
    chain.doFilter(request, response);
}

Example 17 with OAuth2Exception

use of org.springframework.security.oauth2.common.exceptions.OAuth2Exception in project spring-security-oauth by spring-projects.

the class AbstractOAuth2SecurityExceptionHandler method doHandle.

protected final void doHandle(HttpServletRequest request, HttpServletResponse response, Exception authException) throws IOException, ServletException {
    try {
        ResponseEntity<OAuth2Exception> result = exceptionTranslator.translate(authException);
        result = enhanceResponse(result, authException);
        exceptionRenderer.handleHttpEntityResponse(result, new ServletWebRequest(request, response));
        response.flushBuffer();
    } catch (ServletException e) {
        // not from an MVC handler so it won't be caught by the dispatcher (even if there is one)
        if (handlerExceptionResolver.resolveException(request, response, this, e) == null) {
            throw e;
        }
    } catch (IOException e) {
        throw e;
    } catch (RuntimeException e) {
        throw e;
    } catch (Exception e) {
        // Wrap other Exceptions. These are not expected to happen
        throw new RuntimeException(e);
    }
}

Example 18 with OAuth2Exception

use of org.springframework.security.oauth2.common.exceptions.OAuth2Exception in project spring-security-oauth by spring-projects.

the class DefaultWebResponseExceptionTranslator method handleOAuth2Exception.

private ResponseEntity<OAuth2Exception> handleOAuth2Exception(OAuth2Exception e) throws IOException {
    int status = e.getHttpErrorCode();
    HttpHeaders headers = new HttpHeaders();
    headers.set("Cache-Control", "no-store");
    headers.set("Pragma", "no-cache");
    if (status == HttpStatus.UNAUTHORIZED.value() || (e instanceof InsufficientScopeException)) {
        headers.set("WWW-Authenticate", String.format("%s %s", OAuth2AccessToken.BEARER_TYPE, e.getSummary()));
    }
    ResponseEntity<OAuth2Exception> response = new ResponseEntity<OAuth2Exception>(e, headers, HttpStatus.valueOf(status));
    return response;
}

Example 19 with OAuth2Exception

use of org.springframework.security.oauth2.common.exceptions.OAuth2Exception in project spring-security-oauth by spring-projects.

the class OAuth2ClientAuthenticationProcessingFilterTests method testDeniedToken.

@Test
public void testDeniedToken() throws Exception {
    filter.setRestTemplate(restTemplate);
    Mockito.when(restTemplate.getAccessToken()).thenThrow(new OAuth2Exception("User denied acess token"));
    expected.expect(BadCredentialsException.class);
    filter.attemptAuthentication(null, null);
}

Example 20 with OAuth2Exception

use of org.springframework.security.oauth2.common.exceptions.OAuth2Exception in project spring-security-oauth by spring-projects.

the class DefaultOAuth2SerializationServiceTests method testExceptionDeserialization.

@Test
public void testExceptionDeserialization() throws Exception {
    Map<String, String> exception = MapBuilder.create("error", "invalid_client").add("error_description", "FOO").build();
    OAuth2Exception result = OAuth2Exception.valueOf(exception);
    // System.err.println(result);
    assertEquals("FOO", result.getMessage());
    assertEquals("invalid_client", result.getOAuth2ErrorCode());
    assertTrue(result instanceof InvalidClientException);
}