Search in sources :

Example 76 with OAuth2Error

use of org.springframework.security.oauth2.core.OAuth2Error in project spring-security by spring-projects.

the class OAuth2ErrorHttpMessageConverterTests method readInternalWhenErrorResponseThenReadOAuth2Error.

@Test
public void readInternalWhenErrorResponseThenReadOAuth2Error() throws Exception {
    // @formatter:off
    String errorResponse = "{\n" + "   \"error\": \"unauthorized_client\",\n" + "   \"error_description\": \"The client is not authorized\",\n" + "   \"error_uri\": \"https://tools.ietf.org/html/rfc6749#section-5.2\"\n" + "}\n";
    // @formatter:on
    MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST);
    OAuth2Error oauth2Error = this.messageConverter.readInternal(OAuth2Error.class, response);
    assertThat(oauth2Error.getErrorCode()).isEqualTo("unauthorized_client");
    assertThat(oauth2Error.getDescription()).isEqualTo("The client is not authorized");
    assertThat(oauth2Error.getUri()).isEqualTo("https://tools.ietf.org/html/rfc6749#section-5.2");
}
Also used : OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) MockClientHttpResponse(org.springframework.mock.http.client.MockClientHttpResponse) Test(org.junit.jupiter.api.Test)

Example 77 with OAuth2Error

use of org.springframework.security.oauth2.core.OAuth2Error in project spring-security by spring-projects.

the class OAuth2ErrorHttpMessageConverterTests method writeInternalWhenOAuth2ErrorThenWriteErrorResponse.

@Test
public void writeInternalWhenOAuth2ErrorThenWriteErrorResponse() throws Exception {
    OAuth2Error oauth2Error = new OAuth2Error("unauthorized_client", "The client is not authorized", "https://tools.ietf.org/html/rfc6749#section-5.2");
    MockHttpOutputMessage outputMessage = new MockHttpOutputMessage();
    this.messageConverter.writeInternal(oauth2Error, outputMessage);
    String errorResponse = outputMessage.getBodyAsString();
    assertThat(errorResponse).contains("\"error\":\"unauthorized_client\"");
    assertThat(errorResponse).contains("\"error_description\":\"The client is not authorized\"");
    assertThat(errorResponse).contains("\"error_uri\":\"https://tools.ietf.org/html/rfc6749#section-5.2\"");
}
Also used : MockHttpOutputMessage(org.springframework.mock.http.MockHttpOutputMessage) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) Test(org.junit.jupiter.api.Test)

Example 78 with OAuth2Error

use of org.springframework.security.oauth2.core.OAuth2Error in project spring-security by spring-projects.

the class OAuth2ErrorHttpMessageConverterTests method readInternalWhenErrorResponseWithObjectThenReadOAuth2Error.

// gh-8157
@Test
public void readInternalWhenErrorResponseWithObjectThenReadOAuth2Error() throws Exception {
    // @formatter:off
    String errorResponse = "{\n" + "   \"error\": \"unauthorized_client\",\n" + "   \"error_description\": \"The client is not authorized\",\n" + "   \"error_codes\": [65001],\n" + "   \"error_uri\": \"https://tools.ietf.org/html/rfc6749#section-5.2\"\n" + "}\n";
    // @formatter:on
    MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST);
    OAuth2Error oauth2Error = this.messageConverter.readInternal(OAuth2Error.class, response);
    assertThat(oauth2Error.getErrorCode()).isEqualTo("unauthorized_client");
    assertThat(oauth2Error.getDescription()).isEqualTo("The client is not authorized");
    assertThat(oauth2Error.getUri()).isEqualTo("https://tools.ietf.org/html/rfc6749#section-5.2");
}
Also used : OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) MockClientHttpResponse(org.springframework.mock.http.client.MockClientHttpResponse) Test(org.junit.jupiter.api.Test)

Example 79 with OAuth2Error

use of org.springframework.security.oauth2.core.OAuth2Error in project spring-security by spring-projects.

the class BearerTokenAuthenticationEntryPoint method commence.

/**
 * Collect error details from the provided parameters and format according to RFC
 * 6750, specifically {@code error}, {@code error_description}, {@code error_uri}, and
 * {@code scope}.
 * @param request that resulted in an <code>AuthenticationException</code>
 * @param response so that the user agent can begin authentication
 * @param authException that caused the invocation
 */
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) {
    HttpStatus status = HttpStatus.UNAUTHORIZED;
    Map<String, String> parameters = new LinkedHashMap<>();
    if (this.realmName != null) {
        parameters.put("realm", this.realmName);
    }
    if (authException instanceof OAuth2AuthenticationException) {
        OAuth2Error error = ((OAuth2AuthenticationException) authException).getError();
        parameters.put("error", error.getErrorCode());
        if (StringUtils.hasText(error.getDescription())) {
            parameters.put("error_description", error.getDescription());
        }
        if (StringUtils.hasText(error.getUri())) {
            parameters.put("error_uri", error.getUri());
        }
        if (error instanceof BearerTokenError) {
            BearerTokenError bearerTokenError = (BearerTokenError) error;
            if (StringUtils.hasText(bearerTokenError.getScope())) {
                parameters.put("scope", bearerTokenError.getScope());
            }
            status = ((BearerTokenError) error).getHttpStatus();
        }
    }
    String wwwAuthenticate = computeWWWAuthenticateHeaderValue(parameters);
    response.addHeader(HttpHeaders.WWW_AUTHENTICATE, wwwAuthenticate);
    response.setStatus(status.value());
}
Also used : HttpStatus(org.springframework.http.HttpStatus) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) BearerTokenError(org.springframework.security.oauth2.server.resource.BearerTokenError) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) LinkedHashMap(java.util.LinkedHashMap)

Example 80 with OAuth2Error

use of org.springframework.security.oauth2.core.OAuth2Error in project dhis2-core by dhis2.

the class CrudControllerAdvice method handleOAuth2AuthenticationException.

@ExceptionHandler(OAuth2AuthenticationException.class)
@ResponseBody
public WebMessage handleOAuth2AuthenticationException(OAuth2AuthenticationException ex) {
    OAuth2Error error = ex.getError();
    if (error instanceof BearerTokenError) {
        BearerTokenError bearerTokenError = (BearerTokenError) error;
        HttpStatus status = ((BearerTokenError) error).getHttpStatus();
        return createWebMessage(bearerTokenError.getErrorCode(), bearerTokenError.getDescription(), Status.ERROR, status);
    }
    return unauthorized(ex.getMessage());
}
Also used : HttpStatus(org.springframework.http.HttpStatus) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) BearerTokenError(org.springframework.security.oauth2.server.resource.BearerTokenError) ExceptionHandler(org.springframework.web.bind.annotation.ExceptionHandler) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Aggregations

OAuth2Error (org.springframework.security.oauth2.core.OAuth2Error)80 Test (org.junit.jupiter.api.Test)52 OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)30 OAuth2AuthorizationException (org.springframework.security.oauth2.core.OAuth2AuthorizationException)19 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)16 Authentication (org.springframework.security.core.Authentication)12 OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)12 OAuth2AuthorizationResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)11 Map (java.util.Map)10 Jwt (org.springframework.security.oauth2.jwt.Jwt)10 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)9 OAuth2AuthorizationContext (org.springframework.security.oauth2.client.OAuth2AuthorizationContext)9 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)9 Instant (java.time.Instant)8 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)8 BDDMockito.given (org.mockito.BDDMockito.given)8 Mockito.mock (org.mockito.Mockito.mock)8 Mockito.verify (org.mockito.Mockito.verify)8 Mono (reactor.core.publisher.Mono)8 Assertions.assertThatExceptionOfType (org.assertj.core.api.Assertions.assertThatExceptionOfType)7