Search in sources :

Example 86 with OAuth2Error

use of org.springframework.security.oauth2.core.OAuth2Error in project spring-authorization-server by spring-projects.

the class OAuth2TokenIntrospectionEndpointFilterTests method doFilterWhenTokenIntrospectionRequestInvalidParameterThenError.

private void doFilterWhenTokenIntrospectionRequestInvalidParameterThenError(String parameterName, String errorCode, MockHttpServletRequest request) throws Exception {
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    this.filter.doFilter(request, response, filterChain);
    verifyNoInteractions(filterChain);
    assertThat(response.getStatus()).isEqualTo(HttpStatus.BAD_REQUEST.value());
    OAuth2Error error = readError(response);
    assertThat(error.getErrorCode()).isEqualTo(errorCode);
    assertThat(error.getDescription()).isEqualTo("OAuth 2.0 Token Introspection Parameter: " + parameterName);
}
Also used : FilterChain(javax.servlet.FilterChain) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)

Example 87 with OAuth2Error

use of org.springframework.security.oauth2.core.OAuth2Error in project spring-authorization-server by spring-projects.

the class OidcUserInfoEndpointFilterTests method doFilterWhenUserInfoRequestInvalidTokenThenUnauthorizedError.

@Test
public void doFilterWhenUserInfoRequestInvalidTokenThenUnauthorizedError() throws Exception {
    Authentication principal = new TestingAuthenticationToken("principal", "credentials");
    SecurityContextHolder.getContext().setAuthentication(principal);
    when(this.authenticationManager.authenticate(any())).thenThrow(new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_TOKEN));
    String requestUri = DEFAULT_OIDC_USER_INFO_ENDPOINT_URI;
    MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
    request.setServletPath(requestUri);
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    this.filter.doFilter(request, response, filterChain);
    verifyNoInteractions(filterChain);
    assertThat(response.getStatus()).isEqualTo(HttpStatus.UNAUTHORIZED.value());
    OAuth2Error error = readError(response);
    assertThat(error.getErrorCode()).isEqualTo(OAuth2ErrorCodes.INVALID_TOKEN);
}
Also used : Authentication(org.springframework.security.core.Authentication) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 88 with OAuth2Error

use of org.springframework.security.oauth2.core.OAuth2Error in project spring-authorization-server by spring-projects.

the class OidcClientRegistrationEndpointFilterTests method doFilterWhenClientConfigurationRequestMultipleClientIdThenInvalidRequestError.

@Test
public void doFilterWhenClientConfigurationRequestMultipleClientIdThenInvalidRequestError() throws Exception {
    String requestUri = DEFAULT_OIDC_CLIENT_REGISTRATION_ENDPOINT_URI;
    MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
    request.setServletPath(requestUri);
    request.addParameter(OAuth2ParameterNames.CLIENT_ID, "client-id");
    request.addParameter(OAuth2ParameterNames.CLIENT_ID, "client-id2");
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    this.filter.doFilter(request, response, filterChain);
    verifyNoInteractions(filterChain);
    assertThat(response.getStatus()).isEqualTo(HttpStatus.BAD_REQUEST.value());
    OAuth2Error error = readError(response);
    assertThat(error.getErrorCode()).isEqualTo(OAuth2ErrorCodes.INVALID_REQUEST);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 89 with OAuth2Error

use of org.springframework.security.oauth2.core.OAuth2Error in project spring-authorization-server by spring-projects.

the class OAuth2ClientAuthenticationFilter method onAuthenticationFailure.

private void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException {
    SecurityContextHolder.clearContext();
    // TODO
    // The authorization server MAY return an HTTP 401 (Unauthorized) status code
    // to indicate which HTTP authentication schemes are supported.
    // If the client attempted to authenticate via the "Authorization" request header field,
    // the authorization server MUST respond with an HTTP 401 (Unauthorized) status code and
    // include the "WWW-Authenticate" response header field
    // matching the authentication scheme used by the client.
    OAuth2Error error = ((OAuth2AuthenticationException) exception).getError();
    ServletServerHttpResponse httpResponse = new ServletServerHttpResponse(response);
    if (OAuth2ErrorCodes.INVALID_CLIENT.equals(error.getErrorCode())) {
        httpResponse.setStatusCode(HttpStatus.UNAUTHORIZED);
    } else {
        httpResponse.setStatusCode(HttpStatus.BAD_REQUEST);
    }
    // We don't want to reveal too much information to the caller so just return the error code
    OAuth2Error errorResponse = new OAuth2Error(error.getErrorCode());
    this.errorHttpResponseConverter.write(errorResponse, null, httpResponse);
}
Also used : OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) ServletServerHttpResponse(org.springframework.http.server.ServletServerHttpResponse) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException)

Example 90 with OAuth2Error

use of org.springframework.security.oauth2.core.OAuth2Error in project spring-authorization-server by spring-projects.

the class OAuth2TokenRevocationEndpointFilter method sendErrorResponse.

private void sendErrorResponse(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException {
    OAuth2Error error = ((OAuth2AuthenticationException) exception).getError();
    ServletServerHttpResponse httpResponse = new ServletServerHttpResponse(response);
    httpResponse.setStatusCode(HttpStatus.BAD_REQUEST);
    this.errorHttpResponseConverter.write(error, null, httpResponse);
}
Also used : OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) ServletServerHttpResponse(org.springframework.http.server.ServletServerHttpResponse) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException)

Aggregations

OAuth2Error (org.springframework.security.oauth2.core.OAuth2Error)134 OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)58 Test (org.junit.jupiter.api.Test)53 OAuth2AuthorizationException (org.springframework.security.oauth2.core.OAuth2AuthorizationException)25 Authentication (org.springframework.security.core.Authentication)23 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)18 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)17 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)16 OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)16 Jwt (org.springframework.security.oauth2.jwt.Jwt)15 Instant (java.time.Instant)14 Map (java.util.Map)13 FilterChain (javax.servlet.FilterChain)12 OAuth2AuthorizationResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)12 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)10 OAuth2TokenValidatorResult (org.springframework.security.oauth2.core.OAuth2TokenValidatorResult)10 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)9 OAuth2AuthorizationContext (org.springframework.security.oauth2.client.OAuth2AuthorizationContext)9 OAuth2User (org.springframework.security.oauth2.core.user.OAuth2User)9 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)8