Search in sources :

Example 91 with OAuth2Error

use of org.springframework.security.oauth2.core.OAuth2Error in project spring-security by spring-projects.

the class OidcUserService method loadUser.

@Override
public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
    Assert.notNull(userRequest, "userRequest cannot be null");
    OidcUserInfo userInfo = null;
    if (this.shouldRetrieveUserInfo(userRequest)) {
        OAuth2User oauth2User = this.oauth2UserService.loadUser(userRequest);
        Map<String, Object> claims = getClaims(userRequest, oauth2User);
        userInfo = new OidcUserInfo(claims);
        // 1) The sub (subject) Claim MUST always be returned in the UserInfo Response
        if (userInfo.getSubject() == null) {
            OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE);
            throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
        }
        // the UserInfo Response values MUST NOT be used.
        if (!userInfo.getSubject().equals(userRequest.getIdToken().getSubject())) {
            OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE);
            throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
        }
    }
    Set<GrantedAuthority> authorities = new LinkedHashSet<>();
    authorities.add(new OidcUserAuthority(userRequest.getIdToken(), userInfo));
    OAuth2AccessToken token = userRequest.getAccessToken();
    for (String authority : token.getScopes()) {
        authorities.add(new SimpleGrantedAuthority("SCOPE_" + authority));
    }
    return getUser(userRequest, userInfo, authorities);
}
Also used : LinkedHashSet(java.util.LinkedHashSet) OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User) OidcUserAuthority(org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) OidcUserInfo(org.springframework.security.oauth2.core.oidc.OidcUserInfo) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException)

Example 92 with OAuth2Error

use of org.springframework.security.oauth2.core.OAuth2Error in project spring-security by spring-projects.

the class NimbusJwtDecoderTests method decodeWhenReadingErrorPickTheFirstErrorMessage.

@Test
public void decodeWhenReadingErrorPickTheFirstErrorMessage() {
    OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
    this.jwtDecoder.setJwtValidator(jwtValidator);
    OAuth2Error errorEmpty = new OAuth2Error("mock-error", "", "mock-uri");
    OAuth2Error error = new OAuth2Error("mock-error", "mock-description", "mock-uri");
    OAuth2Error error2 = new OAuth2Error("mock-error-second", "mock-description-second", "mock-uri-second");
    OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(errorEmpty, error, error2);
    given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
    // @formatter:off
    assertThatExceptionOfType(JwtValidationException.class).isThrownBy(() -> this.jwtDecoder.decode(SIGNED_JWT)).withMessageContaining("mock-description");
// @formatter:on
}
Also used : OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) OAuth2TokenValidatorResult(org.springframework.security.oauth2.core.OAuth2TokenValidatorResult) Test(org.junit.jupiter.api.Test)

Example 93 with OAuth2Error

use of org.springframework.security.oauth2.core.OAuth2Error in project spring-security by spring-projects.

the class NimbusJwtDecoderTests method decodeWhenJwtValidationHasTwoErrorsThenJwtExceptionMessageShowsFirstError.

@Test
public void decodeWhenJwtValidationHasTwoErrorsThenJwtExceptionMessageShowsFirstError() {
    OAuth2Error firstFailure = new OAuth2Error("mock-error", "mock-description", "mock-uri");
    OAuth2Error secondFailure = new OAuth2Error("another-error", "another-description", "another-uri");
    OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(firstFailure, secondFailure);
    OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
    given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
    this.jwtDecoder.setJwtValidator(jwtValidator);
    // @formatter:off
    assertThatExceptionOfType(JwtValidationException.class).isThrownBy(() -> this.jwtDecoder.decode(SIGNED_JWT)).withMessageContaining("mock-description").satisfies((ex) -> assertThat(ex).hasFieldOrPropertyWithValue("errors", Arrays.asList(firstFailure, secondFailure)));
// @formatter:on
}
Also used : OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) OAuth2TokenValidatorResult(org.springframework.security.oauth2.core.OAuth2TokenValidatorResult) Test(org.junit.jupiter.api.Test)

Example 94 with OAuth2Error

use of org.springframework.security.oauth2.core.OAuth2Error in project spring-security by spring-projects.

the class NimbusReactiveJwtDecoderTests method decodeWhenUsingCustomValidatorThenValidatorIsInvoked.

@Test
public void decodeWhenUsingCustomValidatorThenValidatorIsInvoked() {
    OAuth2TokenValidator jwtValidator = mock(OAuth2TokenValidator.class);
    this.decoder.setJwtValidator(jwtValidator);
    OAuth2Error error = new OAuth2Error("mock-error", "mock-description", "mock-uri");
    OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(error);
    given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
    // @formatter:off
    assertThatExceptionOfType(JwtValidationException.class).isThrownBy(() -> this.decoder.decode(this.messageReadToken).block()).withMessageContaining("mock-description");
// @formatter:on
}
Also used : OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) OAuth2TokenValidatorResult(org.springframework.security.oauth2.core.OAuth2TokenValidatorResult) Test(org.junit.jupiter.api.Test)

Example 95 with OAuth2Error

use of org.springframework.security.oauth2.core.OAuth2Error in project spring-security by spring-projects.

the class NimbusJwtDecoderJwkSupportTests method decodeWhenJwtValidationHasTwoErrorsThenJwtExceptionMessageShowsFirstError.

@Test
public void decodeWhenJwtValidationHasTwoErrorsThenJwtExceptionMessageShowsFirstError() throws Exception {
    try (MockWebServer server = new MockWebServer()) {
        server.enqueue(new MockResponse().setBody(JWK_SET));
        String jwkSetUrl = server.url("/.well-known/jwks.json").toString();
        NimbusJwtDecoderJwkSupport decoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl);
        OAuth2Error firstFailure = new OAuth2Error("mock-error", "mock-description", "mock-uri");
        OAuth2Error secondFailure = new OAuth2Error("another-error", "another-description", "another-uri");
        OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(firstFailure, secondFailure);
        OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class);
        given(jwtValidator.validate(any(Jwt.class))).willReturn(result);
        decoder.setJwtValidator(jwtValidator);
        // @formatter:off
        assertThatExceptionOfType(JwtValidationException.class).isThrownBy(() -> decoder.decode(SIGNED_JWT)).withMessageContaining("mock-description").satisfies((ex) -> assertThat(ex).hasFieldOrPropertyWithValue("errors", Arrays.asList(firstFailure, secondFailure)));
    // @formatter:on
    }
}
Also used : MockResponse(okhttp3.mockwebserver.MockResponse) MockWebServer(okhttp3.mockwebserver.MockWebServer) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) OAuth2TokenValidatorResult(org.springframework.security.oauth2.core.OAuth2TokenValidatorResult) Test(org.junit.jupiter.api.Test)

Aggregations

OAuth2Error (org.springframework.security.oauth2.core.OAuth2Error)133 OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)57 Test (org.junit.jupiter.api.Test)53 OAuth2AuthorizationException (org.springframework.security.oauth2.core.OAuth2AuthorizationException)25 Authentication (org.springframework.security.core.Authentication)22 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)18 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)17 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)16 OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)16 Jwt (org.springframework.security.oauth2.jwt.Jwt)15 Instant (java.time.Instant)14 Map (java.util.Map)13 FilterChain (javax.servlet.FilterChain)12 OAuth2AuthorizationResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)12 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)10 OAuth2TokenValidatorResult (org.springframework.security.oauth2.core.OAuth2TokenValidatorResult)10 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)9 OAuth2AuthorizationContext (org.springframework.security.oauth2.client.OAuth2AuthorizationContext)9 OAuth2User (org.springframework.security.oauth2.core.user.OAuth2User)9 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)8