protected String getRawAT(HttpServletRequest request){ String rawAT = null; String headerAT = HeaderUtils.getBearerAuthHeader(request); String paramAT = getFirstParameterValue(request, ACCESS_TOKEN); if (paramAT == null) { if (headerAT == null) { throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "no access token was sent.", HttpStatus.SC_BAD_REQUEST); } rawAT = headerAT; } else { if (headerAT == null) { rawAT = paramAT; } else { if (!paramAT.equals(headerAT)) { throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "too many access tokens.", HttpStatus.SC_BAD_REQUEST); } rawAT = paramAT; } } return rawAT; } protected AccessToken getAT(HttpServletRequest request) {
protected void handleOA2Error(OA2GeneralError oa2GeneralError, HttpServletResponse response) throws IOException { PrintWriter writer = response.getWriter(); response.setStatus(oa2GeneralError.getHttpStatus()); writer.println(OA2Constants.ERROR + "=\"" + encode(oa2GeneralError.getError()) + "\""); writer.println(OA2Constants.ERROR_DESCRIPTION + "=\"" + encode(oa2GeneralError.getDescription()) + "\""); writer.flush(); writer.close(); }
/** * Convert a redirectable error to a general one. The default is to set the status code * to 400 = bad request so something is there. * @param error */ public OA2GeneralError(OA2RedirectableError error) { setDescription(error.getDescription()); setError(error.getError()); setHttpStatus(HttpStatus.SC_BAD_REQUEST); }
/** * Note that all of the exceptions thrown here are because the callback cannot be verified, hence it is unclear * where the error is to be sent. * @param client * @param redirect */ public static void check(Client client, String redirect) { if(client == null){ throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "no client id", HttpStatus.SC_BAD_REQUEST); } if (!(client instanceof OA2Client)) { throw new NFWException("Internal error: Client is not an OA2Client"); } OA2Client oa2Client = (OA2Client) client; boolean foundCB = false; if(oa2Client.getCallbackURIs() == null){ throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "client has not registered any callback URIs", HttpStatus.SC_BAD_REQUEST); } for (String uri : oa2Client.getCallbackURIs()) { if (uri.equals(redirect)) { foundCB = true; break; } } if (!foundCB) { throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "The given redirect \"" + redirect + "\" is not valid for this client", HttpStatus.SC_BAD_REQUEST); //throw new GeneralException("Error: The given redirect is not valid for this client"); } }
t = new OA2GeneralError(OA2Errors.SERVER_ERROR, "Internal error", HttpStatus.SC_INTERNAL_SERVER_ERROR); handleOA2Error(new OA2GeneralError(OA2Errors.SERVER_ERROR, t.getMessage(), HttpStatus.SC_INTERNAL_SERVER_ERROR), response); return;
handleOA2Error(new OA2GeneralError(oa2RedirectableError), response); return;
@Override protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable { printAllParameters(request); Map<String, String> map = getFirstParameters(request); if (map.containsKey(OA2Constants.RESPONSE_TYPE)) { // Means this is an initial request. Pass it along to the init util to // unscramble it. MyHttpServletResponseWrapper wrapper = new MyHttpServletResponseWrapper(response); OA2AuthorizedServletUtil init = getInitUtil(); // JSPUtil.fwd(request, wrapper, AUTHORIZED_ENDPOINT); init.doDelegation(request, wrapper); if (wrapper.isExceptionEncountered()) { throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, wrapper.toString(), wrapper.getStatus()); } // something happened someplace else and the exception was handled. String content = wrapper.toString(); // issue now is that the nonce was registered in the init servlet (as it should be for OA1) // and now it will be rejected ever more. JSONObject j = JSONObject.fromObject(content); String code = j.get("code").toString(); String state = j.get("state").toString(); request.setAttribute("code", code); request.setAttribute("state", state); } super.doIt(request, response); }
if (2 < basicTokens.size()) { throw new OA2GeneralError(OA2Errors.INVALID_TOKEN, "Error: Too many authorization tokens.", HttpStatus.SC_UNAUTHORIZED);
throw new OA2GeneralError(OA2Errors.ACCESS_DENIED, "user info access denied", HttpStatus.SC_UNAUTHORIZED); throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "public client not authorized to access user information", HttpStatus.SC_UNAUTHORIZED); throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "no transaction for the access token was found.", HttpStatus.SC_BAD_REQUEST); throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "invalid access token.", HttpStatus.SC_BAD_REQUEST); throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "token expired.", HttpStatus.SC_BAD_REQUEST);
throw new OA2GeneralError(OA2Errors.ACCESS_DENIED, "access denied", HttpStatus.SC_UNAUTHORIZED); throw new OA2GeneralError(OA2Errors.ACCESS_DENIED, "access denied", HttpStatus.SC_UNAUTHORIZED);
throw new OA2GeneralError(OA2Errors.ACCESS_DENIED, "refresh token access denied", HttpStatus.SC_UNAUTHORIZED);
throw new OA2GeneralError(OA2Errors.INVALID_SCOPE, "invalid scope: no open id scope", HttpStatus.SC_UNAUTHORIZED); transaction.setFlowStates(flowStates); oa2se.getTransactionStore().save(transaction); throw new OA2GeneralError(OA2Errors.ACCESS_DENIED, "access denied", HttpStatus.SC_UNAUTHORIZED);
OA2ServiceTransaction st2 = (OA2ServiceTransaction) state.getTransaction(); if (!st2.getFlowStates().acceptRequests || !st2.getFlowStates().accessToken) { throw new OA2GeneralError(OA2Errors.ACCESS_DENIED, "access denied", HttpStatus.SC_UNAUTHORIZED);