@Override public String toString() { return getSummary(); }
private void validateScope(Set<String> requestScopes, Set<String> clientScopes) { if (clientScopes != null && !clientScopes.isEmpty()) { for (String scope : requestScopes) { if (!clientScopes.contains(scope)) { throw new InvalidScopeException("Invalid scope: " + scope, clientScopes); } } } if (requestScopes.isEmpty()) { throw new InvalidScopeException("Empty scope (either the client or the user is not allowed the requested scopes)"); } }
return new InvalidClientException(errorMessage); return new UnauthorizedClientException(errorMessage); return new InvalidGrantException(errorMessage); return new InvalidScopeException(errorMessage); return new InvalidTokenException(errorMessage); return new InvalidRequestException(errorMessage); return new RedirectMismatchException(errorMessage); return new UnsupportedGrantTypeException(errorMessage); return new UnsupportedResponseTypeException(errorMessage); return new UserDeniedAuthorizationException(errorMessage); return new OAuth2Exception(errorMessage);
@Override protected void validateJtiValue(String jtiValue) { if (jtiValue.endsWith(REFRESH_TOKEN_SUFFIX)) { throw new InvalidTokenException("Invalid access token.", null); } }
public String resolveRedirect(String requestedRedirect, ClientDetails client) throws OAuth2Exception { Set<String> authorizedGrantTypes = client.getAuthorizedGrantTypes(); if (authorizedGrantTypes.isEmpty()) { throw new InvalidGrantException("A client must have at least one authorized grant type."); } if (!containsRedirectGrantType(authorizedGrantTypes)) { throw new InvalidGrantException( "A redirect_uri can only be used by implicit or authorization_code grant types."); } Set<String> registeredRedirectUris = client.getRegisteredRedirectUri(); if (registeredRedirectUris == null || registeredRedirectUris.isEmpty()) { throw new InvalidRequestException("At least one redirect_uri must be registered with the client."); } return obtainMatchingRedirect(registeredRedirectUris, requestedRedirect); }
public OAuth2Authentication consumeAuthorizationCode(String code) throws InvalidGrantException { OAuth2Authentication auth = this.remove(code); if (auth == null) { throw new InvalidGrantException("Invalid authorization code: " + code); } return auth; }
protected JaxbOAuth2Exception convertToInternal(OAuth2Exception exception) { JaxbOAuth2Exception result = new JaxbOAuth2Exception(); result.setDescription(exception.getMessage()); result.setErrorCode(exception.getOAuth2ErrorCode()); return result; }
protected void validateGrantType(String grantType, ClientDetails clientDetails) { Collection<String> authorizedGrantTypes = clientDetails.getAuthorizedGrantTypes(); if (authorizedGrantTypes != null && !authorizedGrantTypes.isEmpty() && !authorizedGrantTypes.contains(grantType)) { throw new InvalidClientException("Unauthorized grant type: " + grantType); } }
public OAuth2Exception read(Class<? extends OAuth2Exception> clazz, HttpInputMessage inputMessage) throws IOException, HttpMessageNotReadableException { MultiValueMap<String, String> data = delegateMessageConverter.read(null, inputMessage); Map<String,String> flattenedData = data.toSingleValueMap(); return OAuth2Exception.valueOf(flattenedData); }
public InsufficientScopeException(String msg, Set<String> validScope) { this(msg); addAdditionalInformation("scope", OAuth2Utils.formatParameterList(validScope)); }
public InvalidScopeException(String msg, Set<String> validScope) { this(msg); addAdditionalInformation("scope", OAuth2Utils.formatParameterList(validScope)); }
protected OAuth2Exception convertToExternal(JaxbOAuth2Exception jaxbOAuth2Exception) { return OAuth2Exception.create(jaxbOAuth2Exception.getErrorCode(), jaxbOAuth2Exception.getDescription()); } }
@Override protected void validateJtiValue(String jtiValue) { if (!jtiValue.endsWith(REFRESH_TOKEN_SUFFIX)) { throw new InvalidTokenException("Invalid refresh token.", null); } }
@ExceptionHandler(OAuth2Exception.class) public ModelAndView handleOAuth2Exception(OAuth2Exception e, ServletWebRequest webRequest) throws Exception { logger.info("Handling OAuth2 error: " + e.getSummary()); return handleException(e, webRequest); }
@Override protected void validateJtiValue(String jtiValue) { if (jtiValue.endsWith(REFRESH_TOKEN_SUFFIX)) { throw new InvalidTokenException("Invalid access token.", null); } } }
protected TokenValidation checkRequiredUserGroups(Collection<String> requiredGroups, Collection<String> userGroups) { if (!UaaTokenUtils.hasRequiredUserGroups(requiredGroups, userGroups)) { throw new InvalidTokenException("User does not meet the client's required group criteria.", null); } return this; }
/** * Get a refresh token by its token value. */ @Override public OAuth2RefreshTokenEntity getRefreshToken(String refreshTokenValue) throws AuthenticationException { OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenByValue(refreshTokenValue); if (refreshToken == null) { throw new InvalidTokenException("Refresh token for value " + refreshTokenValue + " was not found"); } else { return refreshToken; } }
@Override public OAuth2Authentication loadAuthentication(String accessToken) throws AuthenticationException, InvalidTokenException { Map<String, Object> map = getMap(this.userInfoEndpointUrl, accessToken); if (map.containsKey("error")) { this.logger.debug("userinfo returned error: " + map.get("error")); throw new InvalidTokenException(accessToken); } return extractAuthentication(map); }
@Override public OAuth2Authentication loadAuthentication(String accessToken) throws AuthenticationException, InvalidTokenException { Map<String, Object> map = getMap(this.userInfoEndpointUrl, accessToken); if (map.containsKey("error")) { this.logger.debug("userinfo returned error: " + map.get("error")); throw new InvalidTokenException(accessToken); } return extractAuthentication(map); }
@Override public OAuth2AccessToken readAccessToken(String tokenValue) { OAuth2AccessToken accessToken = convertAccessToken(tokenValue); if (jwtTokenEnhancer.isRefreshToken(accessToken)) { throw new InvalidTokenException("Encoded token is a refresh token"); } return accessToken; }