Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-28 23:02:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Handle unsuccessful UserInfo response

Browse Source 
Fixes gh-4351
This commit is contained in:
Joe Grandja 2017-05-24 15:43:21 -04:00
parent 521feb9a1b
commit 3ccf6764c1
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/nimbus/NimbusOAuth2UserService.java
View File

@ -100,8 +100,21 @@ public class NimbusOAuth2UserService implements OAuth2UserService {
if (httpResponse.getStatusCode() != HTTPResponse.SC_OK) { if (httpResponse.getStatusCode() != HTTPResponse.SC_OK) {
UserInfoErrorResponse userInfoErrorResponse = UserInfoErrorResponse.parse(httpResponse); UserInfoErrorResponse userInfoErrorResponse = UserInfoErrorResponse.parse(httpResponse);
ErrorObject errorObject = userInfoErrorResponse.getErrorObject(); ErrorObject errorObject = userInfoErrorResponse.getErrorObject();
OAuth2Error oauth2Error = new OAuth2Error(errorObject.getCode(), errorObject.getDescription(),
(errorObject.getURI() != null ? errorObject.getURI().toString() : null)); StringBuilder errorDescription = new StringBuilder();
errorDescription.append("An error occurred while attempting to access the UserInfo Endpoint -> ");
errorDescription.append("Error details: [");
errorDescription.append("UserInfo Uri: ").append(userInfoUri.toString());
errorDescription.append(", Http Status: ").append(errorObject.getHTTPStatusCode());
if (errorObject.getCode() != null) {
errorDescription.append(", Error Code: ").append(errorObject.getCode());
}
if (errorObject.getDescription() != null) {
errorDescription.append(", Error Description: ").append(errorObject.getDescription());
}
errorDescription.append("]");
OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, errorDescription.toString(), null);
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
} }