Use OAuth2AuthorizationException in authorization flows
This commit is contained in:
Joe Grandja
Rob Winch
parent
ef02ab2f8a
commit
8746e71b9a
|
|
@ -15,7 +15,7 @@
|
|||
*/
|
||||
package org.springframework.security.oauth2.client.authentication;
|
||||
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
|
|
@ -37,18 +37,17 @@ final class OAuth2AuthorizationExchangeValidator {
|
|||
OAuth2AuthorizationResponse authorizationResponse = authorizationExchange.getAuthorizationResponse();
|
||||
|
||||
if (authorizationResponse.statusError()) {
|
||||
throw new OAuth2AuthenticationException(
|
||||
authorizationResponse.getError(), authorizationResponse.getError().toString());
|
||||
throw new OAuth2AuthorizationException(authorizationResponse.getError());
|
||||
}
|
||||
|
||||
if (!authorizationResponse.getState().equals(authorizationRequest.getState())) {
|
||||
OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE);
|
||||
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
|
||||
throw new OAuth2AuthorizationException(oauth2Error);
|
||||
}
|
||||
|
||||
if (!authorizationResponse.getRedirectUri().equals(authorizationRequest.getRedirectUri())) {
|
||||
OAuth2Error oauth2Error = new OAuth2Error(INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE);
|
||||
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
|
||||
throw new OAuth2AuthorizationException(oauth2Error);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,6 +25,9 @@ import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCo
|
|||
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
|
||||
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.util.Assert;
|
||||
|
|
@ -92,14 +95,20 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
|
|||
return null;
|
||||
}
|
||||
|
||||
OAuth2AuthorizationExchangeValidator.validate(
|
||||
authorizationCodeAuthentication.getAuthorizationExchange());
|
||||
OAuth2AccessTokenResponse accessTokenResponse;
|
||||
try {
|
||||
OAuth2AuthorizationExchangeValidator.validate(
|
||||
authorizationCodeAuthentication.getAuthorizationExchange());
|
||||
|
||||
OAuth2AccessTokenResponse accessTokenResponse =
|
||||
this.accessTokenResponseClient.getTokenResponse(
|
||||
new OAuth2AuthorizationCodeGrantRequest(
|
||||
authorizationCodeAuthentication.getClientRegistration(),
|
||||
authorizationCodeAuthentication.getAuthorizationExchange()));
|
||||
accessTokenResponse = this.accessTokenResponseClient.getTokenResponse(
|
||||
new OAuth2AuthorizationCodeGrantRequest(
|
||||
authorizationCodeAuthentication.getClientRegistration(),
|
||||
authorizationCodeAuthentication.getAuthorizationExchange()));
|
||||
|
||||
} catch (OAuth2AuthorizationException ex) {
|
||||
OAuth2Error oauth2Error = ex.getError();
|
||||
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
|
||||
}
|
||||
|
||||
OAuth2AccessToken accessToken = accessTokenResponse.getAccessToken();
|
||||
Map<String, Object> additionalParameters = accessTokenResponse.getAdditionalParameters();
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessT
|
|||
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
|
||||
import org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.util.Assert;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
|
@ -88,6 +90,7 @@ public class OAuth2LoginReactiveAuthenticationManager implements
|
|||
}
|
||||
|
||||
return this.authorizationCodeManager.authenticate(token)
|
||||
.onErrorMap(OAuth2AuthorizationException.class, e -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()))
|
||||
.cast(OAuth2AuthorizationCodeAuthenticationToken.class)
|
||||
.flatMap(this::onSuccess);
|
||||
});
|
||||
|
|
|
|||
|
|
@ -31,11 +31,10 @@ import com.nimbusds.oauth2.sdk.auth.Secret;
|
|||
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
|
||||
import com.nimbusds.oauth2.sdk.id.ClientID;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||
|
|
@ -69,9 +68,7 @@ public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessT
|
|||
private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
|
||||
|
||||
@Override
|
||||
public OAuth2AccessTokenResponse getTokenResponse(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest)
|
||||
throws OAuth2AuthenticationException {
|
||||
|
||||
public OAuth2AccessTokenResponse getTokenResponse(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest) {
|
||||
ClientRegistration clientRegistration = authorizationGrantRequest.getClientRegistration();
|
||||
|
||||
// Build the authorization code grant request for the token endpoint
|
||||
|
|
@ -100,13 +97,10 @@ public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessT
|
|||
httpRequest.setConnectTimeout(30000);
|
||||
httpRequest.setReadTimeout(30000);
|
||||
tokenResponse = com.nimbusds.oauth2.sdk.TokenResponse.parse(httpRequest.send());
|
||||
} catch (ParseException pe) {
|
||||
} catch (ParseException | IOException ex) {
|
||||
OAuth2Error oauth2Error = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE,
|
||||
"An error occurred parsing the Access Token response: " + pe.getMessage(), null);
|
||||
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), pe);
|
||||
} catch (IOException ioe) {
|
||||
throw new AuthenticationServiceException("An error occurred while sending the Access Token Request: " +
|
||||
ioe.getMessage(), ioe);
|
||||
"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: " + ex.getMessage(), null);
|
||||
throw new OAuth2AuthorizationException(oauth2Error, ex);
|
||||
}
|
||||
|
||||
if (!tokenResponse.indicatesSuccess()) {
|
||||
|
|
@ -121,7 +115,7 @@ public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessT
|
|||
errorObject.getDescription(),
|
||||
errorObject.getURI() != null ? errorObject.getURI().toString() : null);
|
||||
}
|
||||
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
|
||||
throw new OAuth2AuthorizationException(oauth2Error);
|
||||
}
|
||||
|
||||
AccessTokenResponse accessTokenResponse = (AccessTokenResponse) tokenResponse;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2017 the original author or authors.
|
||||
* Copyright 2002-2018 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -17,7 +17,7 @@ package org.springframework.security.oauth2.client.endpoint;
|
|||
|
||||
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||
|
||||
/**
|
||||
|
|
@ -42,8 +42,8 @@ public interface OAuth2AccessTokenResponseClient<T extends AbstractOAuth2Authori
|
|||
*
|
||||
* @param authorizationGrantRequest the authorization grant request that contains the authorization grant credential
|
||||
* @return an {@link OAuth2AccessTokenResponse} that contains the {@link OAuth2AccessTokenResponse#getAccessToken() access token} credential
|
||||
* @throws OAuth2AuthenticationException if an error occurs while attempting to exchange for the access token credential
|
||||
* @throws OAuth2AuthorizationException if an error occurs while attempting to exchange for the access token credential
|
||||
*/
|
||||
OAuth2AccessTokenResponse getTokenResponse(T authorizationGrantRequest) throws OAuth2AuthenticationException;
|
||||
OAuth2AccessTokenResponse getTokenResponse(T authorizationGrantRequest);
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,9 +16,8 @@
|
|||
package org.springframework.security.oauth2.client.endpoint;
|
||||
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
/**
|
||||
|
|
@ -43,8 +42,8 @@ public interface ReactiveOAuth2AccessTokenResponseClient<T extends AbstractOAuth
|
|||
*
|
||||
* @param authorizationGrantRequest the authorization grant request that contains the authorization grant credential
|
||||
* @return an {@link OAuth2AccessTokenResponse} that contains the {@link OAuth2AccessTokenResponse#getAccessToken() access token} credential
|
||||
* @throws OAuth2AuthenticationException if an error occurs while attempting to exchange for the access token credential
|
||||
* @throws OAuth2AuthorizationException if an error occurs while attempting to exchange for the access token credential
|
||||
*/
|
||||
Mono<OAuth2AccessTokenResponse> getTokenResponse(T authorizationGrantRequest) throws OAuth2AuthenticationException;
|
||||
Mono<OAuth2AccessTokenResponse> getTokenResponse(T authorizationGrantRequest);
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,7 +18,6 @@ package org.springframework.security.oauth2.client.endpoint;
|
|||
import org.springframework.http.MediaType;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
|
||||
|
|
@ -50,9 +49,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClient implements Re
|
|||
.build();
|
||||
|
||||
@Override
|
||||
public Mono<OAuth2AccessTokenResponse> getTokenResponse(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest)
|
||||
throws OAuth2AuthenticationException {
|
||||
|
||||
public Mono<OAuth2AccessTokenResponse> getTokenResponse(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest) {
|
||||
return Mono.defer(() -> {
|
||||
ClientRegistration clientRegistration = authorizationGrantRequest.getClientRegistration();
|
||||
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
|
|||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
|
|
@ -131,11 +132,16 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
|
|||
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
|
||||
}
|
||||
|
||||
OAuth2AccessTokenResponse accessTokenResponse =
|
||||
this.accessTokenResponseClient.getTokenResponse(
|
||||
new OAuth2AuthorizationCodeGrantRequest(
|
||||
authorizationCodeAuthentication.getClientRegistration(),
|
||||
authorizationCodeAuthentication.getAuthorizationExchange()));
|
||||
OAuth2AccessTokenResponse accessTokenResponse;
|
||||
try {
|
||||
accessTokenResponse = this.accessTokenResponseClient.getTokenResponse(
|
||||
new OAuth2AuthorizationCodeGrantRequest(
|
||||
authorizationCodeAuthentication.getClientRegistration(),
|
||||
authorizationCodeAuthentication.getAuthorizationExchange()));
|
||||
} catch (OAuth2AuthorizationException ex) {
|
||||
OAuth2Error oauth2Error = ex.getError();
|
||||
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
|
||||
}
|
||||
|
||||
ClientRegistration clientRegistration = authorizationCodeAuthentication.getClientRegistration();
|
||||
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
|
|||
import org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
|
|
@ -136,7 +137,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements
|
|||
authorizationCodeAuthentication.getAuthorizationExchange());
|
||||
|
||||
return this.accessTokenResponseClient.getTokenResponse(authzRequest)
|
||||
.flatMap(accessTokenResponse -> authenticationResult(authorizationCodeAuthentication, accessTokenResponse));
|
||||
.flatMap(accessTokenResponse -> authenticationResult(authorizationCodeAuthentication, accessTokenResponse))
|
||||
.onErrorMap(OAuth2AuthorizationException.class, e -> new OAuth2AuthenticationException(e.getError(), e.getError().toString()));
|
||||
});
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ import org.springframework.security.oauth2.client.authentication.OAuth2Authoriza
|
|||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
|
|
@ -177,7 +177,7 @@ public class OAuth2AuthorizationCodeGrantFilter extends OncePerRequestFilter {
|
|||
try {
|
||||
authenticationResult = (OAuth2AuthorizationCodeAuthenticationToken)
|
||||
this.authenticationManager.authenticate(authenticationRequest);
|
||||
} catch (OAuth2AuthenticationException ex) {
|
||||
} catch (OAuth2AuthorizationException ex) {
|
||||
OAuth2Error error = ex.getError();
|
||||
UriComponentsBuilder uriBuilder = UriComponentsBuilder
|
||||
.fromUriString(authorizationResponse.getRedirectUri())
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ import org.springframework.security.core.Authentication;
|
|||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
|
|
@ -79,7 +79,7 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverter
|
|||
private <T> Mono<T> oauth2AuthenticationException(String errorCode) {
|
||||
return Mono.defer(() -> {
|
||||
OAuth2Error oauth2Error = new OAuth2Error(errorCode);
|
||||
return Mono.error(new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()));
|
||||
return Mono.error(new OAuth2AuthorizationException(oauth2Error));
|
||||
});
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResp
|
|||
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
|
||||
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
|
||||
|
|
@ -85,7 +85,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthenticationException() {
|
||||
public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthorizationException() {
|
||||
when(this.authorizationResponse.statusError()).thenReturn(true);
|
||||
when(this.authorizationResponse.getError()).thenReturn(new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST));
|
||||
|
||||
|
|
@ -93,11 +93,11 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
|
|||
this.authenticationProvider.authenticate(
|
||||
new OAuth2AuthorizationCodeAuthenticationToken(
|
||||
this.clientRegistration, this.authorizationExchange));
|
||||
}).isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining(OAuth2ErrorCodes.INVALID_REQUEST);
|
||||
}).isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(OAuth2ErrorCodes.INVALID_REQUEST);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthenticationException() {
|
||||
public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthorizationException() {
|
||||
when(this.authorizationRequest.getState()).thenReturn("12345");
|
||||
when(this.authorizationResponse.getState()).thenReturn("67890");
|
||||
|
||||
|
|
@ -105,11 +105,11 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
|
|||
this.authenticationProvider.authenticate(
|
||||
new OAuth2AuthorizationCodeAuthenticationToken(
|
||||
this.clientRegistration, this.authorizationExchange));
|
||||
}).isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("invalid_state_parameter");
|
||||
}).isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("invalid_state_parameter");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenAuthorizationResponseRedirectUriNotEqualAuthorizationRequestRedirectUriThenThrowOAuth2AuthenticationException() {
|
||||
public void authenticateWhenAuthorizationResponseRedirectUriNotEqualAuthorizationRequestRedirectUriThenThrowOAuth2AuthorizationException() {
|
||||
when(this.authorizationRequest.getRedirectUri()).thenReturn("http://example.com");
|
||||
when(this.authorizationResponse.getRedirectUri()).thenReturn("http://example2.com");
|
||||
|
||||
|
|
@ -117,7 +117,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
|
|||
this.authenticationProvider.authenticate(
|
||||
new OAuth2AuthorizationCodeAuthenticationToken(
|
||||
this.clientRegistration, this.authorizationExchange));
|
||||
}).isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("invalid_redirect_uri_parameter");
|
||||
}).isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("invalid_redirect_uri_parameter");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCo
|
|||
import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
|
||||
|
|
@ -67,24 +67,24 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenErrorThenOAuth2AuthenticationException() {
|
||||
public void authenticateWhenErrorThenOAuth2AuthorizationException() {
|
||||
this.authorizationResponse = TestOAuth2AuthorizationResponses.error();
|
||||
assertThatCode(() -> authenticate())
|
||||
.isInstanceOf(OAuth2AuthenticationException.class);
|
||||
.isInstanceOf(OAuth2AuthorizationException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenStateNotEqualThenOAuth2AuthenticationException() {
|
||||
public void authenticateWhenStateNotEqualThenOAuth2AuthorizationException() {
|
||||
this.authorizationRequest.state("notequal");
|
||||
assertThatCode(() -> authenticate())
|
||||
.isInstanceOf(OAuth2AuthenticationException.class);
|
||||
.isInstanceOf(OAuth2AuthorizationException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenRedirectUriNotEqualThenOAuth2AuthenticationException() {
|
||||
public void authenticateWhenRedirectUriNotEqualThenOAuth2AuthorizationException() {
|
||||
this.authorizationRequest.redirectUri("https://example.org/notequal");
|
||||
assertThatCode(() -> authenticate())
|
||||
.isInstanceOf(OAuth2AuthenticationException.class);
|
||||
.isInstanceOf(OAuth2AuthorizationException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -106,11 +106,11 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenOAuth2AuthenticationExceptionThenOAuth2AuthenticationException() {
|
||||
when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.error(() -> new OAuth2AuthenticationException(new OAuth2Error("error"))));
|
||||
public void authenticateWhenOAuth2AuthorizationExceptionThenOAuth2AuthorizationException() {
|
||||
when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.error(() -> new OAuth2AuthorizationException(new OAuth2Error("error"))));
|
||||
|
||||
assertThatCode(() -> authenticate())
|
||||
.isInstanceOf(OAuth2AuthenticationException.class);
|
||||
.isInstanceOf(OAuth2AuthorizationException.class);
|
||||
}
|
||||
|
||||
private OAuth2AuthorizationCodeAuthenticationToken authenticate() {
|
||||
|
|
|
|||
|
|
@ -27,11 +27,10 @@ import org.powermock.core.classloader.annotations.PrepareForTest;
|
|||
import org.powermock.modules.junit4.PowerMockRunner;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
|
|
@ -145,8 +144,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void getTokenResponseWhenSuccessResponseInvalidThenThrowOAuth2AuthenticationException() throws Exception {
|
||||
this.exception.expect(OAuth2AuthenticationException.class);
|
||||
public void getTokenResponseWhenSuccessResponseInvalidThenThrowOAuth2AuthorizationException() throws Exception {
|
||||
this.exception.expect(OAuth2AuthorizationException.class);
|
||||
this.exception.expectMessage(containsString("invalid_token_response"));
|
||||
|
||||
MockWebServer server = new MockWebServer();
|
||||
|
|
@ -177,8 +176,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void getTokenResponseWhenTokenUriInvalidThenThrowAuthenticationServiceException() throws Exception {
|
||||
this.exception.expect(AuthenticationServiceException.class);
|
||||
public void getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthorizationException() throws Exception {
|
||||
this.exception.expect(OAuth2AuthorizationException.class);
|
||||
|
||||
String tokenUri = "http://invalid-provider.com/oauth2/token";
|
||||
when(this.providerDetails.getTokenUri()).thenReturn(tokenUri);
|
||||
|
|
@ -188,8 +187,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthenticationException() throws Exception {
|
||||
this.exception.expect(OAuth2AuthenticationException.class);
|
||||
public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() throws Exception {
|
||||
this.exception.expect(OAuth2AuthorizationException.class);
|
||||
this.exception.expectMessage(containsString("unauthorized_client"));
|
||||
|
||||
MockWebServer server = new MockWebServer();
|
||||
|
|
@ -216,8 +215,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
|
|||
|
||||
// gh-5594
|
||||
@Test
|
||||
public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthenticationException() throws Exception {
|
||||
this.exception.expect(OAuth2AuthenticationException.class);
|
||||
public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() throws Exception {
|
||||
this.exception.expect(OAuth2AuthorizationException.class);
|
||||
this.exception.expectMessage(containsString("server_error"));
|
||||
|
||||
MockWebServer server = new MockWebServer();
|
||||
|
|
@ -237,8 +236,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthenticationException() throws Exception {
|
||||
this.exception.expect(OAuth2AuthenticationException.class);
|
||||
public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() throws Exception {
|
||||
this.exception.expect(OAuth2AuthorizationException.class);
|
||||
this.exception.expectMessage(containsString("invalid_token_response"));
|
||||
|
||||
MockWebServer server = new MockWebServer();
|
||||
|
|
|
|||
|
|
@ -16,11 +16,8 @@
|
|||
|
||||
package org.springframework.security.oauth2.client.endpoint;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatThrownBy;
|
||||
|
||||
import java.time.Instant;
|
||||
|
||||
import okhttp3.mockwebserver.MockResponse;
|
||||
import okhttp3.mockwebserver.MockWebServer;
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
|
@ -30,14 +27,16 @@ import org.springframework.http.MediaType;
|
|||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
|
||||
|
||||
import okhttp3.mockwebserver.MockResponse;
|
||||
import okhttp3.mockwebserver.MockWebServer;
|
||||
import java.time.Instant;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatThrownBy;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
|
|
@ -120,8 +119,8 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
|
|||
// }
|
||||
//
|
||||
// @Test
|
||||
// public void getTokenResponseWhenSuccessResponseInvalidThenThrowOAuth2AuthenticationException() throws Exception {
|
||||
// this.exception.expect(OAuth2AuthenticationException.class);
|
||||
// public void getTokenResponseWhenSuccessResponseInvalidThenThrowOAuth2AuthorizationException() throws Exception {
|
||||
// this.exception.expect(OAuth2AuthorizationException.class);
|
||||
// this.exception.expectMessage(containsString("invalid_token_response"));
|
||||
//
|
||||
// MockWebServer server = new MockWebServer();
|
||||
|
|
@ -163,7 +162,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
|
|||
// }
|
||||
//
|
||||
@Test
|
||||
public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthenticationException() throws Exception {
|
||||
public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() throws Exception {
|
||||
String accessTokenErrorResponse = "{\n" +
|
||||
" \"error\": \"unauthorized_client\"\n" +
|
||||
"}\n";
|
||||
|
|
@ -171,23 +170,23 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
|
|||
this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value()));
|
||||
|
||||
assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block())
|
||||
.isInstanceOf(OAuth2AuthenticationException.class)
|
||||
.isInstanceOf(OAuth2AuthorizationException.class)
|
||||
.hasMessageContaining("unauthorized_client");
|
||||
}
|
||||
|
||||
// gh-5594
|
||||
@Test
|
||||
public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthenticationException() throws Exception {
|
||||
public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() throws Exception {
|
||||
String accessTokenErrorResponse = "{}";
|
||||
this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value()));
|
||||
|
||||
assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block())
|
||||
.isInstanceOf(OAuth2AuthenticationException.class)
|
||||
.isInstanceOf(OAuth2AuthorizationException.class)
|
||||
.hasMessageContaining("server_error");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthenticationException() throws Exception {
|
||||
public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() throws Exception {
|
||||
String accessTokenSuccessResponse = "{\n" +
|
||||
" \"access_token\": \"access-token-1234\",\n" +
|
||||
" \"token_type\": \"not-bearer\",\n" +
|
||||
|
|
@ -197,7 +196,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
|
|||
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
||||
|
||||
assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block())
|
||||
.isInstanceOf(OAuth2AuthenticationException.class)
|
||||
.isInstanceOf(OAuth2AuthorizationException.class)
|
||||
.hasMessageContaining("invalid_token_response");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
|
|||
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
|
||||
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
|
||||
|
|
@ -196,7 +196,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void doFilterWhenAuthenticationFailsThenHandleOAuth2AuthenticationException() throws Exception {
|
||||
public void doFilterWhenAuthorizationFailsThenHandleOAuth2AuthorizationException() throws Exception {
|
||||
String requestUri = "/callback/client-1";
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
|
||||
request.setServletPath(requestUri);
|
||||
|
|
@ -209,7 +209,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
|
|||
this.setUpAuthorizationRequest(request, response, this.registration1);
|
||||
OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT);
|
||||
when(this.authenticationManager.authenticate(any(Authentication.class)))
|
||||
.thenThrow(new OAuth2AuthenticationException(error, error.toString()));
|
||||
.thenThrow(new OAuth2AuthorizationException(error));
|
||||
|
||||
this.filter.doFilter(request, response, filterChain);
|
||||
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
|
|||
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
|
||||
|
|
@ -87,30 +87,30 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTest {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void applyWhenAuthorizationRequestEmptyThenOAuth2AuthenticationException() {
|
||||
public void applyWhenAuthorizationRequestEmptyThenOAuth2AuthorizationException() {
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any())).thenReturn(Mono.empty());
|
||||
|
||||
assertThatThrownBy(() -> applyConverter())
|
||||
.isInstanceOf(OAuth2AuthenticationException.class);
|
||||
.isInstanceOf(OAuth2AuthorizationException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void applyWhenAdditionalParametersMissingThenOAuth2AuthenticationException() {
|
||||
public void applyWhenAdditionalParametersMissingThenOAuth2AuthorizationException() {
|
||||
this.authorizationRequest.additionalParameters(Collections.emptyMap());
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any())).thenReturn(Mono.just(this.authorizationRequest.build()));
|
||||
|
||||
assertThatThrownBy(() -> applyConverter())
|
||||
.isInstanceOf(OAuth2AuthenticationException.class)
|
||||
.isInstanceOf(OAuth2AuthorizationException.class)
|
||||
.hasMessageContaining(ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void applyWhenClientRegistrationMissingThenOAuth2AuthenticationException() {
|
||||
public void applyWhenClientRegistrationMissingThenOAuth2AuthorizationException() {
|
||||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any())).thenReturn(Mono.just(this.authorizationRequest.build()));
|
||||
when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.empty());
|
||||
|
||||
assertThatThrownBy(() -> applyConverter())
|
||||
.isInstanceOf(OAuth2AuthenticationException.class)
|
||||
.isInstanceOf(OAuth2AuthorizationException.class)
|
||||
.hasMessageContaining(ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ import net.minidev.json.JSONObject;
|
|||
import org.springframework.core.ParameterizedTypeReference;
|
||||
import org.springframework.http.ReactiveHttpInputMessage;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||
|
|
@ -70,7 +70,7 @@ class OAuth2AccessTokenResponseBodyExtractor
|
|||
catch (ParseException pe) {
|
||||
OAuth2Error oauth2Error = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE,
|
||||
"An error occurred parsing the Access Token response: " + pe.getMessage(), null);
|
||||
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), pe);
|
||||
throw new OAuth2AuthorizationException(oauth2Error, pe);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -90,7 +90,7 @@ class OAuth2AccessTokenResponseBodyExtractor
|
|||
errorObject.getDescription(),
|
||||
errorObject.getURI() != null ? errorObject.getURI().toString() : null);
|
||||
}
|
||||
return Mono.error(new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()));
|
||||
return Mono.error(new OAuth2AuthorizationException(oauth2Error));
|
||||
}
|
||||
|
||||
private static OAuth2AccessTokenResponse oauth2AccessTokenResponse(AccessTokenResponse accessTokenResponse) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue