diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationExchangeValidator.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationExchangeValidator.java index a23b09f291..eb20729ac0 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationExchangeValidator.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationExchangeValidator.java @@ -15,7 +15,7 @@ */ package org.springframework.security.oauth2.client.authentication; -import org.springframework.security.oauth2.core.OAuth2AuthenticationException; +import org.springframework.security.oauth2.core.OAuth2AuthorizationException; import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; @@ -37,18 +37,17 @@ final class OAuth2AuthorizationExchangeValidator { OAuth2AuthorizationResponse authorizationResponse = authorizationExchange.getAuthorizationResponse(); if (authorizationResponse.statusError()) { - throw new OAuth2AuthenticationException( - authorizationResponse.getError(), authorizationResponse.getError().toString()); + throw new OAuth2AuthorizationException(authorizationResponse.getError()); } if (!authorizationResponse.getState().equals(authorizationRequest.getState())) { OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE); - throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); + throw new OAuth2AuthorizationException(oauth2Error); } if (!authorizationResponse.getRedirectUri().equals(authorizationRequest.getRedirectUri())) { OAuth2Error oauth2Error = new OAuth2Error(INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE); - throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); + throw new OAuth2AuthorizationException(oauth2Error); } } } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java index 6c032fb073..a182191636 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java @@ -25,6 +25,9 @@ import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCo import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest; import org.springframework.security.oauth2.client.userinfo.OAuth2UserService; import org.springframework.security.oauth2.core.OAuth2AccessToken; +import org.springframework.security.oauth2.core.OAuth2AuthenticationException; +import org.springframework.security.oauth2.core.OAuth2AuthorizationException; +import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.util.Assert; @@ -92,14 +95,20 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider return null; } - OAuth2AuthorizationExchangeValidator.validate( - authorizationCodeAuthentication.getAuthorizationExchange()); + OAuth2AccessTokenResponse accessTokenResponse; + try { + OAuth2AuthorizationExchangeValidator.validate( + authorizationCodeAuthentication.getAuthorizationExchange()); - OAuth2AccessTokenResponse accessTokenResponse = - this.accessTokenResponseClient.getTokenResponse( - new OAuth2AuthorizationCodeGrantRequest( - authorizationCodeAuthentication.getClientRegistration(), - authorizationCodeAuthentication.getAuthorizationExchange())); + accessTokenResponse = this.accessTokenResponseClient.getTokenResponse( + new OAuth2AuthorizationCodeGrantRequest( + authorizationCodeAuthentication.getClientRegistration(), + authorizationCodeAuthentication.getAuthorizationExchange())); + + } catch (OAuth2AuthorizationException ex) { + OAuth2Error oauth2Error = ex.getError(); + throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); + } OAuth2AccessToken accessToken = accessTokenResponse.getAccessToken(); Map additionalParameters = accessTokenResponse.getAdditionalParameters(); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java index 729f91423e..aad47b05c9 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java @@ -24,6 +24,8 @@ import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessT import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest; import org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService; import org.springframework.security.oauth2.core.OAuth2AccessToken; +import org.springframework.security.oauth2.core.OAuth2AuthenticationException; +import org.springframework.security.oauth2.core.OAuth2AuthorizationException; import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.util.Assert; import reactor.core.publisher.Mono; @@ -88,6 +90,7 @@ public class OAuth2LoginReactiveAuthenticationManager implements } return this.authorizationCodeManager.authenticate(token) + .onErrorMap(OAuth2AuthorizationException.class, e -> new OAuth2AuthenticationException(e.getError(), e.getError().toString())) .cast(OAuth2AuthorizationCodeAuthenticationToken.class) .flatMap(this::onSuccess); }); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java index 7957a2dd1b..5f75b5646d 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java @@ -31,11 +31,10 @@ import com.nimbusds.oauth2.sdk.auth.Secret; import com.nimbusds.oauth2.sdk.http.HTTPRequest; import com.nimbusds.oauth2.sdk.id.ClientID; import org.springframework.http.MediaType; -import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.OAuth2AccessToken; -import org.springframework.security.oauth2.core.OAuth2AuthenticationException; +import org.springframework.security.oauth2.core.OAuth2AuthorizationException; import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.OAuth2ErrorCodes; import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; @@ -69,9 +68,7 @@ public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessT private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response"; @Override - public OAuth2AccessTokenResponse getTokenResponse(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest) - throws OAuth2AuthenticationException { - + public OAuth2AccessTokenResponse getTokenResponse(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest) { ClientRegistration clientRegistration = authorizationGrantRequest.getClientRegistration(); // Build the authorization code grant request for the token endpoint @@ -100,13 +97,10 @@ public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessT httpRequest.setConnectTimeout(30000); httpRequest.setReadTimeout(30000); tokenResponse = com.nimbusds.oauth2.sdk.TokenResponse.parse(httpRequest.send()); - } catch (ParseException pe) { + } catch (ParseException | IOException ex) { OAuth2Error oauth2Error = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE, - "An error occurred parsing the Access Token response: " + pe.getMessage(), null); - throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), pe); - } catch (IOException ioe) { - throw new AuthenticationServiceException("An error occurred while sending the Access Token Request: " + - ioe.getMessage(), ioe); + "An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: " + ex.getMessage(), null); + throw new OAuth2AuthorizationException(oauth2Error, ex); } if (!tokenResponse.indicatesSuccess()) { @@ -121,7 +115,7 @@ public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessT errorObject.getDescription(), errorObject.getURI() != null ? errorObject.getURI().toString() : null); } - throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); + throw new OAuth2AuthorizationException(oauth2Error); } AccessTokenResponse accessTokenResponse = (AccessTokenResponse) tokenResponse; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java index 23fb503682..030bb5e04c 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2017 the original author or authors. + * Copyright 2002-2018 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,7 +17,7 @@ package org.springframework.security.oauth2.client.endpoint; import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.OAuth2AuthenticationException; +import org.springframework.security.oauth2.core.OAuth2AuthorizationException; import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; /** @@ -42,8 +42,8 @@ public interface OAuth2AccessTokenResponseClient getTokenResponse(T authorizationGrantRequest) throws OAuth2AuthenticationException; + Mono getTokenResponse(T authorizationGrantRequest); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java index 6fdee0c9ce..61e387f408 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java @@ -18,7 +18,6 @@ package org.springframework.security.oauth2.client.endpoint; import org.springframework.http.MediaType; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse; @@ -50,9 +49,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClient implements Re .build(); @Override - public Mono getTokenResponse(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest) - throws OAuth2AuthenticationException { - + public Mono getTokenResponse(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest) { return Mono.defer(() -> { ClientRegistration clientRegistration = authorizationGrantRequest.getClientRegistration(); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java index 87a64227ea..19d7a86921 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java @@ -32,6 +32,7 @@ import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.userinfo.OAuth2UserService; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; +import org.springframework.security.oauth2.core.OAuth2AuthorizationException; import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; @@ -131,11 +132,16 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); } - OAuth2AccessTokenResponse accessTokenResponse = - this.accessTokenResponseClient.getTokenResponse( - new OAuth2AuthorizationCodeGrantRequest( - authorizationCodeAuthentication.getClientRegistration(), - authorizationCodeAuthentication.getAuthorizationExchange())); + OAuth2AccessTokenResponse accessTokenResponse; + try { + accessTokenResponse = this.accessTokenResponseClient.getTokenResponse( + new OAuth2AuthorizationCodeGrantRequest( + authorizationCodeAuthentication.getClientRegistration(), + authorizationCodeAuthentication.getAuthorizationExchange())); + } catch (OAuth2AuthorizationException ex) { + OAuth2Error oauth2Error = ex.getError(); + throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); + } ClientRegistration clientRegistration = authorizationCodeAuthentication.getClientRegistration(); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java index c2a5336fab..f895ad3c3f 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java @@ -28,6 +28,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio import org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService; import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; +import org.springframework.security.oauth2.core.OAuth2AuthorizationException; import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; @@ -136,7 +137,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements authorizationCodeAuthentication.getAuthorizationExchange()); return this.accessTokenResponseClient.getTokenResponse(authzRequest) - .flatMap(accessTokenResponse -> authenticationResult(authorizationCodeAuthentication, accessTokenResponse)); + .flatMap(accessTokenResponse -> authenticationResult(authorizationCodeAuthentication, accessTokenResponse)) + .onErrorMap(OAuth2AuthorizationException.class, e -> new OAuth2AuthenticationException(e.getError(), e.getError().toString())); }); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java index 798f49831d..f8ba0c2d85 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java @@ -24,7 +24,7 @@ import org.springframework.security.oauth2.client.authentication.OAuth2Authoriza import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; -import org.springframework.security.oauth2.core.OAuth2AuthenticationException; +import org.springframework.security.oauth2.core.OAuth2AuthorizationException; import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; @@ -177,7 +177,7 @@ public class OAuth2AuthorizationCodeGrantFilter extends OncePerRequestFilter { try { authenticationResult = (OAuth2AuthorizationCodeAuthenticationToken) this.authenticationManager.authenticate(authenticationRequest); - } catch (OAuth2AuthenticationException ex) { + } catch (OAuth2AuthorizationException ex) { OAuth2Error error = ex.getError(); UriComponentsBuilder uriBuilder = UriComponentsBuilder .fromUriString(authorizationResponse.getRedirectUri()) diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java index 23e4e32b71..2032a163c9 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java @@ -20,7 +20,7 @@ import org.springframework.security.core.Authentication; import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken; import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken; import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository; -import org.springframework.security.oauth2.core.OAuth2AuthenticationException; +import org.springframework.security.oauth2.core.OAuth2AuthorizationException; import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; @@ -79,7 +79,7 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverter private Mono oauth2AuthenticationException(String errorCode) { return Mono.defer(() -> { OAuth2Error oauth2Error = new OAuth2Error(errorCode); - return Mono.error(new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString())); + return Mono.error(new OAuth2AuthorizationException(oauth2Error)); }); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java index 85176b0d08..622911124f 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java @@ -24,7 +24,7 @@ import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResp import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.core.OAuth2AccessToken; -import org.springframework.security.oauth2.core.OAuth2AuthenticationException; +import org.springframework.security.oauth2.core.OAuth2AuthorizationException; import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.OAuth2ErrorCodes; import org.springframework.security.oauth2.core.OAuth2RefreshToken; @@ -85,7 +85,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { } @Test - public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthenticationException() { + public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthorizationException() { when(this.authorizationResponse.statusError()).thenReturn(true); when(this.authorizationResponse.getError()).thenReturn(new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST)); @@ -93,11 +93,11 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { this.authenticationProvider.authenticate( new OAuth2AuthorizationCodeAuthenticationToken( this.clientRegistration, this.authorizationExchange)); - }).isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining(OAuth2ErrorCodes.INVALID_REQUEST); + }).isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(OAuth2ErrorCodes.INVALID_REQUEST); } @Test - public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthenticationException() { + public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthorizationException() { when(this.authorizationRequest.getState()).thenReturn("12345"); when(this.authorizationResponse.getState()).thenReturn("67890"); @@ -105,11 +105,11 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { this.authenticationProvider.authenticate( new OAuth2AuthorizationCodeAuthenticationToken( this.clientRegistration, this.authorizationExchange)); - }).isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("invalid_state_parameter"); + }).isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("invalid_state_parameter"); } @Test - public void authenticateWhenAuthorizationResponseRedirectUriNotEqualAuthorizationRequestRedirectUriThenThrowOAuth2AuthenticationException() { + public void authenticateWhenAuthorizationResponseRedirectUriNotEqualAuthorizationRequestRedirectUriThenThrowOAuth2AuthorizationException() { when(this.authorizationRequest.getRedirectUri()).thenReturn("http://example.com"); when(this.authorizationResponse.getRedirectUri()).thenReturn("http://example2.com"); @@ -117,7 +117,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { this.authenticationProvider.authenticate( new OAuth2AuthorizationCodeAuthenticationToken( this.clientRegistration, this.authorizationExchange)); - }).isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("invalid_redirect_uri_parameter"); + }).isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("invalid_redirect_uri_parameter"); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java index 97fd5210f3..f5112dbcb8 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java @@ -25,7 +25,7 @@ import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCo import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.TestClientRegistrations; -import org.springframework.security.oauth2.core.OAuth2AuthenticationException; +import org.springframework.security.oauth2.core.OAuth2AuthorizationException; import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange; @@ -67,24 +67,24 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests { } @Test - public void authenticateWhenErrorThenOAuth2AuthenticationException() { + public void authenticateWhenErrorThenOAuth2AuthorizationException() { this.authorizationResponse = TestOAuth2AuthorizationResponses.error(); assertThatCode(() -> authenticate()) - .isInstanceOf(OAuth2AuthenticationException.class); + .isInstanceOf(OAuth2AuthorizationException.class); } @Test - public void authenticateWhenStateNotEqualThenOAuth2AuthenticationException() { + public void authenticateWhenStateNotEqualThenOAuth2AuthorizationException() { this.authorizationRequest.state("notequal"); assertThatCode(() -> authenticate()) - .isInstanceOf(OAuth2AuthenticationException.class); + .isInstanceOf(OAuth2AuthorizationException.class); } @Test - public void authenticateWhenRedirectUriNotEqualThenOAuth2AuthenticationException() { + public void authenticateWhenRedirectUriNotEqualThenOAuth2AuthorizationException() { this.authorizationRequest.redirectUri("https://example.org/notequal"); assertThatCode(() -> authenticate()) - .isInstanceOf(OAuth2AuthenticationException.class); + .isInstanceOf(OAuth2AuthorizationException.class); } @Test @@ -106,11 +106,11 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests { } @Test - public void authenticateWhenOAuth2AuthenticationExceptionThenOAuth2AuthenticationException() { - when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.error(() -> new OAuth2AuthenticationException(new OAuth2Error("error")))); + public void authenticateWhenOAuth2AuthorizationExceptionThenOAuth2AuthorizationException() { + when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.error(() -> new OAuth2AuthorizationException(new OAuth2Error("error")))); assertThatCode(() -> authenticate()) - .isInstanceOf(OAuth2AuthenticationException.class); + .isInstanceOf(OAuth2AuthorizationException.class); } private OAuth2AuthorizationCodeAuthenticationToken authenticate() { diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java index 807fbb3c95..f88c1a0042 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java @@ -27,11 +27,10 @@ import org.powermock.core.classloader.annotations.PrepareForTest; import org.powermock.modules.junit4.PowerMockRunner; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; -import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.OAuth2AccessToken; -import org.springframework.security.oauth2.core.OAuth2AuthenticationException; +import org.springframework.security.oauth2.core.OAuth2AuthorizationException; import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; @@ -145,8 +144,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { } @Test - public void getTokenResponseWhenSuccessResponseInvalidThenThrowOAuth2AuthenticationException() throws Exception { - this.exception.expect(OAuth2AuthenticationException.class); + public void getTokenResponseWhenSuccessResponseInvalidThenThrowOAuth2AuthorizationException() throws Exception { + this.exception.expect(OAuth2AuthorizationException.class); this.exception.expectMessage(containsString("invalid_token_response")); MockWebServer server = new MockWebServer(); @@ -177,8 +176,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { } @Test - public void getTokenResponseWhenTokenUriInvalidThenThrowAuthenticationServiceException() throws Exception { - this.exception.expect(AuthenticationServiceException.class); + public void getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthorizationException() throws Exception { + this.exception.expect(OAuth2AuthorizationException.class); String tokenUri = "http://invalid-provider.com/oauth2/token"; when(this.providerDetails.getTokenUri()).thenReturn(tokenUri); @@ -188,8 +187,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { } @Test - public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthenticationException() throws Exception { - this.exception.expect(OAuth2AuthenticationException.class); + public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() throws Exception { + this.exception.expect(OAuth2AuthorizationException.class); this.exception.expectMessage(containsString("unauthorized_client")); MockWebServer server = new MockWebServer(); @@ -216,8 +215,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { // gh-5594 @Test - public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthenticationException() throws Exception { - this.exception.expect(OAuth2AuthenticationException.class); + public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() throws Exception { + this.exception.expect(OAuth2AuthorizationException.class); this.exception.expectMessage(containsString("server_error")); MockWebServer server = new MockWebServer(); @@ -237,8 +236,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { } @Test - public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthenticationException() throws Exception { - this.exception.expect(OAuth2AuthenticationException.class); + public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() throws Exception { + this.exception.expect(OAuth2AuthorizationException.class); this.exception.expectMessage(containsString("invalid_token_response")); MockWebServer server = new MockWebServer(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java index de5577cce1..f0185a1d6e 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java @@ -16,11 +16,8 @@ package org.springframework.security.oauth2.client.endpoint; -import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.assertThatThrownBy; - -import java.time.Instant; - +import okhttp3.mockwebserver.MockResponse; +import okhttp3.mockwebserver.MockWebServer; import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -30,14 +27,16 @@ import org.springframework.http.MediaType; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.TestClientRegistrations; import org.springframework.security.oauth2.core.OAuth2AccessToken; -import org.springframework.security.oauth2.core.OAuth2AuthenticationException; +import org.springframework.security.oauth2.core.OAuth2AuthorizationException; import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse; -import okhttp3.mockwebserver.MockResponse; -import okhttp3.mockwebserver.MockWebServer; +import java.time.Instant; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatThrownBy; /** * @author Rob Winch @@ -120,8 +119,8 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { // } // // @Test -// public void getTokenResponseWhenSuccessResponseInvalidThenThrowOAuth2AuthenticationException() throws Exception { -// this.exception.expect(OAuth2AuthenticationException.class); +// public void getTokenResponseWhenSuccessResponseInvalidThenThrowOAuth2AuthorizationException() throws Exception { +// this.exception.expect(OAuth2AuthorizationException.class); // this.exception.expectMessage(containsString("invalid_token_response")); // // MockWebServer server = new MockWebServer(); @@ -163,7 +162,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { // } // @Test - public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthenticationException() throws Exception { + public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() throws Exception { String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n"; @@ -171,23 +170,23 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value())); assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block()) - .isInstanceOf(OAuth2AuthenticationException.class) + .isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining("unauthorized_client"); } // gh-5594 @Test - public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthenticationException() throws Exception { + public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() throws Exception { String accessTokenErrorResponse = "{}"; this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value())); assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block()) - .isInstanceOf(OAuth2AuthenticationException.class) + .isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining("server_error"); } @Test - public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthenticationException() throws Exception { + public void getTokenResponseWhenSuccessResponseAndNotBearerTokenTypeThenThrowOAuth2AuthorizationException() throws Exception { String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"not-bearer\",\n" + @@ -197,7 +196,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); assertThatThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block()) - .isInstanceOf(OAuth2AuthenticationException.class) + .isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining("invalid_token_response"); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java index 9c40b76d85..4ba66595b7 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java @@ -40,7 +40,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.TestClientRegistrations; import org.springframework.security.oauth2.core.OAuth2AccessToken; -import org.springframework.security.oauth2.core.OAuth2AuthenticationException; +import org.springframework.security.oauth2.core.OAuth2AuthorizationException; import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.OAuth2ErrorCodes; import org.springframework.security.oauth2.core.OAuth2RefreshToken; @@ -196,7 +196,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { } @Test - public void doFilterWhenAuthenticationFailsThenHandleOAuth2AuthenticationException() throws Exception { + public void doFilterWhenAuthorizationFailsThenHandleOAuth2AuthorizationException() throws Exception { String requestUri = "/callback/client-1"; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); @@ -209,7 +209,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { this.setUpAuthorizationRequest(request, response, this.registration1); OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT); when(this.authenticationManager.authenticate(any(Authentication.class))) - .thenThrow(new OAuth2AuthenticationException(error, error.toString())); + .thenThrow(new OAuth2AuthorizationException(error)); this.filter.doFilter(request, response, filterChain); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTest.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTest.java index c21eba9c9a..5bbeb0fba4 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTest.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTest.java @@ -28,7 +28,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; -import org.springframework.security.oauth2.core.OAuth2AuthenticationException; +import org.springframework.security.oauth2.core.OAuth2AuthorizationException; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; @@ -87,30 +87,30 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTest { } @Test - public void applyWhenAuthorizationRequestEmptyThenOAuth2AuthenticationException() { + public void applyWhenAuthorizationRequestEmptyThenOAuth2AuthorizationException() { when(this.authorizationRequestRepository.removeAuthorizationRequest(any())).thenReturn(Mono.empty()); assertThatThrownBy(() -> applyConverter()) - .isInstanceOf(OAuth2AuthenticationException.class); + .isInstanceOf(OAuth2AuthorizationException.class); } @Test - public void applyWhenAdditionalParametersMissingThenOAuth2AuthenticationException() { + public void applyWhenAdditionalParametersMissingThenOAuth2AuthorizationException() { this.authorizationRequest.additionalParameters(Collections.emptyMap()); when(this.authorizationRequestRepository.removeAuthorizationRequest(any())).thenReturn(Mono.just(this.authorizationRequest.build())); assertThatThrownBy(() -> applyConverter()) - .isInstanceOf(OAuth2AuthenticationException.class) + .isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining(ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE); } @Test - public void applyWhenClientRegistrationMissingThenOAuth2AuthenticationException() { + public void applyWhenClientRegistrationMissingThenOAuth2AuthorizationException() { when(this.authorizationRequestRepository.removeAuthorizationRequest(any())).thenReturn(Mono.just(this.authorizationRequest.build())); when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.empty()); assertThatThrownBy(() -> applyConverter()) - .isInstanceOf(OAuth2AuthenticationException.class) + .isInstanceOf(OAuth2AuthorizationException.class) .hasMessageContaining(ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE); } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java index 897620aa47..60b9b05849 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java @@ -26,7 +26,7 @@ import net.minidev.json.JSONObject; import org.springframework.core.ParameterizedTypeReference; import org.springframework.http.ReactiveHttpInputMessage; import org.springframework.security.oauth2.core.OAuth2AccessToken; -import org.springframework.security.oauth2.core.OAuth2AuthenticationException; +import org.springframework.security.oauth2.core.OAuth2AuthorizationException; import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.OAuth2ErrorCodes; import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; @@ -70,7 +70,7 @@ class OAuth2AccessTokenResponseBodyExtractor catch (ParseException pe) { OAuth2Error oauth2Error = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE, "An error occurred parsing the Access Token response: " + pe.getMessage(), null); - throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), pe); + throw new OAuth2AuthorizationException(oauth2Error, pe); } } @@ -90,7 +90,7 @@ class OAuth2AccessTokenResponseBodyExtractor errorObject.getDescription(), errorObject.getURI() != null ? errorObject.getURI().toString() : null); } - return Mono.error(new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString())); + return Mono.error(new OAuth2AuthorizationException(oauth2Error)); } private static OAuth2AccessTokenResponse oauth2AccessTokenResponse(AccessTokenResponse accessTokenResponse) {