@Override public String resolveRedirect(String requestedRedirect, ClientDetails client) throws OAuth2Exception { String redirect = super.resolveRedirect(requestedRedirect, client); if (blacklistService.isBlacklisted(redirect)) { // don't let it go through throw new InvalidRequestException("The supplied redirect_uri is not allowed on this server."); } else { // not blacklisted, passed the parent test, we're fine return redirect; } }
throw new InvalidRequestException("An implicit grant could not be made");
public String resolveRedirect(String requestedRedirect, ClientDetails client) throws OAuth2Exception { Set<String> authorizedGrantTypes = client.getAuthorizedGrantTypes(); if (authorizedGrantTypes.isEmpty()) { throw new InvalidGrantException("A client must have at least one authorized grant type."); } if (!containsRedirectGrantType(authorizedGrantTypes)) { throw new InvalidGrantException( "A redirect_uri can only be used by implicit or authorization_code grant types."); } Set<String> registeredRedirectUris = client.getRegisteredRedirectUri(); if (registeredRedirectUris == null || registeredRedirectUris.isEmpty()) { throw new InvalidRequestException("At least one redirect_uri must be registered with the client."); } return obtainMatchingRedirect(registeredRedirectUris, requestedRedirect); }
ex = new InvalidRequestException(errorMessage);
return new InvalidRequestException(errorMessage);
ex = new InvalidRequestException(errorMessage);
throw new InvalidRequestException( "Possible CSRF detected - state parameter was required but no state could be found");
throw new InvalidRequestException("An implicit grant could not be made");
throw new InvalidRequestException("An authorization code must be supplied.");
throw new InvalidRequestException("Cannot approve uninitialized authorization request."); Map<String, Object> originalAuthorizationRequest = (Map<String, Object>) model.get(ORIGINAL_AUTHORIZATION_REQUEST_ATTR_NAME); if (isAuthorizationRequestModified(authorizationRequest, originalAuthorizationRequest)) { throw new InvalidRequestException("Changes were detected from the original authorization request."); throw new InvalidRequestException("Cannot approve request when no redirect URI is provided.");
throw new InvalidRequestException("Cannot approve uninitialized authorization request."); if (isAuthorizationRequestModified(authorizationRequest, originalAuthorizationRequest)) { logger.warn("The requested scopes are invalid"); throw new InvalidRequestException("Changes were detected from the original authorization request."); throw new InvalidRequestException("Cannot approve request when no redirect URI is provided.");
throw new InvalidRequestException("Missing grant type");
throw new InvalidRequestException("Code challenge and verifier do not match"); String hash = Base64URL.encode(digest.digest(verifier.getBytes(StandardCharsets.US_ASCII))).toString(); if (!challenge.equals(hash)) { throw new InvalidRequestException("Code challenge and verifier do not match");
form.set("state", stateKey); if (preservedState == null) { throw new InvalidRequestException( "Possible CSRF detected - state parameter was present but no state could be found");
/** * Returns the orcid id associated with an email address * * @param emailAddress * @return the orcid id associated with the given email address */ private String getOrcidIdFromEmail(String emailAddress) { Map<String, String> emailMap = emailManager.findOricdIdsByCommaSeparatedEmails(emailAddress); String unclaimedOrcid = emailMap == null ? null : emailMap.get(emailAddress); if (PojoUtil.isEmpty(unclaimedOrcid)) { throw new InvalidRequestException("Unable to find orcid id for " + emailAddress); } return unclaimedOrcid; }
@Override public String resolveRedirect(String requestedRedirect, ClientDetails client) throws OAuth2Exception { String redirect = super.resolveRedirect(requestedRedirect, client); if (blacklistService.isBlacklisted(redirect)) { // don't let it go through throw new InvalidRequestException("The supplied redirect_uri is not allowed on this server."); } else { // not blacklisted, passed the parent test, we're fine return redirect; } }
/** * Validates if the given email address could be auto deprecated * * @param emailAddress * The email we want to check */ private void checkAutoDeprecateIsEnabledForEmail(String emailAddress) throws InvalidRequestException { // If the email doesn't exists, just return if (!emailManager.emailExists(emailAddress)) { return; } // Check the record is not claimed if (profileEntityManager.isProfileClaimedByEmail(emailAddress)) { throw new InvalidRequestException("Email " + emailAddress + " already exists and is claimed, so, it can't be used again"); } // Check the auto deprecate is enabled for this email address if (!emailManager.isAutoDeprecateEnableForEmail(emailAddress)) { throw new InvalidRequestException("Autodeprecate is not enabled for " + emailAddress); } }
@Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException { if (request.getMethod().equals(RequestMethod.GET.name())) { InvalidRequestException ire = new InvalidRequestException(localeManager.resolveMessage("apiError.token_request_callmethod.exception")); throw new MethodNotAllowedException(localeManager.resolveMessage("apiError.token_request_callmethod.exception"), ire); } String clientId = request.getParameter("client_id"); String clientSecret = request.getParameter("client_secret"); LOGGER.info("About to attempt authentication: clientId={}", clientId); // If the request is already authenticated we can assume that this // filter is not needed Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication != null && authentication.isAuthenticated()) { LOGGER.info("Already got authentication in security context holder: principal={}, name={}", authentication.getPrincipal(), authentication.getName()); return authentication; } if (clientId == null) { throw new BadCredentialsException(localeManager.resolveMessage("apiError.client_credentials.exception")); } if (clientSecret == null) { clientSecret = ""; } clientId = clientId.trim(); UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(clientId, clientSecret); Authentication authenticationResult = this.getAuthenticationManager().authenticate(authRequest); if (authenticationResult != null) { LOGGER.info("Got authentication result: principal={}, name={}", authenticationResult.getPrincipal(), authenticationResult.getName()); } return authenticationResult; }
@Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException { if (request.getMethod().equals(RequestMethod.GET.name())) { InvalidRequestException ire = new InvalidRequestException(localeManager.resolveMessage("apiError.token_request_callmethod.exception")); throw new MethodNotAllowedException(localeManager.resolveMessage("apiError.token_request_callmethod.exception"), ire); } String clientId = request.getParameter("client_id"); String clientSecret = request.getParameter("client_secret"); // If the request is already authenticated we can assume that this // filter is not needed Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication != null && authentication.isAuthenticated()) { return authentication; } if (clientId == null) { throw new BadCredentialsException(localeManager.resolveMessage("apiError.client_credentials.exception")); } if (clientSecret == null) { clientSecret = ""; } clientId = clientId.trim(); UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(clientId, clientSecret); return this.getAuthenticationManager().authenticate(authRequest); }
@Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException { if (request.getMethod().equals(RequestMethod.GET.name())) { InvalidRequestException ire = new InvalidRequestException(localeManager.resolveMessage("apiError.token_request_callmethod.exception")); throw new MethodNotAllowedException(localeManager.resolveMessage("apiError.token_request_callmethod.exception"), ire); for (GrantedAuthority auth : authentication.getAuthorities()) { if (PUBLIC_ROLE.equals(auth.getAuthority())) { InvalidRequestException ire = new InvalidRequestException(localeManager.resolveMessage("apiError.memberapi_access.exception")); throw new MethodNotAllowedException(localeManager.resolveMessage("apiError.memberapi_access.exception"), ire);