private HttpStatus getStatus(AuthenticationException authException) { if (authException instanceof OAuth2AuthenticationException) { OAuth2Error error = ((OAuth2AuthenticationException) authException).getError(); if (error instanceof BearerTokenError) { return ((BearerTokenError) error).getHttpStatus(); } } return HttpStatus.UNAUTHORIZED; }
private Predicate<? super Throwable> errorCode(String errorCode) { return failed -> ((OAuth2AuthenticationException) failed).getError().getErrorCode() == errorCode; } }
private Map<String, String> createParameters(AuthenticationException authException) { Map<String, String> parameters = new LinkedHashMap<>(); if (this.realmName != null) { parameters.put("realm", this.realmName); } if (authException instanceof OAuth2AuthenticationException) { OAuth2Error error = ((OAuth2AuthenticationException) authException).getError(); parameters.put("error", error.getErrorCode()); if (StringUtils.hasText(error.getDescription())) { parameters.put("error_description", error.getDescription()); } if (StringUtils.hasText(error.getUri())) { parameters.put("error_uri", error.getUri()); } if (error instanceof BearerTokenError) { BearerTokenError bearerTokenError = (BearerTokenError) error; if (StringUtils.hasText(bearerTokenError.getScope())) { parameters.put("scope", bearerTokenError.getScope()); } } } return parameters; }
OAuth2Error error = ((OAuth2AuthenticationException) authException).getError();
@Test public void doFilterWhenAuthorizationResponseInvalidThenInvalidRequestError() throws Exception { String requestUri = "/login/oauth2/code/" + this.registration1.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); // NOTE: // A valid Authorization Response contains either a 'code' or 'error' parameter. // Don't set it to force an invalid Authorization Response. MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); this.filter.doFilter(request, response, filterChain); ArgumentCaptor<AuthenticationException> authenticationExceptionArgCaptor = ArgumentCaptor.forClass(AuthenticationException.class); verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture()); assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class); OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor.getValue(); assertThat(authenticationException.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INVALID_REQUEST); }
@Test public void doFilterWhenAuthorizationResponseAuthorizationRequestNotFoundThenAuthorizationRequestNotFoundError() throws Exception { String requestUri = "/login/oauth2/code/" + this.registration2.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, "state"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); this.filter.doFilter(request, response, filterChain); ArgumentCaptor<AuthenticationException> authenticationExceptionArgCaptor = ArgumentCaptor.forClass(AuthenticationException.class); verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture()); assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class); OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor.getValue(); assertThat(authenticationException.getError().getErrorCode()).isEqualTo("authorization_request_not_found"); }
assertThat(authenticationException.getError().getErrorCode()).isEqualTo("client_registration_not_found");
private HttpStatus getStatus(AuthenticationException authException) { if (authException instanceof OAuth2AuthenticationException) { OAuth2Error error = ((OAuth2AuthenticationException) authException).getError(); if (error instanceof BearerTokenError) { return ((BearerTokenError) error).getHttpStatus(); } } return HttpStatus.UNAUTHORIZED; }
private Map<String, String> createParameters(AuthenticationException authException) { Map<String, String> parameters = new LinkedHashMap<>(); if (this.realmName != null) { parameters.put("realm", this.realmName); } if (authException instanceof OAuth2AuthenticationException) { OAuth2Error error = ((OAuth2AuthenticationException) authException).getError(); parameters.put("error", error.getErrorCode()); if (StringUtils.hasText(error.getDescription())) { parameters.put("error_description", error.getDescription()); } if (StringUtils.hasText(error.getUri())) { parameters.put("error_uri", error.getUri()); } if (error instanceof BearerTokenError) { BearerTokenError bearerTokenError = (BearerTokenError) error; if (StringUtils.hasText(bearerTokenError.getScope())) { parameters.put("scope", bearerTokenError.getScope()); } } } return parameters; }
OAuth2Error error = ((OAuth2AuthenticationException) authException).getError();