Example usage for org.springframework.security.oauth.common OAuthException OAuthException

List of usage examples for org.springframework.security.oauth.common OAuthException OAuthException

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.oauth.common.*
  5. OAuthException
  6. OAuthException

Introduction

In this page you can find the example usage for org.springframework.security.oauth.common OAuthException OAuthException.

Prototype

public OAuthException(String message, Throwable throwable)

Source Link

Usage

From source file:org.jasig.ssp.service.security.lti.impl.LtiConsumerServiceImpl.java

@Override
public ConsumerDetails loadConsumerByConsumerKey(String consumerKey) throws OAuthException {
    // ConsumerDetailsService contract requires that this method must
    // not return null. All failures must be represented by OAuthException.
    final LtiConsumer consumer;
    try {/* w  w  w  .j a  v a2  s.c o  m*/
        consumer = findByConsumerKey(consumerKey);
        if (consumer == null) {
            throw new ObjectNotFoundException(consumerKey, LtiConsumer.class.getName());
        }

        // Technically you might be loading the consumer for other reasons that don't
        // have to do with processing an authentication request, but in practice that's
        // all we use this method for. So in order to avoid any possibly holes whereby
        // a disabled LtiConsumer successfully authenticates requests, we put that sort
        // of checking here rather than in processLaunch()
        if (consumer.getObjectStatus() != ObjectStatus.ACTIVE) {
            throw new ConsumerDetailsDisabledException(
                    "Consumer with key [" + consumerKey + "] has been disabled");
        }
        if (StringUtils.isBlank(consumer.getSecret())) {
            throw new ConsumerDetailsDisabledException(
                    "Consumer with key [" + consumerKey + "] has been disabled because it has no secret");
        }

        // Wrap in the same try catch b/c there's no semantic collision currently between
        // the possible exception types thrown by lookup and initialization ops, and
        // we're doing our best to ensure all failures are represented a OAuthException as
        // required by the contract
        BaseConsumerDetails consumerDetails = new BaseConsumerDetails();
        consumerDetails.setConsumerKey(consumer.getConsumerKey());
        consumerDetails.setSignatureSecret(new SharedConsumerSecretImpl(consumer.getSecret()));
        consumerDetails.setRequiredToObtainAuthenticatedToken(false);
        return consumerDetails;
    } catch (ObjectNotFoundException e) {
        // contract requires an OAuthException for all failures, including any sort of disabled/missing consumer
        throw new ConsumerDetailsNotFoundException("Failed to load consumer by key [" + consumerKey + "]", e);
    } catch (OAuthException e) {
        throw e;
    } catch (AuthenticationException e) {
        // Shouldn't happen, but if it does, it's probably not a InternalAuthenticationServiceException
        // as handled below. And we can be fairly sure the issue isn't a missing Consumer. So just... disabled.
        throw new ConsumerDetailsDisabledException("Failed to load consumer by key [" + consumerKey + "]", e);
    } catch (Exception e) {
        final InternalAuthenticationServiceException ssWrap = new InternalAuthenticationServiceException(
                "Failed to load consumer by key [" + consumerKey + "]", e);
        throw new OAuthException("Failed to load consumer by key [" + consumerKey + "]", ssWrap);
    }

}

From source file:org.springframework.security.oauth.provider.filter.OAuthProviderProcessingFilter.java

/**
 * Validate the signature of the request given the authentication request.
 *
 * @param authentication The authentication request.
 *//*from  w  w w. j  a va2s .  c  om*/
protected void validateSignature(ConsumerAuthentication authentication) throws AuthenticationException {
    SignatureSecret secret = authentication.getConsumerDetails().getSignatureSecret();
    String token = authentication.getConsumerCredentials().getToken();
    OAuthProviderToken authToken = null;
    if (token != null && !"".equals(token)) {
        authToken = getTokenServices().getToken(token);
    }

    String signatureMethod = authentication.getConsumerCredentials().getSignatureMethod();
    OAuthSignatureMethod method;
    try {
        method = getSignatureMethodFactory().getSignatureMethod(signatureMethod, secret,
                authToken != null ? authToken.getSecret() : null);
    } catch (UnsupportedSignatureMethodException e) {
        throw new OAuthException(e.getMessage(), e);
    }

    String signatureBaseString = authentication.getConsumerCredentials().getSignatureBaseString();
    String signature = authentication.getConsumerCredentials().getSignature();
    if (log.isDebugEnabled()) {
        log.debug("Verifying signature " + signature + " for signature base string " + signatureBaseString
                + " with method " + method.getName() + ".");
    }
    method.verify(signatureBaseString, signature);
}