List of usage examples for org.springframework.security.oauth2.common.exceptions InvalidScopeException getMessage
public String getMessage()
From source file:org.springframework.security.oauth2.common.exception.OAuth2ExceptionJackson2DeserializerTests.java
@Test public void readValueInvalidScope() throws Exception { String accessToken = createResponse(OAuth2Exception.INVALID_SCOPE); InvalidScopeException result = (InvalidScopeException) mapper.readValue(accessToken, OAuth2Exception.class); assertEquals(DETAILS, result.getMessage()); assertEquals(null, result.getAdditionalInformation()); }
From source file:org.orcid.frontend.web.controllers.OauthConfirmAccessController.java
@RequestMapping(value = { "/signin", "/login" }, method = RequestMethod.GET) public ModelAndView loginGetHandler2(HttpServletRequest request, HttpServletResponse response, ModelAndView mav) {//from www .j av a2 s . c o m // find client name if available SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response); String clientName = ""; String clientId = ""; String clientGroupName = ""; String email = ""; String clientDescription = ""; String scope = ""; String redirectUri = ""; String responseType = ""; String orcid = null; boolean showLogin = false; // default to Reg boolean usePersistentTokens = false; if (savedRequest != null) { String url = savedRequest.getRedirectUrl(); if (url.toLowerCase().contains("show_login=true")) showLogin = true; //TODO: We should not load any info in the freemarker ModelAndViewObject, we should move all info we need to the forms Matcher matcher = clientIdPattern.matcher(url); if (matcher.find()) { clientId = matcher.group(1); if (clientId != null) { try { clientId = URLDecoder.decode(clientId, "UTF-8").trim(); } catch (UnsupportedEncodingException e) { } Matcher emailMatcher = RegistrationController.emailPattern.matcher(url); if (emailMatcher.find()) { String tempEmail = emailMatcher.group(1); try { tempEmail = URLDecoder.decode(tempEmail, "UTF-8").trim(); } catch (UnsupportedEncodingException e) { } if (orcidProfileManager.emailExists(tempEmail)) email = tempEmail; } Matcher orcidMatcher = orcidPattern.matcher(url); if (orcidMatcher.find()) { String tempOrcid = orcidMatcher.group(2); try { tempOrcid = URLDecoder.decode(tempOrcid, "UTF-8").trim(); } catch (UnsupportedEncodingException e) { } if (orcidProfileManager.exists(tempOrcid)) orcid = tempOrcid; } Matcher scopeMatcher = scopesPattern.matcher(url); if (scopeMatcher.find()) { scope = scopeMatcher.group(1); try { scope = URLDecoder.decode(scope, "UTF-8").trim(); scope = scope.replaceAll(" +", " "); } catch (UnsupportedEncodingException e) { } } Matcher redirectUriMatcher = redirectUriPattern.matcher(url); if (redirectUriMatcher.find()) { try { redirectUri = URLDecoder.decode(redirectUriMatcher.group(1), "UTF-8").trim(); } catch (UnsupportedEncodingException e) { } } Matcher responseTypeMatcher = responseTypePattern.matcher(url); if (responseTypeMatcher.find()) { responseType = responseTypeMatcher.group(1); try { responseType = URLDecoder.decode(responseType, "UTF-8").trim(); } catch (UnsupportedEncodingException e) { } } // Get client name ClientDetailsEntity clientDetails = clientDetailsEntityCacheManager.retrieve(clientId); // Check if the client has persistent tokens enabled if (clientDetails.isPersistentTokensEnabled()) usePersistentTokens = true; // validate client scopes try { authorizationEndpoint.validateScope(scope, clientDetails); orcidOAuth2RequestValidator.validateClientIsEnabled(clientDetails); } catch (InvalidScopeException ise) { String redirectUriWithParams = redirectUri; redirectUriWithParams += "?error=invalid_scope&error_description=" + ise.getMessage(); RedirectView rView = new RedirectView(redirectUriWithParams); ModelAndView error = new ModelAndView(); error.setView(rView); return error; } catch (LockedException le) { String redirectUriWithParams = redirectUri; redirectUriWithParams += "?error=client_locked&error_description=" + le.getMessage(); RedirectView rView = new RedirectView(redirectUriWithParams); ModelAndView error = new ModelAndView(); error.setView(rView); return error; } // If client details is ok, continue clientName = clientDetails.getClientName() == null ? "" : clientDetails.getClientName(); clientDescription = clientDetails.getClientDescription() == null ? "" : clientDetails.getClientDescription(); // If client type is null it means it is a public client if (clientDetails.getClientType() == null) { clientGroupName = PUBLIC_MEMBER_NAME; } else if (!PojoUtil.isEmpty(clientDetails.getGroupProfileId())) { ProfileEntity groupProfile = profileEntityCacheManager .retrieve(clientDetails.getGroupProfileId()); clientGroupName = groupProfile.getCreditName(); } // If the group name is empty, use the same as the client // name, since it should be a SSO user if (StringUtils.isBlank(clientGroupName)) { clientGroupName = clientName; } } } } mav.addObject("scopes", ScopePathType.getScopesFromSpaceSeparatedString(scope)); mav.addObject("scopesString", scope); mav.addObject("redirect_uri", redirectUri); mav.addObject("response_type", responseType); mav.addObject("client_name", clientName); mav.addObject("client_id", clientId); mav.addObject("client_group_name", clientGroupName); mav.addObject("client_description", clientDescription); mav.addObject("userId", orcid != null ? orcid : email); mav.addObject("hideUserVoiceScript", true); mav.addObject("usePersistentTokens", usePersistentTokens); mav.addObject("showLogin", String.valueOf(showLogin)); mav.setViewName("oauth_login"); return mav; }
From source file:org.orcid.frontend.web.controllers.OauthConfirmAccessController.java
@RequestMapping(value = "/confirm_access", method = RequestMethod.GET) public ModelAndView loginGetHandler(HttpServletRequest request, HttpServletResponse response, ModelAndView mav, @RequestParam("client_id") String clientId, @RequestParam("scope") String scope, @RequestParam("redirect_uri") String redirectUri) { OrcidProfile profile = orcidProfileManager.retrieveOrcidProfile(getCurrentUserOrcid(), LoadOptions.BIO_ONLY);/*from w w w . j a va 2 s . c om*/ clientId = (clientId != null) ? clientId.trim() : clientId; scope = (scope != null) ? scope.trim().replaceAll(" +", " ") : scope; redirectUri = (redirectUri != null) ? redirectUri.trim() : redirectUri; Boolean justRegistered = (Boolean) request.getSession().getAttribute(OrcidOauth2Constants.JUST_REGISTERED); if (justRegistered != null) { request.getSession().removeAttribute(OrcidOauth2Constants.JUST_REGISTERED); mav.addObject(OrcidOauth2Constants.JUST_REGISTERED, justRegistered); } String clientName = ""; String clientDescription = ""; String clientGroupName = ""; String clientWebsite = ""; boolean usePersistentTokens = false; ClientDetailsEntity clientDetails = clientDetailsEntityCacheManager.retrieve(clientId); clientName = clientDetails.getClientName() == null ? "" : clientDetails.getClientName(); clientDescription = clientDetails.getClientDescription() == null ? "" : clientDetails.getClientDescription(); clientWebsite = clientDetails.getClientWebsite() == null ? "" : clientDetails.getClientWebsite(); // validate client scopes try { authorizationEndpoint.validateScope(scope, clientDetails); orcidOAuth2RequestValidator.validateClientIsEnabled(clientDetails); } catch (InvalidScopeException ise) { String redirectUriWithParams = redirectUri; redirectUriWithParams += "?error=invalid_scope&error_description=" + ise.getMessage(); RedirectView rView = new RedirectView(redirectUriWithParams); ModelAndView error = new ModelAndView(); error.setView(rView); return error; } catch (LockedException le) { String redirectUriWithParams = redirectUri; redirectUriWithParams += "?error=client_locked&error_description=" + le.getMessage(); RedirectView rView = new RedirectView(redirectUriWithParams); ModelAndView error = new ModelAndView(); error.setView(rView); return error; } // Check if the client has persistent tokens enabled if (clientDetails.isPersistentTokensEnabled()) { usePersistentTokens = true; } if (usePersistentTokens) { boolean tokenAlreadyExists = tokenServices.tokenAlreadyExists(clientId, getEffectiveUserOrcid(), OAuth2Utils.parseParameterList(scope)); if (tokenAlreadyExists) { AuthorizationRequest authorizationRequest = (AuthorizationRequest) request.getSession() .getAttribute("authorizationRequest"); Authentication auth = SecurityContextHolder.getContext().getAuthentication(); Map<String, String> requestParams = new HashMap<String, String>(); copyRequestParameters(request, requestParams); Map<String, String> approvalParams = new HashMap<String, String>(); requestParams.put(OAuth2Utils.USER_OAUTH_APPROVAL, "true"); approvalParams.put(OAuth2Utils.USER_OAUTH_APPROVAL, "true"); requestParams.put(OrcidOauth2Constants.TOKEN_VERSION, OrcidOauth2Constants.PERSISTENT_TOKEN); // Check if the client have persistent tokens enabled requestParams.put(OrcidOauth2Constants.GRANT_PERSISTENT_TOKEN, "false"); if (hasPersistenTokensEnabled(clientId)) { // Then check if the client granted the persistent token requestParams.put(OrcidOauth2Constants.GRANT_PERSISTENT_TOKEN, "true"); } // Session status SimpleSessionStatus status = new SimpleSessionStatus(); authorizationRequest.setRequestParameters(requestParams); // Authorization request model Map<String, Object> model = new HashMap<String, Object>(); model.put("authorizationRequest", authorizationRequest); // Approve RedirectView view = (RedirectView) authorizationEndpoint.approveOrDeny(approvalParams, model, status, auth); ModelAndView authCodeView = new ModelAndView(); authCodeView.setView(view); return authCodeView; } } if (clientDetails.getClientType() == null) { clientGroupName = PUBLIC_MEMBER_NAME; } else if (!PojoUtil.isEmpty(clientDetails.getGroupProfileId())) { ProfileEntity groupProfile = profileEntityCacheManager.retrieve(clientDetails.getGroupProfileId()); clientGroupName = groupProfile.getCreditName(); } // If the group name is empty, use the same as the client name, since it // should be a SSO user if (StringUtils.isBlank(clientGroupName)) { clientGroupName = clientName; } mav.addObject("profile", profile); mav.addObject("client_name", clientName); mav.addObject("client_description", clientDescription); mav.addObject("client_group_name", clientGroupName); mav.addObject("client_website", clientWebsite); mav.addObject("scopes", ScopePathType.getScopesFromSpaceSeparatedString(scope)); mav.addObject("scopesString", scope); mav.addObject("hideUserVoiceScript", true); mav.addObject("usePersistentTokens", usePersistentTokens); mav.setViewName("confirm-oauth-access"); return mav; }