List of usage examples for org.springframework.security.oauth2.common.exceptions InvalidScopeException getMessage
public String getMessage()
From source file:org.springframework.security.oauth2.common.exception.OAuth2ExceptionJackson2DeserializerTests.java
@Test public void readValueInvalidScope() throws Exception { String accessToken = createResponse(OAuth2Exception.INVALID_SCOPE); InvalidScopeException result = (InvalidScopeException) mapper.readValue(accessToken, OAuth2Exception.class); assertEquals(DETAILS, result.getMessage()); assertEquals(null, result.getAdditionalInformation()); }
From source file:org.orcid.frontend.web.controllers.OauthConfirmAccessController.java
@RequestMapping(value = { "/signin", "/login" }, method = RequestMethod.GET)
public ModelAndView loginGetHandler2(HttpServletRequest request, HttpServletResponse response,
ModelAndView mav) {//from www .j av a2 s . c o m
// find client name if available
SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response);
String clientName = "";
String clientId = "";
String clientGroupName = "";
String email = "";
String clientDescription = "";
String scope = "";
String redirectUri = "";
String responseType = "";
String orcid = null;
boolean showLogin = false; // default to Reg
boolean usePersistentTokens = false;
if (savedRequest != null) {
String url = savedRequest.getRedirectUrl();
if (url.toLowerCase().contains("show_login=true"))
showLogin = true;
//TODO: We should not load any info in the freemarker ModelAndViewObject, we should move all info we need to the forms
Matcher matcher = clientIdPattern.matcher(url);
if (matcher.find()) {
clientId = matcher.group(1);
if (clientId != null) {
try {
clientId = URLDecoder.decode(clientId, "UTF-8").trim();
} catch (UnsupportedEncodingException e) {
}
Matcher emailMatcher = RegistrationController.emailPattern.matcher(url);
if (emailMatcher.find()) {
String tempEmail = emailMatcher.group(1);
try {
tempEmail = URLDecoder.decode(tempEmail, "UTF-8").trim();
} catch (UnsupportedEncodingException e) {
}
if (orcidProfileManager.emailExists(tempEmail))
email = tempEmail;
}
Matcher orcidMatcher = orcidPattern.matcher(url);
if (orcidMatcher.find()) {
String tempOrcid = orcidMatcher.group(2);
try {
tempOrcid = URLDecoder.decode(tempOrcid, "UTF-8").trim();
} catch (UnsupportedEncodingException e) {
}
if (orcidProfileManager.exists(tempOrcid))
orcid = tempOrcid;
}
Matcher scopeMatcher = scopesPattern.matcher(url);
if (scopeMatcher.find()) {
scope = scopeMatcher.group(1);
try {
scope = URLDecoder.decode(scope, "UTF-8").trim();
scope = scope.replaceAll(" +", " ");
} catch (UnsupportedEncodingException e) {
}
}
Matcher redirectUriMatcher = redirectUriPattern.matcher(url);
if (redirectUriMatcher.find()) {
try {
redirectUri = URLDecoder.decode(redirectUriMatcher.group(1), "UTF-8").trim();
} catch (UnsupportedEncodingException e) {
}
}
Matcher responseTypeMatcher = responseTypePattern.matcher(url);
if (responseTypeMatcher.find()) {
responseType = responseTypeMatcher.group(1);
try {
responseType = URLDecoder.decode(responseType, "UTF-8").trim();
} catch (UnsupportedEncodingException e) {
}
}
// Get client name
ClientDetailsEntity clientDetails = clientDetailsEntityCacheManager.retrieve(clientId);
// Check if the client has persistent tokens enabled
if (clientDetails.isPersistentTokensEnabled())
usePersistentTokens = true;
// validate client scopes
try {
authorizationEndpoint.validateScope(scope, clientDetails);
orcidOAuth2RequestValidator.validateClientIsEnabled(clientDetails);
} catch (InvalidScopeException ise) {
String redirectUriWithParams = redirectUri;
redirectUriWithParams += "?error=invalid_scope&error_description=" + ise.getMessage();
RedirectView rView = new RedirectView(redirectUriWithParams);
ModelAndView error = new ModelAndView();
error.setView(rView);
return error;
} catch (LockedException le) {
String redirectUriWithParams = redirectUri;
redirectUriWithParams += "?error=client_locked&error_description=" + le.getMessage();
RedirectView rView = new RedirectView(redirectUriWithParams);
ModelAndView error = new ModelAndView();
error.setView(rView);
return error;
}
// If client details is ok, continue
clientName = clientDetails.getClientName() == null ? "" : clientDetails.getClientName();
clientDescription = clientDetails.getClientDescription() == null ? ""
: clientDetails.getClientDescription();
// If client type is null it means it is a public client
if (clientDetails.getClientType() == null) {
clientGroupName = PUBLIC_MEMBER_NAME;
} else if (!PojoUtil.isEmpty(clientDetails.getGroupProfileId())) {
ProfileEntity groupProfile = profileEntityCacheManager
.retrieve(clientDetails.getGroupProfileId());
clientGroupName = groupProfile.getCreditName();
}
// If the group name is empty, use the same as the client
// name, since it should be a SSO user
if (StringUtils.isBlank(clientGroupName)) {
clientGroupName = clientName;
}
}
}
}
mav.addObject("scopes", ScopePathType.getScopesFromSpaceSeparatedString(scope));
mav.addObject("scopesString", scope);
mav.addObject("redirect_uri", redirectUri);
mav.addObject("response_type", responseType);
mav.addObject("client_name", clientName);
mav.addObject("client_id", clientId);
mav.addObject("client_group_name", clientGroupName);
mav.addObject("client_description", clientDescription);
mav.addObject("userId", orcid != null ? orcid : email);
mav.addObject("hideUserVoiceScript", true);
mav.addObject("usePersistentTokens", usePersistentTokens);
mav.addObject("showLogin", String.valueOf(showLogin));
mav.setViewName("oauth_login");
return mav;
}
From source file:org.orcid.frontend.web.controllers.OauthConfirmAccessController.java
@RequestMapping(value = "/confirm_access", method = RequestMethod.GET) public ModelAndView loginGetHandler(HttpServletRequest request, HttpServletResponse response, ModelAndView mav, @RequestParam("client_id") String clientId, @RequestParam("scope") String scope, @RequestParam("redirect_uri") String redirectUri) { OrcidProfile profile = orcidProfileManager.retrieveOrcidProfile(getCurrentUserOrcid(), LoadOptions.BIO_ONLY);/*from w w w . j a va 2 s . c om*/ clientId = (clientId != null) ? clientId.trim() : clientId; scope = (scope != null) ? scope.trim().replaceAll(" +", " ") : scope; redirectUri = (redirectUri != null) ? redirectUri.trim() : redirectUri; Boolean justRegistered = (Boolean) request.getSession().getAttribute(OrcidOauth2Constants.JUST_REGISTERED); if (justRegistered != null) { request.getSession().removeAttribute(OrcidOauth2Constants.JUST_REGISTERED); mav.addObject(OrcidOauth2Constants.JUST_REGISTERED, justRegistered); } String clientName = ""; String clientDescription = ""; String clientGroupName = ""; String clientWebsite = ""; boolean usePersistentTokens = false; ClientDetailsEntity clientDetails = clientDetailsEntityCacheManager.retrieve(clientId); clientName = clientDetails.getClientName() == null ? "" : clientDetails.getClientName(); clientDescription = clientDetails.getClientDescription() == null ? "" : clientDetails.getClientDescription(); clientWebsite = clientDetails.getClientWebsite() == null ? "" : clientDetails.getClientWebsite(); // validate client scopes try { authorizationEndpoint.validateScope(scope, clientDetails); orcidOAuth2RequestValidator.validateClientIsEnabled(clientDetails); } catch (InvalidScopeException ise) { String redirectUriWithParams = redirectUri; redirectUriWithParams += "?error=invalid_scope&error_description=" + ise.getMessage(); RedirectView rView = new RedirectView(redirectUriWithParams); ModelAndView error = new ModelAndView(); error.setView(rView); return error; } catch (LockedException le) { String redirectUriWithParams = redirectUri; redirectUriWithParams += "?error=client_locked&error_description=" + le.getMessage(); RedirectView rView = new RedirectView(redirectUriWithParams); ModelAndView error = new ModelAndView(); error.setView(rView); return error; } // Check if the client has persistent tokens enabled if (clientDetails.isPersistentTokensEnabled()) { usePersistentTokens = true; } if (usePersistentTokens) { boolean tokenAlreadyExists = tokenServices.tokenAlreadyExists(clientId, getEffectiveUserOrcid(), OAuth2Utils.parseParameterList(scope)); if (tokenAlreadyExists) { AuthorizationRequest authorizationRequest = (AuthorizationRequest) request.getSession() .getAttribute("authorizationRequest"); Authentication auth = SecurityContextHolder.getContext().getAuthentication(); Map<String, String> requestParams = new HashMap<String, String>(); copyRequestParameters(request, requestParams); Map<String, String> approvalParams = new HashMap<String, String>(); requestParams.put(OAuth2Utils.USER_OAUTH_APPROVAL, "true"); approvalParams.put(OAuth2Utils.USER_OAUTH_APPROVAL, "true"); requestParams.put(OrcidOauth2Constants.TOKEN_VERSION, OrcidOauth2Constants.PERSISTENT_TOKEN); // Check if the client have persistent tokens enabled requestParams.put(OrcidOauth2Constants.GRANT_PERSISTENT_TOKEN, "false"); if (hasPersistenTokensEnabled(clientId)) { // Then check if the client granted the persistent token requestParams.put(OrcidOauth2Constants.GRANT_PERSISTENT_TOKEN, "true"); } // Session status SimpleSessionStatus status = new SimpleSessionStatus(); authorizationRequest.setRequestParameters(requestParams); // Authorization request model Map<String, Object> model = new HashMap<String, Object>(); model.put("authorizationRequest", authorizationRequest); // Approve RedirectView view = (RedirectView) authorizationEndpoint.approveOrDeny(approvalParams, model, status, auth); ModelAndView authCodeView = new ModelAndView(); authCodeView.setView(view); return authCodeView; } } if (clientDetails.getClientType() == null) { clientGroupName = PUBLIC_MEMBER_NAME; } else if (!PojoUtil.isEmpty(clientDetails.getGroupProfileId())) { ProfileEntity groupProfile = profileEntityCacheManager.retrieve(clientDetails.getGroupProfileId()); clientGroupName = groupProfile.getCreditName(); } // If the group name is empty, use the same as the client name, since it // should be a SSO user if (StringUtils.isBlank(clientGroupName)) { clientGroupName = clientName; } mav.addObject("profile", profile); mav.addObject("client_name", clientName); mav.addObject("client_description", clientDescription); mav.addObject("client_group_name", clientGroupName); mav.addObject("client_website", clientWebsite); mav.addObject("scopes", ScopePathType.getScopesFromSpaceSeparatedString(scope)); mav.addObject("scopesString", scope); mav.addObject("hideUserVoiceScript", true); mav.addObject("usePersistentTokens", usePersistentTokens); mav.setViewName("confirm-oauth-access"); return mav; }