List of usage examples for org.springframework.security.oauth2.common.exceptions UnauthorizedClientException UnauthorizedClientException
public UnauthorizedClientException(String msg)
From source file:de.hska.ld.oidc.listeners.LDToSSSEventListener.java
@Transactional(propagation = Propagation.REQUIRES_NEW) private void checkIfSSSUserInfoIsKnown(User user, String accessTokenValue) throws IOException { user = userService.findById(user.getId()); UserSSSInfo userSSSInfo = userSSSInfoService.findByUser(user); // if the sss user id is already known to the server do nothing if (userSSSInfo == null) { // else authenticate towards the sss to retrieve the sss user id // and save that user id in the ldocs database SSSAuthDto sssAuthDto = null;//from w w w . ja v a 2s . c o m try { sssAuthDto = sssClient.authenticate(accessTokenValue); String sssUserId = sssAuthDto.getUser(); userSSSInfoService.addUserSSSInfo(user.getId(), sssUserId); } catch (UserNotAuthorizedException e) { e.printStackTrace(); throw new UnauthorizedClientException("oidc token invalid"); } } }
From source file:de.hska.ld.oidc.controller.OIDCController.java
@RequestMapping(method = RequestMethod.POST, value = "/document") @Transactional(readOnly = false, rollbackFor = RuntimeException.class) public Document createDocument(HttpServletRequest request, @RequestBody Document document, @RequestParam(defaultValue = "https://api.learning-layers.eu/o/oauth2") String issuer, @RequestHeader(required = false) String Authorization, @RequestParam(required = false) String discussionId, @RequestParam(required = false) String episodeId) throws IOException, ServletException { _authenticate(request, issuer, Authorization); // 3. Create the document in the database Document newDocument = documentService.save(document); if (document.getDescription() != null) { Attachment mainAttachment = newDocument.getAttachmentList().get(0); mainAttachment.setSource(document.getDescription().getBytes()); //document.setDescription(""); documentService.save(newDocument); if (episodeId != null) { DocumentSSSInfo documentSSSInfo = new DocumentSSSInfo(); documentSSSInfo.setDocument(newDocument); documentSSSInfo.setEpisodeId(episodeId); documentSSSInfoService.addDocumentInfo(documentSSSInfo); }// w ww . j a va 2 s . c o m } // 4. Create the document in the SSS together with the link to the discussion // 4.1 Authenticate with the SSS // SSS auth Endpoint: http://test-ll.know-center.tugraz.at/layers.test/auth/auth/ Authentication auth = SecurityContextHolder.getContext().getAuthentication(); //if (auth instanceof AnonymousAuthenticationToken) { OIDCAuthenticationToken token = (OIDCAuthenticationToken) auth; SSSAuthDto sssAuthDto = null; try { sssAuthDto = sssClient.authenticate(token.getAccessTokenValue()); } catch (UserNotAuthorizedException e) { request.logout(); e.printStackTrace(); throw new UnauthorizedClientException("oidc token invalid"); } // 4.2 Create the according SSSLivingdocs entity try { SSSLivingdocsResponseDto sssLivingdocsResponseDto = sssClient.createDocument(document, discussionId, token.getAccessTokenValue()); } catch (AuthenticationNotValidException eAuth) { throw new UserNotAuthorizedException(); } // 4.3 Retrieve the list of email addresses that have access to the livingdocument in the SSS // TODO retrieve email addresses return newDocument; /*} else { throw new UnauthorizedClientException("anonymous user session"); }*/ }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaTokenServices.java
protected TokenValidation validateToken(String token) { TokenValidation tokenValidation;//from w w w . ja va2s. c o m if (!UaaTokenUtils.isJwtToken(token)) { RevocableToken revocableToken; try { revocableToken = tokenProvisioning.retrieve(token); } catch (EmptyResultDataAccessException ex) { throw new TokenRevokedException( "The token expired, was revoked, or the token ID is incorrect: " + token); } token = revocableToken.getValue(); } tokenValidation = validate(token).checkRevocableTokenStore(tokenProvisioning).throwIfInvalid(); Jwt tokenJwt = tokenValidation.getJwt(); String keyId = tokenJwt.getHeader().getKid(); KeyInfo key; if (keyId != null) { key = KeyInfo.getKey(keyId); } else { key = KeyInfo.getActiveKey(); } if (key == null) { throw new InvalidTokenException("Invalid key ID: " + keyId); } SignatureVerifier verifier = key.getVerifier(); tokenValidation.checkSignature(verifier).throwIfInvalid(); Map<String, Object> claims = tokenValidation.getClaims(); tokenValidation.checkIssuer(getTokenEndpoint()).throwIfInvalid(); String clientId = (String) claims.get(CID); String userId = (String) claims.get(USER_ID); UaaUser user = null; ClientDetails client; try { client = clientDetailsService.loadClientByClientId(clientId); } catch (NoSuchClientException x) { //happens if the client is deleted and token exist throw new UnauthorizedClientException("Invalid client ID " + clientId); } tokenValidation.checkClient(client).throwIfInvalid(); if (UaaTokenUtils.isUserToken(claims)) { try { user = userDatabase.retrieveUserById(userId); tokenValidation.checkUser(user).throwIfInvalid(); } catch (UsernameNotFoundException x) { } } tokenValidation.checkRevocableTokenStore(tokenProvisioning).throwIfInvalid(); List<String> clientSecrets = new ArrayList<>(); List<String> revocationSignatureList = new ArrayList<>(); if (client.getClientSecret() != null) { clientSecrets.addAll(Arrays.asList(client.getClientSecret().split(" "))); } else { revocationSignatureList.add(UaaTokenUtils.getRevocableTokenSignature(client, null, user)); } for (String clientSecret : clientSecrets) { revocationSignatureList.add(UaaTokenUtils.getRevocableTokenSignature(client, clientSecret, user)); } tokenValidation = tokenValidation.checkRevocationSignature(revocationSignatureList); tokenValidation.throwIfInvalid(); return tokenValidation; }