Examples of org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException

• org.springframework.security.oauth2.client.token.AccessTokenRequest
  When access is denied we usually want a 403, but we want the same treatment as all teh other OAuth2Exception types, so this is not a Spring Security AccessDeniedException. @author Ryan Heaton @author Dave Syer

      throw new InvalidTokenException("Invalid token: " + token);
    }

    Collection<String> resourceIds = auth.getOAuth2Request().getResourceIds();
    if (resourceId != null && resourceIds != null && !resourceIds.isEmpty() && !resourceIds.contains(resourceId)) {
      throw new OAuth2AccessDeniedException("Invalid token does not contain resource id (" + resourceId + ")");
    }

    checkClientDetails(auth);

    if (authentication.getDetails() instanceof OAuth2AuthenticationDetails) {

      ClientDetails client;
      try {
        client = clientDetailsService.loadClientByClientId(auth.getOAuth2Request().getClientId());
      }
      catch (ClientRegistrationException e) {
        throw new OAuth2AccessDeniedException("Invalid token contains invalid client id");
      }
      Set<String> allowed = client.getScope();
      for (String scope : auth.getOAuth2Request().getScope()) {
        if (!allowed.contains(scope)) {
          throw new OAuth2AccessDeniedException("Invalid token contains disallowed scope (" + scope
              + ") for this client");
        }
      }
    }
  }

      if (tokenProvider.supportsResource(details)) {
        return tokenProvider.obtainAccessToken(details, request);
      }
    }

    throw new OAuth2AccessDeniedException("Unable to obtain a new access token for resource '" + details.getId()
        + "'. The provider manager is not configured to support it.", details);
  }

    for (AccessTokenProvider tokenProvider : chain) {
      if (tokenProvider.supportsRefresh(resource)) {
        return tokenProvider.refreshAccessToken(resource, refreshToken, request);
      }
    }
    throw new OAuth2AccessDeniedException("Unable to obtain a new access token for resource '" + resource.getId()
        + "'. The provider manager is not configured to support it.", resource);
  }

    catch (OAuth2AccessDeniedException e) {
      rethrow = e;
    }
    catch (InvalidTokenException e) {
      // Don't reveal the token value in case it is logged
      rethrow = new OAuth2AccessDeniedException("Invalid token for client=" + getClientId());
    }
    if (accessToken != null && retryBadAccessTokens) {
      context.setAccessToken(null);
      try {
        return super.doExecute(url, method, requestCallback, responseExtractor);
      }
      catch (InvalidTokenException e) {
        // Don't reveal the token value in case it is logged
        rethrow = new OAuth2AccessDeniedException("Invalid token for client=" + getClientId());
      }
    }
    throw rethrow;
  }

      return getRestTemplate().execute(getAccessTokenUri(resource, form), getHttpMethod(),
          getRequestCallback(resource, form, headers), extractor , form.toSingleValueMap());

    }
    catch (OAuth2Exception oe) {
      throw new OAuth2AccessDeniedException("Access token denied.", resource, oe);
    }
    catch (RestClientException rce) {
      throw new OAuth2AccessDeniedException("Error requesting access token.", resource, rce);
    }

  }

    }
    return null;
  }

  private OAuth2AccessToken createToken(String username, String password, String clientId, String clientSecret) {
    OAuth2ProtectedResourceDetails resource = getResourceDetails(username, password, clientId, clientSecret);
    AccessTokenRequest request = createAccessTokenRequest(username, password);

    ResourceOwnerPasswordAccessTokenProvider provider = createResourceOwnerPasswordAccessTokenProvider();
    try {
      return provider.obtainAccessToken(resource, request);

      throw cfEx;
    }
  }

  private OAuth2AccessToken refreshToken(OAuth2AccessToken currentToken, String username, String password, String clientId, String clientSecret) {
    OAuth2ProtectedResourceDetails resource = getResourceDetails(username, password, clientId, clientSecret);
    AccessTokenRequest request = createAccessTokenRequest(username, password);

    ResourceOwnerPasswordAccessTokenProvider provider = createResourceOwnerPasswordAccessTokenProvider();

    return provider.refreshAccessToken(resource, currentToken.getRefreshToken(), request);

    return null;
  }

  private OAuth2AccessToken createToken(String username, String password, String clientId, String clientSecret) {
    OAuth2ProtectedResourceDetails resource = getResourceDetails(username, password, clientId, clientSecret);
    AccessTokenRequest request = createAccessTokenRequest(username, password);

    ResourceOwnerPasswordAccessTokenProvider provider = createResourceOwnerPasswordAccessTokenProvider();
    try {
      return provider.obtainAccessToken(resource, request);
    }

    }
  }

  private OAuth2AccessToken refreshToken(OAuth2AccessToken currentToken, String username, String password, String clientId, String clientSecret) {
    OAuth2ProtectedResourceDetails resource = getResourceDetails(username, password, clientId, clientSecret);
    AccessTokenRequest request = createAccessTokenRequest(username, password);

    ResourceOwnerPasswordAccessTokenProvider provider = createResourceOwnerPasswordAccessTokenProvider();

    return provider.refreshAccessToken(resource, currentToken.getRefreshToken(), request);
  }