Package org.springframework.security.oauth2.common.exceptions

Examples of org.springframework.security.oauth2.common.exceptions.InvalidTokenException


  public Authentication authenticate(Authentication authentication) throws AuthenticationException {

    String token = (String) authentication.getPrincipal();
    OAuth2Authentication auth = tokenServices.loadAuthentication(token);
    if (auth == null) {
      throw new InvalidTokenException("Invalid token: " + token);
    }

    Collection<String> resourceIds = auth.getOAuth2Request().getResourceIds();
    if (resourceId != null && resourceIds != null && !resourceIds.isEmpty() && !resourceIds.contains(resourceId)) {
      throw new OAuth2AccessDeniedException("Invalid token does not contain resource id (" + resourceId + ")");
View Full Code Here


  @ResponseBody
  public Map<String, ?> checkToken(@RequestParam("token") String value) {

    OAuth2AccessToken token = resourceServerTokenServices.readAccessToken(value);
    if (token == null) {
      throw new InvalidTokenException("Token was not recognised");
    }

    if (token.isExpired()) {
      throw new InvalidTokenException("Token has expired");
    }

    OAuth2Authentication authentication = resourceServerTokenServices.loadAuthentication(token.getValue());

    Map<String, ?> response = accessTokenConverter.convertAccessToken(token, authentication);
View Full Code Here

    logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
    // This isn't an oauth resource, so we don't want to send an
    // unauthorized code here. The client has already authenticated
    // successfully with basic auth and should just
    // get back the invalid token error.
    @SuppressWarnings("serial")
    InvalidTokenException e400 = new InvalidTokenException(e.getMessage()) {
      @Override
      public int getHttpErrorCode() {
        return 400;
      }
    };
View Full Code Here

        map.put(EXP, new Long(intValue));
      }
      return map;
    }
    catch (Exception e) {
      throw new InvalidTokenException("Cannot convert access token to JSON", e);
    }
  }
View Full Code Here

    headers.set("Authorization", getAuthorizationHeader(clientId, clientSecret));
    Map<String, Object> map = postForMap(checkTokenEndpointUrl, formData, headers);

    if (map.containsKey("error")) {
      logger.debug("check_token returned error: " + map.get("error"));
      throw new InvalidTokenException(accessToken);
    }

    Assert.state(map.containsKey("client_id"), "Client id must be present in response from auth server");
    return tokenConverter.extractAuthentication(map);
  }
View Full Code Here

    // token.
    tokenStore.removeAccessTokenUsingRefreshToken(refreshToken);

    if (isExpired(refreshToken)) {
      tokenStore.removeRefreshToken(refreshToken);
      throw new InvalidTokenException("Invalid refresh token (expired): " + refreshToken);
    }

    authentication = createRefreshedAuthentication(authentication, tokenRequest.getScope());

    if (!reuseRefreshToken) {
View Full Code Here

  }

  public OAuth2Authentication loadAuthentication(String accessTokenValue) throws AuthenticationException, InvalidTokenException {
    OAuth2AccessToken accessToken = tokenStore.readAccessToken(accessTokenValue);
    if (accessToken == null) {
      throw new InvalidTokenException("Invalid access token: " + accessTokenValue);
    }
    else if (accessToken.isExpired()) {
      tokenStore.removeAccessToken(accessToken);
      throw new InvalidTokenException("Access token expired: " + accessTokenValue);
    }

    OAuth2Authentication result = tokenStore.readAuthentication(accessToken);
    if (clientDetailsService != null) {
      String clientId = result.getOAuth2Request().getClientId();
      try {
        clientDetailsService.loadClientByClientId(clientId);
      }
      catch (ClientRegistrationException e) {
        throw new InvalidTokenException("Client not valid: " + clientId, e);
      }
    }
    return result;
  }
View Full Code Here

  }

  public String getClientId(String tokenValue) {
    OAuth2Authentication authentication = tokenStore.readAuthentication(tokenValue);
    if (authentication == null) {
      throw new InvalidTokenException("Invalid access token: " + tokenValue);
    }
    OAuth2Request clientAuth = authentication.getOAuth2Request();
    if (clientAuth == null) {
      throw new InvalidTokenException("Invalid access token (no client id): " + tokenValue);
    }
    return clientAuth.getClientId();
  }
View Full Code Here

    assertEquals(expected, getOutput());
  }

  @Test
  public void writeInvalidToken() throws Exception {
    OAuth2Exception oauthException = new InvalidTokenException(DETAILS);
    String expected = createResponse(oauthException.getOAuth2ErrorCode());
    converter.write(oauthException, contentType, outputMessage);
    assertEquals(expected, getOutput());
  }
View Full Code Here

  @Test
  public void readInvalidToken() throws Exception {
    String accessToken = createResponse(OAuth2Exception.INVALID_TOKEN);
    when(inputMessage.getBody()).thenReturn(createInputStream(accessToken));
    @SuppressWarnings("unused")
    InvalidTokenException result = (InvalidTokenException) converter.read(OAuth2Exception.class, inputMessage);
  }
View Full Code Here

TOP

Related Classes of org.springframework.security.oauth2.common.exceptions.InvalidTokenException

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.