Package org.springframework.security.oauth2.common.exceptions

Examples of org.springframework.security.oauth2.common.exceptions.OAuth2Exception


      OAuth2Request clientAuth = authentication.getOAuth2Request();

      ClientDetailsEntity client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());

      if (client == null) {
        throw new InvalidClientException("Client not found: " + clientAuth.getClientId());
      }

      OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();//accessTokenFactory.createNewAccessToken();

      // attach the client
View Full Code Here


    AuthenticationHolderEntity authHolder = refreshToken.getAuthenticationHolder();

    //Make sure this client allows access token refreshing
    if (!client.isAllowRefresh()) {
      throw new InvalidClientException("Client does not allow refreshing access token!");
    }

    // clear out any access tokens
    // TODO: make this a configurable option
    tokenRepository.clearAccessTokensForRefreshToken(refreshToken);
View Full Code Here

  @Override
  public ClientDetailsEntity loadClientByClientId(String clientId) throws OAuth2Exception, InvalidClientException, IllegalArgumentException {
    if (!Strings.isNullOrEmpty(clientId)) {
      ClientDetailsEntity client = clientRepository.getClientByClientId(clientId);
      if (client == null) {
        throw new InvalidClientException("Client with id " + clientId + " was not found");
      }
      else {
        return client;
      }
    }
View Full Code Here

   */
  @Override
  public void deleteClient(ClientDetailsEntity client) throws InvalidClientException {

    if (clientRepository.getById(client.getId()) == null) {
      throw new InvalidClientException("Client with id " + client.getClientId() + " was not found");
    }

    // clean out any tokens that this client had issued
    tokenRepository.clearTokensForClient(client);

View Full Code Here

    query.setParameter("code", code);

    AuthorizationCodeEntity result = JpaUtil.getSingleResult(query.getResultList());

    if (result == null) {
      throw new InvalidGrantException("JpaAuthorizationCodeRepository: no authorization code found for value " + code);
    }

    OAuth2Authentication authRequest = result.getAuthentication();

    manager.remove(result);
View Full Code Here

  @Override
  public String resolveRedirect(String requestedRedirect, ClientDetails client) throws OAuth2Exception {
    String redirect = super.resolveRedirect(requestedRedirect, client);
    if (blacklistService.isBlacklisted(redirect)) {
      // don't let it go through
      throw new InvalidRequestException("The supplied redirect_uri is not allowed on this server.");
    } else {
      // not blacklisted, passed the parent test, we're fine
      return redirect;
    }
  }
View Full Code Here

      OAuth2Authentication authentication = new OAuth2Authentication(getRequestFactory().createOAuth2Request(client, tokenRequest), incomingToken.getAuthenticationHolder().getAuthentication().getUserAuthentication());

      return authentication;

    } else {
      throw new InvalidScopeException("Invalid scope requested in chained request", approvedScopes);
    }

  }
View Full Code Here

   */
  private void validateScope(Set<String> requestedScopes, Set<String> clientScopes) throws InvalidScopeException {
    if (requestedScopes != null && !requestedScopes.isEmpty()) {
      if (clientScopes != null && !clientScopes.isEmpty()) {
        if (!scopeService.scopesMatch(clientScopes, requestedScopes)) {
          throw new InvalidScopeException("Invalid scope", clientScopes);
        }
      }
    }
  }
View Full Code Here

        // set the scope of the new access token if requested
        token.setScope(scope);
      } else {
        String errorMsg = "Up-scoping is not allowed.";
        logger.error(errorMsg);
        throw new InvalidScopeException(errorMsg);
      }
    } else {
      // otherwise inherit the scope of the refresh token (if it's there -- this can return a null scope set)
      token.setScope(refreshScopes);
    }
View Full Code Here

  public OAuth2AccessTokenEntity refreshAccessToken(String refreshTokenValue, TokenRequest authRequest) throws AuthenticationException {

    OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenByValue(refreshTokenValue);

    if (refreshToken == null) {
      throw new InvalidTokenException("Invalid refresh token: " + refreshTokenValue);
    }

    ClientDetailsEntity client = refreshToken.getClient();

    AuthenticationHolderEntity authHolder = refreshToken.getAuthenticationHolder();

    //Make sure this client allows access token refreshing
    if (!client.isAllowRefresh()) {
      throw new InvalidClientException("Client does not allow refreshing access token!");
    }

    // clear out any access tokens
    // TODO: make this a configurable option
    tokenRepository.clearAccessTokensForRefreshToken(refreshToken);

    if (refreshToken.isExpired()) {
      tokenRepository.removeRefreshToken(refreshToken);
      throw new InvalidTokenException("Expired refresh token: " + refreshTokenValue);
    }

    // TODO: have the option to recycle the refresh token here, too
    // for now, we just reuse it as long as it's valid, which is the original intent
View Full Code Here

TOP

Related Classes of org.springframework.security.oauth2.common.exceptions.OAuth2Exception

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.