Examples of org.springframework.security.oauth2.common.exceptions.UnauthorizedUserException

• org.springframework.security.oauth2.common.exceptions.UnauthorizedUserException
  Exception thrown when a user was unable to authenticate. @author Dave Syer

        // set the scope of the new access token if requested
        token.setScope(scope);
      } else {
        String errorMsg = "Up-scoping is not allowed.";
        logger.error(errorMsg);
        throw new InvalidScopeException(errorMsg);
      }
    } else {
      // otherwise inherit the scope of the refresh token (if it's there -- this can return a null scope set)
      token.setScope(refreshScopes);
    }

  public OAuth2AccessTokenEntity refreshAccessToken(String refreshTokenValue, TokenRequest authRequest) throws AuthenticationException {

    OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenByValue(refreshTokenValue);

    if (refreshToken == null) {
      throw new InvalidTokenException("Invalid refresh token: " + refreshTokenValue);
    }

    ClientDetailsEntity client = refreshToken.getClient();

    AuthenticationHolderEntity authHolder = refreshToken.getAuthenticationHolder();

    //Make sure this client allows access token refreshing
    if (!client.isAllowRefresh()) {
      throw new InvalidClientException("Client does not allow refreshing access token!");
    }

    // clear out any access tokens
    // TODO: make this a configurable option
    tokenRepository.clearAccessTokensForRefreshToken(refreshToken);

    if (refreshToken.isExpired()) {
      tokenRepository.removeRefreshToken(refreshToken);
      throw new InvalidTokenException("Expired refresh token: " + refreshTokenValue);
    }

    // TODO: have the option to recycle the refresh token here, too
    // for now, we just reuse it as long as it's valid, which is the original intent

  public OAuth2Authentication loadAuthentication(String accessTokenValue) throws AuthenticationException {

    OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenByValue(accessTokenValue);

    if (accessToken == null) {
      throw new InvalidTokenException("Invalid access token: " + accessTokenValue);
    }

    if (accessToken.isExpired()) {
      //tokenRepository.removeAccessToken(accessToken);
      revokeAccessToken(accessToken);
      throw new InvalidTokenException("Expired access token: " + accessTokenValue);
    }

    return accessToken.getAuthenticationHolder().getAuthentication();
  }

   */
  @Override
  public OAuth2AccessTokenEntity readAccessToken(String accessTokenValue) throws AuthenticationException {
    OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenByValue(accessTokenValue);
    if (accessToken == null) {
      throw new InvalidTokenException("Access token for value " + accessTokenValue + " was not found");
    }
    else {
      return accessToken;
    }
  }

   */
  @Override
  public OAuth2RefreshTokenEntity getRefreshToken(String refreshTokenValue) throws AuthenticationException {
    OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenByValue(refreshTokenValue);
    if (refreshToken == null) {
      throw new InvalidTokenException("Refresh token for value " + refreshTokenValue + " was not found");
    }
    else {
      return refreshToken;
    }
  }

  public Authentication authenticate(Authentication authentication) throws AuthenticationException {

    String token = (String) authentication.getPrincipal();
    OAuth2Authentication auth = tokenServices.loadAuthentication(token);
    if (auth == null) {
      throw new InvalidTokenException("Invalid token: " + token);
    }

    Collection<String> resourceIds = auth.getOAuth2Request().getResourceIds();
    if (resourceId != null && resourceIds != null && !resourceIds.isEmpty() && !resourceIds.contains(resourceId)) {
      throw new OAuth2AccessDeniedException("Invalid token does not contain resource id (" + resourceId + ")");

    for (String redirectUri : redirectUris) {
      if (requestedRedirect != null && redirectMatches(requestedRedirect, redirectUri)) {
        return requestedRedirect;
      }
    }
    throw new RedirectMismatchException("Invalid redirect: " + requestedRedirect
        + " does not match one of the registered values: " + redirectUris.toString());
  }

    assertEquals(expected, getOutput());
  }

  @Test
  public void writeUnauthorizedClient() throws Exception {
    OAuth2Exception oauthException = new UnauthorizedUserException(DETAILS);
    String expected = createResponse(oauthException.getOAuth2ErrorCode());
    converter.write(oauthException, contentType, outputMessage);
    assertEquals(expected, getOutput());
  }

  @Test
  public void readUnauthorizedClient() throws Exception {
    String accessToken = createResponse(OAuth2Exception.UNAUTHORIZED_CLIENT);
    when(inputMessage.getBody()).thenReturn(createInputStream(accessToken));
    @SuppressWarnings("unused")
    UnauthorizedUserException result = (UnauthorizedUserException) converter.read(OAuth2Exception.class,
        inputMessage);
  }

  }

  @Test
  public void readValueUnauthorizedClient() throws Exception {
    String accessToken = createResponse(OAuth2Exception.UNAUTHORIZED_CLIENT);
    UnauthorizedUserException result = (UnauthorizedUserException) mapper.readValue(accessToken,
        OAuth2Exception.class);
    assertEquals(DETAILS,result.getMessage());
    assertEquals(null,result.getAdditionalInformation());
  }