org.springframework.security.oauth2.common.exceptions.InvalidClientException Java Examples

The following examples show how to use org.springframework.security.oauth2.common.exceptions.InvalidClientException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: RedisClientDetailsService.java    From open-capacity-platform with Apache License 2.0 5 votes vote down vote up
@Override
public ClientDetails loadClientByClientId(String clientId) throws InvalidClientException {
    ClientDetails clientDetails = null;

    // 先从redis获取
    String value = (String) redisTemplate.boundHashOps(CACHE_CLIENT_KEY).get(clientId);
    if (StringUtils.isBlank(value)) {
        clientDetails = cacheAndGetClient(clientId);
    } else {
        clientDetails = JSONObject.parseObject(value, BaseClientDetails.class);
    }

    return clientDetails;
}
 
Example #2
Source File: UaaSignatureVerifierClient.java    From tutorials with MIT License 5 votes vote down vote up
/** Returns the configured endpoint URI to retrieve the public key. */
private String getPublicKeyEndpoint() {
    String tokenEndpointUrl = oAuth2Properties.getSignatureVerification().getPublicKeyEndpointUri();
    if (tokenEndpointUrl == null) {
        throw new InvalidClientException("no token endpoint configured in application properties");
    }
    return tokenEndpointUrl;
}
 
Example #3
Source File: OAuth2TokenEndpointClientAdapter.java    From tutorials with MIT License 5 votes vote down vote up
/**
 * Returns the configured OAuth2 token endpoint URI.
 *
 * @return the OAuth2 token endpoint URI.
 */
protected String getTokenEndpoint() {
    String tokenEndpointUrl = jHipsterProperties.getSecurity().getClientAuthorization().getAccessTokenUri();
    if (tokenEndpointUrl == null) {
        throw new InvalidClientException("no token endpoint configured in application properties");
    }
    return tokenEndpointUrl;
}
 
Example #4
Source File: OAuth2TokenEndpointClientAdapter.java    From tutorials with MIT License 5 votes vote down vote up
protected String getClientId() {
    String clientId = oAuth2Properties.getWebClientConfiguration().getClientId();
    if (clientId == null) {
        throw new InvalidClientException("no client-id configured in application properties");
    }
    return clientId;
}
 
Example #5
Source File: OAuth2TokenEndpointClientAdapter.java    From tutorials with MIT License 5 votes vote down vote up
protected String getClientSecret() {
    String clientSecret = oAuth2Properties.getWebClientConfiguration().getSecret();
    if (clientSecret == null) {
        throw new InvalidClientException("no client-secret configured in application properties");
    }
    return clientSecret;
}
 
Example #6
Source File: UaaSignatureVerifierClient.java    From tutorials with MIT License 5 votes vote down vote up
/** Returns the configured endpoint URI to retrieve the public key. */
private String getPublicKeyEndpoint() {
    String tokenEndpointUrl = oAuth2Properties.getSignatureVerification().getPublicKeyEndpointUri();
    if (tokenEndpointUrl == null) {
        throw new InvalidClientException("no token endpoint configured in application properties");
    }
    return tokenEndpointUrl;
}
 
Example #7
Source File: UaaSignatureVerifierClient.java    From cubeai with Apache License 2.0 5 votes vote down vote up
/** Returns the configured endpoint URI to retrieve the public key. */
private String getPublicKeyEndpoint() {
    String tokenEndpointUrl = oAuth2Properties.getSignatureVerification().getPublicKeyEndpointUri();
    if (tokenEndpointUrl == null) {
        throw new InvalidClientException("no token endpoint configured in application properties");
    }
    return tokenEndpointUrl;
}
 
Example #8
Source File: UaaSignatureVerifierClient.java    From cubeai with Apache License 2.0 5 votes vote down vote up
/** Returns the configured endpoint URI to retrieve the public key. */
private String getPublicKeyEndpoint() {
    String tokenEndpointUrl = oAuth2Properties.getSignatureVerification().getPublicKeyEndpointUri();
    if (tokenEndpointUrl == null) {
        throw new InvalidClientException("no token endpoint configured in application properties");
    }
    return tokenEndpointUrl;
}
 
Example #9
Source File: UaaSignatureVerifierClient.java    From cubeai with Apache License 2.0 5 votes vote down vote up
/** Returns the configured endpoint URI to retrieve the public key. */
private String getPublicKeyEndpoint() {
    String tokenEndpointUrl = oAuth2Properties.getSignatureVerification().getPublicKeyEndpointUri();
    if (tokenEndpointUrl == null) {
        throw new InvalidClientException("no token endpoint configured in application properties");
    }
    return tokenEndpointUrl;
}
 
Example #10
Source File: UaaSignatureVerifierClient.java    From cubeai with Apache License 2.0 5 votes vote down vote up
/** Returns the configured endpoint URI to retrieve the public key. */
private String getPublicKeyEndpoint() {
    String tokenEndpointUrl = oAuth2Properties.getSignatureVerification().getPublicKeyEndpointUri();
    if (tokenEndpointUrl == null) {
        throw new InvalidClientException("no token endpoint configured in application properties");
    }
    return tokenEndpointUrl;
}
 
Example #11
Source File: OAuth2TokenEndpointClientAdapter.java    From cubeai with Apache License 2.0 5 votes vote down vote up
/**
 * Returns the configured OAuth2 token endpoint URI.
 *
 * @return the OAuth2 token endpoint URI.
 */
protected String getTokenEndpoint() {
    String tokenEndpointUrl = jHipsterProperties.getSecurity().getClientAuthorization().getAccessTokenUri();
    if(tokenEndpointUrl == null) {
        throw new InvalidClientException("no token endpoint configured in application properties");
    }
    return tokenEndpointUrl;
}
 
Example #12
Source File: OAuth2TokenEndpointClientAdapter.java    From cubeai with Apache License 2.0 5 votes vote down vote up
protected String getClientId() {
    String clientId = oAuth2Properties.getWebClientConfiguration().getClientId();
    if(clientId == null) {
        throw new InvalidClientException("no client-id configured in application properties");
    }
    return clientId;
}
 
Example #13
Source File: OAuth2TokenEndpointClientAdapter.java    From cubeai with Apache License 2.0 5 votes vote down vote up
protected String getClientSecret() {
    String clientSecret = oAuth2Properties.getWebClientConfiguration().getSecret();
    if(clientSecret == null) {
        throw new InvalidClientException("no client-secret configured in application properties");
    }
    return clientSecret;
}
 
Example #14
Source File: UaaSignatureVerifierClient.java    From cubeai with Apache License 2.0 5 votes vote down vote up
/** Returns the configured endpoint URI to retrieve the public key. */
private String getPublicKeyEndpoint() {
    String tokenEndpointUrl = oAuth2Properties.getSignatureVerification().getPublicKeyEndpointUri();
    if (tokenEndpointUrl == null) {
        throw new InvalidClientException("no token endpoint configured in application properties");
    }
    return tokenEndpointUrl;
}
 
Example #15
Source File: UaaSignatureVerifierClient.java    From cubeai with Apache License 2.0 5 votes vote down vote up
/** Returns the configured endpoint URI to retrieve the public key. */
private String getPublicKeyEndpoint() {
    String tokenEndpointUrl = oAuth2Properties.getSignatureVerification().getPublicKeyEndpointUri();
    if (tokenEndpointUrl == null) {
        throw new InvalidClientException("no token endpoint configured in application properties");
    }
    return tokenEndpointUrl;
}
 
Example #16
Source File: UaaSignatureVerifierClient.java    From cubeai with Apache License 2.0 5 votes vote down vote up
/** Returns the configured endpoint URI to retrieve the public key. */
private String getPublicKeyEndpoint() {
    String tokenEndpointUrl = oAuth2Properties.getSignatureVerification().getPublicKeyEndpointUri();
    if (tokenEndpointUrl == null) {
        throw new InvalidClientException("no token endpoint configured in application properties");
    }
    return tokenEndpointUrl;
}
 
Example #17
Source File: RedisClientDetailsService.java    From cloud-service with MIT License 5 votes vote down vote up
@Override
public ClientDetails loadClientByClientId(String clientId) throws InvalidClientException {
    ClientDetails clientDetails = null;

    // 先从redis获取
    String value = (String) stringRedisTemplate.boundHashOps(CACHE_CLIENT_KEY).get(clientId);
    if (StringUtils.isBlank(value)) {
        clientDetails = cacheAndGetClient(clientId);
    } else {
        clientDetails = JSONObject.parseObject(value, BaseClientDetails.class);
    }

    return clientDetails;
}
 
Example #18
Source File: RedisClientDetailsService.java    From FEBS-Cloud with Apache License 2.0 5 votes vote down vote up
@Override
public ClientDetails loadClientByClientId(String clientId) throws InvalidClientException {
    ClientDetails clientDetails = null;
    String value = (String) redisService.hget(CACHE_CLIENT_KEY, clientId);
    if (StringUtils.isBlank(value)) {
        clientDetails = cacheAndGetClient(clientId);
    } else {
        clientDetails = JSONObject.parseObject(value, BaseClientDetails.class);
    }

    return clientDetails;
}
 
Example #19
Source File: DefaultWebResponseExceptionTranslator.java    From spring-cloud-shop with MIT License 4 votes vote down vote up
private ResponseEntity handleOAuth2Exception(OAuth2Exception e) throws IOException {

        Response<String> result = new Response<>();
        result.setCode(ERROR_CODE_START);
        if (e instanceof InvalidClientException) {
            result.setMsg("用户名或这密码错误");
        } else if (e instanceof UnauthorizedClientException) {
            result.setMsg("未授权的ClientId");
        } else if (e instanceof InvalidGrantException) {
            result.setMsg("授权失败,用户名或者密码错误");
        } else if (e instanceof InvalidScopeException) {
            result.setMsg("授权客户端错误");
        } else if (e instanceof InvalidTokenException) {
            result.setMsg("授权token错误");
        } else if (e instanceof InvalidRequestException) {
            result.setMsg("授权请求错误");
        } else if (e instanceof RedirectMismatchException) {
            result.setMsg("redirect_uri未匹配");
        } else if (e instanceof UnsupportedGrantTypeException) {
            result.setMsg("不支持此授权类型");
        } else if (e instanceof UnsupportedResponseTypeException) {
            result.setMsg("不支持此类型的授权码");
        } else if (e instanceof UserDeniedAuthorizationException) {
            result.setMsg("您没有访问权限");
        } else {
            result.setCode(ERROR_CODE_START + 1);
            result.setMsg(e.getMessage());
        }

        int status = e.getHttpErrorCode();
        HttpHeaders headers = new HttpHeaders();
        headers.set("Cache-Control", "no-store");
        headers.set("Pragma", "no-cache");
        if (status == HttpStatus.UNAUTHORIZED.value() || (e instanceof InsufficientScopeException)) {
            headers.set("WWW-Authenticate", String.format("%s %s", OAuth2AccessToken.BEARER_TYPE, e.getSummary()));
        }

        return new ResponseEntity<>(result, headers,
                HttpStatus.OK);

    }
 
Example #20
Source File: CustomAuthCodeTokenGranter.java    From OAuth-2.0-Cookbook with MIT License 4 votes vote down vote up
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {

    Map<String, String> parameters = tokenRequest.getRequestParameters();
    String authorizationCode = parameters.get("code");
    String redirectUri = parameters.get(OAuth2Utils.REDIRECT_URI);
    String codeVerifier = parameters.get("code_verifier");

    if (authorizationCode == null) {
        throw new InvalidRequestException("An authorization code must be supplied.");
    }

    OAuth2Authentication storedAuth = authorizationCodeServices.consumeAuthorizationCode(authorizationCode);
    if (storedAuth == null) {
        throw new InvalidGrantException("Invalid authorization code: " + authorizationCode);
    }

    OAuth2Request pendingOAuth2Request = storedAuth.getOAuth2Request();




    // Validates code verifier
    Map<String, String> pendingOauth2RequestParams = pendingOAuth2Request.getRequestParameters();
    String codeChallenge = pendingOauth2RequestParams.get("code_challenge");
    String codeChallengeMethod = pendingOauth2RequestParams.get("code_challenge_method");

    if (codeVerifier == null && codeChallenge != null) {
        // client is using PKCE but did not send the codeVerifier
        throw new InvalidRequestException(
                "Invalid authorization code for current token request.");
    }

    if (codeVerifier != null && codeChallenge != null) {
        String hashed = codeVerifier;
        if ("S256".equals(codeChallengeMethod)) {
            hashed = DigestUtils.sha256Hex(codeVerifier);
        }

        if (!hashed.equalsIgnoreCase(codeChallenge)) {
            throw new InvalidRequestException(
                    "Invalid authorization code for current token request.");
        }
    }



    // https://jira.springsource.org/browse/SECOAUTH-333
    // This might be null, if the authorization was done without the redirect_uri parameter
    String redirectUriApprovalParameter = pendingOAuth2Request.getRequestParameters().get(
            OAuth2Utils.REDIRECT_URI);

    if ((redirectUri != null || redirectUriApprovalParameter != null)
            && !pendingOAuth2Request.getRedirectUri().equals(redirectUri)) {
        throw new RedirectMismatchException("Redirect URI mismatch.");
    }

    String pendingClientId = pendingOAuth2Request.getClientId();
    String clientId = tokenRequest.getClientId();
    if (clientId != null && !clientId.equals(pendingClientId)) {
        // just a sanity check.
        throw new InvalidClientException("Client ID mismatch");
    }

    // Secret is not required in the authorization request, so it won't be available
    // in the pendingAuthorizationRequest. We do want to check that a secret is provided
    // in the token request, but that happens elsewhere.

    Map<String, String> combinedParameters = new HashMap<String, String>(pendingOAuth2Request
            .getRequestParameters());
    // Combine the parameters adding the new ones last so they override if there are any clashes
    combinedParameters.putAll(parameters);

    // Make a new stored request with the combined parameters
    OAuth2Request finalStoredOAuth2Request = pendingOAuth2Request.createOAuth2Request(combinedParameters);

    Authentication userAuth = storedAuth.getUserAuthentication();

    return new OAuth2Authentication(finalStoredOAuth2Request, userAuth);

}
 
Example #21
Source File: LessStrictRedirectUriAuthorizationCodeTokenGranter.java    From osiam with MIT License 4 votes vote down vote up
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {

    Map<String, String> parameters = tokenRequest.getRequestParameters();
    String authorizationCode = parameters.get("code");
    String redirectUri = parameters.get(OAuth2Utils.REDIRECT_URI);

    if (authorizationCode == null) {
        throw new InvalidRequestException("An authorization code must be supplied.");
    }

    OAuth2Authentication storedAuth = authorizationCodeServices.consumeAuthorizationCode(authorizationCode);
    if (storedAuth == null) {
        throw new InvalidGrantException("Invalid authorization code: " + authorizationCode);
    }

    OAuth2Request pendingOAuth2Request = storedAuth.getOAuth2Request();
    // https://jira.springsource.org/browse/SECOAUTH-333
    // This might be null, if the authorization was done without the redirect_uri parameter
    String redirectUriApprovalParameter = pendingOAuth2Request.getRequestParameters().get(OAuth2Utils.REDIRECT_URI);

    if (redirectUriApprovalParameter != null && redirectUri == null
            || redirectUriApprovalParameter != null
            && !pendingOAuth2Request.getRedirectUri().startsWith(redirectUri)) {
        throw new RedirectMismatchException("Redirect URI mismatch.");
    }

    String pendingClientId = pendingOAuth2Request.getClientId();
    String clientId = tokenRequest.getClientId();
    if (clientId != null && !clientId.equals(pendingClientId)) {
        // just a sanity check.
        throw new InvalidClientException("Client ID mismatch");
    }

    // Secret is not required in the authorization request, so it won't be available
    // in the pendingAuthorizationRequest. We do want to check that a secret is provided
    // in the token request, but that happens elsewhere.

    Map<String, String> combinedParameters = new HashMap<>(pendingOAuth2Request.getRequestParameters());
    // Combine the parameters adding the new ones last so they override if there are any clashes
    combinedParameters.putAll(parameters);

    // Make a new stored request with the combined parameters
    OAuth2Request finalStoredOAuth2Request = pendingOAuth2Request.createOAuth2Request(combinedParameters);

    Authentication userAuth = storedAuth.getUserAuthentication();

    return new OAuth2Authentication(finalStoredOAuth2Request, userAuth);
}
 
Example #22
Source File: SecurityClientDetailsService.java    From platform with Apache License 2.0 4 votes vote down vote up
@Override
public ClientDetails loadClientByClientId(String clientId) throws InvalidClientException {
    return super.loadClientByClientId(clientId);
}
 
Example #23
Source File: ClientDetailsServiceImpl.java    From spring-microservice-exam with MIT License 2 votes vote down vote up
/**
 * 重写方法
 *
 * @param clientId clientId
 * @return ClientDetails
 * @author tangyi
 * @date 2019/03/30 23:31
 */
@Override
public ClientDetails loadClientByClientId(String clientId) throws InvalidClientException {
    return super.loadClientByClientId(clientId);
}
 
Example #24
Source File: CloudClientDetailsService.java    From smaker with GNU Lesser General Public License v3.0 2 votes vote down vote up
/**
 * 重写原生方法支持redis缓存
 *
 * @param clientId
 * @return
 * @throws InvalidClientException
 */
@Override
@Cacheable(value = SecurityConstants.CLIENT_DETAILS_KEY, key = "#clientId", unless = "#result == null")
public ClientDetails loadClientByClientId(String clientId) throws InvalidClientException {
	return super.loadClientByClientId(clientId);
}