moved UMA exceptions out to controller advice class
Justin Richer
parent
99b58827c6
commit
4c04850446
|
|
@ -218,69 +218,6 @@ public class RequestingPartyTokenGranter extends AbstractTokenGranter {
|
||||||
throw new InvalidTicketException();
|
throw new InvalidTicketException();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@ExceptionHandler(NeedInfoException.class)
|
|
||||||
public ModelAndView handleUmaException(Exception e) {
|
|
||||||
// if we got here, the claim didn't match, forward the user to the claim gathering endpoint
|
|
||||||
|
|
||||||
NeedInfoException nie = (NeedInfoException)e;
|
|
||||||
|
|
||||||
JsonObject entity = new JsonObject();
|
|
||||||
|
|
||||||
entity.addProperty(JsonErrorView.ERROR, "need_info");
|
|
||||||
JsonObject details = new JsonObject();
|
|
||||||
|
|
||||||
JsonObject rpClaims = new JsonObject();
|
|
||||||
rpClaims.addProperty("redirect_user", true);
|
|
||||||
rpClaims.addProperty("ticket", nie.getTicketValue());
|
|
||||||
JsonArray req = new JsonArray();
|
|
||||||
for (Claim claim : nie.getUnmatched()) {
|
|
||||||
JsonObject c = new JsonObject();
|
|
||||||
c.addProperty("name", claim.getName());
|
|
||||||
c.addProperty("friendly_name", claim.getFriendlyName());
|
|
||||||
c.addProperty("claim_type", claim.getClaimType());
|
|
||||||
JsonArray f = new JsonArray();
|
|
||||||
for (String format : claim.getClaimTokenFormat()) {
|
|
||||||
f.add(new JsonPrimitive(format));
|
|
||||||
}
|
|
||||||
c.add("claim_token_format", f);
|
|
||||||
JsonArray i = new JsonArray();
|
|
||||||
for (String issuer : claim.getIssuer()) {
|
|
||||||
i.add(new JsonPrimitive(issuer));
|
|
||||||
}
|
|
||||||
c.add("issuer", i);
|
|
||||||
req.add(c);
|
|
||||||
}
|
|
||||||
rpClaims.add("required_claims", req);
|
|
||||||
details.add("requesting_party_claims", rpClaims);
|
|
||||||
entity.add("error_details", details);
|
|
||||||
|
|
||||||
Map<String, Object> m = new HashMap<>();
|
|
||||||
m.put(JsonEntityView.ENTITY, entity);
|
|
||||||
return new ModelAndView(JsonEntityView.VIEWNAME, m);
|
|
||||||
}
|
|
||||||
|
|
||||||
@ExceptionHandler(InvalidTicketException.class)
|
|
||||||
public ModelAndView handleInvalidTicketException(Exception e) {
|
|
||||||
// ticket wasn't found, return an error
|
|
||||||
Map<String, Object> m = new HashMap<>();
|
|
||||||
m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
|
|
||||||
m.put(JsonErrorView.ERROR, "invalid_ticket");
|
|
||||||
return new ModelAndView(JsonErrorView.VIEWNAME, m);
|
|
||||||
}
|
|
||||||
|
|
||||||
@ExceptionHandler(NotAuthorizedException.class)
|
|
||||||
public ModelAndView handleNotAuthorizedException(Exception e) {
|
|
||||||
Map<String, Object> m = new HashMap<>();
|
|
||||||
m.put(JsonErrorView.ERROR, "not_authorized");
|
|
||||||
m.put(JsonErrorView.ERROR_MESSAGE, "This resource set can not be accessed.");
|
|
||||||
m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
|
|
||||||
return new ModelAndView(JsonErrorView.VIEWNAME, m);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,106 @@
|
||||||
|
/*******************************************************************************
|
||||||
|
* Copyright 2015 The MITRE Corporation
|
||||||
|
* and the MIT Kerberos and Internet Trust Consortium
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*******************************************************************************/
|
||||||
|
|
||||||
|
package org.mitre.uma.web;
|
||||||
|
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
import org.mitre.openid.connect.view.HttpCodeView;
|
||||||
|
import org.mitre.openid.connect.view.JsonEntityView;
|
||||||
|
import org.mitre.openid.connect.view.JsonErrorView;
|
||||||
|
import org.mitre.uma.exception.InvalidTicketException;
|
||||||
|
import org.mitre.uma.exception.NeedInfoException;
|
||||||
|
import org.mitre.uma.exception.NotAuthorizedException;
|
||||||
|
import org.mitre.uma.model.Claim;
|
||||||
|
import org.springframework.http.HttpStatus;
|
||||||
|
import org.springframework.web.bind.annotation.ControllerAdvice;
|
||||||
|
import org.springframework.web.bind.annotation.ExceptionHandler;
|
||||||
|
import org.springframework.web.servlet.ModelAndView;
|
||||||
|
|
||||||
|
import com.google.gson.JsonArray;
|
||||||
|
import com.google.gson.JsonObject;
|
||||||
|
import com.google.gson.JsonPrimitive;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author jricher
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
@ControllerAdvice
|
||||||
|
public class UmaExceptionHandler {
|
||||||
|
|
||||||
|
@ExceptionHandler(NeedInfoException.class)
|
||||||
|
public ModelAndView handleUmaException(Exception e) {
|
||||||
|
// if we got here, the claim didn't match, forward the user to the claim gathering endpoint
|
||||||
|
|
||||||
|
NeedInfoException nie = (NeedInfoException)e;
|
||||||
|
|
||||||
|
JsonObject entity = new JsonObject();
|
||||||
|
|
||||||
|
entity.addProperty(JsonErrorView.ERROR, "need_info");
|
||||||
|
JsonObject details = new JsonObject();
|
||||||
|
|
||||||
|
JsonObject rpClaims = new JsonObject();
|
||||||
|
rpClaims.addProperty("redirect_user", true);
|
||||||
|
rpClaims.addProperty("ticket", nie.getTicketValue());
|
||||||
|
JsonArray req = new JsonArray();
|
||||||
|
for (Claim claim : nie.getUnmatched()) {
|
||||||
|
JsonObject c = new JsonObject();
|
||||||
|
c.addProperty("name", claim.getName());
|
||||||
|
c.addProperty("friendly_name", claim.getFriendlyName());
|
||||||
|
c.addProperty("claim_type", claim.getClaimType());
|
||||||
|
JsonArray f = new JsonArray();
|
||||||
|
for (String format : claim.getClaimTokenFormat()) {
|
||||||
|
f.add(new JsonPrimitive(format));
|
||||||
|
}
|
||||||
|
c.add("claim_token_format", f);
|
||||||
|
JsonArray i = new JsonArray();
|
||||||
|
for (String issuer : claim.getIssuer()) {
|
||||||
|
i.add(new JsonPrimitive(issuer));
|
||||||
|
}
|
||||||
|
c.add("issuer", i);
|
||||||
|
req.add(c);
|
||||||
|
}
|
||||||
|
rpClaims.add("required_claims", req);
|
||||||
|
details.add("requesting_party_claims", rpClaims);
|
||||||
|
entity.add("error_details", details);
|
||||||
|
|
||||||
|
Map<String, Object> m = new HashMap<>();
|
||||||
|
m.put(JsonEntityView.ENTITY, entity);
|
||||||
|
return new ModelAndView(JsonEntityView.VIEWNAME, m);
|
||||||
|
}
|
||||||
|
|
||||||
|
@ExceptionHandler(InvalidTicketException.class)
|
||||||
|
public ModelAndView handleInvalidTicketException(Exception e) {
|
||||||
|
// ticket wasn't found, return an error
|
||||||
|
Map<String, Object> m = new HashMap<>();
|
||||||
|
m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
|
||||||
|
m.put(JsonErrorView.ERROR, "invalid_ticket");
|
||||||
|
return new ModelAndView(JsonErrorView.VIEWNAME, m);
|
||||||
|
}
|
||||||
|
|
||||||
|
@ExceptionHandler(NotAuthorizedException.class)
|
||||||
|
public ModelAndView handleNotAuthorizedException(Exception e) {
|
||||||
|
Map<String, Object> m = new HashMap<>();
|
||||||
|
m.put(JsonErrorView.ERROR, "not_authorized");
|
||||||
|
m.put(JsonErrorView.ERROR_MESSAGE, "This resource set can not be accessed.");
|
||||||
|
m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
|
||||||
|
return new ModelAndView(JsonErrorView.VIEWNAME, m);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue