diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java b/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java index 4487ed8a9..493e3c4f6 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java @@ -57,6 +57,9 @@ public class JwtAssertionTokenGranter extends AbstractTokenGranter { /* (non-Javadoc) * @see org.springframework.security.oauth2.provider.token.AbstractTokenGranter#getOAuth2Authentication(org.springframework.security.oauth2.provider.AuthorizationRequest) */ + /** + * @throws NoSuchAlgorithmException + */ @Override protected OAuth2AccessToken getAccessToken(AuthorizationRequest authorizationRequest) throws AuthenticationException, InvalidTokenException { // read and load up the existing token @@ -103,7 +106,10 @@ public class JwtAssertionTokenGranter extends AbstractTokenGranter { try { jwtService.signJwt(newIdToken); } catch (NoSuchAlgorithmException e) { - // TODO Auto-generated catch block + // TODO how to handle this exception? + // Because of the abstract class's method signature, cannot add "throws" + // declaration to this class, but printing a stack trace is not a good + // fallback. e.printStackTrace(); } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java index 08fc09339..77e121ce9 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java @@ -23,7 +23,10 @@ import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.OAuth2TokenEntityService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.common.exceptions.InvalidClientException; @@ -47,6 +50,8 @@ public class IntrospectionEndpoint { @Autowired private ClientDetailsEntityService clientService; + private Logger logger = LoggerFactory.getLogger(this.getClass()); + public IntrospectionEndpoint() { } @@ -60,7 +65,10 @@ public class IntrospectionEndpoint { Map e = ImmutableMap.of("valid", Boolean.FALSE); Map model = new HashMap(); model.put("entity", e); - // TODO: http code? + + logger.error("IntrospectionEndpoint InvalidTokenException: " + ex.getStackTrace().toString()); + + model.put("code", HttpStatus.BAD_REQUEST); return new ModelAndView("jsonEntityView", model); } @@ -89,18 +97,21 @@ public class IntrospectionEndpoint { }*/ if (Strings.isNullOrEmpty(tokenValue)) { - throw new InvalidTokenException("No token found!"); - //TODO: Error Handling + logger.error("IntrospectionEndpoint: verify failed; token value is null"); + modelAndView.addObject("code", HttpStatus.BAD_REQUEST); + modelAndView.setViewName("httpCodeView"); + return modelAndView; } OAuth2AccessTokenEntity token = null; try { - token = tokenServices.readAccessToken(tokenValue); - } catch (InvalidTokenException e) { - //TODO: Error Handling + token = tokenServices.readAccessToken(tokenValue); } catch (AuthenticationException e) { - //TODO: Error Handling + logger.error("IntrospectionEndpoint: verify failed; AuthenticationException: " + e.getStackTrace().toString()); + modelAndView.addObject("code", HttpStatus.FORBIDDEN); + modelAndView.setViewName("httpCodeView"); + return modelAndView; } ClientDetailsEntity tokenClient = token.getClient(); @@ -119,16 +130,23 @@ public class IntrospectionEndpoint { modelAndView.addObject("entity", token); return modelAndView; } else { - throw new InvalidScopeException("Tried to introspect a token of different scope"); - //TODO: Error Handling + logger.error("IntrospectionEndpoint: verify failed; client tried to introspect a token of an incorrect scope"); + modelAndView.addObject("code", HttpStatus.BAD_REQUEST); + modelAndView.setViewName("httpCodeView"); + return modelAndView; } } else { - throw new InvalidClientException("Client is not allowed to call introspection endpoint."); - //TODO: Error Handling + logger.error("IntrospectionEndpoint: verify failed; client " + clientId + " is not allowed to call introspection endpoint"); + modelAndView.addObject("code", HttpStatus.BAD_REQUEST); + modelAndView.setViewName("httpCodeView"); + return modelAndView; } } else { - throw new InvalidClientException("Client not found."); - //TODO: Error Handling + //TODO: Log error client not found + logger.error("IntrospectionEndpoint: verify failed; client " + clientId + " not found."); + modelAndView.addObject("code", HttpStatus.NOT_FOUND); + modelAndView.setViewName("httpCodeView"); + return modelAndView; } } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java index 0da552c65..3154cc28c 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java @@ -26,7 +26,10 @@ import org.mitre.oauth2.exception.ClientNotFoundException; import org.mitre.oauth2.model.SystemScope; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.SystemScopeService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.oauth2.common.exceptions.InvalidClientException; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; @@ -54,6 +57,8 @@ public class OAuthConfirmationController { @Autowired private SystemScopeService scopeService; + private Logger logger = LoggerFactory.getLogger(this.getClass()); + public OAuthConfirmationController() { } @@ -68,14 +73,26 @@ public class OAuthConfirmationController { //AuthorizationRequest clientAuth = (AuthorizationRequest) model.remove("authorizationRequest"); - //TODO: Error Handling - //Throws OAuth2Exception, InvalidClientException, IllegalArgumentException - ClientDetails client = clientService.loadClientByClientId(clientAuth.getClientId()); + ClientDetails client = null; + + try { + client = clientService.loadClientByClientId(clientAuth.getClientId()); + } catch (OAuth2Exception e) { + logger.error("OAuthConfirmationController: confirmAccess: OAuth2Exception was thrown when attempting to load client: " + + e.getStackTrace().toString()); + model.put("code", HttpStatus.BAD_REQUEST); + return new ModelAndView("httpCodeView"); + } catch (IllegalArgumentException e) { + logger.error("OAuthConfirmationController: confirmAccess: IllegalArgumentException was thrown when attempting to load client: " + + e.getStackTrace().toString()); + model.put("code", HttpStatus.BAD_REQUEST); + return new ModelAndView("httpCodeView"); + } if (client == null) { - throw new ClientNotFoundException("Client not found: " + clientAuth.getClientId()); - //TODO: Error Handling - } + logger.error("OAuthConfirmationController: confirmAccess: could not find client " + clientAuth.getClientId()); + model.put("code", HttpStatus.NOT_FOUND); + return new ModelAndView("httpCodeView"); } model.put("auth_request", clientAuth); model.put("client", client); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java index 007a5448a..420734c96 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java @@ -21,6 +21,8 @@ import org.mitre.oauth2.exception.PermissionDeniedException; import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; import org.mitre.oauth2.service.OAuth2TokenEntityService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.core.AuthenticationException; @@ -37,6 +39,8 @@ public class RevocationEndpoint { @Autowired OAuth2TokenEntityService tokenServices; + private Logger logger = LoggerFactory.getLogger(this.getClass()); + public RevocationEndpoint() { } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java index 0cae172d0..8a4c977e4 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java @@ -7,6 +7,8 @@ import java.util.Set; import org.mitre.oauth2.model.SystemScope; import org.mitre.oauth2.service.SystemScopeService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; @@ -28,10 +30,11 @@ import com.google.gson.Gson; @PreAuthorize("hasRole('ROLE_USER')") public class ScopeAPI { - @Autowired private SystemScopeService scopeService; + private Logger logger = LoggerFactory.getLogger(this.getClass()); + private Gson gson = new Gson(); @RequestMapping(value = "", method = RequestMethod.GET, produces = "application/json") @@ -55,8 +58,10 @@ public class ScopeAPI { return "jsonEntityView"; } else { - m.put("code", HttpStatus.NOT_FOUND); + + logger.error("ScopeAPI: getScope failed; scope not found: " + id); + m.put("code", HttpStatus.NOT_FOUND); return "httpCodeView"; } } @@ -80,6 +85,10 @@ public class ScopeAPI { return "jsonEntityView"; } else { + + logger.error("ScopeAPI: updateScope failed; scope ids to not match: got " + + existing.getId() + " and " + scope.getId()); + m.put("code", HttpStatus.BAD_REQUEST); return "httpCodeView"; @@ -87,6 +96,7 @@ public class ScopeAPI { } else { + logger.error("ScopeAPI: updateScope failed; scope with id " + id + " not found."); m.put("code", HttpStatus.NOT_FOUND); return "httpCodeView"; @@ -106,6 +116,8 @@ public class ScopeAPI { return "jsonEntityView"; } else { + + logger.error("ScopeAPI: createScope failed; JSON was invalid: " + json); m.put("code", HttpStatus.BAD_REQUEST); return "httpCodeView"; @@ -125,6 +137,7 @@ public class ScopeAPI { return "httpCodeView"; } else { + logger.error("ScopeAPI: deleteScope failed; scope with id " + id + " not found."); m.put("code", HttpStatus.NOT_FOUND); return "httpCodeView"; diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java index 813571b7c..e3ea528d7 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java @@ -8,6 +8,8 @@ import java.util.Collection; import org.mitre.openid.connect.model.ApprovedSite; import org.mitre.openid.connect.service.ApprovedSiteService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; @@ -28,6 +30,8 @@ public class ApprovedSiteAPI { @Autowired private ApprovedSiteService approvedSiteService; + + private Logger logger = LoggerFactory.getLogger(this.getClass()); /** * Get a list of all of this user's approved sites @@ -53,8 +57,11 @@ public class ApprovedSiteAPI { ApprovedSite approvedSite = approvedSiteService.getById(id); if (approvedSite == null) { + logger.error("ApprovedSiteAPI: deleteApprovedSite failed; no approved site found for id: " + id); m.put("code", HttpStatus.NOT_FOUND); } else if (!approvedSite.getUserId().equals(p.getName())) { + logger.error("ApprovedSiteAPI: deleteApprovedSite failed; principal " + + p.getName() + " does not own approved site" + id); m.put("code", HttpStatus.FORBIDDEN); } else { m.put("code", HttpStatus.OK); @@ -71,9 +78,12 @@ public class ApprovedSiteAPI { public String getApprovedSite(@PathVariable("id") Long id, ModelMap m, Principal p) { ApprovedSite approvedSite = approvedSiteService.getById(id); if (approvedSite == null) { + logger.error("ApprovedSiteAPI: getApprovedSite failed; no approved site found for id: " + id); m.put("code", HttpStatus.NOT_FOUND); return "httpCodeView"; } else if (!approvedSite.getUserId().equals(p.getName())) { + logger.error("ApprovedSiteAPI: getApprovedSite failed; principal " + + p.getName() + " does not own approved site" + id); m.put("code", HttpStatus.FORBIDDEN); return "httpCodeView"; } else { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java index 78fbfa603..a79b06263 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java @@ -8,6 +8,8 @@ import java.util.Collection; import org.mitre.openid.connect.model.BlacklistedSite; import org.mitre.openid.connect.service.BlacklistedSiteService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; @@ -32,10 +34,11 @@ import com.google.gson.JsonSyntaxException; @PreAuthorize("hasRole('ROLE_ADMIN')") public class BlacklistAPI { - @Autowired private BlacklistedSiteService blacklistService; + private Logger logger = LoggerFactory.getLogger(this.getClass()); + private Gson gson = new Gson(); private JsonParser parser = new JsonParser(); @@ -76,11 +79,12 @@ public class BlacklistAPI { m.put("entity", newBlacklist); } - //TODO: Java 7 combine catch statements catch (JsonSyntaxException e) { + logger.error("BlacklistAPI: addNewBlacklistedSite failed due to JsonSyntaxException: " + e.getStackTrace().toString()); m.put("code", HttpStatus.BAD_REQUEST); return "httpCodeView"; } catch (IllegalStateException e) { + logger.error("BlacklistAPI: addNewBlacklistedSite failed due to IllegalStateException: " + e.getStackTrace().toString()); m.put("code", HttpStatus.BAD_REQUEST); return "httpCodeView"; } @@ -105,11 +109,12 @@ public class BlacklistAPI { blacklist = gson.fromJson(json, BlacklistedSite.class); } - //TODO: Java 7 combine catch statements catch (JsonSyntaxException e) { + logger.error("BlacklistAPI: updateBlacklistedSite failed due to JsonSyntaxException: " + e.getStackTrace().toString()); m.put("code", HttpStatus.BAD_REQUEST); return "httpCodeView"; } catch (IllegalStateException e) { + logger.error("BlacklistAPI: updateBlacklistedSite failed due to IllegalStateException: " + e.getStackTrace().toString()); m.put("code", HttpStatus.BAD_REQUEST); return "httpCodeView"; } @@ -118,6 +123,7 @@ public class BlacklistAPI { BlacklistedSite oldBlacklist = blacklistService.getById(id); if (oldBlacklist == null) { + logger.error("BlacklistAPI: updateBlacklistedSite failed; blacklist with id " + id + " could not be found"); m.put("code", HttpStatus.NOT_FOUND); return "httpCodeView"; } else { @@ -139,6 +145,7 @@ public class BlacklistAPI { BlacklistedSite blacklist = blacklistService.getById(id); if (blacklist == null) { + logger.error("BlacklistAPI: deleteBlacklistedSite failed; blacklist with id " + id + " could not be found"); m.put("code", HttpStatus.NOT_FOUND); } else { m.put("code", HttpStatus.OK); @@ -155,6 +162,7 @@ public class BlacklistAPI { public String getBlacklistedSite(@PathVariable("id") Long id, ModelMap m) { BlacklistedSite blacklist = blacklistService.getById(id); if (blacklist == null) { + logger.error("BlacklistAPI: getBlacklistedSite failed; blacklist with id " + id + " could not be found"); m.put("code", HttpStatus.NOT_FOUND); return "httpCodeView"; } else { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java index a42588f25..bf4df650d 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java @@ -16,15 +16,12 @@ package org.mitre.openid.connect.web; import java.lang.reflect.Type; -import java.security.Principal; import java.util.Collection; -import org.mitre.jose.JWEAlgorithmEmbed; -import org.mitre.jose.JWEEncryptionMethodEmbed; -import org.mitre.jose.JWSAlgorithmEmbed; -import org.mitre.oauth2.exception.ClientNotFoundException; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.service.ClientDetailsEntityService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; @@ -61,6 +58,7 @@ public class ClientAPI { @Autowired private ClientDetailsEntityService clientService; private JsonParser parser = new JsonParser(); + private Gson gson = new GsonBuilder() .serializeNulls() .registerTypeAdapter(JWSAlgorithmEmbed.class, new JsonDeserializer() { @@ -95,6 +93,8 @@ public class ClientAPI { }) .setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ") .create(); + + private Logger logger = LoggerFactory.getLogger(this.getClass()); /** * Get a list of all clients @@ -132,11 +132,12 @@ public class ClientAPI { json = parser.parse(jsonString).getAsJsonObject(); client = gson.fromJson(json, ClientDetailsEntity.class); } - //TODO: Java 7 combine catch statements catch (JsonSyntaxException e) { + logger.error("ClientAPI: apiAddClient failed due to JsonSyntaxException: " + e.getStackTrace().toString()); m.addAttribute("code", HttpStatus.BAD_REQUEST); return "httpCodeView"; } catch (IllegalStateException e) { + logger.error("ClientAPI: apiAddClient failed due to IllegalStateException: " + e.getStackTrace().toString()); m.addAttribute("code", HttpStatus.BAD_REQUEST); return "httpCodeView"; } @@ -186,11 +187,12 @@ public class ClientAPI { json = parser.parse(jsonString).getAsJsonObject(); client = gson.fromJson(json, ClientDetailsEntity.class); } - //TODO: Java 7 combine catch statements catch (JsonSyntaxException e) { + logger.error("ClientAPI: apiUpdateClient failed due to JsonSyntaxException: " + e.getStackTrace().toString()); m.addAttribute("code", HttpStatus.BAD_REQUEST); return "httpCodeView"; } catch (IllegalStateException e) { + logger.error("ClientAPI: apiUpdateClient failed due to IllegalStateException: " + e.getStackTrace().toString()); m.addAttribute("code", HttpStatus.BAD_REQUEST); return "httpCodeView"; } @@ -198,9 +200,9 @@ public class ClientAPI { ClientDetailsEntity oldClient = clientService.getClientById(id); if (oldClient == null) { - //TODO: Error Handling - //Is this exception caught by a view? - throw new ClientNotFoundException(); + logger.error("ClientAPI: apiUpdateClient failed; client with id " + id + " could not be found."); + m.addAttribute("code", HttpStatus.NOT_FOUND); + return "httpCodeView"; } // if they leave the client secret empty, force it to be generated @@ -240,6 +242,7 @@ public class ClientAPI { ClientDetailsEntity client = clientService.getClientById(id); if (client == null) { + logger.error("ClientAPI: apiDeleteClient failed; client with id " + id + " could not be found."); modelAndView.getModelMap().put("code", HttpStatus.NOT_FOUND); } else { modelAndView.getModelMap().put("code", HttpStatus.OK); @@ -258,11 +261,13 @@ public class ClientAPI { */ @RequestMapping(value="/{id}", method=RequestMethod.GET, produces = "application/json") public String apiShowClient(@PathVariable("id") Long id, Model model, Authentication auth) { + ClientDetailsEntity client = clientService.getClientById(id); + if (client == null) { - //TODO: Error Handling - //Is this error handled by a view? - throw new ClientNotFoundException("Could not find client: " + id); + logger.error("ClientAPI: apiShowClient failed; client with id " + id + " could not be found."); + model.addAttribute("code", HttpStatus.NOT_FOUND); + return "httpCodeView"; } model.addAttribute("entity", client); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java index 36f30ed24..b0e6422e6 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java @@ -17,7 +17,10 @@ import org.mitre.oauth2.model.SystemScope; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.OAuth2TokenEntityService; import org.mitre.oauth2.service.SystemScopeService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.authority.SimpleGrantedAuthority; @@ -49,6 +52,7 @@ public class ClientDynamicRegistrationEndpoint { @Autowired private SystemScopeService scopeService; + private Logger logger = LoggerFactory.getLogger(this.getClass()); @RequestMapping(params = "operation=client_register", produces = "application/json") public String clientRegister( @@ -189,7 +193,9 @@ public class ClientDynamicRegistrationEndpoint { ClientDetailsEntity client = clientService.loadClientByClientId(clientId); if (client == null) { - throw new ClientNotFoundException("Could not find client: " + clientId); + logger.error("ClientDynamicRegistrationEndpoint: rotateSecret failed, could not find client " + clientId); + model.addAttribute("code", HttpStatus.NOT_FOUND); + return "httpCodeView"; } // rotate the secret, if available @@ -203,8 +209,11 @@ public class ClientDynamicRegistrationEndpoint { // mint a new access token registrationAccessToken = createRegistrationAccessToken(client); } catch (AuthenticationException e) { - //TODO: Error Handling - //AuthException may be handled by spring security + logger.error("ClientDynamicRegistrationEndpoint: rotateSecret failed; AuthenticationException: CLient " + clientId + + " attempted to rotate secret and failed with the following stack trace: " + + e.getStackTrace().toString()); + model.addAttribute("code", HttpStatus.FORBIDDEN); + return "httpCodeView"; } // revoke the old one @@ -215,16 +224,25 @@ public class ClientDynamicRegistrationEndpoint { try { oldAccessToken = tokenService.readAccessToken(details.getTokenValue()); } catch (AuthenticationException e) { - //TODO: Error Handling + logger.error("ClientDynamicRegistrationEndpoint: rotateSecret failed; AuthenticationException: CLient " + clientId + + " attempted to rotate secret and failed with the following stack trace: " + + e.getStackTrace().toString()); + model.addAttribute("code", HttpStatus.FORBIDDEN); + return "httpCodeView"; } catch (InvalidTokenException e) { - //TODO: Error Handling + logger.error("ClientDynamicRegistrationEndpoint: rotateSecret failed; InvalidTokenException: CLient " + clientId + + " attempted to rotate secret with an invalid token." + + e.getStackTrace().toString()); + model.addAttribute("code", HttpStatus.BAD_REQUEST); + return "httpCodeView"; } if (oldAccessToken != null) { tokenService.revokeAccessToken(oldAccessToken); } else { - // serious error here -- how'd we get this far without a valid token?! - throw new OAuth2Exception("SEVERE: token not found, something is fishy"); - //TODO: Error Handling + // This is a severe error + logger.error("SEVERE: ClientDynamicRegistrationEndpoint: rotateSecret failed; Revocation of access token for client " + clientId + + " failed. Original token can not be found."); + throw OAuth2Exception.create(OAuth2Exception.INVALID_TOKEN, "SEVERE: token not found, something is fishy"); } } @@ -289,8 +307,9 @@ public class ClientDynamicRegistrationEndpoint { ClientDetailsEntity client = clientService.loadClientByClientId(clientId); if (client == null) { - throw new ClientNotFoundException("Could not find client: " + clientId); - //TODO: Error Handling + logger.error("ClientDynamicRegistrationEndpoint: clientUpdate failed; Client with id " + clientId + " does not exist or cannot be found."); + model.addAttribute("code", HttpStatus.NOT_FOUND); + return "httpCodeView"; } /* diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java index 3651dc550..51c5ac8d5 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java @@ -22,7 +22,10 @@ import org.mitre.openid.connect.exception.UnknownUserInfoSchemaException; import org.mitre.openid.connect.exception.UserNotFoundException; import org.mitre.openid.connect.model.UserInfo; import org.mitre.openid.connect.service.UserInfoService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.oauth2.common.exceptions.InvalidScopeException; import org.springframework.security.oauth2.provider.OAuth2Authentication; @@ -46,6 +49,8 @@ public class UserInfoEndpoint { @Autowired private UserInfoService userInfoService; + private Logger logger = LoggerFactory.getLogger(this.getClass()); + private Map schemaToViewNameMap = ImmutableMap.of( openIdSchema, jsonUserInfoViewName, pocoSchema, pocoUserInfoViewName @@ -69,22 +74,25 @@ public class UserInfoEndpoint { public String getInfo(Principal p, @RequestParam("schema") String schema, Model model) { if (p == null) { - throw new UserNotFoundException("Invalid User"); - //TODO: Error Handling + logger.error("UserInfoEndpoint: getInfo failed; no principal. Requester is not authorized."); + model.addAttribute("code", HttpStatus.FORBIDDEN); + return "httpCodeView"; } String viewName = schemaToViewNameMap.get(schema); if (viewName == null) { - throw new UnknownUserInfoSchemaException("Unknown User Info Schema: " + schema ); - //TODO: Error Handling + logger.error("UserInfoEndpoint: getInfo failed; unknown User Info schema " + schema); + model.addAttribute("code", HttpStatus.BAD_REQUEST); + return "httpCodeView"; } String userId = p.getName(); UserInfo userInfo = userInfoService.getByUserId(userId); if (userInfo == null) { - throw new UserNotFoundException("User not found: " + userId); - //TODO: Error Handling + logger.error("UserInfoEndpoint: getInfo failed; user not found: " + userId); + model.addAttribute("code", HttpStatus.NOT_FOUND); + return "httpCodeView"; } if (p instanceof OAuth2Authentication) { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java index 30dbefb94..21831449b 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java @@ -8,6 +8,8 @@ import java.util.Collection; import org.mitre.openid.connect.model.WhitelistedSite; import org.mitre.openid.connect.service.WhitelistedSiteService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; @@ -36,6 +38,8 @@ public class WhitelistAPI { @Autowired private WhitelistedSiteService whitelistService; + private Logger logger = LoggerFactory.getLogger(this.getClass()); + private Gson gson = new Gson(); private JsonParser parser = new JsonParser(); @@ -73,9 +77,13 @@ public class WhitelistAPI { whitelist = gson.fromJson(json, WhitelistedSite.class); } catch (JsonParseException e) { - //TODO: Error Handling + logger.error("WhitelistAPi: addNewWhitelistedSite failed due to JsonParseException: " + e.getStackTrace().toString()); + m.addAttribute("code", HttpStatus.BAD_REQUEST); + return "httpCodeView"; } catch (IllegalStateException e) { - + logger.error("WhitelistAPi: addNewWhitelistedSite failed due to IllegalStateException: " + e.getStackTrace().toString()); + m.addAttribute("code", HttpStatus.BAD_REQUEST); + return "httpCodeView"; } // save the id of the person who created this @@ -104,14 +112,19 @@ public class WhitelistAPI { whitelist = gson.fromJson(json, WhitelistedSite.class); } catch (JsonParseException e) { - //TODO: Error Handling + logger.error("WhitelistAPi: updateWhitelistedSite failed due to JsonParseException: " + e.getStackTrace().toString()); + m.put("code", HttpStatus.BAD_REQUEST); + return "httpCodeView"; } catch (IllegalStateException e) { - + logger.error("WhitelistAPi: updateWhitelistedSite failed due to IllegalStateException: " + e.getStackTrace().toString()); + m.put("code", HttpStatus.BAD_REQUEST); + return "httpCodeView"; } WhitelistedSite oldWhitelist = whitelistService.getById(id); if (oldWhitelist == null) { + logger.error("WhitelistAPi: updateWhitelistedSite failed; whitelist with id " + id + " could not be found."); m.put("code", HttpStatus.NOT_FOUND); return "httpCodeView"; } else { @@ -134,6 +147,7 @@ public class WhitelistAPI { WhitelistedSite whitelist = whitelistService.getById(id); if (whitelist == null) { + logger.error("WhitelistAPi: deleteWhitelistedSite failed; whitelist with id " + id + " could not be found."); m.put("code", HttpStatus.NOT_FOUND); } else { m.put("code", HttpStatus.OK); @@ -150,6 +164,7 @@ public class WhitelistAPI { public String getWhitelistedSite(@PathVariable("id") Long id, ModelMap m) { WhitelistedSite whitelist = whitelistService.getById(id); if (whitelist == null) { + logger.error("WhitelistAPi: getWhitelistedSite failed; whitelist with id " + id + " could not be found."); m.put("code", HttpStatus.NOT_FOUND); return "httpCodeView"; } else {