Standardized error handling and added logging for error conditions in endpoints

openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java

@@ -57,6 +57,9 @@ public class JwtAssertionTokenGranter extends AbstractTokenGranter {
 	/* (non-Javadoc)
      * @see org.springframework.security.oauth2.provider.token.AbstractTokenGranter#getOAuth2Authentication(org.springframework.security.oauth2.provider.AuthorizationRequest)
      */
+	/**
+	 * @throws NoSuchAlgorithmException
+	 */
     @Override
     protected OAuth2AccessToken getAccessToken(AuthorizationRequest authorizationRequest) throws AuthenticationException, InvalidTokenException {
     	// read and load up the existing token
@@ -103,7 +106,10 @@ public class JwtAssertionTokenGranter extends AbstractTokenGranter {
 					try {
 		                jwtService.signJwt(newIdToken);
 	                } catch (NoSuchAlgorithmException e) {
-		                // TODO Auto-generated catch block
+		                // TODO how to handle this exception? 
+	                	// Because of the abstract class's method signature, cannot add "throws"
+	                	// declaration to this class, but printing a stack trace is not a good 
+	                	// fallback.
 		                e.printStackTrace();
 	                }
 					

openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java

@@ -23,7 +23,10 @@ import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
 import org.mitre.oauth2.service.OAuth2TokenEntityService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
@@ -47,6 +50,8 @@ public class IntrospectionEndpoint {
 	@Autowired
 	private ClientDetailsEntityService clientService;
 	
+	private Logger logger = LoggerFactory.getLogger(this.getClass());
+	
 	public IntrospectionEndpoint() {
 		
 	}
@@ -60,7 +65,10 @@ public class IntrospectionEndpoint {
 		Map<String,Boolean> e = ImmutableMap.of("valid", Boolean.FALSE);
 		Map<String, Object> model = new HashMap<String, Object>();
 		model.put("entity", e);
-		// TODO: http code?
+		
+		logger.error("IntrospectionEndpoint InvalidTokenException: " + ex.getStackTrace().toString());
+		
+		model.put("code", HttpStatus.BAD_REQUEST);
 		
 		return new ModelAndView("jsonEntityView", model);
 	}
@@ -89,18 +97,21 @@ public class IntrospectionEndpoint {
 		}*/
 		
 		if (Strings.isNullOrEmpty(tokenValue)) {
-			throw new InvalidTokenException("No token found!");
+			logger.error("IntrospectionEndpoint: verify failed; token value is null");
-			//TODO: Error Handling
+			modelAndView.addObject("code", HttpStatus.BAD_REQUEST);
+			modelAndView.setViewName("httpCodeView");
+			return modelAndView;
 		}
 		
 		OAuth2AccessTokenEntity token = null;
 		
 		try {
 			token = tokenServices.readAccessToken(tokenValue);		
-		} catch (InvalidTokenException e) {
-			//TODO: Error Handling
 		} catch (AuthenticationException e) {
-			//TODO: Error Handling
+			logger.error("IntrospectionEndpoint: verify failed; AuthenticationException: " + e.getStackTrace().toString());
+			modelAndView.addObject("code", HttpStatus.FORBIDDEN);
+			modelAndView.setViewName("httpCodeView");
+			return modelAndView;
 		}
 			
 		ClientDetailsEntity tokenClient = token.getClient();
@@ -119,16 +130,23 @@ public class IntrospectionEndpoint {
 					modelAndView.addObject("entity", token);
 					return modelAndView;
 				} else {
-					throw new InvalidScopeException("Tried to introspect a token of different scope");
+					logger.error("IntrospectionEndpoint: verify failed; client tried to introspect a token of an incorrect scope");
-					//TODO: Error Handling
+					modelAndView.addObject("code", HttpStatus.BAD_REQUEST);
+					modelAndView.setViewName("httpCodeView");
+					return modelAndView;
 				}
 			} else {
-				throw new InvalidClientException("Client is not allowed to call introspection endpoint.");
+				logger.error("IntrospectionEndpoint: verify failed; client " + clientId + " is not allowed to call introspection endpoint");
-				//TODO: Error Handling
+				modelAndView.addObject("code", HttpStatus.BAD_REQUEST);
+				modelAndView.setViewName("httpCodeView");
+				return modelAndView;
 			}
 		} else {
-			throw new InvalidClientException("Client not found.");
+			//TODO: Log error client not found
-			//TODO: Error Handling
+			logger.error("IntrospectionEndpoint: verify failed; client " + clientId + " not found.");
+			modelAndView.addObject("code", HttpStatus.NOT_FOUND);
+			modelAndView.setViewName("httpCodeView");
+			return modelAndView;
 		}
 		
 	}

openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java

@@ -26,7 +26,10 @@ import org.mitre.oauth2.exception.ClientNotFoundException;
 import org.mitre.oauth2.model.SystemScope;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
 import org.mitre.oauth2.service.SystemScopeService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
 import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
@@ -54,6 +57,8 @@ public class OAuthConfirmationController {
 	@Autowired
 	private SystemScopeService scopeService;
 	
+	private Logger logger = LoggerFactory.getLogger(this.getClass());
+	
 	public OAuthConfirmationController() {
 		
 	}
@@ -68,14 +73,26 @@ public class OAuthConfirmationController {
 
 		//AuthorizationRequest clientAuth = (AuthorizationRequest) model.remove("authorizationRequest");
 
-		//TODO: Error Handling
+		ClientDetails client = null;
-		//Throws OAuth2Exception, InvalidClientException, IllegalArgumentException
+		
-		ClientDetails client = clientService.loadClientByClientId(clientAuth.getClientId());
+		try {
+			client = clientService.loadClientByClientId(clientAuth.getClientId());
+		} catch (OAuth2Exception e) {	
+			logger.error("OAuthConfirmationController: confirmAccess: OAuth2Exception was thrown when attempting to load client: "
+					+ e.getStackTrace().toString());
+			model.put("code", HttpStatus.BAD_REQUEST);
+			return new ModelAndView("httpCodeView");
+		} catch (IllegalArgumentException e) {
+			logger.error("OAuthConfirmationController: confirmAccess: IllegalArgumentException was thrown when attempting to load client: "
+					+ e.getStackTrace().toString());
+			model.put("code", HttpStatus.BAD_REQUEST);
+			return new ModelAndView("httpCodeView");
+		}
 		
 		if (client == null) {
-			throw new ClientNotFoundException("Client not found: " + clientAuth.getClientId());
+			logger.error("OAuthConfirmationController: confirmAccess: could not find client " + clientAuth.getClientId());
-			//TODO: Error Handling
+			model.put("code", HttpStatus.NOT_FOUND);
-		}
+			return new ModelAndView("httpCodeView");		}
 
 		model.put("auth_request", clientAuth);
 		model.put("client", client);

openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java

@@ -21,6 +21,8 @@ import org.mitre.oauth2.exception.PermissionDeniedException;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
 import org.mitre.oauth2.service.OAuth2TokenEntityService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.AuthenticationException;
@@ -37,6 +39,8 @@ public class RevocationEndpoint {
 	@Autowired
 	OAuth2TokenEntityService tokenServices;
 	
+	private Logger logger = LoggerFactory.getLogger(this.getClass());
+	
 	public RevocationEndpoint() {
 		
 	}

openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java

@@ -7,6 +7,8 @@ import java.util.Set;
 
 import org.mitre.oauth2.model.SystemScope;
 import org.mitre.oauth2.service.SystemScopeService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
@@ -28,10 +30,11 @@ import com.google.gson.Gson;
 @PreAuthorize("hasRole('ROLE_USER')")
 public class ScopeAPI {
 
-	
 	@Autowired
 	private SystemScopeService scopeService;
 	
+	private Logger logger = LoggerFactory.getLogger(this.getClass());
+	
 	private Gson gson = new Gson();
 	
 	@RequestMapping(value = "", method = RequestMethod.GET, produces = "application/json")
@@ -55,8 +58,10 @@ public class ScopeAPI {
 			
 			return "jsonEntityView";
 		} else {
-			m.put("code", HttpStatus.NOT_FOUND);
 		
+			logger.error("ScopeAPI: getScope failed; scope not found: " + id);
+			
+			m.put("code", HttpStatus.NOT_FOUND);
 			return "httpCodeView";
 		}
 	}
@@ -80,6 +85,10 @@ public class ScopeAPI {
 				
 				return "jsonEntityView";
 			} else {
+				
+				logger.error("ScopeAPI: updateScope failed; scope ids to not match: got " 
+						+ existing.getId() + " and " + scope.getId());
+				
 				m.put("code", HttpStatus.BAD_REQUEST);
 				
 				return "httpCodeView";
@@ -87,6 +96,7 @@ public class ScopeAPI {
 			
 		} else {
 			
+			logger.error("ScopeAPI: updateScope failed; scope with id " + id + " not found.");
 			m.put("code", HttpStatus.NOT_FOUND);
 			
 			return "httpCodeView";
@@ -106,6 +116,8 @@ public class ScopeAPI {
 			
 			return "jsonEntityView";
 		} else {
+			
+			logger.error("ScopeAPI: createScope failed; JSON was invalid: " + json);
 			m.put("code", HttpStatus.BAD_REQUEST);
 			
 			return "httpCodeView";
@@ -125,6 +137,7 @@ public class ScopeAPI {
 			return "httpCodeView";
 		} else {
 			
+			logger.error("ScopeAPI: deleteScope failed; scope with id " + id + " not found.");
 			m.put("code", HttpStatus.NOT_FOUND);
 			
 			return "httpCodeView";

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java

@@ -8,6 +8,8 @@ import java.util.Collection;
 
 import org.mitre.openid.connect.model.ApprovedSite;
 import org.mitre.openid.connect.service.ApprovedSiteService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
@@ -29,6 +31,8 @@ public class ApprovedSiteAPI {
 	@Autowired
 	private ApprovedSiteService approvedSiteService;
 	
+	private Logger logger = LoggerFactory.getLogger(this.getClass());
+
 	/**
 	 * Get a list of all of this user's approved sites
 	 * @param m
@@ -53,8 +57,11 @@ public class ApprovedSiteAPI {
 		ApprovedSite approvedSite = approvedSiteService.getById(id);
 		
 		if (approvedSite == null) {
+			logger.error("ApprovedSiteAPI: deleteApprovedSite failed; no approved site found for id: " + id);
 			m.put("code", HttpStatus.NOT_FOUND);
 		} else if (!approvedSite.getUserId().equals(p.getName())) {
+			logger.error("ApprovedSiteAPI: deleteApprovedSite failed; principal " 
+					+ p.getName() + " does not own approved site" + id);
 			m.put("code", HttpStatus.FORBIDDEN);
 		} else {
 			m.put("code", HttpStatus.OK);
@@ -71,9 +78,12 @@ public class ApprovedSiteAPI {
 	public String getApprovedSite(@PathVariable("id") Long id, ModelMap m, Principal p) {
 		ApprovedSite approvedSite = approvedSiteService.getById(id);
 		if (approvedSite == null) {
+			logger.error("ApprovedSiteAPI: getApprovedSite failed; no approved site found for id: " + id);
 			m.put("code", HttpStatus.NOT_FOUND);
 			return "httpCodeView";
 		} else if (!approvedSite.getUserId().equals(p.getName())) {
+			logger.error("ApprovedSiteAPI: getApprovedSite failed; principal " 
+					+ p.getName() + " does not own approved site" + id);
 			m.put("code", HttpStatus.FORBIDDEN);
 			return "httpCodeView";
 		} else {

openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java

@@ -8,6 +8,8 @@ import java.util.Collection;
 
 import org.mitre.openid.connect.model.BlacklistedSite;
 import org.mitre.openid.connect.service.BlacklistedSiteService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
@@ -32,10 +34,11 @@ import com.google.gson.JsonSyntaxException;
 @PreAuthorize("hasRole('ROLE_ADMIN')")
 public class BlacklistAPI {
 
-
 	@Autowired
 	private BlacklistedSiteService blacklistService;
 	
+	private Logger logger = LoggerFactory.getLogger(this.getClass());
+	
 	private Gson gson = new Gson();
 	private JsonParser parser = new JsonParser();
 	
@@ -76,11 +79,12 @@ public class BlacklistAPI {
 			m.put("entity", newBlacklist);
 			
 		} 
-		//TODO: Java 7 combine catch statements
 		catch (JsonSyntaxException e) {
+			logger.error("BlacklistAPI: addNewBlacklistedSite failed due to JsonSyntaxException: " + e.getStackTrace().toString());
 			m.put("code", HttpStatus.BAD_REQUEST);
 			return "httpCodeView";
 		} catch (IllegalStateException e) {
+			logger.error("BlacklistAPI: addNewBlacklistedSite failed due to IllegalStateException: " + e.getStackTrace().toString());
 			m.put("code", HttpStatus.BAD_REQUEST);
 			return "httpCodeView";
 		}
@@ -105,11 +109,12 @@ public class BlacklistAPI {
 			blacklist = gson.fromJson(json, BlacklistedSite.class);
 			
 		} 
-		//TODO: Java 7 combine catch statements
 		catch (JsonSyntaxException e) {
+			logger.error("BlacklistAPI: updateBlacklistedSite failed due to JsonSyntaxException: " + e.getStackTrace().toString());
 			m.put("code", HttpStatus.BAD_REQUEST);
 			return "httpCodeView";
 		} catch (IllegalStateException e) {
+			logger.error("BlacklistAPI: updateBlacklistedSite failed due to IllegalStateException: " + e.getStackTrace().toString());
 			m.put("code", HttpStatus.BAD_REQUEST);
 			return "httpCodeView";
 		}
@@ -118,6 +123,7 @@ public class BlacklistAPI {
 		BlacklistedSite oldBlacklist = blacklistService.getById(id);
 		
 		if (oldBlacklist == null) {
+			logger.error("BlacklistAPI: updateBlacklistedSite failed; blacklist with id " + id + " could not be found");
 			m.put("code", HttpStatus.NOT_FOUND);
 			return "httpCodeView";
 		} else {
@@ -139,6 +145,7 @@ public class BlacklistAPI {
 		BlacklistedSite blacklist = blacklistService.getById(id);
 		
 		if (blacklist == null) {
+			logger.error("BlacklistAPI: deleteBlacklistedSite failed; blacklist with id " + id + " could not be found");
 			m.put("code", HttpStatus.NOT_FOUND);
 		} else {
 			m.put("code", HttpStatus.OK);
@@ -155,6 +162,7 @@ public class BlacklistAPI {
 	public String getBlacklistedSite(@PathVariable("id") Long id, ModelMap m) {
 		BlacklistedSite blacklist = blacklistService.getById(id);
 		if (blacklist == null) {
+			logger.error("BlacklistAPI: getBlacklistedSite failed; blacklist with id " + id + " could not be found");
 			m.put("code", HttpStatus.NOT_FOUND);
 			return "httpCodeView";
 		} else {

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java

@@ -16,15 +16,12 @@
 package org.mitre.openid.connect.web;
 
 import java.lang.reflect.Type;
-import java.security.Principal;
 import java.util.Collection;
 
-import org.mitre.jose.JWEAlgorithmEmbed;
-import org.mitre.jose.JWEEncryptionMethodEmbed;
-import org.mitre.jose.JWSAlgorithmEmbed;
-import org.mitre.oauth2.exception.ClientNotFoundException;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
@@ -61,6 +58,7 @@ public class ClientAPI {
     @Autowired
     private ClientDetailsEntityService clientService;
 	private JsonParser parser = new JsonParser();
+
 	private Gson gson = new GsonBuilder()
 			.serializeNulls()
 		    .registerTypeAdapter(JWSAlgorithmEmbed.class, new JsonDeserializer<JWSAlgorithmEmbed>() {
@@ -96,6 +94,8 @@ public class ClientAPI {
           .setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
           .create();
 	
+	private Logger logger = LoggerFactory.getLogger(this.getClass());
+
     /**
      * Get a list of all clients
      * @param modelAndView
@@ -132,11 +132,12 @@ public class ClientAPI {
     		json = parser.parse(jsonString).getAsJsonObject();
     		client = gson.fromJson(json, ClientDetailsEntity.class);
     	} 
-    	//TODO: Java 7 combine catch statements
     	catch (JsonSyntaxException e) {
+    		logger.error("ClientAPI: apiAddClient failed due to JsonSyntaxException: " + e.getStackTrace().toString());
     		m.addAttribute("code", HttpStatus.BAD_REQUEST);
 			return "httpCodeView";
     	} catch (IllegalStateException e) {
+    		logger.error("ClientAPI: apiAddClient failed due to IllegalStateException: " + e.getStackTrace().toString());
     		m.addAttribute("code", HttpStatus.BAD_REQUEST);
 			return "httpCodeView";
 		}
@@ -186,11 +187,12 @@ public class ClientAPI {
     		json = parser.parse(jsonString).getAsJsonObject();
     		client = gson.fromJson(json, ClientDetailsEntity.class);
     	} 
-    	//TODO: Java 7 combine catch statements
     	catch (JsonSyntaxException e) {
+    		logger.error("ClientAPI: apiUpdateClient failed due to JsonSyntaxException: " + e.getStackTrace().toString());
     		m.addAttribute("code", HttpStatus.BAD_REQUEST);
 			return "httpCodeView";
     	} catch (IllegalStateException e) {
+    		logger.error("ClientAPI: apiUpdateClient failed due to IllegalStateException: " + e.getStackTrace().toString());
     		m.addAttribute("code", HttpStatus.BAD_REQUEST);
 			return "httpCodeView";
 		}
@@ -198,9 +200,9 @@ public class ClientAPI {
         ClientDetailsEntity oldClient = clientService.getClientById(id);
         
         if (oldClient == null) {
-        	//TODO: Error Handling
+        	logger.error("ClientAPI: apiUpdateClient failed; client with id " + id + " could not be found.");
-        	//Is this exception caught by a view? 
+        	m.addAttribute("code", HttpStatus.NOT_FOUND);
-        	throw new ClientNotFoundException();
+        	return "httpCodeView";
         }
         
         // if they leave the client secret empty, force it to be generated
@@ -240,6 +242,7 @@ public class ClientAPI {
         ClientDetailsEntity client = clientService.getClientById(id);
         
 		if (client == null) {
+			logger.error("ClientAPI: apiDeleteClient failed; client with id " + id + " could not be found.");
 			modelAndView.getModelMap().put("code", HttpStatus.NOT_FOUND);
 		} else {
 			modelAndView.getModelMap().put("code", HttpStatus.OK);
@@ -258,11 +261,13 @@ public class ClientAPI {
      */
     @RequestMapping(value="/{id}", method=RequestMethod.GET, produces = "application/json")
     public String apiShowClient(@PathVariable("id") Long id, Model model, Authentication auth) {
+
         ClientDetailsEntity client = clientService.getClientById(id);
+        
         if (client == null) {
-        	//TODO: Error Handling
+        	logger.error("ClientAPI: apiShowClient failed; client with id " + id + " could not be found.");
-        	//Is this error handled by a view?
+        	model.addAttribute("code", HttpStatus.NOT_FOUND);
-            throw new ClientNotFoundException("Could not find client: " + id);
+        	return "httpCodeView";
         }
 
         model.addAttribute("entity", client);

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java

@@ -17,7 +17,10 @@ import org.mitre.oauth2.model.SystemScope;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
 import org.mitre.oauth2.service.OAuth2TokenEntityService;
 import org.mitre.oauth2.service.SystemScopeService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -49,6 +52,7 @@ public class ClientDynamicRegistrationEndpoint {
 	@Autowired
 	private SystemScopeService scopeService;
 	
+	private Logger logger = LoggerFactory.getLogger(this.getClass());
 	
 	@RequestMapping(params = "operation=client_register", produces = "application/json")
 	public String clientRegister(
@@ -189,7 +193,9 @@ public class ClientDynamicRegistrationEndpoint {
 		ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
 
 		if (client == null) {
-			throw new ClientNotFoundException("Could not find client: " + clientId);
+			logger.error("ClientDynamicRegistrationEndpoint: rotateSecret failed, could not find client " + clientId);
+			model.addAttribute("code", HttpStatus.NOT_FOUND);
+			return "httpCodeView";
 		}
 		
 		// rotate the secret, if available
@@ -203,8 +209,11 @@ public class ClientDynamicRegistrationEndpoint {
 			// mint a new access token
 			registrationAccessToken = createRegistrationAccessToken(client);
 		} catch (AuthenticationException e) {
-			//TODO: Error Handling
+			logger.error("ClientDynamicRegistrationEndpoint: rotateSecret failed; AuthenticationException: CLient " + clientId 
-			//AuthException may be handled by spring security
+					+ " attempted to rotate secret and failed with the following stack trace: " 
+					+ e.getStackTrace().toString());
+			model.addAttribute("code", HttpStatus.FORBIDDEN);
+			return "httpCodeView";
 		}
 
 		// revoke the old one
@@ -215,16 +224,25 @@ public class ClientDynamicRegistrationEndpoint {
 			try {
 				oldAccessToken = tokenService.readAccessToken(details.getTokenValue());
 			} catch (AuthenticationException e) {
-				//TODO: Error Handling
+				logger.error("ClientDynamicRegistrationEndpoint: rotateSecret failed; AuthenticationException: CLient " + clientId 
+						+ " attempted to rotate secret and failed with the following stack trace: " 
+						+ e.getStackTrace().toString());
+				model.addAttribute("code", HttpStatus.FORBIDDEN);
+				return "httpCodeView";
 			} catch (InvalidTokenException e) {
-				//TODO: Error Handling
+				logger.error("ClientDynamicRegistrationEndpoint: rotateSecret failed; InvalidTokenException: CLient " + clientId 
+						+ " attempted to rotate secret with an invalid token." 
+						+ e.getStackTrace().toString());
+				model.addAttribute("code", HttpStatus.BAD_REQUEST);
+				return "httpCodeView";
 			}
 			if (oldAccessToken != null) {
 				tokenService.revokeAccessToken(oldAccessToken);
 			} else {
-				// serious error here -- how'd we get this far without a valid token?!
+				// This is a severe error
-				throw new OAuth2Exception("SEVERE: token not found, something is fishy");
+				logger.error("SEVERE: ClientDynamicRegistrationEndpoint: rotateSecret failed; Revocation of access token for client " + clientId 
-				//TODO: Error Handling
+						+ " failed. Original token can not be found.");
+				throw OAuth2Exception.create(OAuth2Exception.INVALID_TOKEN, "SEVERE: token not found, something is fishy");
 			}
 		}
 		
@@ -289,8 +307,9 @@ public class ClientDynamicRegistrationEndpoint {
 		ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
 		
 		if (client == null) {
-			throw new ClientNotFoundException("Could not find client: " + clientId);
+			logger.error("ClientDynamicRegistrationEndpoint: clientUpdate failed; Client with id " + clientId + " does not exist or cannot be found.");
-			//TODO: Error Handling
+			model.addAttribute("code", HttpStatus.NOT_FOUND);
+			return "httpCodeView";
 		}
 		
 		/*

openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java

@@ -22,7 +22,10 @@ import org.mitre.openid.connect.exception.UnknownUserInfoSchemaException;
 import org.mitre.openid.connect.exception.UserNotFoundException;
 import org.mitre.openid.connect.model.UserInfo;
 import org.mitre.openid.connect.service.UserInfoService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
@@ -46,6 +49,8 @@ public class UserInfoEndpoint {
 	@Autowired
 	private UserInfoService userInfoService;
 	
+	private Logger logger = LoggerFactory.getLogger(this.getClass());
+	
 	private Map<String, String> schemaToViewNameMap = ImmutableMap.of(
 			openIdSchema, jsonUserInfoViewName, 
 			pocoSchema, pocoUserInfoViewName
@@ -69,22 +74,25 @@ public class UserInfoEndpoint {
 	public String getInfo(Principal p, @RequestParam("schema") String schema, Model model) {
 
 		if (p == null) {
-			throw new UserNotFoundException("Invalid User"); 
+			logger.error("UserInfoEndpoint: getInfo failed; no principal. Requester is not authorized.");
-			//TODO: Error Handling
+			model.addAttribute("code", HttpStatus.FORBIDDEN);
+			return "httpCodeView";
 		}
 
 		String viewName = schemaToViewNameMap.get(schema);
 		if (viewName == null) {
-			throw new UnknownUserInfoSchemaException("Unknown User Info Schema: " + schema );
+			logger.error("UserInfoEndpoint: getInfo failed; unknown User Info schema " + schema); 
-			//TODO: Error Handling
+			model.addAttribute("code", HttpStatus.BAD_REQUEST);
+			return "httpCodeView";
 		}
 
 		String userId = p.getName(); 
 		UserInfo userInfo = userInfoService.getByUserId(userId);
 		
 		if (userInfo == null) {
-			throw new UserNotFoundException("User not found: " + userId); 
+			logger.error("UserInfoEndpoint: getInfo failed; user not found: " + userId); 
-			//TODO: Error Handling
+			model.addAttribute("code", HttpStatus.NOT_FOUND);
+			return "httpCodeView";
 		}
 		
 		if (p instanceof OAuth2Authentication) {

openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java

@@ -8,6 +8,8 @@ import java.util.Collection;
 
 import org.mitre.openid.connect.model.WhitelistedSite;
 import org.mitre.openid.connect.service.WhitelistedSiteService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
@@ -36,6 +38,8 @@ public class WhitelistAPI {
 	@Autowired
 	private WhitelistedSiteService whitelistService;
 	
+	private Logger logger = LoggerFactory.getLogger(this.getClass());
+	
 	private Gson gson = new Gson();
 	private JsonParser parser = new JsonParser();
 	
@@ -73,9 +77,13 @@ public class WhitelistAPI {
 			whitelist = gson.fromJson(json, WhitelistedSite.class);
 
 		} catch (JsonParseException e) {
-			//TODO: Error Handling
+			logger.error("WhitelistAPi: addNewWhitelistedSite failed due to JsonParseException: " + e.getStackTrace().toString());
+			m.addAttribute("code", HttpStatus.BAD_REQUEST);
+			return "httpCodeView";
 		} catch (IllegalStateException e) {
-			
+			logger.error("WhitelistAPi: addNewWhitelistedSite failed due to IllegalStateException: " + e.getStackTrace().toString());
+			m.addAttribute("code", HttpStatus.BAD_REQUEST);
+			return "httpCodeView";
 		}
 		
 		// save the id of the person who created this
@@ -104,14 +112,19 @@ public class WhitelistAPI {
 			whitelist = gson.fromJson(json, WhitelistedSite.class);
 
 		} catch (JsonParseException e) {
-			//TODO: Error Handling
+			logger.error("WhitelistAPi: updateWhitelistedSite failed due to JsonParseException: " + e.getStackTrace().toString());
+			m.put("code", HttpStatus.BAD_REQUEST);
+			return "httpCodeView";
 		} catch (IllegalStateException e) {
-			
+			logger.error("WhitelistAPi: updateWhitelistedSite failed due to IllegalStateException: " + e.getStackTrace().toString());
+			m.put("code", HttpStatus.BAD_REQUEST);
+			return "httpCodeView";
 		}
 		
 		WhitelistedSite oldWhitelist = whitelistService.getById(id);
 		
 		if (oldWhitelist == null) {
+			logger.error("WhitelistAPi: updateWhitelistedSite failed; whitelist with id " + id + " could not be found.");
 			m.put("code", HttpStatus.NOT_FOUND);
 			return "httpCodeView";
 		} else {
@@ -134,6 +147,7 @@ public class WhitelistAPI {
 		WhitelistedSite whitelist = whitelistService.getById(id);
 		
 		if (whitelist == null) {
+			logger.error("WhitelistAPi: deleteWhitelistedSite failed; whitelist with id " + id + " could not be found.");
 			m.put("code", HttpStatus.NOT_FOUND);
 		} else {
 			m.put("code", HttpStatus.OK);
@@ -150,6 +164,7 @@ public class WhitelistAPI {
 	public String getWhitelistedSite(@PathVariable("id") Long id, ModelMap m) {
 		WhitelistedSite whitelist = whitelistService.getById(id);
 		if (whitelist == null) {
+			logger.error("WhitelistAPi: getWhitelistedSite failed; whitelist with id " + id + " could not be found.");
 			m.put("code", HttpStatus.NOT_FOUND);
 			return "httpCodeView";
 		} else {