Standardized error handling and added logging for error conditions in endpoints
parent
dbc68e4074
commit
5cac7055a9
|
@ -57,6 +57,9 @@ public class JwtAssertionTokenGranter extends AbstractTokenGranter {
|
|||
/* (non-Javadoc)
|
||||
* @see org.springframework.security.oauth2.provider.token.AbstractTokenGranter#getOAuth2Authentication(org.springframework.security.oauth2.provider.AuthorizationRequest)
|
||||
*/
|
||||
/**
|
||||
* @throws NoSuchAlgorithmException
|
||||
*/
|
||||
@Override
|
||||
protected OAuth2AccessToken getAccessToken(AuthorizationRequest authorizationRequest) throws AuthenticationException, InvalidTokenException {
|
||||
// read and load up the existing token
|
||||
|
@ -103,7 +106,10 @@ public class JwtAssertionTokenGranter extends AbstractTokenGranter {
|
|||
try {
|
||||
jwtService.signJwt(newIdToken);
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
// TODO Auto-generated catch block
|
||||
// TODO how to handle this exception?
|
||||
// Because of the abstract class's method signature, cannot add "throws"
|
||||
// declaration to this class, but printing a stack trace is not a good
|
||||
// fallback.
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
|
|
|
@ -23,7 +23,10 @@ import org.mitre.oauth2.model.ClientDetailsEntity;
|
|||
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
||||
import org.mitre.oauth2.service.ClientDetailsEntityService;
|
||||
import org.mitre.oauth2.service.OAuth2TokenEntityService;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
|
||||
|
@ -47,6 +50,8 @@ public class IntrospectionEndpoint {
|
|||
@Autowired
|
||||
private ClientDetailsEntityService clientService;
|
||||
|
||||
private Logger logger = LoggerFactory.getLogger(this.getClass());
|
||||
|
||||
public IntrospectionEndpoint() {
|
||||
|
||||
}
|
||||
|
@ -60,7 +65,10 @@ public class IntrospectionEndpoint {
|
|||
Map<String,Boolean> e = ImmutableMap.of("valid", Boolean.FALSE);
|
||||
Map<String, Object> model = new HashMap<String, Object>();
|
||||
model.put("entity", e);
|
||||
// TODO: http code?
|
||||
|
||||
logger.error("IntrospectionEndpoint InvalidTokenException: " + ex.getStackTrace().toString());
|
||||
|
||||
model.put("code", HttpStatus.BAD_REQUEST);
|
||||
|
||||
return new ModelAndView("jsonEntityView", model);
|
||||
}
|
||||
|
@ -89,18 +97,21 @@ public class IntrospectionEndpoint {
|
|||
}*/
|
||||
|
||||
if (Strings.isNullOrEmpty(tokenValue)) {
|
||||
throw new InvalidTokenException("No token found!");
|
||||
//TODO: Error Handling
|
||||
logger.error("IntrospectionEndpoint: verify failed; token value is null");
|
||||
modelAndView.addObject("code", HttpStatus.BAD_REQUEST);
|
||||
modelAndView.setViewName("httpCodeView");
|
||||
return modelAndView;
|
||||
}
|
||||
|
||||
OAuth2AccessTokenEntity token = null;
|
||||
|
||||
try {
|
||||
token = tokenServices.readAccessToken(tokenValue);
|
||||
} catch (InvalidTokenException e) {
|
||||
//TODO: Error Handling
|
||||
} catch (AuthenticationException e) {
|
||||
//TODO: Error Handling
|
||||
logger.error("IntrospectionEndpoint: verify failed; AuthenticationException: " + e.getStackTrace().toString());
|
||||
modelAndView.addObject("code", HttpStatus.FORBIDDEN);
|
||||
modelAndView.setViewName("httpCodeView");
|
||||
return modelAndView;
|
||||
}
|
||||
|
||||
ClientDetailsEntity tokenClient = token.getClient();
|
||||
|
@ -119,16 +130,23 @@ public class IntrospectionEndpoint {
|
|||
modelAndView.addObject("entity", token);
|
||||
return modelAndView;
|
||||
} else {
|
||||
throw new InvalidScopeException("Tried to introspect a token of different scope");
|
||||
//TODO: Error Handling
|
||||
logger.error("IntrospectionEndpoint: verify failed; client tried to introspect a token of an incorrect scope");
|
||||
modelAndView.addObject("code", HttpStatus.BAD_REQUEST);
|
||||
modelAndView.setViewName("httpCodeView");
|
||||
return modelAndView;
|
||||
}
|
||||
} else {
|
||||
throw new InvalidClientException("Client is not allowed to call introspection endpoint.");
|
||||
//TODO: Error Handling
|
||||
logger.error("IntrospectionEndpoint: verify failed; client " + clientId + " is not allowed to call introspection endpoint");
|
||||
modelAndView.addObject("code", HttpStatus.BAD_REQUEST);
|
||||
modelAndView.setViewName("httpCodeView");
|
||||
return modelAndView;
|
||||
}
|
||||
} else {
|
||||
throw new InvalidClientException("Client not found.");
|
||||
//TODO: Error Handling
|
||||
//TODO: Log error client not found
|
||||
logger.error("IntrospectionEndpoint: verify failed; client " + clientId + " not found.");
|
||||
modelAndView.addObject("code", HttpStatus.NOT_FOUND);
|
||||
modelAndView.setViewName("httpCodeView");
|
||||
return modelAndView;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -26,7 +26,10 @@ import org.mitre.oauth2.exception.ClientNotFoundException;
|
|||
import org.mitre.oauth2.model.SystemScope;
|
||||
import org.mitre.oauth2.service.ClientDetailsEntityService;
|
||||
import org.mitre.oauth2.service.SystemScopeService;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
|
||||
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
|
||||
|
@ -54,6 +57,8 @@ public class OAuthConfirmationController {
|
|||
@Autowired
|
||||
private SystemScopeService scopeService;
|
||||
|
||||
private Logger logger = LoggerFactory.getLogger(this.getClass());
|
||||
|
||||
public OAuthConfirmationController() {
|
||||
|
||||
}
|
||||
|
@ -68,14 +73,26 @@ public class OAuthConfirmationController {
|
|||
|
||||
//AuthorizationRequest clientAuth = (AuthorizationRequest) model.remove("authorizationRequest");
|
||||
|
||||
//TODO: Error Handling
|
||||
//Throws OAuth2Exception, InvalidClientException, IllegalArgumentException
|
||||
ClientDetails client = clientService.loadClientByClientId(clientAuth.getClientId());
|
||||
ClientDetails client = null;
|
||||
|
||||
try {
|
||||
client = clientService.loadClientByClientId(clientAuth.getClientId());
|
||||
} catch (OAuth2Exception e) {
|
||||
logger.error("OAuthConfirmationController: confirmAccess: OAuth2Exception was thrown when attempting to load client: "
|
||||
+ e.getStackTrace().toString());
|
||||
model.put("code", HttpStatus.BAD_REQUEST);
|
||||
return new ModelAndView("httpCodeView");
|
||||
} catch (IllegalArgumentException e) {
|
||||
logger.error("OAuthConfirmationController: confirmAccess: IllegalArgumentException was thrown when attempting to load client: "
|
||||
+ e.getStackTrace().toString());
|
||||
model.put("code", HttpStatus.BAD_REQUEST);
|
||||
return new ModelAndView("httpCodeView");
|
||||
}
|
||||
|
||||
if (client == null) {
|
||||
throw new ClientNotFoundException("Client not found: " + clientAuth.getClientId());
|
||||
//TODO: Error Handling
|
||||
}
|
||||
logger.error("OAuthConfirmationController: confirmAccess: could not find client " + clientAuth.getClientId());
|
||||
model.put("code", HttpStatus.NOT_FOUND);
|
||||
return new ModelAndView("httpCodeView"); }
|
||||
|
||||
model.put("auth_request", clientAuth);
|
||||
model.put("client", client);
|
||||
|
|
|
@ -21,6 +21,8 @@ import org.mitre.oauth2.exception.PermissionDeniedException;
|
|||
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
||||
import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
|
||||
import org.mitre.oauth2.service.OAuth2TokenEntityService;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
|
@ -37,6 +39,8 @@ public class RevocationEndpoint {
|
|||
@Autowired
|
||||
OAuth2TokenEntityService tokenServices;
|
||||
|
||||
private Logger logger = LoggerFactory.getLogger(this.getClass());
|
||||
|
||||
public RevocationEndpoint() {
|
||||
|
||||
}
|
||||
|
|
|
@ -7,6 +7,8 @@ import java.util.Set;
|
|||
|
||||
import org.mitre.oauth2.model.SystemScope;
|
||||
import org.mitre.oauth2.service.SystemScopeService;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
|
@ -28,10 +30,11 @@ import com.google.gson.Gson;
|
|||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
public class ScopeAPI {
|
||||
|
||||
|
||||
@Autowired
|
||||
private SystemScopeService scopeService;
|
||||
|
||||
private Logger logger = LoggerFactory.getLogger(this.getClass());
|
||||
|
||||
private Gson gson = new Gson();
|
||||
|
||||
@RequestMapping(value = "", method = RequestMethod.GET, produces = "application/json")
|
||||
|
@ -55,8 +58,10 @@ public class ScopeAPI {
|
|||
|
||||
return "jsonEntityView";
|
||||
} else {
|
||||
m.put("code", HttpStatus.NOT_FOUND);
|
||||
|
||||
logger.error("ScopeAPI: getScope failed; scope not found: " + id);
|
||||
|
||||
m.put("code", HttpStatus.NOT_FOUND);
|
||||
return "httpCodeView";
|
||||
}
|
||||
}
|
||||
|
@ -80,6 +85,10 @@ public class ScopeAPI {
|
|||
|
||||
return "jsonEntityView";
|
||||
} else {
|
||||
|
||||
logger.error("ScopeAPI: updateScope failed; scope ids to not match: got "
|
||||
+ existing.getId() + " and " + scope.getId());
|
||||
|
||||
m.put("code", HttpStatus.BAD_REQUEST);
|
||||
|
||||
return "httpCodeView";
|
||||
|
@ -87,6 +96,7 @@ public class ScopeAPI {
|
|||
|
||||
} else {
|
||||
|
||||
logger.error("ScopeAPI: updateScope failed; scope with id " + id + " not found.");
|
||||
m.put("code", HttpStatus.NOT_FOUND);
|
||||
|
||||
return "httpCodeView";
|
||||
|
@ -106,6 +116,8 @@ public class ScopeAPI {
|
|||
|
||||
return "jsonEntityView";
|
||||
} else {
|
||||
|
||||
logger.error("ScopeAPI: createScope failed; JSON was invalid: " + json);
|
||||
m.put("code", HttpStatus.BAD_REQUEST);
|
||||
|
||||
return "httpCodeView";
|
||||
|
@ -125,6 +137,7 @@ public class ScopeAPI {
|
|||
return "httpCodeView";
|
||||
} else {
|
||||
|
||||
logger.error("ScopeAPI: deleteScope failed; scope with id " + id + " not found.");
|
||||
m.put("code", HttpStatus.NOT_FOUND);
|
||||
|
||||
return "httpCodeView";
|
||||
|
|
|
@ -8,6 +8,8 @@ import java.util.Collection;
|
|||
|
||||
import org.mitre.openid.connect.model.ApprovedSite;
|
||||
import org.mitre.openid.connect.service.ApprovedSiteService;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
|
@ -29,6 +31,8 @@ public class ApprovedSiteAPI {
|
|||
@Autowired
|
||||
private ApprovedSiteService approvedSiteService;
|
||||
|
||||
private Logger logger = LoggerFactory.getLogger(this.getClass());
|
||||
|
||||
/**
|
||||
* Get a list of all of this user's approved sites
|
||||
* @param m
|
||||
|
@ -53,8 +57,11 @@ public class ApprovedSiteAPI {
|
|||
ApprovedSite approvedSite = approvedSiteService.getById(id);
|
||||
|
||||
if (approvedSite == null) {
|
||||
logger.error("ApprovedSiteAPI: deleteApprovedSite failed; no approved site found for id: " + id);
|
||||
m.put("code", HttpStatus.NOT_FOUND);
|
||||
} else if (!approvedSite.getUserId().equals(p.getName())) {
|
||||
logger.error("ApprovedSiteAPI: deleteApprovedSite failed; principal "
|
||||
+ p.getName() + " does not own approved site" + id);
|
||||
m.put("code", HttpStatus.FORBIDDEN);
|
||||
} else {
|
||||
m.put("code", HttpStatus.OK);
|
||||
|
@ -71,9 +78,12 @@ public class ApprovedSiteAPI {
|
|||
public String getApprovedSite(@PathVariable("id") Long id, ModelMap m, Principal p) {
|
||||
ApprovedSite approvedSite = approvedSiteService.getById(id);
|
||||
if (approvedSite == null) {
|
||||
logger.error("ApprovedSiteAPI: getApprovedSite failed; no approved site found for id: " + id);
|
||||
m.put("code", HttpStatus.NOT_FOUND);
|
||||
return "httpCodeView";
|
||||
} else if (!approvedSite.getUserId().equals(p.getName())) {
|
||||
logger.error("ApprovedSiteAPI: getApprovedSite failed; principal "
|
||||
+ p.getName() + " does not own approved site" + id);
|
||||
m.put("code", HttpStatus.FORBIDDEN);
|
||||
return "httpCodeView";
|
||||
} else {
|
||||
|
|
|
@ -8,6 +8,8 @@ import java.util.Collection;
|
|||
|
||||
import org.mitre.openid.connect.model.BlacklistedSite;
|
||||
import org.mitre.openid.connect.service.BlacklistedSiteService;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
|
@ -32,10 +34,11 @@ import com.google.gson.JsonSyntaxException;
|
|||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
||||
public class BlacklistAPI {
|
||||
|
||||
|
||||
@Autowired
|
||||
private BlacklistedSiteService blacklistService;
|
||||
|
||||
private Logger logger = LoggerFactory.getLogger(this.getClass());
|
||||
|
||||
private Gson gson = new Gson();
|
||||
private JsonParser parser = new JsonParser();
|
||||
|
||||
|
@ -76,11 +79,12 @@ public class BlacklistAPI {
|
|||
m.put("entity", newBlacklist);
|
||||
|
||||
}
|
||||
//TODO: Java 7 combine catch statements
|
||||
catch (JsonSyntaxException e) {
|
||||
logger.error("BlacklistAPI: addNewBlacklistedSite failed due to JsonSyntaxException: " + e.getStackTrace().toString());
|
||||
m.put("code", HttpStatus.BAD_REQUEST);
|
||||
return "httpCodeView";
|
||||
} catch (IllegalStateException e) {
|
||||
logger.error("BlacklistAPI: addNewBlacklistedSite failed due to IllegalStateException: " + e.getStackTrace().toString());
|
||||
m.put("code", HttpStatus.BAD_REQUEST);
|
||||
return "httpCodeView";
|
||||
}
|
||||
|
@ -105,11 +109,12 @@ public class BlacklistAPI {
|
|||
blacklist = gson.fromJson(json, BlacklistedSite.class);
|
||||
|
||||
}
|
||||
//TODO: Java 7 combine catch statements
|
||||
catch (JsonSyntaxException e) {
|
||||
logger.error("BlacklistAPI: updateBlacklistedSite failed due to JsonSyntaxException: " + e.getStackTrace().toString());
|
||||
m.put("code", HttpStatus.BAD_REQUEST);
|
||||
return "httpCodeView";
|
||||
} catch (IllegalStateException e) {
|
||||
logger.error("BlacklistAPI: updateBlacklistedSite failed due to IllegalStateException: " + e.getStackTrace().toString());
|
||||
m.put("code", HttpStatus.BAD_REQUEST);
|
||||
return "httpCodeView";
|
||||
}
|
||||
|
@ -118,6 +123,7 @@ public class BlacklistAPI {
|
|||
BlacklistedSite oldBlacklist = blacklistService.getById(id);
|
||||
|
||||
if (oldBlacklist == null) {
|
||||
logger.error("BlacklistAPI: updateBlacklistedSite failed; blacklist with id " + id + " could not be found");
|
||||
m.put("code", HttpStatus.NOT_FOUND);
|
||||
return "httpCodeView";
|
||||
} else {
|
||||
|
@ -139,6 +145,7 @@ public class BlacklistAPI {
|
|||
BlacklistedSite blacklist = blacklistService.getById(id);
|
||||
|
||||
if (blacklist == null) {
|
||||
logger.error("BlacklistAPI: deleteBlacklistedSite failed; blacklist with id " + id + " could not be found");
|
||||
m.put("code", HttpStatus.NOT_FOUND);
|
||||
} else {
|
||||
m.put("code", HttpStatus.OK);
|
||||
|
@ -155,6 +162,7 @@ public class BlacklistAPI {
|
|||
public String getBlacklistedSite(@PathVariable("id") Long id, ModelMap m) {
|
||||
BlacklistedSite blacklist = blacklistService.getById(id);
|
||||
if (blacklist == null) {
|
||||
logger.error("BlacklistAPI: getBlacklistedSite failed; blacklist with id " + id + " could not be found");
|
||||
m.put("code", HttpStatus.NOT_FOUND);
|
||||
return "httpCodeView";
|
||||
} else {
|
||||
|
|
|
@ -16,15 +16,12 @@
|
|||
package org.mitre.openid.connect.web;
|
||||
|
||||
import java.lang.reflect.Type;
|
||||
import java.security.Principal;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.mitre.jose.JWEAlgorithmEmbed;
|
||||
import org.mitre.jose.JWEEncryptionMethodEmbed;
|
||||
import org.mitre.jose.JWSAlgorithmEmbed;
|
||||
import org.mitre.oauth2.exception.ClientNotFoundException;
|
||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||
import org.mitre.oauth2.service.ClientDetailsEntityService;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
|
@ -61,6 +58,7 @@ public class ClientAPI {
|
|||
@Autowired
|
||||
private ClientDetailsEntityService clientService;
|
||||
private JsonParser parser = new JsonParser();
|
||||
|
||||
private Gson gson = new GsonBuilder()
|
||||
.serializeNulls()
|
||||
.registerTypeAdapter(JWSAlgorithmEmbed.class, new JsonDeserializer<JWSAlgorithmEmbed>() {
|
||||
|
@ -96,6 +94,8 @@ public class ClientAPI {
|
|||
.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
|
||||
.create();
|
||||
|
||||
private Logger logger = LoggerFactory.getLogger(this.getClass());
|
||||
|
||||
/**
|
||||
* Get a list of all clients
|
||||
* @param modelAndView
|
||||
|
@ -132,11 +132,12 @@ public class ClientAPI {
|
|||
json = parser.parse(jsonString).getAsJsonObject();
|
||||
client = gson.fromJson(json, ClientDetailsEntity.class);
|
||||
}
|
||||
//TODO: Java 7 combine catch statements
|
||||
catch (JsonSyntaxException e) {
|
||||
logger.error("ClientAPI: apiAddClient failed due to JsonSyntaxException: " + e.getStackTrace().toString());
|
||||
m.addAttribute("code", HttpStatus.BAD_REQUEST);
|
||||
return "httpCodeView";
|
||||
} catch (IllegalStateException e) {
|
||||
logger.error("ClientAPI: apiAddClient failed due to IllegalStateException: " + e.getStackTrace().toString());
|
||||
m.addAttribute("code", HttpStatus.BAD_REQUEST);
|
||||
return "httpCodeView";
|
||||
}
|
||||
|
@ -186,11 +187,12 @@ public class ClientAPI {
|
|||
json = parser.parse(jsonString).getAsJsonObject();
|
||||
client = gson.fromJson(json, ClientDetailsEntity.class);
|
||||
}
|
||||
//TODO: Java 7 combine catch statements
|
||||
catch (JsonSyntaxException e) {
|
||||
logger.error("ClientAPI: apiUpdateClient failed due to JsonSyntaxException: " + e.getStackTrace().toString());
|
||||
m.addAttribute("code", HttpStatus.BAD_REQUEST);
|
||||
return "httpCodeView";
|
||||
} catch (IllegalStateException e) {
|
||||
logger.error("ClientAPI: apiUpdateClient failed due to IllegalStateException: " + e.getStackTrace().toString());
|
||||
m.addAttribute("code", HttpStatus.BAD_REQUEST);
|
||||
return "httpCodeView";
|
||||
}
|
||||
|
@ -198,9 +200,9 @@ public class ClientAPI {
|
|||
ClientDetailsEntity oldClient = clientService.getClientById(id);
|
||||
|
||||
if (oldClient == null) {
|
||||
//TODO: Error Handling
|
||||
//Is this exception caught by a view?
|
||||
throw new ClientNotFoundException();
|
||||
logger.error("ClientAPI: apiUpdateClient failed; client with id " + id + " could not be found.");
|
||||
m.addAttribute("code", HttpStatus.NOT_FOUND);
|
||||
return "httpCodeView";
|
||||
}
|
||||
|
||||
// if they leave the client secret empty, force it to be generated
|
||||
|
@ -240,6 +242,7 @@ public class ClientAPI {
|
|||
ClientDetailsEntity client = clientService.getClientById(id);
|
||||
|
||||
if (client == null) {
|
||||
logger.error("ClientAPI: apiDeleteClient failed; client with id " + id + " could not be found.");
|
||||
modelAndView.getModelMap().put("code", HttpStatus.NOT_FOUND);
|
||||
} else {
|
||||
modelAndView.getModelMap().put("code", HttpStatus.OK);
|
||||
|
@ -258,11 +261,13 @@ public class ClientAPI {
|
|||
*/
|
||||
@RequestMapping(value="/{id}", method=RequestMethod.GET, produces = "application/json")
|
||||
public String apiShowClient(@PathVariable("id") Long id, Model model, Authentication auth) {
|
||||
|
||||
ClientDetailsEntity client = clientService.getClientById(id);
|
||||
|
||||
if (client == null) {
|
||||
//TODO: Error Handling
|
||||
//Is this error handled by a view?
|
||||
throw new ClientNotFoundException("Could not find client: " + id);
|
||||
logger.error("ClientAPI: apiShowClient failed; client with id " + id + " could not be found.");
|
||||
model.addAttribute("code", HttpStatus.NOT_FOUND);
|
||||
return "httpCodeView";
|
||||
}
|
||||
|
||||
model.addAttribute("entity", client);
|
||||
|
|
|
@ -17,7 +17,10 @@ import org.mitre.oauth2.model.SystemScope;
|
|||
import org.mitre.oauth2.service.ClientDetailsEntityService;
|
||||
import org.mitre.oauth2.service.OAuth2TokenEntityService;
|
||||
import org.mitre.oauth2.service.SystemScopeService;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
|
@ -49,6 +52,7 @@ public class ClientDynamicRegistrationEndpoint {
|
|||
@Autowired
|
||||
private SystemScopeService scopeService;
|
||||
|
||||
private Logger logger = LoggerFactory.getLogger(this.getClass());
|
||||
|
||||
@RequestMapping(params = "operation=client_register", produces = "application/json")
|
||||
public String clientRegister(
|
||||
|
@ -189,7 +193,9 @@ public class ClientDynamicRegistrationEndpoint {
|
|||
ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
|
||||
|
||||
if (client == null) {
|
||||
throw new ClientNotFoundException("Could not find client: " + clientId);
|
||||
logger.error("ClientDynamicRegistrationEndpoint: rotateSecret failed, could not find client " + clientId);
|
||||
model.addAttribute("code", HttpStatus.NOT_FOUND);
|
||||
return "httpCodeView";
|
||||
}
|
||||
|
||||
// rotate the secret, if available
|
||||
|
@ -203,8 +209,11 @@ public class ClientDynamicRegistrationEndpoint {
|
|||
// mint a new access token
|
||||
registrationAccessToken = createRegistrationAccessToken(client);
|
||||
} catch (AuthenticationException e) {
|
||||
//TODO: Error Handling
|
||||
//AuthException may be handled by spring security
|
||||
logger.error("ClientDynamicRegistrationEndpoint: rotateSecret failed; AuthenticationException: CLient " + clientId
|
||||
+ " attempted to rotate secret and failed with the following stack trace: "
|
||||
+ e.getStackTrace().toString());
|
||||
model.addAttribute("code", HttpStatus.FORBIDDEN);
|
||||
return "httpCodeView";
|
||||
}
|
||||
|
||||
// revoke the old one
|
||||
|
@ -215,16 +224,25 @@ public class ClientDynamicRegistrationEndpoint {
|
|||
try {
|
||||
oldAccessToken = tokenService.readAccessToken(details.getTokenValue());
|
||||
} catch (AuthenticationException e) {
|
||||
//TODO: Error Handling
|
||||
logger.error("ClientDynamicRegistrationEndpoint: rotateSecret failed; AuthenticationException: CLient " + clientId
|
||||
+ " attempted to rotate secret and failed with the following stack trace: "
|
||||
+ e.getStackTrace().toString());
|
||||
model.addAttribute("code", HttpStatus.FORBIDDEN);
|
||||
return "httpCodeView";
|
||||
} catch (InvalidTokenException e) {
|
||||
//TODO: Error Handling
|
||||
logger.error("ClientDynamicRegistrationEndpoint: rotateSecret failed; InvalidTokenException: CLient " + clientId
|
||||
+ " attempted to rotate secret with an invalid token."
|
||||
+ e.getStackTrace().toString());
|
||||
model.addAttribute("code", HttpStatus.BAD_REQUEST);
|
||||
return "httpCodeView";
|
||||
}
|
||||
if (oldAccessToken != null) {
|
||||
tokenService.revokeAccessToken(oldAccessToken);
|
||||
} else {
|
||||
// serious error here -- how'd we get this far without a valid token?!
|
||||
throw new OAuth2Exception("SEVERE: token not found, something is fishy");
|
||||
//TODO: Error Handling
|
||||
// This is a severe error
|
||||
logger.error("SEVERE: ClientDynamicRegistrationEndpoint: rotateSecret failed; Revocation of access token for client " + clientId
|
||||
+ " failed. Original token can not be found.");
|
||||
throw OAuth2Exception.create(OAuth2Exception.INVALID_TOKEN, "SEVERE: token not found, something is fishy");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -289,8 +307,9 @@ public class ClientDynamicRegistrationEndpoint {
|
|||
ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
|
||||
|
||||
if (client == null) {
|
||||
throw new ClientNotFoundException("Could not find client: " + clientId);
|
||||
//TODO: Error Handling
|
||||
logger.error("ClientDynamicRegistrationEndpoint: clientUpdate failed; Client with id " + clientId + " does not exist or cannot be found.");
|
||||
model.addAttribute("code", HttpStatus.NOT_FOUND);
|
||||
return "httpCodeView";
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -22,7 +22,10 @@ import org.mitre.openid.connect.exception.UnknownUserInfoSchemaException;
|
|||
import org.mitre.openid.connect.exception.UserNotFoundException;
|
||||
import org.mitre.openid.connect.model.UserInfo;
|
||||
import org.mitre.openid.connect.service.UserInfoService;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
|
||||
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
||||
|
@ -46,6 +49,8 @@ public class UserInfoEndpoint {
|
|||
@Autowired
|
||||
private UserInfoService userInfoService;
|
||||
|
||||
private Logger logger = LoggerFactory.getLogger(this.getClass());
|
||||
|
||||
private Map<String, String> schemaToViewNameMap = ImmutableMap.of(
|
||||
openIdSchema, jsonUserInfoViewName,
|
||||
pocoSchema, pocoUserInfoViewName
|
||||
|
@ -69,22 +74,25 @@ public class UserInfoEndpoint {
|
|||
public String getInfo(Principal p, @RequestParam("schema") String schema, Model model) {
|
||||
|
||||
if (p == null) {
|
||||
throw new UserNotFoundException("Invalid User");
|
||||
//TODO: Error Handling
|
||||
logger.error("UserInfoEndpoint: getInfo failed; no principal. Requester is not authorized.");
|
||||
model.addAttribute("code", HttpStatus.FORBIDDEN);
|
||||
return "httpCodeView";
|
||||
}
|
||||
|
||||
String viewName = schemaToViewNameMap.get(schema);
|
||||
if (viewName == null) {
|
||||
throw new UnknownUserInfoSchemaException("Unknown User Info Schema: " + schema );
|
||||
//TODO: Error Handling
|
||||
logger.error("UserInfoEndpoint: getInfo failed; unknown User Info schema " + schema);
|
||||
model.addAttribute("code", HttpStatus.BAD_REQUEST);
|
||||
return "httpCodeView";
|
||||
}
|
||||
|
||||
String userId = p.getName();
|
||||
UserInfo userInfo = userInfoService.getByUserId(userId);
|
||||
|
||||
if (userInfo == null) {
|
||||
throw new UserNotFoundException("User not found: " + userId);
|
||||
//TODO: Error Handling
|
||||
logger.error("UserInfoEndpoint: getInfo failed; user not found: " + userId);
|
||||
model.addAttribute("code", HttpStatus.NOT_FOUND);
|
||||
return "httpCodeView";
|
||||
}
|
||||
|
||||
if (p instanceof OAuth2Authentication) {
|
||||
|
|
|
@ -8,6 +8,8 @@ import java.util.Collection;
|
|||
|
||||
import org.mitre.openid.connect.model.WhitelistedSite;
|
||||
import org.mitre.openid.connect.service.WhitelistedSiteService;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
|
@ -36,6 +38,8 @@ public class WhitelistAPI {
|
|||
@Autowired
|
||||
private WhitelistedSiteService whitelistService;
|
||||
|
||||
private Logger logger = LoggerFactory.getLogger(this.getClass());
|
||||
|
||||
private Gson gson = new Gson();
|
||||
private JsonParser parser = new JsonParser();
|
||||
|
||||
|
@ -73,9 +77,13 @@ public class WhitelistAPI {
|
|||
whitelist = gson.fromJson(json, WhitelistedSite.class);
|
||||
|
||||
} catch (JsonParseException e) {
|
||||
//TODO: Error Handling
|
||||
logger.error("WhitelistAPi: addNewWhitelistedSite failed due to JsonParseException: " + e.getStackTrace().toString());
|
||||
m.addAttribute("code", HttpStatus.BAD_REQUEST);
|
||||
return "httpCodeView";
|
||||
} catch (IllegalStateException e) {
|
||||
|
||||
logger.error("WhitelistAPi: addNewWhitelistedSite failed due to IllegalStateException: " + e.getStackTrace().toString());
|
||||
m.addAttribute("code", HttpStatus.BAD_REQUEST);
|
||||
return "httpCodeView";
|
||||
}
|
||||
|
||||
// save the id of the person who created this
|
||||
|
@ -104,14 +112,19 @@ public class WhitelistAPI {
|
|||
whitelist = gson.fromJson(json, WhitelistedSite.class);
|
||||
|
||||
} catch (JsonParseException e) {
|
||||
//TODO: Error Handling
|
||||
logger.error("WhitelistAPi: updateWhitelistedSite failed due to JsonParseException: " + e.getStackTrace().toString());
|
||||
m.put("code", HttpStatus.BAD_REQUEST);
|
||||
return "httpCodeView";
|
||||
} catch (IllegalStateException e) {
|
||||
|
||||
logger.error("WhitelistAPi: updateWhitelistedSite failed due to IllegalStateException: " + e.getStackTrace().toString());
|
||||
m.put("code", HttpStatus.BAD_REQUEST);
|
||||
return "httpCodeView";
|
||||
}
|
||||
|
||||
WhitelistedSite oldWhitelist = whitelistService.getById(id);
|
||||
|
||||
if (oldWhitelist == null) {
|
||||
logger.error("WhitelistAPi: updateWhitelistedSite failed; whitelist with id " + id + " could not be found.");
|
||||
m.put("code", HttpStatus.NOT_FOUND);
|
||||
return "httpCodeView";
|
||||
} else {
|
||||
|
@ -134,6 +147,7 @@ public class WhitelistAPI {
|
|||
WhitelistedSite whitelist = whitelistService.getById(id);
|
||||
|
||||
if (whitelist == null) {
|
||||
logger.error("WhitelistAPi: deleteWhitelistedSite failed; whitelist with id " + id + " could not be found.");
|
||||
m.put("code", HttpStatus.NOT_FOUND);
|
||||
} else {
|
||||
m.put("code", HttpStatus.OK);
|
||||
|
@ -150,6 +164,7 @@ public class WhitelistAPI {
|
|||
public String getWhitelistedSite(@PathVariable("id") Long id, ModelMap m) {
|
||||
WhitelistedSite whitelist = whitelistService.getById(id);
|
||||
if (whitelist == null) {
|
||||
logger.error("WhitelistAPi: getWhitelistedSite failed; whitelist with id " + id + " could not be found.");
|
||||
m.put("code", HttpStatus.NOT_FOUND);
|
||||
return "httpCodeView";
|
||||
} else {
|
||||
|
|
Loading…
Reference in New Issue