From 8294dbedd57571cf3c3c81a8870d77e6f645c3ca Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Fri, 18 Dec 2015 17:42:15 -0500 Subject: [PATCH] handled HTTP and parsing errors, fixed guava cache contract, fixes #372 --- .../IntrospectingTokenService.java | 1 + ...egistrationClientConfigurationService.java | 39 ++++++++++++------- 2 files changed, 25 insertions(+), 15 deletions(-) diff --git a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java index 2b496217d..8a232d5f6 100644 --- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java +++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java @@ -298,6 +298,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices { validatedToken = restTemplate.postForObject(introspectionUrl, form, String.class); } catch (RestClientException rce) { logger.error("validateToken", rce); + return null; } if (validatedToken != null) { // parse the json diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java index 6b0ca2969..6490ee0df 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java @@ -39,6 +39,8 @@ import org.springframework.http.MediaType; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.oauth2.common.OAuth2AccessToken; +import org.springframework.security.oauth2.common.exceptions.InvalidClientException; +import org.springframework.web.client.RestClientException; import org.springframework.web.client.RestTemplate; import com.google.common.cache.CacheBuilder; @@ -191,15 +193,18 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf HttpEntity entity = new HttpEntity<>(serializedClient, headers); - String registered = restTemplate.postForObject(serverConfig.getRegistrationEndpointUri(), entity, String.class); - // TODO: handle HTTP errors - - RegisteredClient client = ClientDetailsEntityJsonProcessor.parseRegistered(registered); - - // save this client for later - registeredClientService.save(serverConfig.getIssuer(), client); - - return client; + try { + String registered = restTemplate.postForObject(serverConfig.getRegistrationEndpointUri(), entity, String.class); + + RegisteredClient client = ClientDetailsEntityJsonProcessor.parseRegistered(registered); + + // save this client for later + registeredClientService.save(serverConfig.getIssuer(), client); + + return client; + } catch (RestClientException rce) { + throw new InvalidClientException("Error registering client with server"); + } } else { if (knownClient.getClientId() == null) { @@ -211,12 +216,16 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf HttpEntity entity = new HttpEntity<>(headers); - String registered = restTemplate.exchange(knownClient.getRegistrationClientUri(), HttpMethod.GET, entity, String.class).getBody(); - // TODO: handle HTTP errors - - RegisteredClient client = ClientDetailsEntityJsonProcessor.parseRegistered(registered); - - return client; + try { + String registered = restTemplate.exchange(knownClient.getRegistrationClientUri(), HttpMethod.GET, entity, String.class).getBody(); + // TODO: handle HTTP errors + + RegisteredClient client = ClientDetailsEntityJsonProcessor.parseRegistered(registered); + + return client; + } catch (RestClientException rce) { + throw new InvalidClientException("Error loading previously registered client information from server"); + } } else { // it's got a client ID from the store, don't bother trying to load it return knownClient;