added universal OAuth exception handling

openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml

@@ -162,6 +162,8 @@
 
 	<import resource="authz-config.xml" />
 
+	<bean id="oauth2ExceptionTranslator" class="org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator" />
+
 	<bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
 		<property name="authenticationManager" ref="clientAuthenticationManager" />
 		<property name="filterProcessesUrl" value="/token"/>

openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java

@@ -35,10 +35,15 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 
@@ -63,6 +68,9 @@ public class IntrospectionEndpoint {
 	@Autowired
 	private UserInfoService userInfoService;
 
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
+	
 	/**
 	 * Logger for this class
 	 */
@@ -151,4 +159,11 @@ public class IntrospectionEndpoint {
 
 	}
 	
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
+	
+
 }

openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java

@@ -30,9 +30,13 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -52,6 +56,9 @@ public class ScopeAPI {
 	@Autowired
 	private SystemScopeService scopeService;
 
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
+
 	/**
 	 * Logger for this class
 	 */
@@ -177,4 +184,9 @@ public class ScopeAPI {
 		}
 	}
 
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
 }

openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java

@@ -33,9 +33,13 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -59,6 +63,9 @@ public class TokenAPI {
 	@Autowired
 	private OIDCTokenService oidcTokenService;
 
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
+
 	/**
 	 * Logger for this class
 	 */
@@ -238,4 +245,9 @@ public class TokenAPI {
 		}
 	}
 
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java

@@ -32,9 +32,13 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -52,7 +56,10 @@ public class ApprovedSiteAPI {
 	private ApprovedSiteService approvedSiteService;
 
 	@Autowired
-	OAuth2TokenEntityService tokenServices;
+	private OAuth2TokenEntityService tokenServices;
+
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
 
 	/**
 	 * Logger for this class
@@ -124,4 +131,10 @@ public class ApprovedSiteAPI {
 		}
 
 	}
+
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java

@@ -31,9 +31,13 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -61,6 +65,9 @@ public class BlacklistAPI {
 	 */
 	private static final Logger logger = LoggerFactory.getLogger(BlacklistAPI.class);
 
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
+
 	private Gson gson = new Gson();
 	private JsonParser parser = new JsonParser();
 
@@ -202,4 +209,10 @@ public class BlacklistAPI {
 		}
 
 	}
+
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java

@@ -34,11 +34,15 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -71,6 +75,9 @@ public class ClientAPI {
 	@Autowired
 	private UserInfoService userInfoService;
 
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
+
 	private JsonParser parser = new JsonParser();
 
 	private Gson gson = new GsonBuilder()
@@ -376,4 +383,10 @@ public class ClientAPI {
 		}
 		return false;
 	}
+
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java

@@ -31,9 +31,13 @@ import org.mitre.openid.connect.service.impl.MITREidDataService_1_1;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
@@ -72,6 +76,9 @@ public class DataAPI {
 	@Autowired
 	private MITREidDataService_1_1 dataService_1_2;
 
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
+
 	@RequestMapping(method = RequestMethod.POST, consumes = "application/json")
 	public String importData(Reader in, Model m) throws IOException {
 
@@ -140,5 +147,10 @@ public class DataAPI {
 		}
 	}
 
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
 
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java

@@ -44,11 +44,15 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -85,6 +89,9 @@ public class DynamicClientRegistrationEndpoint {
 	@Autowired
 	private OIDCTokenService connectTokenService;
 
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
+
 	/**
 	 * Logger for this class
 	 */
@@ -559,4 +566,10 @@ public class DynamicClientRegistrationEndpoint {
 			return token;
 		}
 	}
+
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java

@@ -43,11 +43,15 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -82,6 +86,9 @@ public class ProtectedResourceRegistrationEndpoint {
 	@Autowired
 	private OIDCTokenService connectTokenService;
 
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
+
 	/**
 	 * Logger for this class
 	 */
@@ -469,4 +476,10 @@ public class ProtectedResourceRegistrationEndpoint {
 			return token;
 		}
 	}
+
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java

@@ -16,24 +16,36 @@
  *******************************************************************************/
 package org.mitre.openid.connect.web;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import java.util.Map;
 
 import org.mitre.openid.connect.service.StatsService;
 import org.mitre.openid.connect.view.JsonEntityView;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 
 @Controller
 @RequestMapping("/api/stats")
 public class StatsAPI {
+	// Logger for this class
+	private static final Logger logger = LoggerFactory.getLogger(StatsAPI.class);
 
 	@Autowired
 	private StatsService statsService;
 
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
+
 	@RequestMapping(value = "summary", produces = "application/json")
 	public String statsSummary(ModelMap m) {
 
@@ -65,4 +77,9 @@ public class StatsAPI {
 		return JsonEntityView.VIEWNAME;
 	}
 
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java

@@ -30,10 +30,14 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -56,6 +60,9 @@ public class UserInfoEndpoint {
 	@Autowired
 	private ClientDetailsEntityService clientService;
 
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
+
 	/**
 	 * Logger for this class
 	 */
@@ -136,4 +143,9 @@ public class UserInfoEndpoint {
 
 	}
 
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java

@@ -31,9 +31,13 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -61,6 +65,9 @@ public class WhitelistAPI {
 	 */
 	private static final Logger logger = LoggerFactory.getLogger(WhitelistAPI.class);
 
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
+
 	private Gson gson = new Gson();
 	private JsonParser parser = new JsonParser();
 
@@ -204,4 +211,10 @@ public class WhitelistAPI {
 		}
 
 	}
+
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
 }