mapped the invalid scope exception, addresses #102

Still can't access userinfo if you're not using OAuth2
2012-08-27 13:28:54 -04:00 · 2012-08-27 13:28:54 -04:00 · e4470c9361
parent 259e84c871
commit e4470c9361
3 changed files with 8 additions and 1 deletions
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ExceptionAsJSONView.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ExceptionAsJSONView.java
@ -21,8 +21,10 @@ import java.util.Map;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

+import org.apache.http.HttpResponse;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpStatus;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.view.AbstractView;

@ -50,6 +52,8 @@ public class ExceptionAsJSONView extends AbstractView {

 		response.setContentType("application/json");

+		response.setStatus(HttpStatus.BAD_REQUEST.value());
+		
 		final JsonObject jsonObject = new JsonObject();

 		Object ex = model.get("exception");
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
@ -26,6 +26,7 @@ import org.mitre.openid.connect.service.UserInfoService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
@ -64,8 +65,9 @@ public class UserInfoEndpoint {
 	/**
 	 * Get information about the user as specified in the accessToken->idToken included in this request
 	 * 
-	 * @throws UsernameNotFoundException		if the user does not exist or cannot be found
+	 * @throws UserNotFoundException		if the user does not exist or cannot be found
 	 * @throws UnknownUserInfoSchemaException	if an unknown schema is used
+	 * @throws InvalidScopeException if the oauth2 token doesn't have the "openid" scope
 	 */
 	@PreAuthorize("hasRole('ROLE_USER') and #oauth2.hasScope('openid')")
 	@RequestMapping(value="/userinfo", method= {RequestMethod.GET, RequestMethod.POST})
--- a/openid-connect-server/src/main/webapp/WEB-INF/application-context.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/application-context.xml
@ -177,6 +177,7 @@
 				<prop key="org.mitre.openid.connect.web.InvalidJwtSignatureException">exceptionAsJSONView</prop>
 				<prop key="org.mitre.openid.connect.web.ExpiredTokenException">exceptionAsJSONView</prop>
 				<prop key="org.mitre.openid.connect.web.InvalidJwtIssuerException">exceptionAsJSONView</prop>
+				<prop key="org.springframework.security.oauth2.common.exceptions.InsufficientScopeException">exceptionAsJSONView</prop>
 				<prop key="org.mitre.openid.connect.exception.UserNotFoundException">exception/usernotfound</prop>
 			</props>
 		</property>