Java Examples for org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException

The following java examples will help you to understand the usage of org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException. These source code samples are taken from different open source projects.

Example 1
Project: eclipse-integration-cloudfoundry-master  File: CloudErrorUtil.java View source code
/**
	 * Error due to invalid credentials, typically 401 or 403 HTTP errors.
	 * Returns null if the error is NOT an invalid credentials error.
	 * @param error error to parse
	 * @return Error message if invalid credentials error (401 or 403), or null.
	 */
public static String getInvalidCredentialsError(Throwable error) {
    if (isUnauthorisedException(error)) {
        return Messages.ERROR_WRONG_EMAIL_OR_PASSWORD_UNAUTHORISED;
    } else if (isForbiddenException(error)) {
        return Messages.ERROR_WRONG_EMAIL_OR_PASSWORD_FORBIDDEN;
    } else {
        OAuth2AccessDeniedException oauthException = null;
        if (error instanceof OAuth2AccessDeniedException) {
            oauthException = (OAuth2AccessDeniedException) error;
        } else if (error.getCause() instanceof OAuth2AccessDeniedException) {
            oauthException = (OAuth2AccessDeniedException) error.getCause();
        }
        if (oauthException != null) {
            return NLS.bind(Messages.ERROR_ACCESS_TOKEN, oauthException.getOAuth2ErrorCode());
        }
    }
    return null;
}
Example 2
Project: easylocate-master  File: OAuth2ContextSetup.java View source code
/**
	 * Get the current access token. Should be available inside a test method as long as a resource has been setup with
	 * {@link OAuth2ContextConfiguration @OAuth2ContextConfiguration}.
	 * 
	 * @return the current access token initializing it if necessary
	 */
public OAuth2AccessToken getAccessToken() {
    if (resource == null || client == null) {
        return null;
    }
    if (accessToken != null) {
        return accessToken;
    }
    try {
        if (accessTokenProvider != null) {
            client.setAccessTokenProvider(accessTokenProvider);
        }
        return client.getAccessToken();
    } catch (OAuth2AccessDeniedException e) {
        Throwable cause = e.getCause();
        if (cause instanceof RuntimeException) {
            throw (RuntimeException) cause;
        }
        if (cause instanceof Error) {
            throw (Error) cause;
        }
        throw e;
    }
}
Example 3
Project: identity-sample-apps-master  File: OpenIDTokenProvider.java View source code
@Override
public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails details, AccessTokenRequest request) throws UserRedirectRequiredException, UserApprovalRequiredException, AccessDeniedException, OAuth2AccessDeniedException {
    AuthorizationCodeResourceDetails resource = (AuthorizationCodeResourceDetails) details;
    if (request.getAuthorizationCode() == null) {
        if (request.getStateKey() == null) {
            throw getRedirectForAuthorization(resource, request);
        }
        obtainAuthorizationCode(resource, request);
    }
    return retrieveToken(request, resource, getParametersForTokenRequest(resource, request), getHeadersForTokenRequest(request));
}
Example 4
Project: spring-security-oauth-master  File: AuthorizationCodeAccessTokenProvider.java View source code
public String obtainAuthorizationCode(OAuth2ProtectedResourceDetails details, AccessTokenRequest request) throws UserRedirectRequiredException, UserApprovalRequiredException, AccessDeniedException, OAuth2AccessDeniedException {
    AuthorizationCodeResourceDetails resource = (AuthorizationCodeResourceDetails) details;
    HttpHeaders headers = getHeadersForAuthorizationRequest(request);
    MultiValueMap<String, String> form = new LinkedMultiValueMap<String, String>();
    if (request.containsKey(OAuth2Utils.USER_OAUTH_APPROVAL)) {
        form.set(OAuth2Utils.USER_OAUTH_APPROVAL, request.getFirst(OAuth2Utils.USER_OAUTH_APPROVAL));
        for (String scope : details.getScope()) {
            form.set(scopePrefix + scope, request.getFirst(OAuth2Utils.USER_OAUTH_APPROVAL));
        }
    } else {
        form.putAll(getParametersForAuthorizeRequest(resource, request));
    }
    authorizationRequestEnhancer.enhance(request, resource, form, headers);
    final AccessTokenRequest copy = request;
    final ResponseExtractor<ResponseEntity<Void>> delegate = getAuthorizationResponseExtractor();
    ResponseExtractor<ResponseEntity<Void>> extractor = new ResponseExtractor<ResponseEntity<Void>>() {

        @Override
        public ResponseEntity<Void> extractData(ClientHttpResponse response) throws IOException {
            if (response.getHeaders().containsKey("Set-Cookie")) {
                copy.setCookie(response.getHeaders().getFirst("Set-Cookie"));
            }
            return delegate.extractData(response);
        }
    };
    // Instead of using restTemplate.exchange we use an explicit response extractor here so it can be overridden by
    // subclasses
    ResponseEntity<Void> response = getRestTemplate().execute(resource.getUserAuthorizationUri(), HttpMethod.POST, getRequestCallback(resource, form, headers), extractor, form.toSingleValueMap());
    if (response.getStatusCode() == HttpStatus.OK) {
        // Need to re-submit with approval...
        throw getUserApprovalSignal(resource, request);
    }
    URI location = response.getHeaders().getLocation();
    String query = location.getQuery();
    Map<String, String> map = OAuth2Utils.extractMap(query);
    if (map.containsKey("state")) {
        request.setStateKey(map.get("state"));
        if (request.getPreservedState() == null) {
            String redirectUri = resource.getRedirectUri(request);
            if (redirectUri != null) {
                request.setPreservedState(redirectUri);
            } else {
                request.setPreservedState(new Object());
            }
        }
    }
    String code = map.get("code");
    if (code == null) {
        throw new UserRedirectRequiredException(location.toString(), form.toSingleValueMap());
    }
    request.set("code", code);
    return code;
}
Example 5
Project: cloudpier-core-master  File: OauthClient.java View source code
public OAuth2AccessToken getToken(String username, String password) {
    OAuth2ProtectedResourceDetails resource = getImplicitResource();
    Map<String, String> parameters = new LinkedHashMap<String, String>();
    parameters.put("credentials", String.format("{\"username\":\"%s\",\"password\":\"%s\"}", username, password));
    AccessTokenRequest request = new DefaultAccessTokenRequest();
    request.setAll(parameters);
    ImplicitAccessTokenProvider provider = new ImplicitAccessTokenProvider();
    provider.setRestTemplate(restTemplate);
    OAuth2AccessToken token = null;
    try {
        token = provider.obtainAccessToken(resource, request);
    } catch (OAuth2AccessDeniedException oauthEx) {
        HttpStatus status = HttpStatus.valueOf(oauthEx.getHttpErrorCode());
        CloudFoundryException cfEx = new CloudFoundryException(status, oauthEx.getMessage());
        cfEx.setDescription(oauthEx.getSummary());
        throw cfEx;
    }
    return token;
}
Example 6
Project: spring-cloud-dataflow-master  File: ManualOAuthAuthenticationProvider.java View source code
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    final String username = authentication.getName();
    final String password = authentication.getCredentials().toString();
    final ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();
    resource.setUsername(username);
    resource.setPassword(password);
    resource.setAccessTokenUri(accessTokenUri);
    resource.setClientId(oAuth2ClientProperties.getClientId());
    resource.setClientSecret(oAuth2ClientProperties.getClientSecret());
    resource.setGrantType("password");
    final OAuth2RestTemplate template = new OAuth2RestTemplate(resource, new DefaultOAuth2ClientContext(new DefaultAccessTokenRequest()));
    template.setAccessTokenProvider(userAccessTokenProvider());
    try {
        logger.warn("Authenticating user '{}' using accessTokenUri '{}'.", username, accessTokenUri);
        template.getAccessToken();
    } catch (OAuth2AccessDeniedException e) {
        if (e.getCause() instanceof ResourceAccessException) {
            final String errorMessage = String.format("While authenticating user '%s': " + "Unable to access accessTokenUri '%s'.", username, accessTokenUri);
            logger.error(errorMessage + " Error message: {}.", e.getCause().getMessage());
            throw new AuthenticationServiceException(errorMessage, e);
        }
        throw new BadCredentialsException(String.format("Access denied for user '%s'.", username), e);
    } catch (OAuth2Exception e) {
        throw new AuthenticationServiceException(String.format("Unable to perform OAuth authentication for user '%s'.", username), e);
    }
    final Collection<GrantedAuthority> authorities = new ArrayList<>();
    UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password, authorities);
    return token;
}
Example 7
Project: gmm-eclipse-plugins-master  File: GenMyModelExplorer.java View source code
private void addAccount(GMMCredential credential) {
    try {
        ProjectBinding[] projects = client.GETMyProjects(credential);
        ArrayList<Object> list = new ArrayList<Object>();
        list.add(credential);
        for (ProjectBinding project : projects) {
            list.add(project);
        }
        if (save != null) {
            IMemento child = save.createChild("credential");
            child.putString("username", credential.getUsername());
            child.putString("password", credential.getPassword());
        }
        content.addElement(list);
        content.initialize();
        viewer.setContentProvider(content);
        keyStore.addCredential(credential.getUsername(), credential);
    } catch (OAuth2AccessDeniedException e) {
        IStatus err = new Status(Status.ERROR, Activator.PLUGIN_ID, Status.ERROR, "Login/password error\n\tPlease verify your information and be sure that you set a passord for your account.", e);
        StatusManager.getManager().handle(err, StatusManager.BLOCK);
    }
}
Example 8
Project: shimmer-master  File: GoogleFitShim.java View source code
@Override
public OAuth2AccessToken refreshAccessToken(OAuth2ProtectedResourceDetails resource, OAuth2RefreshToken refreshToken, AccessTokenRequest request) throws UserRedirectRequiredException, OAuth2AccessDeniedException {
    OAuth2AccessToken accessToken = super.refreshAccessToken(resource, refreshToken, request);
    // Google does not replace refresh tokens, so we need to hold on to the existing refresh token...
    if (accessToken.getRefreshToken() == null) {
        ((DefaultOAuth2AccessToken) accessToken).setRefreshToken(refreshToken);
    }
    return accessToken;
}
Example 9
Project: geoserver-master  File: GeoServerOAuthAuthenticationFilter.java View source code
protected String getPreAuthenticatedPrincipal(HttpServletRequest req, HttpServletResponse resp) throws IOException, ServletException {
    // Make sure the REST Resource Template has been correctly configured
    configureRestTemplate();
    // Avoid retrieving the user name more than once
    /*
         * if (req.getAttribute(UserNameAlreadyRetrieved) != null) return (String) req.getAttribute(UserName);
         */
    // Search for an access_token on the request (simulating SSO)
    String accessToken = req.getParameter("access_token");
    if (accessToken != null) {
        restTemplate.getOAuth2ClientContext().setAccessToken(new DefaultOAuth2AccessToken(accessToken));
    }
    // Setting up OAuth2 Filter services and resource template
    filter.setRestTemplate(restTemplate);
    filter.setTokenServices(tokenServices);
    // Validating the access_token
    Authentication authentication = null;
    try {
        authentication = filter.attemptAuthentication(req, null);
    } catch (Exception e) {
        if (e instanceof UserRedirectRequiredException) {
            if (filterConfig.getEnableRedirectAuthenticationEntryPoint() || req.getRequestURI().endsWith(filterConfig.getLoginEndpoint())) {
                this.aep.commence(req, resp, null);
            } else {
                if (resp.getStatus() != 302) {
                    final AccessTokenRequest accessTokenRequest = restTemplate.getOAuth2ClientContext().getAccessTokenRequest();
                    if (accessTokenRequest.getPreservedState() != null && accessTokenRequest.getStateKey() != null) {
                        accessTokenRequest.remove("state");
                        accessTokenRequest.remove(accessTokenRequest.getStateKey());
                        accessTokenRequest.setPreservedState(null);
                    }
                }
            }
        } else if (e instanceof BadCredentialsException || e instanceof ResourceAccessException) {
            if (e.getCause() instanceof OAuth2AccessDeniedException) {
                LOGGER.log(Level.WARNING, "Error while trying to authenticate to OAuth2 Provider with the following Exception cause:", e.getCause());
            }
            if (e instanceof ResourceAccessException) {
                LOGGER.log(Level.SEVERE, "Could not Authorize OAuth2 Resource due to the following exception:", e);
            }
            if (e instanceof ResourceAccessException || e.getCause() instanceof OAuth2AccessDeniedException) {
                LOGGER.log(Level.WARNING, "It is worth notice that if you try to validate credentials against an SSH protected Endpoint, you need either your server exposed on a secure SSL channel or OAuth2 Provider Certificate to be trusted on your JVM!");
                LOGGER.info("Please refer to the GeoServer OAuth2 Plugin Documentation in order to find the steps for importing the SSH certificates.");
            }
        }
    }
    String principal = (authentication != null ? (String) authentication.getPrincipal() : null);
    if (principal != null && principal.trim().length() == 0)
        principal = null;
    try {
        if (principal != null && PreAuthenticatedUserNameRoleSource.UserGroupService.equals(getRoleSource())) {
            GeoServerUserGroupService service = getSecurityManager().loadUserGroupService(getUserGroupServiceName());
            GeoServerUser u = service.getUserByUsername(principal);
            if (u != null && u.isEnabled() == false) {
                principal = null;
                handleDisabledUser(u, req);
            }
        }
    } catch (IOException ex) {
        throw new RuntimeException(ex);
    }
    req.setAttribute(UserNameAlreadyRetrieved, Boolean.TRUE);
    if (principal != null)
        req.setAttribute(UserName, principal);
    return principal;
}
Example 10
Project: cloudpier-adapters-master  File: OauthClient.java View source code
public OAuth2AccessToken getToken(String username, String password) {
    OAuth2ProtectedResourceDetails resource = getImplicitResource();
    Map<String, String> parameters = new LinkedHashMap<String, String>();
    parameters.put("credentials", String.format("{\"username\":\"%s\",\"password\":\"%s\"}", username, password));
    AccessTokenRequest request = new DefaultAccessTokenRequest();
    request.setAll(parameters);
    ImplicitAccessTokenProvider provider = new ImplicitAccessTokenProvider();
    provider.setRestTemplate(restTemplate);
    OAuth2AccessToken token = null;
    try {
        token = provider.obtainAccessToken(resource, request);
    } catch (OAuth2AccessDeniedException oauthEx) {
        HttpStatus status = HttpStatus.valueOf(oauthEx.getHttpErrorCode());
        CloudFoundryException cfEx = new CloudFoundryException(status, oauthEx.getMessage());
        cfEx.setDescription(oauthEx.getSummary());
        throw cfEx;
    }
    return token;
}
Example 11
Project: uaa-master  File: HttpsIntegrationTest.java View source code
@Test
public void test_self_signed_cert_should_fail() throws Exception {
    try {
        test_self_signed_cert(false);
        fail("Self signed cert should not pass this test");
    } catch (OAuth2AccessDeniedException x) {
        assertEquals(ResourceAccessException.class, x.getCause().getClass());
    }
}