OAuth2Exception

2025-12-08 01:48:33 +08:00 · 2020-12-19 15:59:26 +08:00 · 2020-12-19 15:59:26 +08:00 · 924cff9872
commit 924cff9872
parent 3497aa5d26
4 changed files with 115 additions and 76 deletions
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/common/DefaultOAuth2AccessToken.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/common/DefaultOAuth2AccessToken.java
@ -26,6 +26,8 @@ import java.util.Set;
 import java.util.StringTokenizer;
 import java.util.TreeSet;

+import org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception;
+
 /**
 * Basic access token for OAuth 2.
 * 
@ -49,6 +51,8 @@ public class DefaultOAuth2AccessToken implements Serializable, OAuth2AccessToken

    private Map<String, Object> additionalInformation = Collections.emptyMap();
    
+    private OAuth2Exception oauth2Exception; 
+    
    /**
     * Create an access token from the value provided.
     */
@ -78,6 +82,10 @@ public class DefaultOAuth2AccessToken implements Serializable, OAuth2AccessToken
        setTokenType(accessToken.getTokenType());
    }

+    public DefaultOAuth2AccessToken(OAuth2Exception oauth2Exception) {
+    	this.oauth2Exception = oauth2Exception;
+    }
+    
    public void setValue(String value) {
        this.value = value;
    }
@ -258,4 +266,10 @@ public class DefaultOAuth2AccessToken implements Serializable, OAuth2AccessToken
        this.additionalInformation = new LinkedHashMap<String, Object>(additionalInformation);
    }

+	@Override
+	public OAuth2Exception getOAuth2Exception() {
+		
+		return this.oauth2Exception;
+	}
+
 }
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/common/OAuth2AccessToken.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/common/OAuth2AccessToken.java
@ -17,6 +17,8 @@ import java.util.Date;
 import java.util.Map;
 import java.util.Set;

+import org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception;
+
 /**
 * @author Dave Syer
 *
@ -60,6 +62,11 @@ public interface OAuth2AccessToken  extends Serializable {
 	 */
 	public static String SCOPE = "scope";
 	
+	public static String ERROR = "error";
+	
+	public static String ERROR_DESCRIPTION = "error_description";
+	
+
 	/**
 	 * The additionalInformation map is used by the token serializers to export any fields used by extensions of OAuth.
 	 * @return a map from the field name in the serialized token to the value to be exported. The default serializers 
@ -74,6 +81,8 @@ public interface OAuth2AccessToken  extends Serializable {

 	String getTokenType();
 	
+	OAuth2Exception getOAuth2Exception();
+
 	boolean isExpired();

 	Date getExpiration();
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/common/OAuth2AccessTokenJackson2Serializer.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/common/OAuth2AccessTokenJackson2Serializer.java
@ -34,6 +34,11 @@ import com.fasterxml.jackson.databind.ser.std.StdSerializer;
 */
 public final class OAuth2AccessTokenJackson2Serializer extends StdSerializer<OAuth2AccessToken> {

+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = -7323248504425950254L;
+
 	public OAuth2AccessTokenJackson2Serializer() {
 		super(OAuth2AccessToken.class);
 	}
@ -42,6 +47,7 @@ public final class OAuth2AccessTokenJackson2Serializer extends StdSerializer<OAu
 	public void serialize(OAuth2AccessToken token, JsonGenerator jgen, SerializerProvider provider) throws IOException,
 			JsonGenerationException {
 		jgen.writeStartObject();
+		if(token.getOAuth2Exception()==null) {
 			jgen.writeStringField(OAuth2AccessToken.ACCESS_TOKEN, token.getValue());
 			jgen.writeStringField(OAuth2AccessToken.TOKEN_TYPE, token.getTokenType());
 			OAuth2RefreshToken refreshToken = token.getRefreshToken();
@ -63,6 +69,10 @@ public final class OAuth2AccessTokenJackson2Serializer extends StdSerializer<OAu
 				}
 				jgen.writeStringField(OAuth2AccessToken.SCOPE, scopes.substring(0, scopes.length() - 1));
 			}
+		}else {
+			jgen.writeStringField(OAuth2AccessToken.ERROR, token.getOAuth2Exception().getOAuth2ErrorCode());
+			jgen.writeStringField(OAuth2AccessToken.ERROR_DESCRIPTION, token.getOAuth2Exception().getMessage());
+		}
 		Map<String, Object> additionalInformation = token.getAdditionalInformation();
 		for (String key : additionalInformation.keySet()) {
 			jgen.writeObjectField(key, additionalInformation.get(key));
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java
@ -16,7 +16,6 @@

 package org.maxkey.authz.oauth2.provider.endpoint;

-import java.security.Principal;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
@ -24,10 +23,12 @@ import java.util.Map;
 import java.util.Set;

 import org.maxkey.authn.SigninPrincipal;
+import org.maxkey.authz.oauth2.common.DefaultOAuth2AccessToken;
 import org.maxkey.authz.oauth2.common.OAuth2AccessToken;
 import org.maxkey.authz.oauth2.common.exceptions.InvalidClientException;
 import org.maxkey.authz.oauth2.common.exceptions.InvalidGrantException;
 import org.maxkey.authz.oauth2.common.exceptions.InvalidRequestException;
+import org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception;
 import org.maxkey.authz.oauth2.common.exceptions.UnsupportedGrantTypeException;
 import org.maxkey.authz.oauth2.common.util.OAuth2Utils;
 import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
@ -97,12 +98,13 @@ public class TokenEndpoint extends AbstractEndpoint {
 	public ResponseEntity<OAuth2AccessToken> postAccessToken(@RequestParam
 	Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {
 		// TokenEndpointAuthenticationFilter
-	    
+		OAuth2AccessToken token = null;
+	    try {
 		    Object principal = WebContext.getAuthentication();
 	
 			if (!(principal instanceof Authentication)) {
 				throw new InsufficientAuthenticationException(
-					"There is no client authentication. Try adding an appropriate authentication filter.");
+						"There is no client authentication. Try adding an appropriate authentication.");
 			}
 	
 			String clientId = getClientId((Authentication)principal);
@ -150,11 +152,15 @@ public class TokenEndpoint extends AbstractEndpoint {
 				tokenRequest.setScope(OAuth2Utils.parseParameterList(parameters.get(OAuth2Utils.SCOPE)));
 			}
 	
-		OAuth2AccessToken token = getTokenGranter().grant(tokenRequest.getGrantType(), tokenRequest);
+			token = getTokenGranter().grant(tokenRequest.getGrantType(), tokenRequest);
 			if (token == null) {
 				throw new UnsupportedGrantTypeException("Unsupported grant type: " + tokenRequest.getGrantType());
 			}
-
+	    }catch(OAuth2Exception oauth2Exception) {
+	    	token = new DefaultOAuth2AccessToken(oauth2Exception); 
+	    }catch(InsufficientAuthenticationException authenticationException) {
+	    	token = new DefaultOAuth2AccessToken(new OAuth2Exception(authenticationException.getMessage())); 
+	    }
 		return getResponse(token);

 	}