added universal OAuth exception handling

Author: jricher

openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml

@@ -162,6 +162,8 @@
 
 	<import resource="authz-config.xml" />
 
+	<bean id="oauth2ExceptionTranslator" class="org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator" />
+
 	<bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
 		<property name="authenticationManager" ref="clientAuthenticationManager" />
 		<property name="filterProcessesUrl" value="/token"/>

openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java

@@ -35,10 +35,15 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 
@@ -63,6 +68,9 @@ public class IntrospectionEndpoint {
 	@Autowired
 	private UserInfoService userInfoService;
 
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
+	
 	/**
 	 * Logger for this class
 	 */
@@ -150,5 +158,12 @@ public String verify(@RequestParam("token") String tokenValue,
 		}
 
 	}
+	
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
+	
 
 }

openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java

@@ -30,9 +30,13 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -52,6 +56,9 @@ public class ScopeAPI {
 	@Autowired
 	private SystemScopeService scopeService;
 
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
+
 	/**
 	 * Logger for this class
 	 */
@@ -177,4 +184,9 @@ public String deleteScope(@PathVariable("id") Long id, ModelMap m) {
 		}
 	}
 
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
 }

openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java

@@ -33,9 +33,13 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -59,6 +63,9 @@ public class TokenAPI {
 	@Autowired
 	private OIDCTokenService oidcTokenService;
 
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
+
 	/**
 	 * Logger for this class
 	 */
@@ -238,4 +245,9 @@ public String deleteRefreshTokenById(@PathVariable("id") Long id, ModelMap m, Pr
 		}
 	}
 
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java

@@ -32,9 +32,13 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -52,7 +56,10 @@ public class ApprovedSiteAPI {
 	private ApprovedSiteService approvedSiteService;
 
 	@Autowired
-	OAuth2TokenEntityService tokenServices;
+	private OAuth2TokenEntityService tokenServices;
+
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
 
 	/**
 	 * Logger for this class
@@ -124,4 +131,10 @@ public String getApprovedSite(@PathVariable("id") Long id, ModelMap m, Principal
 		}
 
 	}
+
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java

@@ -31,9 +31,13 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -61,6 +65,9 @@ public class BlacklistAPI {
 	 */
 	private static final Logger logger = LoggerFactory.getLogger(BlacklistAPI.class);
 
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
+
 	private Gson gson = new Gson();
 	private JsonParser parser = new JsonParser();
 
@@ -202,4 +209,10 @@ public String getBlacklistedSite(@PathVariable("id") Long id, ModelMap m) {
 		}
 
 	}
+
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java

@@ -34,11 +34,15 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -71,6 +75,9 @@ public class ClientAPI {
 	@Autowired
 	private UserInfoService userInfoService;
 
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
+
 	private JsonParser parser = new JsonParser();
 
 	private Gson gson = new GsonBuilder()
@@ -376,4 +383,10 @@ private boolean isAdmin(Authentication auth) {
 		}
 		return false;
 	}
+
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java

@@ -31,9 +31,13 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
@@ -72,6 +76,9 @@ public class DataAPI {
 	@Autowired
 	private MITREidDataService_1_1 dataService_1_2;
 
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
+
 	@RequestMapping(method = RequestMethod.POST, consumes = "application/json")
 	public String importData(Reader in, Model m) throws IOException {
 
@@ -140,5 +147,10 @@ public void exportData(HttpServletResponse resp, Principal prin) throws IOExcept
 		}
 	}
 
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
 
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java

@@ -44,11 +44,15 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -85,6 +89,9 @@ public class DynamicClientRegistrationEndpoint {
 	@Autowired
 	private OIDCTokenService connectTokenService;
 
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
+
 	/**
 	 * Logger for this class
 	 */
@@ -559,4 +566,10 @@ private OAuth2AccessTokenEntity fetchValidRegistrationToken(OAuth2Authentication
 			return token;
 		}
 	}
+
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java

@@ -43,11 +43,15 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -82,6 +86,9 @@ public class ProtectedResourceRegistrationEndpoint {
 	@Autowired
 	private OIDCTokenService connectTokenService;
 
+	@Autowired
+	private WebResponseExceptionTranslator providerExceptionHandler;
+
 	/**
 	 * Logger for this class
 	 */
@@ -469,4 +476,10 @@ private OAuth2AccessTokenEntity fetchValidRegistrationToken(OAuth2Authentication
 			return token;
 		}
 	}
+
+	@ExceptionHandler(OAuth2Exception.class)
+	public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
+		logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		return providerExceptionHandler.translate(e);
+	}
 }