Skip to content

S
spring-boot
Commit 462c5f29 authored by Dave Syer's avatar Dave Syer
Browse files
Options

UserInfoTokenServices should not throw UserRedirectRequiredException 

It can just catch all exceptions from the remote /user endpoint
because in a resource server it needs to throw `InvalidTokenException`
and in an SSO setting it will never be called.

Fixes gh-3205
parent 34e4163e
Hide whitespace changes
Inline Side-by-side
Showing with 37 additions and 10 deletions
spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/UserInfoTokenServices.java
View file @ 462c5f29
...@@ -16,6 +16,7 @@ ...@@ -16,6 +16,7 @@
package org.springframework.boot.autoconfigure.security.oauth2.resource; package org.springframework.boot.autoconfigure.security.oauth2.resource;
import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
...@@ -109,16 +110,23 @@ public class UserInfoTokenServices implements ResourceServerTokenServices { ...@@ -109,16 +110,23 @@ public class UserInfoTokenServices implements ResourceServerTokenServices {
@SuppressWarnings({ "unchecked" }) @SuppressWarnings({ "unchecked" })
private Map<String, Object> getMap(String path, String accessToken) { private Map<String, Object> getMap(String path, String accessToken) {
this.logger.info("Getting user info from: " + path); this.logger.info("Getting user info from: " + path);
OAuth2RestOperations restTemplate = this.restTemplate; try {
if (restTemplate == null) { OAuth2RestOperations restTemplate = this.restTemplate;
BaseOAuth2ProtectedResourceDetails resource = new BaseOAuth2ProtectedResourceDetails(); if (restTemplate == null) {
resource.setClientId(this.clientId); BaseOAuth2ProtectedResourceDetails resource = new BaseOAuth2ProtectedResourceDetails();
restTemplate = new OAuth2RestTemplate(resource); resource.setClientId(this.clientId);
restTemplate = new OAuth2RestTemplate(resource);
}
DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(accessToken);
token.setTokenType(this.tokenType);
restTemplate.getOAuth2ClientContext().setAccessToken(token);
return restTemplate.getForEntity(path, Map.class).getBody();
}
catch (Exception e) {
this.logger.info("Could not fetch user details: " + e.getClass() + ", "
+ e.getMessage());
return Collections.<String, Object> singletonMap("error",
"Could not fetch user details");
} }
DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(accessToken);
token.setTokenType(this.tokenType);
restTemplate.getOAuth2ClientContext().setAccessToken(token);
return restTemplate.getForEntity(path, Map.class).getBody();
} }
} }
spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/UserInfoTokenServicesTests.java
View file @ 462c5f29
...@@ -15,17 +15,22 @@ ...@@ -15,17 +15,22 @@
*/ */
package org.springframework.boot.autoconfigure.security.oauth2.resource; package org.springframework.boot.autoconfigure.security.oauth2.resource;
import java.util.Collections;
import java.util.LinkedHashMap; import java.util.LinkedHashMap;
import java.util.Map; import java.util.Map;
import org.junit.Before; import org.junit.Before;
import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.security.oauth2.client.OAuth2ClientContext; import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestOperations; import org.springframework.security.oauth2.client.OAuth2RestOperations;
import org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails; import org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.mockito.BDDMockito.given; import static org.mockito.BDDMockito.given;
...@@ -39,6 +44,9 @@ import static org.mockito.Mockito.mock; ...@@ -39,6 +44,9 @@ import static org.mockito.Mockito.mock;
*/ */
public class UserInfoTokenServicesTests { public class UserInfoTokenServicesTests {
@Rule
public ExpectedException expected = ExpectedException.none();
private UserInfoTokenServices services = new UserInfoTokenServices( private UserInfoTokenServices services = new UserInfoTokenServices(
"http://example.com", "foo"); "http://example.com", "foo");
...@@ -67,6 +75,17 @@ public class UserInfoTokenServicesTests { ...@@ -67,6 +75,17 @@ public class UserInfoTokenServicesTests {
assertEquals("unknown", this.services.loadAuthentication("FOO").getName()); assertEquals("unknown", this.services.loadAuthentication("FOO").getName());
} }
@SuppressWarnings("unchecked")
@Test
public void badToken() {
this.services.setRestTemplate(this.template);
given(this.template.getForEntity(any(String.class), any(Class.class))).willThrow(
new UserRedirectRequiredException("foo:bar", Collections
.<String, String> emptyMap()));
this.expected.expect(InvalidTokenException.class);
assertEquals("unknown", this.services.loadAuthentication("FOO").getName());
}
@Test @Test
public void userId() { public void userId() {
this.map.put("userid", "spencer"); this.map.put("userid", "spencer");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment