UserInfoTokenServices should not throw UserRedirectRequiredException

It can just catch all exceptions from the remote /user endpoint
because in a resource server it needs to throw `InvalidTokenException`
and in an SSO setting it will never be called.

Fixes gh-3205
pull/3211/head
Dave Syer 10 years ago
parent 34e4163ebc
commit 462c5f29b1

@ -16,6 +16,7 @@
package org.springframework.boot.autoconfigure.security.oauth2.resource;
import java.util.Collections;
import java.util.List;
import java.util.Map;
@ -109,16 +110,23 @@ public class UserInfoTokenServices implements ResourceServerTokenServices {
@SuppressWarnings({ "unchecked" })
private Map<String, Object> getMap(String path, String accessToken) {
this.logger.info("Getting user info from: " + path);
OAuth2RestOperations restTemplate = this.restTemplate;
if (restTemplate == null) {
BaseOAuth2ProtectedResourceDetails resource = new BaseOAuth2ProtectedResourceDetails();
resource.setClientId(this.clientId);
restTemplate = new OAuth2RestTemplate(resource);
try {
OAuth2RestOperations restTemplate = this.restTemplate;
if (restTemplate == null) {
BaseOAuth2ProtectedResourceDetails resource = new BaseOAuth2ProtectedResourceDetails();
resource.setClientId(this.clientId);
restTemplate = new OAuth2RestTemplate(resource);
}
DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(accessToken);
token.setTokenType(this.tokenType);
restTemplate.getOAuth2ClientContext().setAccessToken(token);
return restTemplate.getForEntity(path, Map.class).getBody();
}
catch (Exception e) {
this.logger.info("Could not fetch user details: " + e.getClass() + ", "
+ e.getMessage());
return Collections.<String, Object> singletonMap("error",
"Could not fetch user details");
}
DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(accessToken);
token.setTokenType(this.tokenType);
restTemplate.getOAuth2ClientContext().setAccessToken(token);
return restTemplate.getForEntity(path, Map.class).getBody();
}
}

@ -15,17 +15,22 @@
*/
package org.springframework.boot.autoconfigure.security.oauth2.resource;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestOperations;
import org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import static org.junit.Assert.assertEquals;
import static org.mockito.BDDMockito.given;
@ -39,6 +44,9 @@ import static org.mockito.Mockito.mock;
*/
public class UserInfoTokenServicesTests {
@Rule
public ExpectedException expected = ExpectedException.none();
private UserInfoTokenServices services = new UserInfoTokenServices(
"http://example.com", "foo");
@ -67,6 +75,17 @@ public class UserInfoTokenServicesTests {
assertEquals("unknown", this.services.loadAuthentication("FOO").getName());
}
@SuppressWarnings("unchecked")
@Test
public void badToken() {
this.services.setRestTemplate(this.template);
given(this.template.getForEntity(any(String.class), any(Class.class))).willThrow(
new UserRedirectRequiredException("foo:bar", Collections
.<String, String> emptyMap()));
this.expected.expect(InvalidTokenException.class);
assertEquals("unknown", this.services.loadAuthentication("FOO").getName());
}
@Test
public void userId() {
this.map.put("userid", "spencer");

Loading…
Cancel
Save