View Javadoc
1   package org.springframework.security.oauth2.provider.endpoint;
2   
3   import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
4   import org.springframework.web.bind.annotation.RequestMapping;
5   import org.springframework.web.servlet.ModelAndView;
6   import org.springframework.web.servlet.View;
7   import org.springframework.web.util.HtmlUtils;
8   
9   import javax.servlet.http.HttpServletRequest;
10  import javax.servlet.http.HttpServletResponse;
11  import java.util.HashMap;
12  import java.util.Map;
13  
14  /**
15   * Controller for displaying the error page for the authorization server.
16   *
17   * @author Dave Syer
18   */
19  @FrameworkEndpoint
20  public class WhitelabelErrorEndpoint {
21  
22  	private static final String ERROR = "<html><body><h1>OAuth Error</h1><p>%errorSummary%</p></body></html>";
23  
24  	@RequestMapping("/oauth/error")
25  	public ModelAndView handleError(HttpServletRequest request) {
26  		Map<String, Object> model = new HashMap<String, Object>();
27  		Object error = request.getAttribute("error");
28  		// The error summary may contain malicious user input,
29  		// it needs to be escaped to prevent XSS
30  		String errorSummary;
31  		if (error instanceof OAuth2Exception) {
32  			OAuth2Exception oauthError = (OAuth2Exception) error;
33  			errorSummary = HtmlUtils.htmlEscape(oauthError.getSummary());
34  		}
35  		else {
36  			errorSummary = "Unknown error";
37  		}
38  		final String errorContent = ERROR.replace("%errorSummary%", errorSummary);
39  		View errorView = new View() {
40  			@Override
41  			public String getContentType() {
42  				return "text/html";
43  			}
44  
45  			@Override
46  			public void render(Map<String, ?> model, HttpServletRequest request, HttpServletResponse response) throws Exception {
47  				response.setContentType(getContentType());
48  				response.getWriter().append(errorContent);
49  			}
50  		};
51  		return new ModelAndView(errorView, model);
52  	}
53  }