View Javadoc
1   /*
2    * Copyright 2006-2011 the original author or authors.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
5    * the License. You may obtain a copy of the License at
6    * 
7    * https://www.apache.org/licenses/LICENSE-2.0
8    * 
9    * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
10   * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
11   * specific language governing permissions and limitations under the License.
12   */
13  package org.springframework.security.oauth2.provider.error;
14  
15  import java.io.IOException;
16  
17  import javax.servlet.ServletException;
18  import javax.servlet.http.HttpServletRequest;
19  import javax.servlet.http.HttpServletResponse;
20  
21  import org.apache.commons.logging.Log;
22  import org.apache.commons.logging.LogFactory;
23  import org.springframework.http.ResponseEntity;
24  import org.springframework.web.context.request.ServletWebRequest;
25  import org.springframework.web.servlet.HandlerExceptionResolver;
26  import org.springframework.web.servlet.mvc.support.DefaultHandlerExceptionResolver;
27  
28  /**
29   * Convenient base class containing utility methods and dependency setters for security error handling concerns specific
30   * to OAuth2 resources.
31   * 
32   * @author Dave Syer
33   * 
34   */
35  public abstract class AbstractOAuth2SecurityExceptionHandler {
36  
37  	/** Logger available to subclasses */
38  	protected final Log logger = LogFactory.getLog(getClass());
39  
40  	private WebResponseExceptionTranslator<?> exceptionTranslator = new DefaultWebResponseExceptionTranslator();
41  
42  	private OAuth2ExceptionRenderer exceptionRenderer = new DefaultOAuth2ExceptionRenderer();
43  
44  	// This is from Spring MVC.
45  	private HandlerExceptionResolver handlerExceptionResolver = new DefaultHandlerExceptionResolver();
46  
47  	public void setExceptionTranslator(WebResponseExceptionTranslator<?> exceptionTranslator) {
48  		this.exceptionTranslator = exceptionTranslator;
49  	}
50  
51  	public void setExceptionRenderer(OAuth2ExceptionRenderer exceptionRenderer) {
52  		this.exceptionRenderer = exceptionRenderer;
53  	}
54  
55  	protected final void doHandle(HttpServletRequest request, HttpServletResponse response, Exception authException)
56  			throws IOException, ServletException {
57  		try {
58  			ResponseEntity<?> result = exceptionTranslator.translate(authException);
59  			result = enhanceResponse(result, authException);
60  			exceptionRenderer.handleHttpEntityResponse(result, new ServletWebRequest(request, response));
61  			response.flushBuffer();
62  		}
63  		catch (ServletException e) {
64  			// Re-use some of the default Spring dispatcher behaviour - the exception came from the filter chain and
65  			// not from an MVC handler so it won't be caught by the dispatcher (even if there is one)
66  			if (handlerExceptionResolver.resolveException(request, response, this, e) == null) {
67  				throw e;
68  			}
69  		}
70  		catch (IOException e) {
71  			throw e;
72  		}
73  		catch (RuntimeException e) {
74  			throw e;
75  		}
76  		catch (Exception e) {
77  			// Wrap other Exceptions. These are not expected to happen
78  			throw new RuntimeException(e);
79  		}
80  	}
81  
82  	/**
83  	 * Allow subclasses to manipulate the response before it is rendered.
84  	 * 
85  	 * Note : Only the {@link ResponseEntity} should be enhanced. If the
86           * response body is to be customized, it should be done at the
87           * {@link WebResponseExceptionTranslator} level.
88  	 * 
89  	 * @param result the response that was generated by the
90  	 * {@link #setExceptionTranslator(WebResponseExceptionTranslator) exception translator}.
91  	 * @param authException the authentication exception that is being handled
92  	 */
93  	protected ResponseEntity<?> enhanceResponse(ResponseEntity<?> result,
94  			Exception authException) {
95  		return result;
96  	}
97  
98  }