Ensuring consistency in error handling of opaque providers/managers

ascopes · jzheaux · commit 7ccc915b2b36 · 2021-09-15T15:05:08.000-06:00
The OpaqueTokenAuthenticationProvider now propagates the cause of
introspection exceptions in the same way that the reactive
OpaqueTokenReactiveAuthenticationManager does.

Fixed a final field warning on both OpaqueTokenAuthenticationProvider
and OpaqueTokenReactiveAuthenticationManager.
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java
@@ -66,7 +66,7 @@ public final class OpaqueTokenAuthenticationProvider implements AuthenticationPr
 
 	private final Log logger = LogFactory.getLog(getClass());
 
-	private OpaqueTokenIntrospector introspector;
+	private final OpaqueTokenIntrospector introspector;
 
 	/**
 	 * Creates a {@code OpaqueTokenAuthenticationProvider} with the provided parameters
@@ -104,10 +104,10 @@ private OAuth2AuthenticatedPrincipal getOAuth2AuthenticatedPrincipal(BearerToken
 		}
 		catch (BadOpaqueTokenException failed) {
 			this.logger.debug("Failed to authenticate since token was invalid");
-			throw new InvalidBearerTokenException(failed.getMessage());
+			throw new InvalidBearerTokenException(failed.getMessage(), failed);
 		}
 		catch (OAuth2IntrospectionException failed) {
-			throw new AuthenticationServiceException(failed.getMessage());
+			throw new AuthenticationServiceException(failed.getMessage(), failed);
 		}
 	}
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.java
@@ -61,7 +61,7 @@
  */
 public class OpaqueTokenReactiveAuthenticationManager implements ReactiveAuthenticationManager {
 
-	private ReactiveOpaqueTokenIntrospector introspector;
+	private final ReactiveOpaqueTokenIntrospector introspector;
 
 	/**
 	 * Creates a {@code OpaqueTokenReactiveAuthenticationManager} with the provided

Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ public final class OpaqueTokenAuthenticationProvider implements AuthenticationPr`
`66`	`66`
`67`	`67`	`private final Log logger = LogFactory.getLog(getClass());`
`68`	`68`
`69`		`- private OpaqueTokenIntrospector introspector;`
	`69`	`+ private final OpaqueTokenIntrospector introspector;`
`70`	`70`
`71`	`71`	`/**`
`72`	`72`	`* Creates a {@code OpaqueTokenAuthenticationProvider} with the provided parameters`
`@@ -104,10 +104,10 @@ private OAuth2AuthenticatedPrincipal getOAuth2AuthenticatedPrincipal(BearerToken`
`104`	`104`	`}`
`105`	`105`	`catch (BadOpaqueTokenException failed) {`
`106`	`106`	`this.logger.debug("Failed to authenticate since token was invalid");`
`107`		`- throw new InvalidBearerTokenException(failed.getMessage());`
	`107`	`+ throw new InvalidBearerTokenException(failed.getMessage(), failed);`
`108`	`108`	`}`
`109`	`109`	`catch (OAuth2IntrospectionException failed) {`
`110`		`- throw new AuthenticationServiceException(failed.getMessage());`
	`110`	`+ throw new AuthenticationServiceException(failed.getMessage(), failed);`
`111`	`111`	`}`
`112`	`112`	`}`
`113`	`113`