From cce5b3871f97be1d4bc4717472d46d09fbc026af Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Mon, 15 Jan 2024 16:13:46 -0500 Subject: [PATCH] Polish gh-1467 --- ...2AuthorizationCodeAuthenticationProvider.java | 7 ++++--- ...izationCodeRequestAuthenticationProvider.java | 7 ++++--- ...2ClientCredentialsAuthenticationProvider.java | 5 +++-- ...thorizationRequestAuthenticationProvider.java | 7 ++++--- ...OAuth2RefreshTokenAuthenticationProvider.java | 16 +++++++++------- 5 files changed, 24 insertions(+), 18 deletions(-) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java index 146a550e9..800acf6f2 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 the original author or authors. + * Copyright 2020-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -148,8 +148,9 @@ public Authentication authenticate(Authentication authentication) throws Authent if (StringUtils.hasText(authorizationRequest.getRedirectUri()) && !authorizationRequest.getRedirectUri().equals(authorizationCodeAuthentication.getRedirectUri())) { - if (this.logger.isWarnEnabled()) { - this.logger.warn(LogMessage.format("Invalidated redirect_uri used by registered client '%s'", registeredClient.getId())); + if (this.logger.isDebugEnabled()) { + this.logger.debug(LogMessage.format("Invalid request: redirect_uri does not match" + + " for registered client '%s'", registeredClient.getId())); } throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_GRANT); } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java index 2053d7cf5..21b2f072f 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 the original author or authors. + * Copyright 2020-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -121,8 +121,9 @@ public Authentication authenticate(Authentication authentication) throws Authent this.authenticationValidator.accept(authenticationContext); if (!registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.AUTHORIZATION_CODE)) { - if (this.logger.isTraceEnabled()) { - this.logger.warn(LogMessage.format("Invalid request: requested grant_type is not allowed for registered client '%s'", registeredClient.getId())); + if (this.logger.isDebugEnabled()) { + this.logger.debug(LogMessage.format("Invalid request: requested grant_type is not allowed" + + " for registered client '%s'", registeredClient.getId())); } throwError(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT, OAuth2ParameterNames.CLIENT_ID, authorizationCodeRequestAuthentication, registeredClient); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java index 4f5a50de2..d05cfafe6 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java @@ -95,8 +95,9 @@ public Authentication authenticate(Authentication authentication) throws Authent } if (!registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.CLIENT_CREDENTIALS)) { - if (this.logger.isTraceEnabled()) { - this.logger.warn(LogMessage.format("Invalid request: requested grant_type is not allowed for registered client '%s'", registeredClient.getId())); + if (this.logger.isDebugEnabled()) { + this.logger.debug(LogMessage.format("Invalid request: requested grant_type is not allowed" + + " for registered client '%s'", registeredClient.getId())); } throw new OAuth2AuthenticationException(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT); } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceAuthorizationRequestAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceAuthorizationRequestAuthenticationProvider.java index 436cf25be..66707bb83 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceAuthorizationRequestAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceAuthorizationRequestAuthenticationProvider.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 the original author or authors. + * Copyright 2020-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -102,8 +102,9 @@ public Authentication authenticate(Authentication authentication) throws Authent } if (!registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.DEVICE_CODE)) { - if (this.logger.isTraceEnabled()) { - this.logger.warn(LogMessage.format("Invalid request: requested grant_type is not allowed for registered client '%s'", registeredClient.getId())); + if (this.logger.isDebugEnabled()) { + this.logger.debug(LogMessage.format("Invalid request: requested grant_type is not allowed" + + " for registered client '%s'", registeredClient.getId())); } throwError(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT, OAuth2ParameterNames.CLIENT_ID); } diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java index 6b866ecfe..f13551553 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 the original author or authors. + * Copyright 2020-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -104,8 +104,8 @@ public Authentication authenticate(Authentication authentication) throws Authent OAuth2Authorization authorization = this.authorizationService.findByToken( refreshTokenAuthentication.getRefreshToken(), OAuth2TokenType.REFRESH_TOKEN); if (authorization == null) { - if (this.logger.isTraceEnabled()) { - this.logger.trace("The refresh token is invalid."); + if (this.logger.isDebugEnabled()) { + this.logger.debug("Invalid request: refresh_token is invalid"); } throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_GRANT); } @@ -119,8 +119,9 @@ public Authentication authenticate(Authentication authentication) throws Authent } if (!registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN)) { - if (this.logger.isTraceEnabled()) { - this.logger.warn(LogMessage.format("Invalid request: requested grant_type is not allowed for registered client '%s'", registeredClient.getId())); + if (this.logger.isDebugEnabled()) { + this.logger.debug(LogMessage.format("Invalid request: requested grant_type is not allowed" + + " for registered client '%s'", registeredClient.getId())); } throw new OAuth2AuthenticationException(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT); } @@ -130,8 +131,9 @@ public Authentication authenticate(Authentication authentication) throws Authent // As per https://tools.ietf.org/html/rfc6749#section-5.2 // invalid_grant: The provided authorization grant (e.g., authorization code, // resource owner credentials) or refresh token is invalid, expired, revoked [...]. - if (this.logger.isTraceEnabled()) { - this.logger.trace("The refresh token is expired."); + if (this.logger.isDebugEnabled()) { + this.logger.debug(LogMessage.format("Invalid request: refresh_token is not active" + + " for registered client '%s'", registeredClient.getId())); } throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_GRANT); }