diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java index 6494135063..8d9cf1d92c 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java @@ -16,7 +16,6 @@ package org.springframework.security.oauth2.client.userinfo; -import java.io.IOException; import java.util.HashSet; import java.util.Map; import java.util.Set; @@ -30,7 +29,6 @@ import org.springframework.core.ParameterizedTypeReference; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; -import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.oauth2.core.AuthenticationMethod; @@ -131,15 +129,15 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi return new DefaultOAuth2User(authorities, attrs, userNameAttributeName); }) - .onErrorMap(IOException.class, - (ex) -> new AuthenticationServiceException("Unable to access the userInfoEndpoint " + userInfoUri, - ex) - ) - .onErrorMap(UnsupportedMediaTypeException.class, (ex) -> { + .onErrorMap((ex) -> (ex instanceof UnsupportedMediaTypeException || + ex.getCause() instanceof UnsupportedMediaTypeException), (ex) -> { + String contentType = (ex instanceof UnsupportedMediaTypeException) ? + ((UnsupportedMediaTypeException) ex).getContentType().toString() : + ((UnsupportedMediaTypeException) ex.getCause()).getContentType().toString(); String errorMessage = "An error occurred while attempting to retrieve the UserInfo Resource from '" + userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint() .getUri() - + "': response contains invalid content type '" + ex.getContentType().toString() + "'. " + + "': response contains invalid content type '" + contentType + "'. " + "The UserInfo Response should return a JSON object (content type 'application/json') " + "that contains a collection of name and value pairs of the claims about the authenticated End-User. " + "Please ensure the UserInfo Uri in UserInfoEndpoint for Client Registration '" @@ -150,10 +148,10 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi null); throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), ex); }) - .onErrorMap((t) -> !(t instanceof AuthenticationServiceException), (t) -> { + .onErrorMap((ex) -> { OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, - "An error occurred reading the UserInfo Success response: " + t.getMessage(), null); - return new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), t); + "An error occurred reading the UserInfo response: " + ex.getMessage(), null); + return new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), ex); }); }); // @formatter:on diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java index 56822e60b9..e905c1a9e9 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java @@ -37,7 +37,6 @@ import org.springframework.core.ParameterizedTypeReference; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpMethod; import org.springframework.http.MediaType; -import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.oauth2.client.registration.ClientRegistration; @@ -219,9 +218,9 @@ public class DefaultReactiveOAuth2UserServiceTests { } @Test - public void loadUserWhenUserInfoUriInvalidThenThrowAuthenticationServiceException() { + public void loadUserWhenUserInfoUriInvalidThenThrowOAuth2AuthenticationException() { this.clientRegistration.userInfoUri("https://invalid-provider.com/user"); - assertThatExceptionOfType(AuthenticationServiceException.class) + assertThatExceptionOfType(OAuth2AuthenticationException.class) .isThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block()); } diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java index e8f780b911..bdbf96e66e 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java @@ -138,7 +138,7 @@ public class NimbusReactiveJwtDecoderTests { // @formatter:off assertThatIllegalStateException() .isThrownBy(() -> this.decoder.decode(this.messageReadToken).block()) - .withCauseInstanceOf(UnknownHostException.class); + .withRootCauseInstanceOf(UnknownHostException.class); // @formatter:on }