root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 26 Packages Projects Releases Wiki Activity

Reduce severity of invalid registrationId to warn 

This prevents filling the log file with error messages when routine
scans are being performed.

Closes gh-11344
This commit is contained in:
Steve Riesenberg 2022-09-19 16:30:27 -05:00 committed by Steve Riesenberg
parent ae6fb8c681
commit bbac85e20b
3 changed files with 42 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
View File

@ -149,7 +149,7 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
} }
ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId); ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId);
if (clientRegistration == null) { if (clientRegistration == null) {
throw new IllegalArgumentException("Invalid Client Registration with Id: " + registrationId); throw new InvalidClientRegistrationIdException("Invalid Client Registration with Id: " + registrationId);
} }
OAuth2AuthorizationRequest.Builder builder = getBuilder(clientRegistration); OAuth2AuthorizationRequest.Builder builder = getBuilder(clientRegistration);

32
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/InvalidClientRegistrationIdException.java Normal file
View File

@ -0,0 +1,32 @@
/*
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.oauth2.client.web;
/**
* @author Steve Riesenberg
* @since 5.8
*/
class InvalidClientRegistrationIdException extends IllegalArgumentException {
/**
* @param message the exception message
*/
InvalidClientRegistrationIdException(String message) {
super(message);
}
}

10
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
View File

@ -230,7 +230,15 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
private void unsuccessfulRedirectForAuthorization(HttpServletRequest request, HttpServletResponse response, private void unsuccessfulRedirectForAuthorization(HttpServletRequest request, HttpServletResponse response,
Exception ex) throws IOException { Exception ex) throws IOException {
this.logger.error(LogMessage.format("Authorization Request failed: %s", ex), ex); LogMessage message = LogMessage.format("Authorization Request failed: %s", ex);
if (InvalidClientRegistrationIdException.class.isAssignableFrom(ex.getClass())) {
// Log an invalid registrationId at WARN level to allow these errors to be
// tuned separately from other errors
this.logger.warn(message, ex);
}
else {
this.logger.error(message, ex);
}
response.sendError(HttpStatus.INTERNAL_SERVER_ERROR.value(), response.sendError(HttpStatus.INTERNAL_SERVER_ERROR.value(),
HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase()); HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase());
} }