root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Reduce severity of invalid registrationId to warn 

This prevents filling the log file with error messages when routine
scans are being performed.

Closes gh-11344
This commit is contained in:
Steve Riesenberg 2022-09-19 16:30:27 -05:00 committed by Steve Riesenberg
parent ae6fb8c681
commit bbac85e20b
3 changed files with 42 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
View File

@ -149,7 +149,7 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
} }
ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId); ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId);
if (clientRegistration == null) { if (clientRegistration == null) {
throw new IllegalArgumentException("Invalid Client Registration with Id: " + registrationId); throw new InvalidClientRegistrationIdException("Invalid Client Registration with Id: " + registrationId);
} }
OAuth2AuthorizationRequest.Builder builder = getBuilder(clientRegistration); OAuth2AuthorizationRequest.Builder builder = getBuilder(clientRegistration);

32
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/InvalidClientRegistrationIdException.java Normal file
View File

@ -0,0 +1,32 @@
/*
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.oauth2.client.web;
/**
* @author Steve Riesenberg
* @since 5.8
*/
class InvalidClientRegistrationIdException extends IllegalArgumentException {
/**
* @param message the exception message
*/
InvalidClientRegistrationIdException(String message) {
super(message);
}
}

10
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
View File

@ -230,7 +230,15 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
private void unsuccessfulRedirectForAuthorization(HttpServletRequest request, HttpServletResponse response, private void unsuccessfulRedirectForAuthorization(HttpServletRequest request, HttpServletResponse response,
Exception ex) throws IOException { Exception ex) throws IOException {
this.logger.error(LogMessage.format("Authorization Request failed: %s", ex), ex); LogMessage message = LogMessage.format("Authorization Request failed: %s", ex);
if (InvalidClientRegistrationIdException.class.isAssignableFrom(ex.getClass())) {
// Log an invalid registrationId at WARN level to allow these errors to be
// tuned separately from other errors
this.logger.warn(message, ex);
}
else {
this.logger.error(message, ex);
}
response.sendError(HttpStatus.INTERNAL_SERVER_ERROR.value(), response.sendError(HttpStatus.INTERNAL_SERVER_ERROR.value(),
HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase()); HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase());
} }