fix : make the error message for client id and secret consistent

Author: patternhelloworld

src/main/java/com/patternknife/securityhelper/oauth2/config/logger/dto/ErrorDetails.java

@@ -1,8 +1,8 @@
 package com.patternknife.securityhelper.oauth2.config.logger.dto;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.patternknife.securityhelper.oauth2.config.response.TimestampUtil;
 import com.patternknife.securityhelper.oauth2.util.CustomUtils;
-import com.fasterxml.jackson.annotation.JsonIgnore;
 import lombok.ToString;
 
 import java.util.Date;
@@ -12,15 +12,17 @@
 public class ErrorDetails {
 	private Date timestamp;
 
-	// Never to be returned to clients, but must be logged.
-	// @JsonIgnore
+	// Never to be returned to clients, but must be logged. See the log file.
+	@JsonIgnore
 	private String message;
 	private String details;
 	private String userMessage;
 	private Map<String, String> userValidationMessage;
 
+	// Never to be returned to clients, but must be logged. See the log file.
 	@JsonIgnore
 	private String stackTrace;
+	// Never to be returned to clients, but must be logged. See the log file.
 	@JsonIgnore
 	private String cause;
 

src/main/java/com/patternknife/securityhelper/oauth2/config/response/error/exception/auth/CustomOauth2AuthenticationException.java

@@ -3,19 +3,22 @@
 import com.patternknife.securityhelper.oauth2.config.logger.dto.ErrorMessages;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 
+/*
+*   Only OAuth2AuthenticationException is allowed to be tossed.
+* */
 public class CustomOauth2AuthenticationException extends OAuth2AuthenticationException {
     protected ErrorMessages errorMessages;
 
     public CustomOauth2AuthenticationException(){
-        super("Default");
+        super("default");
     }
     public CustomOauth2AuthenticationException(String message){
         super(message);
         errorMessages = ErrorMessages.builder().userMessage(message).message(message).build();
     }
 
     public CustomOauth2AuthenticationException(ErrorMessages errorMessages){
-        super(errorMessages.getMessage());
+        super(errorMessages.getMessage() == null ? "default" : errorMessages.getMessage());
         this.errorMessages = errorMessages;
     }
     public ErrorMessages getErrorMessages() {

src/main/java/com/patternknife/securityhelper/oauth2/config/security/errorhandler/auth/authentication/AuthenticationFailureHandlerImpl.java

@@ -2,11 +2,14 @@
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.patternknife.securityhelper.oauth2.config.logger.dto.ErrorDetails;
+import com.patternknife.securityhelper.oauth2.config.logger.module.NonStopErrorLogConfig;
 import com.patternknife.securityhelper.oauth2.config.response.error.CustomExceptionUtils;
 import com.patternknife.securityhelper.oauth2.config.response.error.exception.auth.CustomOauth2AuthenticationException;
 import com.patternknife.securityhelper.oauth2.config.response.error.message.SecurityUserExceptionMessage;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@@ -17,6 +20,8 @@
 
 public class AuthenticationFailureHandlerImpl implements AuthenticationFailureHandler {
 
+    private static final Logger logger = LoggerFactory.getLogger(NonStopErrorLogConfig.class);
+
     @Override
     public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
             throws IOException {
@@ -28,9 +33,9 @@ public void onAuthenticationFailure(HttpServletRequest request, HttpServletRespo
                     "uri=" + request.getRequestURI(), ((CustomOauth2AuthenticationException) exception).getErrorMessages().getUserMessage(), stackTraces);
         }else if(exception instanceof OAuth2AuthenticationException) {
             errorDetails = new ErrorDetails(
-                    ((OAuth2AuthenticationException) exception).getError().getErrorCode(),
+                    ((OAuth2AuthenticationException) exception).getError().getErrorCode() + " / " + ((OAuth2AuthenticationException) exception).getError().getDescription(),
                     "uri=" + request.getRequestURI(),
-                    ((OAuth2AuthenticationException) exception).getError().getDescription(),
+                    SecurityUserExceptionMessage.AUTHENTICATION_LOGIN_FAILURE.getMessage(),
                     stackTraces);
         }else{
             errorDetails = new ErrorDetails(
@@ -47,5 +52,7 @@ public void onAuthenticationFailure(HttpServletRequest request, HttpServletRespo
         // Write the error details to the response
         response.getWriter().write(new ObjectMapper().writeValueAsString(errorDetails));
 
+        logger.warn(errorDetails.toString());
+
     }
 }

src/main/java/com/patternknife/securityhelper/oauth2/config/security/provider/auth/endpoint/CustomAuthenticationProvider.java

@@ -81,7 +81,9 @@ public Authentication authenticate(Authentication authentication)
             }
         }catch (UsernameNotFoundException e){
             throw new CustomOauth2AuthenticationException(ErrorMessages.builder().message(e.getMessage()).userMessage(e.getMessage()).build());
-        } catch (Exception e){
+        }catch (CustomOauth2AuthenticationException e){
+            throw e;
+        }  catch (Exception e){
            throw new CustomOauth2AuthenticationException(ErrorMessages.builder().message(e.getMessage()).userMessage(SecurityUserExceptionMessage.AUTHENTICATION_LOGIN_ERROR.getMessage()).build());
         }
 

src/main/java/com/patternknife/securityhelper/oauth2/config/security/serivce/Oauth2AuthenticationHashCheckService.java

@@ -1,8 +1,10 @@
 package com.patternknife.securityhelper.oauth2.config.security.serivce;
 
+import com.patternknife.securityhelper.oauth2.config.logger.dto.ErrorMessages;
+import com.patternknife.securityhelper.oauth2.config.response.error.exception.auth.CustomOauth2AuthenticationException;
 import com.patternknife.securityhelper.oauth2.config.response.error.message.SecurityUserExceptionMessage;
+import jakarta.annotation.Nullable;
 import lombok.RequiredArgsConstructor;
-import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
@@ -14,23 +16,23 @@ public class Oauth2AuthenticationHashCheckService {
 
     private final PasswordEncoder passwordEncoder;
 
-    public void validateUsernamePassword(String inputPassword, UserDetails userDetails){
+    public void validateUsernamePassword(String inputPassword, @Nullable UserDetails userDetails){
         if (userDetails == null) {
-            throw new BadCredentialsException(SecurityUserExceptionMessage.ID_NO_EXISTS.getMessage());
+            throw new CustomOauth2AuthenticationException(SecurityUserExceptionMessage.ID_NO_EXISTS.getMessage());
         }
         if (!passwordEncoder.matches(inputPassword, userDetails.getPassword())) {
-            throw new BadCredentialsException(SecurityUserExceptionMessage.WRONG_ID_PASSWORD.getMessage());
+            throw new CustomOauth2AuthenticationException(ErrorMessages.builder()
+                    .userMessage(SecurityUserExceptionMessage.AUTHENTICATION_LOGIN_FAILURE.getMessage()).message(SecurityUserExceptionMessage.WRONG_ID_PASSWORD.getMessage() + " (inputPassword : " + inputPassword + ", input username : " + userDetails.getUsername() + ")").build());
         }
     }
 
-    public Boolean validateClientCredentials(String inputClientSecret, RegisteredClient registeredClient){
+    public void validateClientCredentials(String inputClientSecret, RegisteredClient registeredClient){
         if (registeredClient == null) {
-            throw new BadCredentialsException(SecurityUserExceptionMessage.CLIENT_NO_EXISTS.getMessage());
+            throw new CustomOauth2AuthenticationException(SecurityUserExceptionMessage.CLIENT_NO_EXISTS.getMessage());
         }
         if (!passwordEncoder.matches(inputClientSecret, registeredClient.getClientSecret())) {
-            throw new BadCredentialsException(SecurityUserExceptionMessage.WRONG_CLIENT_ID_SECRET.getMessage());
-        }else{
-            return true;
+            throw new CustomOauth2AuthenticationException(ErrorMessages.builder()
+                    .userMessage(SecurityUserExceptionMessage.AUTHENTICATION_LOGIN_FAILURE.getMessage()).message(SecurityUserExceptionMessage.WRONG_CLIENT_ID_SECRET.getMessage() + " (inputClientSecret : " + inputClientSecret+ ")").build());
         }
     }
 

src/main/java/com/patternknife/securityhelper/oauth2/config/security/serivce/persistence/client/RegisteredClientRepositoryImpl.java

@@ -6,6 +6,7 @@
 import com.patternknife.securityhelper.oauth2.config.security.OAuth2ClientCachedInfo;
 import com.patternknife.securityhelper.oauth2.config.security.dao.OauthClientDetailRepository;
 import com.patternknife.securityhelper.oauth2.config.security.entity.OauthClientDetail;
+import jakarta.validation.constraints.NotNull;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
@@ -51,7 +52,7 @@ public void save(RegisteredClient registeredClient) {
     }
 
     @Override
-    public RegisteredClient findById(String id) throws CustomOauth2AuthenticationException {
+    public @NotNull RegisteredClient findById(String id) throws CustomOauth2AuthenticationException {
         // Assuming the ID is the client ID for simplification. Adjust if necessary.
         return oauthClientDetailRepository.findById(id)
                 .map(this::mapToRegisteredClient)
@@ -60,7 +61,7 @@ public RegisteredClient findById(String id) throws CustomOauth2AuthenticationExc
                                 .userMessage(SecurityUserExceptionMessage.AUTHENTICATION_LOGIN_FAILURE.getMessage()).build()));
     }
     @Override
-    public RegisteredClient findByClientId(String clientId) throws CustomOauth2AuthenticationException {
+    public @NotNull RegisteredClient findByClientId(String clientId) throws CustomOauth2AuthenticationException {
         return oauthClientDetailRepository.findById(clientId)
                 .map(this::mapToRegisteredClient)
                 .orElseThrow(()->

src/main/java/com/patternknife/securityhelper/oauth2/domain/traditionaloauth/service/TraditionalOauthService.java

@@ -8,6 +8,7 @@
 import com.patternknife.securityhelper.oauth2.config.security.serivce.CommonOAuth2AuthorizationCycle;
 import com.patternknife.securityhelper.oauth2.config.security.serivce.Oauth2AuthenticationHashCheckService;
 import com.patternknife.securityhelper.oauth2.config.security.serivce.persistence.authorization.OAuth2AuthorizationServiceImpl;
+import com.patternknife.securityhelper.oauth2.config.security.serivce.persistence.client.RegisteredClientRepositoryImpl;
 import com.patternknife.securityhelper.oauth2.config.security.serivce.userdetail.ConditionalDetailsService;
 import com.patternknife.securityhelper.oauth2.config.security.util.SecurityUtil;
 import com.patternknife.securityhelper.oauth2.domain.traditionaloauth.bo.BasicTokenResolver;
@@ -21,7 +22,6 @@
 import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
 import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
-import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
 import org.springframework.stereotype.Service;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
@@ -39,7 +39,7 @@ public class TraditionalOauthService {
 
     private static final Logger logger = LoggerFactory.getLogger(NonStopErrorLogConfig.class);
 
-    private final RegisteredClientRepository registeredClientRepository;
+    private final RegisteredClientRepositoryImpl registeredClientRepository;
 
     private final OAuth2AuthorizationServiceImpl authorizationService;
 
@@ -49,7 +49,7 @@ public class TraditionalOauthService {
     private final Oauth2AuthenticationHashCheckService oauth2AuthenticationHashCheckService;
 
 
-    public TraditionalOauthService(RegisteredClientRepository registeredClientRepository,
+    public TraditionalOauthService(RegisteredClientRepositoryImpl registeredClientRepository,
                                    OAuth2AuthorizationServiceImpl authorizationService,
                                    ConditionalDetailsService conditionalDetailsService,
                                    CommonOAuth2AuthorizationCycle commonOAuth2AuthorizationCycle,
@@ -72,11 +72,7 @@ public SpringSecurityTraditionalOauthDTO.TokenResponse createAccessToken(SpringS
 
         RegisteredClient registeredClient = registeredClientRepository.findByClientId(basicCredentials.getClientId());
 
-        assert registeredClient != null;
-        if(!(basicCredentials.getClientId().equals(registeredClient.getClientId())
-                && oauth2AuthenticationHashCheckService.validateClientCredentials(basicCredentials.getClientSecret(), registeredClient))) {
-            throw new UnauthorizedException(SecurityUserExceptionMessage.AUTHORIZATION_ERROR.getMessage());
-        }
+        oauth2AuthenticationHashCheckService.validateClientCredentials(basicCredentials.getClientSecret(), registeredClient);
 
         UserDetails userDetails = conditionalDetailsService.loadUserByUsername(accessTokenRequest.getUsername(), basicCredentials.getClientId());
 
@@ -105,13 +101,6 @@ public SpringSecurityTraditionalOauthDTO.TokenResponse refreshAccessToken(Spring
 
         RegisteredClient registeredClient = registeredClientRepository.findByClientId(basicCredentials.getClientId());
 
-        assert registeredClient != null;
-
-        if(!(basicCredentials.getClientId().equals(registeredClient.getClientId())
-                && oauth2AuthenticationHashCheckService.validateClientCredentials(basicCredentials.getClientSecret(), registeredClient))) {
-            throw new UnauthorizedException(SecurityUserExceptionMessage.AUTHORIZATION_ERROR.getMessage());
-        }
-
         OAuth2Authorization oAuth2Authorization = authorizationService.findByToken(refreshTokenRequest.getRefresh_token(), OAuth2TokenType.REFRESH_TOKEN);
 
         UserDetails userDetails;

src/main/resources/application.properties

@@ -1,4 +1,4 @@
-spring.profiles.active=local
+spring.profiles.active=production
 server.port=8370
 
 spring.datasource.hikari.patternknife.url=jdbc:mysql://localhost:13506/sc_oauth2_pji?useSSL=false&useUnicode=true&serverTimezone=Asia/Seoul&allowPublicKeyRetrieval=true

src/main/resources/logback-spring.xml

@@ -141,7 +141,7 @@
 
     <appender name="NonStopError"
               class="ch.qos.logback.core.rolling.RollingFileAppender">
-        <file>${LOGS_ABSOLUTE_PATH}/non-stop/current.log</file>
+        <file>${LOGS_ABSOLUTE_PATH}/non-stop-error/current.log</file>
         <encoder
                 class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
             <!--<pattern>%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n</pattern>-->
@@ -209,7 +209,7 @@
         <!--<appender-ref ref="Console" />-->
     </logger>
 
-    <logger name="org.springframework.security" level="WARN">
+    <logger name="org.springframework.security" level="ERROR">
         <appender-ref ref="SecurityError" />
         <!--<appender-ref ref="Console" />-->
     </logger>