Make code easier to read (Azure#15101)

* No logic change, just make code easier to read.

* Add class: AccessTokenClaims.

* No logic change, just make code easier to read.

* Remame AccessTokenClaim to AccessTokenClaims.

* Combine 2 kinds of Exception, delete ErrorCode.

* Add AADOAuth2ErrorCode.

* Rename AccessTokenClaim to AADAccessTokenClaim.

* No logic change, just make code easier to read.

* setStatus before sendRedirect.

* No logic change, just make code easier to read.

* Fix error reported by maven-checkstyle-plugin.

Co-authored-by: Rujun Chen <rujche@microsoft.com>

Author: Rujun Chen

sdk/spring/azure-spring-boot/src/main/java/com/microsoft/azure/spring/autoconfigure/aad/AADAccessTokenClaim.java

@@ -0,0 +1,17 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.azure.spring.autoconfigure.aad;
+
+/**
+ * Refs: https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens
+ */
+public class AADAccessTokenClaim {
+
+    /**
+     * Provides a human-readable value that identifies the subject of the token. The value is not guaranteed to be
+     * unique, it is mutable, and it's designed to be used only for display purposes. The profile scope is required in
+     * order to receive this claim.
+     */
+    public static final String NAME = "name";
+}

sdk/spring/azure-spring-boot/src/main/java/com/microsoft/azure/spring/autoconfigure/aad/AADAuthenticationFailureHandler.java

@@ -23,41 +23,43 @@
  * configured on Azure Active Directory.
  */
 public class AADAuthenticationFailureHandler implements AuthenticationFailureHandler {
-
-    private AuthenticationFailureHandler defaultHandler;
+    private static final String DEFAULT_FAILURE_URL = "/login?error";
+    private final AuthenticationFailureHandler defaultHandler;
 
     public AADAuthenticationFailureHandler() {
-        this.defaultHandler = new SimpleUrlAuthenticationFailureHandler(Constants.FAILURE_DEFAULT_URL);
+        this.defaultHandler = new SimpleUrlAuthenticationFailureHandler(DEFAULT_FAILURE_URL);
     }
 
     @Override
     public void onAuthenticationFailure(HttpServletRequest request,
                                         HttpServletResponse response,
                                         AuthenticationException exception) throws IOException, ServletException {
-        final OAuth2AuthenticationException targetException = (OAuth2AuthenticationException) exception;
         // Handle conditional access policy
-        if (Constants.CONDITIONAL_ACCESS_POLICY.equals((targetException.getError().getErrorCode()))) {
-            // Get infos
-            final Throwable cause = targetException.getCause();
-            if (cause instanceof MsalServiceException) {
-                // Put claims into session
-                Optional.of(cause)
-                        .map(c -> (MsalServiceException) c)
-                        .map(MsalServiceException::claims)
-                        .ifPresent(claims -> request.getSession().setAttribute(Constants.CAP_CLAIMS, claims));
-                // Redirect
-                String redirectUrl = Optional.of(request)
-                        .map(HttpServletRequest::getSession)
-                        .map(s -> s.getAttribute(Constants.SAVED_REQUEST))
-                        .map(r -> (DefaultSavedRequest) r)
-                        .map(DefaultSavedRequest::getRedirectUrl)
-                        .orElse(null);
-                response.sendRedirect(redirectUrl);
-                response.setStatus(302);
-                return;
-            }
+        MsalServiceException msalServiceException = (MsalServiceException)
+            Optional.of(exception)
+                    .filter(e -> e instanceof OAuth2AuthenticationException)
+                    .map(e -> (OAuth2AuthenticationException) e)
+                    .filter(e -> AADOAuth2ErrorCode.CONDITIONAL_ACCESS_POLICY.equals((e.getError().getErrorCode())))
+                    .map(Throwable::getCause)
+                    .filter(cause -> cause instanceof MsalServiceException)
+                    .orElse(null);
+        if (msalServiceException == null) {
+            // Default handle logic
+            defaultHandler.onAuthenticationFailure(request, response, exception);
+        } else {
+            // Put claims into session
+            Optional.of(msalServiceException)
+                    .map(MsalServiceException::claims)
+                    .ifPresent(claims -> request.getSession().setAttribute(Constants.CAP_CLAIMS, claims));
+            // Redirect
+            response.setStatus(302);
+            String redirectUrl = Optional.of(request)
+                                         .map(HttpServletRequest::getSession)
+                                         .map(s -> s.getAttribute(Constants.SAVED_REQUEST))
+                                         .map(r -> (DefaultSavedRequest) r)
+                                         .map(DefaultSavedRequest::getRedirectUrl)
+                                         .orElse(null);
+            response.sendRedirect(redirectUrl);
         }
-        // Default handle logic
-        defaultHandler.onAuthenticationFailure(request, response, exception);
     }
 }

sdk/spring/azure-spring-boot/src/main/java/com/microsoft/azure/spring/autoconfigure/aad/AADOAuth2ErrorCode.java

@@ -0,0 +1,10 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.azure.spring.autoconfigure.aad;
+
+public class AADOAuth2ErrorCode {
+    public static final String CONDITIONAL_ACCESS_POLICY = "conditional_access_policy";
+    public static final String INVALID_REQUEST = "invalid_request";
+    public static final String SERVER_SERVER = "server_error";
+}

sdk/spring/azure-spring-boot/src/main/java/com/microsoft/azure/spring/autoconfigure/aad/AADOAuth2UserService.java

@@ -21,23 +21,22 @@
 import java.util.Optional;
 import java.util.Set;
 
+import static com.microsoft.azure.spring.autoconfigure.aad.AADOAuth2ErrorCode.CONDITIONAL_ACCESS_POLICY;
+import static com.microsoft.azure.spring.autoconfigure.aad.AADOAuth2ErrorCode.INVALID_REQUEST;
+import static com.microsoft.azure.spring.autoconfigure.aad.AADOAuth2ErrorCode.SERVER_SERVER;
+
 /**
  * This implementation will retrieve group info of user from Microsoft Graph and map groups to {@link GrantedAuthority}.
  */
 public class AADOAuth2UserService implements OAuth2UserService<OidcUserRequest, OidcUser> {
-    private static final String CONDITIONAL_ACCESS_POLICY = "conditional_access_policy";
-    private static final String INVALID_REQUEST = "invalid_request";
-    private static final String SERVER_ERROR = "server_error";
-    private static final String DEFAULT_USERNAME_ATTR_NAME = "name";
-
-    private AADAuthenticationProperties aadAuthProps;
-    private ServiceEndpointsProperties serviceEndpointsProps;
-    private OidcUserService oidcUserService;
+    private final AADAuthenticationProperties aadAuthenticationProperties;
+    private final ServiceEndpointsProperties serviceEndpointsProperties;
+    private final OidcUserService oidcUserService;
 
-    public AADOAuth2UserService(AADAuthenticationProperties aadAuthProps,
-                                ServiceEndpointsProperties serviceEndpointsProps) {
-        this.aadAuthProps = aadAuthProps;
-        this.serviceEndpointsProps = serviceEndpointsProps;
+    public AADOAuth2UserService(AADAuthenticationProperties aadAuthenticationProperties,
+                                ServiceEndpointsProperties serviceEndpointsProperties) {
+        this.aadAuthenticationProperties = aadAuthenticationProperties;
+        this.serviceEndpointsProperties = serviceEndpointsProperties;
         this.oidcUserService = new OidcUserService();
     }
 
@@ -50,25 +49,28 @@ public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2Authenticatio
             // https://github.com/MicrosoftDocs/azure-docs/issues/8121#issuecomment-387090099
             // In AAD App Registration configure oauth2AllowImplicitFlow to true
             final ClientRegistration registration = userRequest.getClientRegistration();
-            final AzureADGraphClient graphClient = new AzureADGraphClient(
+            final AzureADGraphClient azureADGraphClient = new AzureADGraphClient(
                 registration.getClientId(),
                 registration.getClientSecret(),
-                aadAuthProps,
-                serviceEndpointsProps
+                aadAuthenticationProperties,
+                serviceEndpointsProperties
             );
-            String graphApiToken = graphClient
-                .acquireTokenForGraphApi(userRequest.getIdToken().getTokenValue(), aadAuthProps.getTenantId())
+            String graphApiToken = azureADGraphClient
+                .acquireTokenForGraphApi(
+                    userRequest.getIdToken().getTokenValue(),
+                    aadAuthenticationProperties.getTenantId()
+                )
                 .accessToken();
-            mappedAuthorities = graphClient.getGrantedAuthorities(graphApiToken);
+            mappedAuthorities = azureADGraphClient.getGrantedAuthorities(graphApiToken);
         } catch (MalformedURLException e) {
-            throw wrapException(INVALID_REQUEST, "Failed to acquire token for Graph API.", null, e);
+            throw toOAuth2AuthenticationException(INVALID_REQUEST, "Failed to acquire token for Graph API.", e);
         } catch (ServiceUnavailableException e) {
-            throw wrapException(SERVER_ERROR, "Failed to acquire token for Graph API.", null, e);
+            throw toOAuth2AuthenticationException(SERVER_SERVER, "Failed to acquire token for Graph API.", e);
         } catch (IOException e) {
-            throw wrapException(SERVER_ERROR, "Failed to map group to authorities.", null, e);
+            throw toOAuth2AuthenticationException(SERVER_SERVER, "Failed to map group to authorities.", e);
         } catch (MsalServiceException e) {
             if (e.claims() != null && !e.claims().isEmpty()) {
-                throw wrapException(CONDITIONAL_ACCESS_POLICY, "Handle conditional access policy", null, e);
+                throw toOAuth2AuthenticationException(CONDITIONAL_ACCESS_POLICY, "Handle conditional access policy", e);
             } else {
                 throw e;
             }
@@ -79,13 +81,15 @@ public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2Authenticatio
                                           .map(ClientRegistration.ProviderDetails::getUserInfoEndpoint)
                                           .map(ClientRegistration.ProviderDetails.UserInfoEndpoint::getUserNameAttributeName)
                                           .filter(s -> !s.isEmpty())
-                                          .orElse(DEFAULT_USERNAME_ATTR_NAME);
+                                          .orElse(AADAccessTokenClaim.NAME);
         // Create a copy of oidcUser but use the mappedAuthorities instead
         return new DefaultOidcUser(mappedAuthorities, oidcUser.getIdToken(), nameAttributeKey);
     }
 
-    private OAuth2AuthenticationException wrapException(String errorCode, String errDesc, String uri, Exception e) {
-        final OAuth2Error oAuth2Error = new OAuth2Error(errorCode, errDesc, uri);
-        throw new OAuth2AuthenticationException(oAuth2Error, e);
+    private OAuth2AuthenticationException toOAuth2AuthenticationException(String errorCode,
+                                                                          String description,
+                                                                          Exception cause) {
+        OAuth2Error oAuth2Error = new OAuth2Error(errorCode, description, null);
+        return new OAuth2AuthenticationException(oAuth2Error, cause);
     }
 }

sdk/spring/azure-spring-boot/src/main/java/com/microsoft/azure/spring/autoconfigure/aad/Constants.java

@@ -4,10 +4,8 @@
 package com.microsoft.azure.spring.autoconfigure.aad;
 
 public class Constants {
-    public static final String CONDITIONAL_ACCESS_POLICY = "conditional_access_policy";
     public static final String SAVED_REQUEST = "SPRING_SECURITY_SAVED_REQUEST";
     public static final String CAP_CLAIMS = "CAP_Claims";
     public static final String CLAIMS = "claims";
-    public static final String FAILURE_DEFAULT_URL = "/login?error";
     public static final String OBJECT_TYPE_GROUP = "Group";
 }