Ensure AccessDeniedException is thrown from expression handler

... otherwise the AccessDeniedHandler doesn't get a chance to send
the proper response and user just sees 500 status

Fixes gh-118

spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2SecurityExpressionMethods.java

@@ -65,7 +65,8 @@ public OAuth2SecurityExpressionMethods(Authentication authentication) {
 	 */
 	public boolean throwOnError(boolean decision) {
 		if (!decision && !missingScopes.isEmpty()) {
-			throw new InsufficientScopeException("Insufficient scope for this resource", missingScopes);
+			Throwable failure = new InsufficientScopeException("Insufficient scope for this resource", missingScopes);
+			throw new AccessDeniedException(failure.getMessage(), failure);
 		}
 		return decision;
 	}

spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/expression/OAuth2MethodSecurityExpressionHandlerTests.java

@@ -25,10 +25,10 @@
 import org.junit.Test;
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
-import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
 import org.springframework.security.oauth2.provider.AuthorizationRequest;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.OAuth2Request;
@@ -64,7 +64,7 @@ public void testScopesWithOr() throws Exception {
 		assertTrue((Boolean) expression.getValue(context));
 	}
 
-	@Test(expected = InsufficientScopeException.class)
+	@Test(expected = AccessDeniedException.class)
 	public void testScopesInsufficient() throws Exception {
 		AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
 		request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "bar", "",
@@ -135,7 +135,7 @@ public void testScopesRegex() throws Exception {
 		assertTrue((Boolean) expression.getValue(context));
 	}
 
-	@Test(expected = InsufficientScopeException.class)
+	@Test(expected = AccessDeniedException.class)
 	public void testScopesRegexThrowsException() throws Exception {
 
 		OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request(null, "foo", null, false,

spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/expression/OAuth2SecurityExpressionMethodsTests.java

@@ -22,10 +22,10 @@
 import java.util.Collections;
 
 import org.junit.Test;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
 import org.springframework.security.oauth2.provider.AuthorizationRequest;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.OAuth2Request;
@@ -73,7 +73,7 @@ public void testScopesFalse() throws Exception {
 		assertFalse(root.hasAnyScope("write"));
 	}
 
-	@Test(expected = InsufficientScopeException.class)
+	@Test(expected = AccessDeniedException.class)
 	public void testScopesWithException() throws Exception {
 		OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request(null, "foo", null, false, Collections.singleton("read"), null, null, null, null);
 
@@ -84,7 +84,7 @@ public void testScopesWithException() throws Exception {
 		assertFalse(root.throwOnError(hasAnyScope));
 	}
 
-	@Test(expected = InsufficientScopeException.class)
+	@Test(expected = AccessDeniedException.class)
 	public void testInsufficientScope() throws Exception {
 		OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request(null, "foo", null, false, Collections.singleton("read"), null, null, null, null);
 

spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/expression/OAuth2WebSecurityExpressionHandlerTests.java

@@ -24,10 +24,10 @@
 import org.junit.Test;
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
-import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
 import org.springframework.security.oauth2.provider.AuthorizationRequest;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.OAuth2Request;
@@ -90,7 +90,7 @@ public void testScopes() throws Exception {
 		assertTrue((Boolean) expression.getValue(handler.createEvaluationContext(oAuth2Authentication, invocation)));
 	}
 
-	@Test(expected = InsufficientScopeException.class)
+	@Test(expected = AccessDeniedException.class)
 	public void testInsufficientScope() throws Exception {
 		AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
 		request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "bar", "",