Example 66 with OAuthSystemException
use of org.apache.oltu.oauth2.common.exception.OAuthSystemException in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpoint method handleDeniedConsent.
private Response handleDeniedConsent(OAuthMessage oAuthMessage) throws OAuthSystemException, URISyntaxException {
OAuth2Parameters oauth2Params = getOauth2Params(oAuthMessage);
OpenIDConnectUserRPStore.getInstance().putUserRPToStore(getLoggedInUser(oAuthMessage), getOauth2Params(oAuthMessage).getApplicationName(), false, oauth2Params.getClientId());
OAuthErrorDTO oAuthErrorDTO = EndpointUtil.getOAuth2Service().handleUserConsentDenial(oauth2Params);
OAuthProblemException consentDenialException = buildConsentDenialException(oAuthErrorDTO);
String denyResponse = EndpointUtil.getErrorRedirectURL(oAuthMessage.getRequest(), consentDenialException, oauth2Params);
if (StringUtils.equals(oauth2Params.getResponseMode(), RESPONSE_MODE_FORM_POST)) {
return handleFailedState(oAuthMessage, oauth2Params, consentDenialException);
}
return Response.status(HttpServletResponse.SC_FOUND).location(new URI(denyResponse)).build();
}
Also used :
OAuth2Parameters(org.wso2.carbon.identity.oauth2.model.OAuth2Parameters)
OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException)
OAuthErrorDTO(org.wso2.carbon.identity.oauth.dto.OAuthErrorDTO)
URI(java.net.URI)
REDIRECT_URI(org.wso2.carbon.identity.oauth.common.OAuthConstants.OAuth20Params.REDIRECT_URI)
Example 67 with OAuthSystemException
use of org.apache.oltu.oauth2.common.exception.OAuthSystemException in project identity-inbound-auth-oauth by wso2-extensions.
the class CookieBasedTokenBinder method retrieveTokenBindingValueFromRequest.
private String retrieveTokenBindingValueFromRequest(HttpServletRequest request) throws OAuthSystemException {
Cookie[] cookies = request.getCookies();
if (ArrayUtils.isEmpty(cookies)) {
return null;
}
Optional<Cookie> tokenBindingCookieOptional = Arrays.stream(cookies).filter(t -> COOKIE_NAME.equals(t.getName())).findAny();
if (!tokenBindingCookieOptional.isPresent() || StringUtils.isBlank(tokenBindingCookieOptional.get().getValue())) {
return null;
}
String tokenBindingValue = tokenBindingCookieOptional.get().getValue();
boolean isTokenBindingValueValid;
try {
// Do we need additional validation here? like validate local user.
isTokenBindingValueValid = OAuthTokenPersistenceFactory.getInstance().getTokenBindingMgtDAO().isTokenBindingExistsForBindingReference(OAuth2Util.getTokenBindingReference(tokenBindingValue));
} catch (IdentityOAuth2Exception e) {
throw new OAuthSystemException("Failed to check token binding reference existence", e);
}
return isTokenBindingValueValid ? tokenBindingValue : null;
}
Also used :
SameSiteCookie(org.wso2.carbon.core.SameSiteCookie)
ServletCookie(org.wso2.carbon.core.ServletCookie)
Cookie(javax.servlet.http.Cookie)
StringUtils(org.apache.commons.lang.StringUtils)
Arrays(java.util.Arrays)
OAuth2Util(org.wso2.carbon.identity.oauth2.util.OAuth2Util)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
UUID(java.util.UUID)
SameSiteCookie(org.wso2.carbon.core.SameSiteCookie)
List(java.util.List)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AUTHORIZATION_CODE(org.wso2.carbon.identity.oauth.common.OAuthConstants.GrantTypes.AUTHORIZATION_CODE)
OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException)
OAuthTokenPersistenceFactory(org.wso2.carbon.identity.oauth2.dao.OAuthTokenPersistenceFactory)
OAuth2AccessTokenReqDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO)
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
Optional(java.util.Optional)
ServletCookie(org.wso2.carbon.core.ServletCookie)
Cookie(javax.servlet.http.Cookie)
Collections(java.util.Collections)
COOKIE_BASED_TOKEN_BINDER(org.wso2.carbon.identity.oauth2.OAuth2Constants.TokenBinderType.COOKIE_BASED_TOKEN_BINDER)
ArrayUtils(org.apache.commons.lang.ArrayUtils)
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException)
Example 68 with OAuthSystemException
use of org.apache.oltu.oauth2.common.exception.OAuthSystemException in project identity-inbound-auth-oauth by wso2-extensions.
the class SSOSessionBasedTokenBinder method isValidTokenBinding.
@Override
public boolean isValidTokenBinding(Object request, String bindingReference) {
try {
String sessionIdentifier = getTokenBindingValue((HttpServletRequest) request);
if (StringUtils.isBlank(sessionIdentifier)) {
if (log.isDebugEnabled()) {
log.debug("CommonAuthId cookie is not found in the request.");
}
return false;
}
/* Retrieve session context information using sessionIdentifier in order to check the validity of
commonAuthId cookie.*/
SessionContext sessionContext = FrameworkUtils.getSessionContextFromCache(sessionIdentifier);
if (sessionContext == null) {
if (log.isDebugEnabled()) {
log.debug("Session context is not found corresponding to the session identifier: " + sessionIdentifier);
}
return false;
}
} catch (OAuthSystemException e) {
log.error("Error while getting the token binding value", e);
return false;
}
return isValidTokenBinding(request, bindingReference, COMMONAUTH_COOKIE);
}
Also used :
OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException)
SessionContext(org.wso2.carbon.identity.application.authentication.framework.context.SessionContext)
Example 69 with OAuthSystemException
use of org.apache.oltu.oauth2.common.exception.OAuthSystemException in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2Util method addTokenDOtoCache.
/**
* There are cases where we store an 'alias' of the token returned to the client as the token inside IS.
* For example, in the case of JWT access tokens we store the 'jti' claim in the database instead of the
* actual JWT. Therefore we need to cache an AccessTokenDO with the stored token identifier.
*
* @param newTokenBean token DO to be added to the cache.
*/
public static void addTokenDOtoCache(AccessTokenDO newTokenBean) throws IdentityOAuth2Exception {
OauthTokenIssuer tokenIssuer = null;
try {
tokenIssuer = OAuth2Util.getOAuthTokenIssuerForOAuthApp(newTokenBean.getConsumerKey());
String tokenAlias = tokenIssuer.getAccessTokenHash(newTokenBean.getAccessToken());
OAuthCacheKey accessTokenCacheKey = new OAuthCacheKey(tokenAlias);
AccessTokenDO tokenDO = AccessTokenDO.clone(newTokenBean);
tokenDO.setAccessToken(tokenAlias);
OAuthCache.getInstance().addToCache(accessTokenCacheKey, tokenDO);
if (log.isDebugEnabled()) {
if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) {
log.debug("Access token DO was added to OAuthCache with cache key: " + accessTokenCacheKey.getCacheKeyString());
} else {
log.debug("Access token DO was added to OAuthCache");
}
}
} catch (OAuthSystemException e) {
if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) {
throw new IdentityOAuth2Exception("Error while getting the token alias from token issuer: " + tokenIssuer.toString() + " for the token: " + newTokenBean.getAccessToken(), e);
} else {
throw new IdentityOAuth2Exception("Error while getting the token alias from token issuer: " + tokenIssuer.toString(), e);
}
} catch (InvalidOAuthClientException e) {
if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) {
throw new IdentityOAuth2Exception("Error while getting the token issuer for the token: " + newTokenBean.getAccessToken(), e);
} else {
throw new IdentityOAuth2Exception("Error while getting the token issuer", e);
}
}
}
Also used :
OauthTokenIssuer(org.wso2.carbon.identity.oauth2.token.OauthTokenIssuer)
AccessTokenDO(org.wso2.carbon.identity.oauth2.model.AccessTokenDO)
OAuthCacheKey(org.wso2.carbon.identity.oauth.cache.OAuthCacheKey)
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException)
InvalidOAuthClientException(org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException)
Example 70 with OAuthSystemException
use of org.apache.oltu.oauth2.common.exception.OAuthSystemException in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2Util method getAccessTokenDOFromMatchingTokenIssuer.
/**
* Loop through provided token issuer list and tries to get the access token DO.
*
* @param tokenIdentifier Provided token identifier.
* @param tokenIssuerMap List of token issuers.
* @return Obtained matching access token DO if possible.
* @throws IdentityOAuth2Exception
*/
private static AccessTokenDO getAccessTokenDOFromMatchingTokenIssuer(String tokenIdentifier, Map<String, OauthTokenIssuer> tokenIssuerMap, boolean includeExpired) throws IdentityOAuth2Exception {
AccessTokenDO accessTokenDO;
if (tokenIssuerMap != null) {
for (Map.Entry<String, OauthTokenIssuer> oauthTokenIssuerEntry : tokenIssuerMap.entrySet()) {
try {
OauthTokenIssuer oauthTokenIssuer = oauthTokenIssuerEntry.getValue();
String tokenAlias = oauthTokenIssuer.getAccessTokenHash(tokenIdentifier);
if (oauthTokenIssuer.usePersistedAccessTokenAlias()) {
accessTokenDO = OAuth2Util.getAccessTokenDOFromTokenIdentifier(tokenAlias, includeExpired);
} else {
accessTokenDO = OAuth2Util.getAccessTokenDOFromTokenIdentifier(tokenIdentifier, includeExpired);
}
if (accessTokenDO != null) {
return accessTokenDO;
}
} catch (OAuthSystemException e) {
if (log.isDebugEnabled()) {
if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) {
log.debug("Token issuer: " + oauthTokenIssuerEntry.getKey() + " was tried and" + " failed to parse the received token: " + tokenIdentifier);
} else {
log.debug("Token issuer: " + oauthTokenIssuerEntry.getKey() + " was tried and" + " failed to parse the received token.");
}
}
} catch (IllegalArgumentException e) {
if (log.isDebugEnabled()) {
if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) {
log.debug("Token issuer: " + oauthTokenIssuerEntry.getKey() + " was tried and" + " failed to get the token from database: " + tokenIdentifier);
} else {
log.debug("Token issuer: " + oauthTokenIssuerEntry.getKey() + " was tried and" + " failed to get the token from database.");
}
}
}
}
}
return null;
}
Also used :
AccessTokenDO(org.wso2.carbon.identity.oauth2.model.AccessTokenDO)
OauthTokenIssuer(org.wso2.carbon.identity.oauth2.token.OauthTokenIssuer)
OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException)
Map(java.util.Map)
TreeMap(java.util.TreeMap)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
HashMap(java.util.HashMap)
Aggregations
OAuthSystemException (org.apache.oltu.oauth2.common.exception.OAuthSystemException)103
OAuthClientRequest (org.apache.oltu.oauth2.client.request.OAuthClientRequest)57
OAuthProblemException (org.apache.oltu.oauth2.common.exception.OAuthProblemException)51
OAuthResponse (org.apache.oltu.oauth2.common.message.OAuthResponse)49
IOException (java.io.IOException)41
Request (okhttp3.Request)29
Response (okhttp3.Response)29
OAuthJSONAccessTokenResponse (org.apache.oltu.oauth2.client.response.OAuthJSONAccessTokenResponse)23
Builder (okhttp3.Request.Builder)19
OAuthBearerClientRequest (org.apache.oltu.oauth2.client.request.OAuthBearerClientRequest)18
URI (java.net.URI)17
Map (java.util.Map)16
TokenRequestBuilder (org.apache.oltu.oauth2.client.request.OAuthClientRequest.TokenRequestBuilder)15
OAuthClientResponse (org.apache.oltu.oauth2.client.response.OAuthClientResponse)15
MediaType (okhttp3.MediaType)14
RequestBody (okhttp3.RequestBody)14
OAuthClient (org.apache.oltu.oauth2.client.OAuthClient)13
MD5Generator (org.apache.oltu.oauth2.as.issuer.MD5Generator)12
AuthenticationRequestBuilder (org.apache.oltu.oauth2.client.request.OAuthClientRequest.AuthenticationRequestBuilder)12
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)12
