Examples with IdentityResolverException org.apache.qpid.server.security.auth.manager.oauth2.IdentityResolverException used on opensource projects

Search in sources :

Example 1 with IdentityResolverException

use of org.apache.qpid.server.security.auth.manager.oauth2.IdentityResolverException in project qpid-broker-j by apache.

the class CloudFoundryOAuth2IdentityResolverService method getUserPrincipal.

@Override
public Principal getUserPrincipal(final OAuth2AuthenticationProvider<?> authenticationProvider, final String accessToken, final NamedAddressSpace addressSpace) throws IOException, IdentityResolverException {
    URL checkTokenEndpoint = authenticationProvider.getIdentityResolverEndpointURI(addressSpace).toURL();
    TrustStore trustStore = authenticationProvider.getTrustStore();
    String clientId = authenticationProvider.getClientId();
    String clientSecret = authenticationProvider.getClientSecret();
    ConnectionBuilder connectionBuilder = new ConnectionBuilder(checkTokenEndpoint);
    connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout()).setReadTimeout(authenticationProvider.getReadTimeout());
    if (trustStore != null) {
        try {
            connectionBuilder.setTrustMangers(trustStore.getTrustManagers());
        } catch (GeneralSecurityException e) {
            throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
        }
    }
    connectionBuilder.setTlsProtocolAllowList(authenticationProvider.getTlsProtocolAllowList()).setTlsProtocolDenyList(authenticationProvider.getTlsProtocolDenyList()).setTlsCipherSuiteAllowList(authenticationProvider.getTlsCipherSuiteAllowList()).setTlsCipherSuiteDenyList(authenticationProvider.getTlsCipherSuiteDenyList());
    LOGGER.debug("About to call identity service '{}'", checkTokenEndpoint);
    HttpURLConnection connection = connectionBuilder.build();
    // makes sure to use POST
    connection.setDoOutput(true);
    connection.setRequestProperty("Accept-Charset", UTF_8.name());
    connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded;charset=" + UTF_8.name());
    connection.setRequestProperty("Accept", "application/json");
    String encoded = Base64.getEncoder().encodeToString((clientId + ":" + clientSecret).getBytes(UTF_8));
    connection.setRequestProperty("Authorization", "Basic " + encoded);
    final Map<String, String> requestParameters = Collections.singletonMap("token", accessToken);
    connection.connect();
    try (OutputStream output = connection.getOutputStream()) {
        output.write(OAuth2Utils.buildRequestQuery(requestParameters).getBytes(UTF_8));
        output.close();
        try (InputStream input = OAuth2Utils.getResponseStream(connection)) {
            int responseCode = connection.getResponseCode();
            LOGGER.debug("Call to identity service '{}' complete, response code : {}", checkTokenEndpoint, responseCode);
            Map<String, String> responseMap = null;
            try {
                responseMap = _objectMapper.readValue(input, Map.class);
            } catch (JsonProcessingException e) {
                throw new IOException(String.format("Identity resolver '%s' did not return json", checkTokenEndpoint), e);
            }
            if (responseCode != 200) {
                throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response code %d, error '%s', description '%s'", checkTokenEndpoint, responseCode, responseMap.get("error"), responseMap.get("error_description")));
            }
            final String userName = responseMap.get("user_name");
            if (userName == null) {
                throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response did not include 'user_name'", checkTokenEndpoint));
            }
            return new UsernamePrincipal(userName, authenticationProvider);
        }
    }
}
Also used : InputStream(java.io.InputStream) GeneralSecurityException(java.security.GeneralSecurityException) OutputStream(java.io.OutputStream) IdentityResolverException(org.apache.qpid.server.security.auth.manager.oauth2.IdentityResolverException) ConnectionBuilder(org.apache.qpid.server.util.ConnectionBuilder) TrustStore(org.apache.qpid.server.model.TrustStore) IOException(java.io.IOException) URL(java.net.URL) ServerScopedRuntimeException(org.apache.qpid.server.util.ServerScopedRuntimeException) UsernamePrincipal(org.apache.qpid.server.security.auth.UsernamePrincipal) HttpURLConnection(java.net.HttpURLConnection) Map(java.util.Map) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)

Example 2 with IdentityResolverException

use of org.apache.qpid.server.security.auth.manager.oauth2.IdentityResolverException in project qpid-broker-j by apache.

the class GitHubOAuth2IdentityResolverService method getUserPrincipal.

@Override
public Principal getUserPrincipal(final OAuth2AuthenticationProvider<?> authenticationProvider, String accessToken, final NamedAddressSpace addressSpace) throws IOException, IdentityResolverException {
    URL userInfoEndpoint = authenticationProvider.getIdentityResolverEndpointURI(addressSpace).toURL();
    TrustStore trustStore = authenticationProvider.getTrustStore();
    ConnectionBuilder connectionBuilder = new ConnectionBuilder(userInfoEndpoint);
    connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout()).setReadTimeout(authenticationProvider.getReadTimeout());
    if (trustStore != null) {
        try {
            connectionBuilder.setTrustMangers(trustStore.getTrustManagers());
        } catch (GeneralSecurityException e) {
            throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
        }
    }
    connectionBuilder.setTlsProtocolAllowList(authenticationProvider.getTlsProtocolAllowList()).setTlsProtocolDenyList(authenticationProvider.getTlsProtocolDenyList()).setTlsCipherSuiteAllowList(authenticationProvider.getTlsCipherSuiteAllowList()).setTlsCipherSuiteDenyList(authenticationProvider.getTlsCipherSuiteDenyList());
    LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
    HttpURLConnection connection = connectionBuilder.build();
    connection.setRequestProperty("Accept-Charset", UTF8);
    connection.setRequestProperty("Accept", "application/vnd.github.v3+json");
    connection.setRequestProperty("Authorization", "token " + accessToken);
    connection.connect();
    try (InputStream input = OAuth2Utils.getResponseStream(connection)) {
        int responseCode = connection.getResponseCode();
        LOGGER.debug("Call to identity service '{}' complete, response code : {}", userInfoEndpoint, responseCode);
        Map<String, String> responseMap;
        try {
            responseMap = _objectMapper.readValue(input, Map.class);
        } catch (JsonProcessingException e) {
            throw new IOException(String.format("Identity resolver '%s' did not return json", userInfoEndpoint), e);
        }
        if (responseCode != 200) {
            throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response code %d", userInfoEndpoint, responseCode));
        }
        final String githubId = responseMap.get("login");
        if (githubId == null) {
            throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response did not include 'login'", userInfoEndpoint));
        }
        return new UsernamePrincipal(githubId, authenticationProvider);
    }
}
Also used : InputStream(java.io.InputStream) GeneralSecurityException(java.security.GeneralSecurityException) IdentityResolverException(org.apache.qpid.server.security.auth.manager.oauth2.IdentityResolverException) ConnectionBuilder(org.apache.qpid.server.util.ConnectionBuilder) TrustStore(org.apache.qpid.server.model.TrustStore) IOException(java.io.IOException) URL(java.net.URL) ServerScopedRuntimeException(org.apache.qpid.server.util.ServerScopedRuntimeException) UsernamePrincipal(org.apache.qpid.server.security.auth.UsernamePrincipal) HttpURLConnection(java.net.HttpURLConnection) Map(java.util.Map) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)

Example 3 with IdentityResolverException

use of org.apache.qpid.server.security.auth.manager.oauth2.IdentityResolverException in project qpid-broker-j by apache.

the class MicrosoftLiveOAuth2IdentityResolverService method getUserPrincipal.

@Override
public Principal getUserPrincipal(final OAuth2AuthenticationProvider<?> authenticationProvider, String accessToken, final NamedAddressSpace addressSpace) throws IOException, IdentityResolverException {
    URL userInfoEndpoint = authenticationProvider.getIdentityResolverEndpointURI(addressSpace).toURL();
    TrustStore trustStore = authenticationProvider.getTrustStore();
    ConnectionBuilder connectionBuilder = new ConnectionBuilder(userInfoEndpoint);
    connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout()).setReadTimeout(authenticationProvider.getReadTimeout());
    if (trustStore != null) {
        try {
            connectionBuilder.setTrustMangers(trustStore.getTrustManagers());
        } catch (GeneralSecurityException e) {
            throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
        }
    }
    connectionBuilder.setTlsProtocolAllowList(authenticationProvider.getTlsProtocolAllowList()).setTlsProtocolDenyList(authenticationProvider.getTlsProtocolDenyList()).setTlsCipherSuiteAllowList(authenticationProvider.getTlsCipherSuiteAllowList()).setTlsCipherSuiteDenyList(authenticationProvider.getTlsCipherSuiteDenyList());
    LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
    HttpURLConnection connection = connectionBuilder.build();
    connection.setRequestProperty("Accept-Charset", UTF8);
    connection.setRequestProperty("Accept", "application/json");
    connection.setRequestProperty("Authorization", "Bearer " + accessToken);
    connection.connect();
    try (InputStream input = OAuth2Utils.getResponseStream(connection)) {
        int responseCode = connection.getResponseCode();
        LOGGER.debug("Call to identity service '{}' complete, response code : {}", userInfoEndpoint, responseCode);
        Map<String, String> responseMap;
        try {
            responseMap = _objectMapper.readValue(input, Map.class);
        } catch (JsonProcessingException e) {
            throw new IOException(String.format("Identity resolver '%s' did not return json", userInfoEndpoint), e);
        }
        if (responseCode != 200) {
            throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response code %d", userInfoEndpoint, responseCode));
        }
        final String liveId = responseMap.get("id");
        if (liveId == null) {
            throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response did not include 'id'", userInfoEndpoint));
        }
        return new UsernamePrincipal(liveId, authenticationProvider);
    }
}
Also used : InputStream(java.io.InputStream) GeneralSecurityException(java.security.GeneralSecurityException) IdentityResolverException(org.apache.qpid.server.security.auth.manager.oauth2.IdentityResolverException) ConnectionBuilder(org.apache.qpid.server.util.ConnectionBuilder) TrustStore(org.apache.qpid.server.model.TrustStore) IOException(java.io.IOException) URL(java.net.URL) ServerScopedRuntimeException(org.apache.qpid.server.util.ServerScopedRuntimeException) UsernamePrincipal(org.apache.qpid.server.security.auth.UsernamePrincipal) HttpURLConnection(java.net.HttpURLConnection) Map(java.util.Map) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)

Example 4 with IdentityResolverException

use of org.apache.qpid.server.security.auth.manager.oauth2.IdentityResolverException in project qpid-broker-j by apache.

the class FacebookIdentityResolverService method getUserPrincipal.

@Override
public Principal getUserPrincipal(final OAuth2AuthenticationProvider<?> authenticationProvider, String accessToken, final NamedAddressSpace addressSpace) throws IOException, IdentityResolverException {
    URL userInfoEndpoint = authenticationProvider.getIdentityResolverEndpointURI(addressSpace).toURL();
    TrustStore trustStore = authenticationProvider.getTrustStore();
    ConnectionBuilder connectionBuilder = new ConnectionBuilder(userInfoEndpoint);
    connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout()).setReadTimeout(authenticationProvider.getReadTimeout());
    if (trustStore != null) {
        try {
            connectionBuilder.setTrustMangers(trustStore.getTrustManagers());
        } catch (GeneralSecurityException e) {
            throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
        }
    }
    connectionBuilder.setTlsProtocolAllowList(authenticationProvider.getTlsProtocolAllowList()).setTlsProtocolDenyList(authenticationProvider.getTlsProtocolDenyList()).setTlsCipherSuiteAllowList(authenticationProvider.getTlsCipherSuiteAllowList()).setTlsCipherSuiteDenyList(authenticationProvider.getTlsCipherSuiteDenyList());
    LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
    HttpURLConnection connection = connectionBuilder.build();
    connection.setRequestProperty("Accept-Charset", UTF8);
    connection.setRequestProperty("Accept", "application/json");
    connection.setRequestProperty("Authorization", "Bearer " + accessToken);
    connection.connect();
    try (InputStream input = OAuth2Utils.getResponseStream(connection)) {
        int responseCode = connection.getResponseCode();
        LOGGER.debug("Call to identity service '{}' complete, response code : {}", userInfoEndpoint, responseCode);
        Map<String, String> responseMap;
        try {
            responseMap = _objectMapper.readValue(input, Map.class);
        } catch (JsonProcessingException e) {
            throw new IOException(String.format("Identity resolver '%s' did not return json", userInfoEndpoint), e);
        }
        if (responseCode != 200) {
            throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response code %d", userInfoEndpoint, responseCode));
        }
        final String facebookId = responseMap.get("id");
        if (facebookId == null) {
            throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response did not include 'id'", userInfoEndpoint));
        }
        return new UsernamePrincipal(facebookId, authenticationProvider);
    }
}
Also used : InputStream(java.io.InputStream) GeneralSecurityException(java.security.GeneralSecurityException) IdentityResolverException(org.apache.qpid.server.security.auth.manager.oauth2.IdentityResolverException) ConnectionBuilder(org.apache.qpid.server.util.ConnectionBuilder) TrustStore(org.apache.qpid.server.model.TrustStore) IOException(java.io.IOException) URL(java.net.URL) ServerScopedRuntimeException(org.apache.qpid.server.util.ServerScopedRuntimeException) UsernamePrincipal(org.apache.qpid.server.security.auth.UsernamePrincipal) HttpURLConnection(java.net.HttpURLConnection) Map(java.util.Map) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)

Example 5 with IdentityResolverException

use of org.apache.qpid.server.security.auth.manager.oauth2.IdentityResolverException in project qpid-broker-j by apache.

the class GoogleOAuth2IdentityResolverService method getUserPrincipal.

@Override
public Principal getUserPrincipal(final OAuth2AuthenticationProvider<?> authenticationProvider, String accessToken, final NamedAddressSpace addressSpace) throws IOException, IdentityResolverException {
    URL userInfoEndpoint = authenticationProvider.getIdentityResolverEndpointURI(addressSpace).toURL();
    TrustStore trustStore = authenticationProvider.getTrustStore();
    ConnectionBuilder connectionBuilder = new ConnectionBuilder(userInfoEndpoint);
    connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout()).setReadTimeout(authenticationProvider.getReadTimeout());
    if (trustStore != null) {
        try {
            connectionBuilder.setTrustMangers(trustStore.getTrustManagers());
        } catch (GeneralSecurityException e) {
            throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
        }
    }
    connectionBuilder.setTlsProtocolAllowList(authenticationProvider.getTlsProtocolAllowList()).setTlsProtocolDenyList(authenticationProvider.getTlsProtocolDenyList()).setTlsCipherSuiteAllowList(authenticationProvider.getTlsCipherSuiteAllowList()).setTlsCipherSuiteDenyList(authenticationProvider.getTlsCipherSuiteDenyList());
    LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
    HttpURLConnection connection = connectionBuilder.build();
    connection.setRequestProperty("Accept-Charset", UTF8);
    connection.setRequestProperty("Accept", "application/json");
    connection.setRequestProperty("Authorization", "Bearer " + accessToken);
    connection.connect();
    try (InputStream input = OAuth2Utils.getResponseStream(connection)) {
        int responseCode = connection.getResponseCode();
        LOGGER.debug("Call to identity service '{}' complete, response code : {}", userInfoEndpoint, responseCode);
        Map<String, String> responseMap;
        try {
            responseMap = _objectMapper.readValue(input, Map.class);
        } catch (JsonProcessingException e) {
            throw new IOException(String.format("Identity resolver '%s' did not return json", userInfoEndpoint), e);
        }
        if (responseCode != 200) {
            throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response code %d", userInfoEndpoint, responseCode));
        }
        final String googleId = responseMap.get("sub");
        if (googleId == null) {
            throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response did not include 'sub'", userInfoEndpoint));
        }
        return new UsernamePrincipal(googleId, authenticationProvider);
    }
}
Also used : InputStream(java.io.InputStream) GeneralSecurityException(java.security.GeneralSecurityException) IdentityResolverException(org.apache.qpid.server.security.auth.manager.oauth2.IdentityResolverException) ConnectionBuilder(org.apache.qpid.server.util.ConnectionBuilder) TrustStore(org.apache.qpid.server.model.TrustStore) IOException(java.io.IOException) URL(java.net.URL) ServerScopedRuntimeException(org.apache.qpid.server.util.ServerScopedRuntimeException) UsernamePrincipal(org.apache.qpid.server.security.auth.UsernamePrincipal) HttpURLConnection(java.net.HttpURLConnection) Map(java.util.Map) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)

Aggregations

JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)6 IOException (java.io.IOException)6 InputStream (java.io.InputStream)6 HttpURLConnection (java.net.HttpURLConnection)6 URL (java.net.URL)6 GeneralSecurityException (java.security.GeneralSecurityException)6 Map (java.util.Map)6 TrustStore (org.apache.qpid.server.model.TrustStore)6 UsernamePrincipal (org.apache.qpid.server.security.auth.UsernamePrincipal)6 IdentityResolverException (org.apache.qpid.server.security.auth.manager.oauth2.IdentityResolverException)6 ConnectionBuilder (org.apache.qpid.server.util.ConnectionBuilder)6 ServerScopedRuntimeException (org.apache.qpid.server.util.ServerScopedRuntimeException)6 OutputStream (java.io.OutputStream)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial