use of org.apache.qpid.server.security.auth.manager.oauth2.IdentityResolverException in project qpid-broker-j by apache.
the class KeycloakOAuth2IdentityResolverService method getUserPrincipal.
@Override
public Principal getUserPrincipal(final OAuth2AuthenticationProvider<?> authenticationProvider, String accessToken, final NamedAddressSpace addressSpace) throws IOException, IdentityResolverException {
URL userInfoEndpoint = authenticationProvider.getIdentityResolverEndpointURI(addressSpace).toURL();
TrustStore trustStore = authenticationProvider.getTrustStore();
ConnectionBuilder connectionBuilder = new ConnectionBuilder(userInfoEndpoint);
connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout()).setReadTimeout(authenticationProvider.getReadTimeout());
if (trustStore != null) {
try {
connectionBuilder.setTrustMangers(trustStore.getTrustManagers());
} catch (GeneralSecurityException e) {
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList()).setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList()).setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList()).setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
connection.setRequestProperty("Accept-Charset", UTF8);
connection.setRequestProperty("Accept", "application/json");
connection.setRequestProperty("Authorization", "Bearer " + accessToken);
connection.connect();
try (InputStream input = OAuth2Utils.getResponseStream(connection)) {
int responseCode = connection.getResponseCode();
LOGGER.debug("Call to identity service '{}' complete, response code : {}", userInfoEndpoint, responseCode);
Map<String, String> responseMap;
try {
responseMap = _objectMapper.readValue(input, Map.class);
} catch (JsonProcessingException e) {
throw new IOException(String.format("Identity resolver '%s' did not return json", userInfoEndpoint), e);
}
if (responseCode != 200) {
throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response code %d", userInfoEndpoint, responseCode));
}
String username = responseMap.get("preferred_username");
if (username == null) {
username = responseMap.get("sub");
if (username == null) {
throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response did not include 'sub'", userInfoEndpoint));
}
}
return new UsernamePrincipal(username, authenticationProvider);
}
}
Aggregations