use of org.forgerock.oauth2.core.AuthorizeRequestValidator in project OpenAM by OpenRock.
the class OAuth2GuiceModule method configure.
/**
* {@inheritDoc}
*/
@Override
protected void configure() {
bind(AuthorizationService.class).to(AuthorizationServiceImpl.class);
bind(new TypeLiteral<OAuth2RequestFactory<?, Request>>() {
}).to(RestletOAuth2RequestFactory.class);
bind(ResourceOwnerConsentVerifier.class).to(OpenIdResourceOwnerConsentVerifier.class);
bind(ClientRegistrationStore.class).to(OpenAMClientRegistrationStore.class);
bind(OpenIdConnectClientRegistrationStore.class).to(OpenAMClientRegistrationStore.class);
bind(OAuth2ProviderSettingsFactory.class).to(OpenAMOAuth2ProviderSettingsFactory.class);
bind(OAuth2ProviderSettingsFactory.class).to(OpenAMOAuth2ProviderSettingsFactory.class);
bind(ResourceOwnerSessionValidator.class).to(OpenAMResourceOwnerSessionValidator.class);
bind(ClientAuthenticator.class).to(ClientAuthenticatorImpl.class);
bind(TokenStore.class).to(OpenAMTokenStore.class);
bind(OpenIdConnectTokenStore.class).to(OpenAMTokenStore.class);
bind(AccessTokenService.class).to(AccessTokenServiceImpl.class);
bind(ResourceOwnerAuthenticator.class).to(OpenAMResourceOwnerAuthenticator.class);
bind(IdTokenResponseTypeHandler.class).to(OpenAMIdTokenResponseTypeHandler.class);
bind(UserInfoService.class).to(UserInfoServiceImpl.class);
bind(TokenInfoService.class).to(TokenInfoServiceImpl.class);
bind(ClientAuthenticationFailureFactory.class).to(OpenAMClientAuthenticationFailureFactory.class);
bind(AccessTokenVerifier.class).to(RestletHeaderAccessTokenVerifier.class);
bind(AccessTokenVerifier.class).annotatedWith(named(HEADER)).to(RestletHeaderAccessTokenVerifier.class);
bind(AccessTokenVerifier.class).annotatedWith(named(FORM_BODY)).to(RestletFormBodyAccessTokenVerifier.class);
bind(AccessTokenVerifier.class).annotatedWith(named(QUERY_PARAM)).to(RestletQueryParameterAccessTokenVerifier.class);
bind(OpenIDConnectProvider.class).to(OpenAMOpenIDConnectProvider.class);
bind(ClientDAO.class).to(OpenAMClientDAO.class);
bind(OpenIdConnectClientRegistrationService.class).to(OpenAMOpenIdConnectClientRegistrationService.class);
bind(OpenAMSettings.class).toProvider(new Provider<OpenAMSettings>() {
public OpenAMSettings get() {
return new OpenAMSettingsImpl(OAuth2Constants.OAuth2ProviderService.NAME, OAuth2Constants.OAuth2ProviderService.VERSION);
}
});
bind(OpenIDTokenIssuer.class).to(OpenAMOpenIdTokenIssuer.class);
final Multibinder<AuthorizeRequestValidator> authorizeRequestValidators = Multibinder.newSetBinder(binder(), AuthorizeRequestValidator.class);
authorizeRequestValidators.addBinding().to(AuthorizeRequestValidatorImpl.class);
authorizeRequestValidators.addBinding().to(OpenIdConnectAuthorizeRequestValidator.class);
authorizeRequestValidators.addBinding().to(ClaimsParameterValidator.class);
authorizeRequestValidators.addBinding().to(SubjectTypeValidator.class);
authorizeRequestValidators.addBinding().to(CodeVerifierValidator.class);
final Multibinder<AuthorizationCodeRequestValidator> authorizationCodeRequestValidators = Multibinder.newSetBinder(binder(), AuthorizationCodeRequestValidator.class);
authorizationCodeRequestValidators.addBinding().to(AuthorizationCodeRequestValidatorImpl.class);
final Multibinder<ClientCredentialsRequestValidator> clientCredentialsRequestValidators = Multibinder.newSetBinder(binder(), ClientCredentialsRequestValidator.class);
clientCredentialsRequestValidators.addBinding().to(ClientCredentialsRequestValidatorImpl.class);
final Multibinder<PasswordCredentialsRequestValidator> passwordCredentialsRequestValidators = Multibinder.newSetBinder(binder(), PasswordCredentialsRequestValidator.class);
passwordCredentialsRequestValidators.addBinding().to(PasswordCredentialsRequestValidatorImpl.class);
final MapBinder<String, GrantTypeHandler> grantTypeHandlers = MapBinder.newMapBinder(binder(), String.class, GrantTypeHandler.class);
grantTypeHandlers.addBinding(CLIENT_CREDENTIALS).to(ClientCredentialsGrantTypeHandler.class);
grantTypeHandlers.addBinding(PASSWORD).to(PasswordCredentialsGrantTypeHandler.class);
grantTypeHandlers.addBinding(AUTHORIZATION_CODE).to(AuthorizationCodeGrantTypeHandler.class);
grantTypeHandlers.addBinding(DEVICE_CODE).to(DeviceCodeGrantTypeHandler.class);
grantTypeHandlers.addBinding(JWT_BEARER).to(JwtBearerGrantTypeHandler.class);
grantTypeHandlers.addBinding(OAuth2Constants.TokenEndpoint.SAML2_BEARER).to(Saml2GrantTypeHandler.class);
final Multibinder<AuthorizeRequestHook> authorizeRequestHooks = Multibinder.newSetBinder(binder(), AuthorizeRequestHook.class);
authorizeRequestHooks.addBinding().to(LoginHintHook.class);
final Multibinder<TokenRequestHook> tokenRequestHooks = Multibinder.newSetBinder(binder(), TokenRequestHook.class);
tokenRequestHooks.addBinding().to(LoginHintHook.class);
install(new FactoryModuleBuilder().implement(ResourceSetStore.class, OpenAMResourceSetStore.class).build(ResourceSetStoreFactory.class));
bind(TokenIdGenerator.class).to(ThreadSafeTokenIdGenerator.class);
Multibinder.newSetBinder(binder(), TokenIntrospectionHandler.class).addBinding().to(OAuth2TokenIntrospectionHandler.class);
bind(TokenIntrospectionService.class).to(TokenIntrospectionServiceImpl.class);
Multibinder.newSetBinder(binder(), ResourceSetRegistrationHook.class);
bind(OpenIDConnectURLValidator.class).toInstance(OpenIDConnectURLValidator.getInstance());
install(new LabelsGuiceModule());
bind(OAuth2UrisFactory.class).to(OpenAMOAuth2UrisFactory.class);
bind(new TypeLiteral<OAuth2UrisFactory<RealmInfo>>() {
}).to(OpenAMOAuth2UrisFactory.class);
}
use of org.forgerock.oauth2.core.AuthorizeRequestValidator in project OpenAM by OpenRock.
the class AuthorizationServiceImpl method authorize.
/**
* {@inheritDoc}
*/
public AuthorizationToken authorize(OAuth2Request request) throws ResourceOwnerAuthenticationRequired, ResourceOwnerConsentRequired, InvalidClientException, UnsupportedResponseTypeException, RedirectUriMismatchException, InvalidRequestException, AccessDeniedException, ServerException, LoginRequiredException, BadRequestException, InteractionRequiredException, ResourceOwnerConsentRequiredException, InvalidScopeException, NotFoundException {
final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
for (final AuthorizeRequestValidator requestValidator : requestValidators) {
requestValidator.validateRequest(request);
}
final String clientId = request.getParameter(CLIENT_ID);
final ClientRegistration clientRegistration = clientRegistrationStore.get(clientId, request);
final Set<String> scope = Utils.splitScope(request.<String>getParameter(SCOPE));
//plugin point
final Set<String> validatedScope = providerSettings.validateAuthorizationScope(clientRegistration, scope, request);
// is resource owner authenticated?
final ResourceOwner resourceOwner = resourceOwnerSessionValidator.validate(request);
final boolean consentSaved = providerSettings.isConsentSaved(resourceOwner, clientRegistration.getClientId(), validatedScope);
//plugin point
final boolean haveConsent = consentVerifier.verify(consentSaved, request, clientRegistration);
if (!haveConsent) {
String localeParameter = request.getParameter(LOCALE);
String uiLocaleParameter = request.getParameter(UI_LOCALES);
Locale locale = getLocale(uiLocaleParameter, localeParameter);
if (locale == null) {
locale = request.getLocale();
}
UserInfoClaims userInfo = null;
try {
userInfo = providerSettings.getUserInfo(request.getToken(AccessToken.class), request);
} catch (UnauthorizedClientException e) {
logger.debug("Couldn't get user info - continuing to display consent page without claims.", e);
}
String clientName = clientRegistration.getDisplayName(locale);
if (clientName == null) {
clientName = clientRegistration.getClientId();
logger.warn("Client does not have a display name or client name set. using client ID {} for display", clientName);
}
final String displayDescription = clientRegistration.getDisplayDescription(locale);
final String clientDescription = displayDescription == null ? "" : displayDescription;
final Map<String, String> scopeDescriptions = getScopeDescriptions(validatedScope, clientRegistration.getScopeDescriptions(locale));
final Map<String, String> claimDescriptions = getClaimDescriptions(userInfo.getValues(), clientRegistration.getClaimDescriptions(locale));
throw new ResourceOwnerConsentRequired(clientName, clientDescription, scopeDescriptions, claimDescriptions, userInfo, resourceOwner.getName(providerSettings));
}
return tokenIssuer.issueTokens(request, clientRegistration, resourceOwner, scope, providerSettings);
}
use of org.forgerock.oauth2.core.AuthorizeRequestValidator in project OpenAM by OpenRock.
the class AuthorizationServiceImplTest method setUp.
@BeforeMethod
public void setUp() throws Exception {
requestValidator = mock(AuthorizeRequestValidator.class);
List<AuthorizeRequestValidator> requestValidators = new ArrayList<AuthorizeRequestValidator>();
requestValidators.add(requestValidator);
resourceOwnerSessionValidator = mock(ResourceOwnerSessionValidator.class);
OAuth2ProviderSettingsFactory providerSettingsFactory = mock(OAuth2ProviderSettingsFactory.class);
resourceOwnerConsentVerifier = mock(ResourceOwnerConsentVerifier.class);
clientRegistrationStore = mock(ClientRegistrationStore.class);
tokenIssuer = mock(AuthorizationTokenIssuer.class);
ClientAuthenticationFailureFactory failureFactory = mock(ClientAuthenticationFailureFactory.class);
authorizationService = new AuthorizationServiceImpl(requestValidators, resourceOwnerSessionValidator, providerSettingsFactory, resourceOwnerConsentVerifier, clientRegistrationStore, tokenIssuer, failureFactory);
providerSettings = mock(OAuth2ProviderSettings.class);
given(providerSettingsFactory.get(Matchers.<OAuth2Request>anyObject())).willReturn(providerSettings);
}
Aggregations