Examples with OAuth2ProviderSettings org.forgerock.oauth2.core.OAuth2ProviderSettings used on opensource projects

Example 46 with OAuth2ProviderSettings

use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.

the class OpenAMOAuth2UrisFactory method getOAuth2Uris.

private synchronized OAuth2Uris getOAuth2Uris(String absoluteRealm, String baseUrlPattern) throws NotFoundException {
    OAuth2Uris uris = urisMap.get(baseUrlPattern);
    if (uris != null) {
        return uris;
    }
    OAuth2ProviderSettings oAuth2ProviderSettings = oAuth2ProviderSettingsFactory.get(absoluteRealm);
    uris = new OAuth2UrisImpl(baseUrlPattern, absoluteRealm, oAuth2ProviderSettings);
    urisMap.put(baseUrlPattern, uris);
    return uris;
}

Example 47 with OAuth2ProviderSettings

use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.

the class IdentityManager method getResourceOwnerIdentity.

/**
     * Gets a resource owner's identity.
     *
     * @param username The resource owner's username.
     * @param realm The resource owner's realm.
     * @return The resource owner's identity.
     * @throws UnauthorizedClientException If the resource owner's identity cannot be found.
     */
public AMIdentity getResourceOwnerIdentity(String username, final String realm) throws UnauthorizedClientException {
    final SSOToken token = AccessController.doPrivileged(AdminTokenAction.getInstance());
    final AMIdentity amIdentity;
    try {
        final AMIdentityRepository amIdRepo = new AMIdentityRepository(token, realm);
        final IdSearchControl idsc = new IdSearchControl();
        idsc.setRecursive(true);
        idsc.setAllReturnAttributes(true);
        // search for the identity
        final Set<AMIdentity> results = new HashSet<AMIdentity>();
        idsc.setMaxResults(0);
        IdSearchResults searchResults = amIdRepo.searchIdentities(IdType.USER, username, idsc);
        if (searchResults != null && !searchResults.getResultAttributes().isEmpty()) {
            results.addAll(searchResults.getSearchResults());
        } else {
            OAuth2ProviderSettings settings = providerSettingsFactory.get(new OAuth2Request() {

                public <T> T getRequest() {
                    throw new UnsupportedOperationException("Realm parameter only OAuth2Request");
                }

                public <T> T getParameter(String name) {
                    if ("realm".equals(name)) {
                        return (T) realm;
                    }
                    throw new UnsupportedOperationException("Realm parameter only OAuth2Request");
                }

                public JsonValue getBody() {
                    throw new UnsupportedOperationException("Realm parameter only OAuth2Request");
                }

                @Override
                public Locale getLocale() {
                    throw new UnsupportedOperationException();
                }
            });
            final Map<String, Set<String>> avPairs = toAvPairMap(settings.getResourceOwnerAuthenticatedAttributes(), username);
            idsc.setSearchModifiers(IdSearchOpModifier.OR, avPairs);
            searchResults = amIdRepo.searchIdentities(IdType.USER, "*", idsc);
            if (searchResults != null) {
                results.addAll(searchResults.getSearchResults());
            }
        }
        if (results.size() != 1) {
            logger.error("No user profile or more than one profile found.");
            throw new UnauthorizedClientException("Not able to get user from OpenAM");
        }
        amIdentity = results.iterator().next();
        //if the client is deactivated return null
        if (amIdentity.isActive()) {
            return amIdentity;
        } else {
            return null;
        }
    } catch (Exception e) {
        logger.error("Unable to get client AMIdentity: ", e);
        throw new UnauthorizedClientException("Not able to get client from OpenAM");
    }
}

Example 48 with OAuth2ProviderSettings

use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.

the class OAuth2UserApplications method getResourceResponse.

private ResourceResponse getResourceResponse(Context context, String clientId, Iterable<JsonValue> tokens) throws NotFoundException, InvalidClientException, ServerException, InternalServerErrorException {
    String realm = getAttributeValue(tokens.iterator().next(), REALM.getOAuthField());
    OAuth2ProviderSettings oAuth2ProviderSettings = oAuth2ProviderSettingsFactory.get(context);
    ClientRegistration clientRegistration = clientRegistrationStore.get(clientId, realm, context);
    Map<String, String> scopeDescriptions = clientRegistration.getScopeDescriptions(getLocale(context));
    Map<String, String> scopes = new HashMap<>();
    for (JsonValue token : tokens) {
        for (String scope : token.get(SCOPE.getOAuthField()).asSet(String.class)) {
            if (scopeDescriptions.containsKey(scope)) {
                scopes.put(scope, scopeDescriptions.get(scope));
            } else {
                scopes.put(scope, scope);
            }
        }
    }
    String displayName = clientRegistration.getDisplayName(getLocale(context));
    String expiryDateTime = calculateExpiryDateTime(tokens, oAuth2ProviderSettings);
    JsonValue content = json(object(field("_id", clientId), field("name", displayName), field("scopes", scopes), field("expiryDateTime", expiryDateTime)));
    return Responses.newResourceResponse(clientId, String.valueOf(content.getObject().hashCode()), content);
}

Example 49 with OAuth2ProviderSettings

use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.

the class SubjectTypeValidator method validateRequest.

@Override
public void validateRequest(OAuth2Request request) throws InvalidClientException, NotFoundException, ServerException {
    final OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
    final Set<String> subjectTypesSupported = settings.getSupportedSubjectTypes();
    final String subjectType = clientRegistrationStore.get((String) request.getParameter(OAuth2Constants.Params.CLIENT_ID), request).getSubjectType().toLowerCase();
    for (String supported : subjectTypesSupported) {
        if (supported.toLowerCase().equals(subjectType)) {
            return;
        }
    }
    throw failureFactory.getException(request, "Server does not support this client's subject type.");
}

Example 50 with OAuth2ProviderSettings

use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.

the class UserInfoServiceImpl method getUserInfo.

/**
     * {@inheritDoc}
     */
public JsonValue getUserInfo(OAuth2Request request) throws OAuth2Exception {
    AccessTokenVerifier.TokenState headerToken = headerTokenVerifier.verify(request);
    AccessTokenVerifier.TokenState formToken = formTokenVerifier.verify(request);
    if (!headerToken.isValid() && !formToken.isValid()) {
        logger.debug("No access token provided for this request.");
        throw new InvalidTokenException();
    }
    if (headerToken.isValid() && formToken.isValid()) {
        logger.debug("Access token provided in both form and header.");
        throw new ServerException("Access Token cannot be provided in both form and header");
    }
    final String tokenId = headerToken.isValid() ? headerToken.getTokenId() : formToken.getTokenId();
    final AccessToken token = tokenStore.readAccessToken(request, tokenId);
    final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
    return new JsonValue(providerSettings.getUserInfo(token, request).getValues());
}