Example 26 with OAuth2ProviderSettings
use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.
the class TokenInfoServiceImpl method getTokenInfo.
/**
* {@inheritDoc}
*/
public JsonValue getTokenInfo(OAuth2Request request) throws InvalidTokenException, InvalidRequestException, ExpiredTokenException, ServerException, BadRequestException, InvalidGrantException, NotFoundException {
final AccessTokenVerifier.TokenState headerToken = headerTokenVerifier.verify(request);
final AccessTokenVerifier.TokenState queryToken = queryTokenVerifier.verify(request);
final Map<String, Object> response = new HashMap<String, Object>();
if (!headerToken.isValid() && !queryToken.isValid()) {
logger.error("Access Token not valid");
throw new InvalidRequestException("Access Token not valid");
} else if (headerToken.isValid() && queryToken.isValid()) {
logger.error("Access Token provided in both query and header in request");
throw new InvalidRequestException("Access Token cannot be provided in both query and header");
} else {
final AccessToken accessToken = request.getToken(AccessToken.class);
logger.trace("In Validator resource - got token = " + accessToken);
final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
final Map<String, Object> scopeEvaluation = providerSettings.evaluateScope(accessToken);
response.putAll(accessToken.getTokenInfo());
response.putAll(scopeEvaluation);
return new JsonValue(response);
}
}
Also used :
HashMap(java.util.HashMap)
JsonValue(org.forgerock.json.JsonValue)
InvalidRequestException(org.forgerock.oauth2.core.exceptions.InvalidRequestException)
HashMap(java.util.HashMap)
Map(java.util.Map)
AccessTokenVerifier(org.forgerock.oauth2.core.AccessTokenVerifier)
Example 27 with OAuth2ProviderSettings
use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.
the class AuthorizationRequestEndpoint method getResourceSet.
private ResourceSetDescription getResourceSet(String resourceSetId, OAuth2ProviderSettings providerSettings) throws UmaException {
try {
ResourceSetStore store = providerSettings.getResourceSetStore();
Set<ResourceSetDescription> results = store.query(QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_SET_ID, resourceSetId));
if (results.size() != 1) {
throw new UmaException(400, "invalid_resource_set_id", "Could not fing Resource Set, " + resourceSetId);
}
return results.iterator().next();
} catch (ServerException e) {
throw new UmaException(400, "invalid_resource_set_id", e.getMessage());
}
}
Also used :
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
ResourceSetStore(org.forgerock.oauth2.resources.ResourceSetStore)
ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription)
Example 28 with OAuth2ProviderSettings
use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.
the class AuthorizationRequestEndpoint method isEntitled.
private boolean isEntitled(UmaProviderSettings umaProviderSettings, OAuth2ProviderSettings oauth2ProviderSettings, PermissionTicket permissionTicket, String requestingPartyId) throws EntitlementException, ServerException, UmaException {
String realm = permissionTicket.getRealm();
String resourceSetId = permissionTicket.getResourceSetId();
String resourceName = UmaConstants.UMA_POLICY_SCHEME;
Subject resourceOwnerSubject;
try {
ResourceSetStore store = oauth2ProviderSettings.getResourceSetStore();
Set<ResourceSetDescription> results = store.query(QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_SET_ID, resourceSetId));
if (results.size() != 1) {
throw new NotFoundException("Could not find Resource Set, " + resourceSetId);
}
resourceName += results.iterator().next().getId();
resourceOwnerSubject = UmaUtils.createSubject(createIdentity(results.iterator().next().getResourceOwnerId(), realm));
} catch (NotFoundException e) {
debug.message("Couldn't find resource that permission ticket is registered for", e);
throw new ServerException("Couldn't find resource that permission ticket is registered for");
}
Subject requestingPartySubject = UmaUtils.createSubject(createIdentity(requestingPartyId, realm));
beforeAuthorization(permissionTicket, requestingPartySubject, resourceOwnerSubject);
// Implicitly grant access to the resource owner
if (isRequestingPartyResourceOwner(requestingPartySubject, resourceOwnerSubject)) {
afterAuthorization(true, permissionTicket, requestingPartySubject, resourceOwnerSubject);
return true;
}
List<Entitlement> entitlements = umaProviderSettings.getPolicyEvaluator(requestingPartySubject, permissionTicket.getResourceServerClientId().toLowerCase()).evaluate(realm, requestingPartySubject, resourceName, null, false);
Set<String> requestedScopes = permissionTicket.getScopes();
Set<String> requiredScopes = new HashSet<>(requestedScopes);
for (Entitlement entitlement : entitlements) {
for (String requestedScope : requestedScopes) {
final Boolean actionValue = entitlement.getActionValue(requestedScope);
if (actionValue != null && actionValue) {
requiredScopes.remove(requestedScope);
}
}
}
boolean isAuthorized = requiredScopes.isEmpty();
afterAuthorization(isAuthorized, permissionTicket, requestingPartySubject, resourceOwnerSubject);
return isAuthorized;
}
Also used :
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException)
ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription)
Subject(javax.security.auth.Subject)
ResourceSetStore(org.forgerock.oauth2.resources.ResourceSetStore)
Entitlement(com.sun.identity.entitlement.Entitlement)
HashSet(java.util.HashSet)
Example 29 with OAuth2ProviderSettings
use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.
the class UmaProviderSettingsFactory method get.
/**
* <p>Gets the instance of the UmaProviderSettings.</p>
*
* <p>Cache each provider settings on the realm it was created for.</p>
*
* @param realm The realm.
* @return The OAuth2ProviderSettings instance.
*/
public UmaProviderSettings get(String realm) throws NotFoundException {
synchronized (providerSettingsMap) {
UmaProviderSettingsImpl providerSettings = providerSettingsMap.get(realm);
if (providerSettings == null) {
OAuth2ProviderSettings oAuth2ProviderSettings = oAuth2ProviderSettingsFactory.get(realm);
providerSettings = getUmaProviderSettings(realm, oAuth2ProviderSettings);
}
return providerSettings;
}
}
Also used :
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
Example 30 with OAuth2ProviderSettings
use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.
the class SubjectTypeValidator method validateRequest.
@Override
public void validateRequest(OAuth2Request request) throws InvalidClientException, NotFoundException, ServerException {
final OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
final Set<String> subjectTypesSupported = settings.getSupportedSubjectTypes();
final String subjectType = clientRegistrationStore.get((String) request.getParameter(OAuth2Constants.Params.CLIENT_ID), request).getSubjectType().toLowerCase();
for (String supported : subjectTypesSupported) {
if (supported.toLowerCase().equals(subjectType)) {
return;
}
}
throw failureFactory.getException(request, "Server does not support this client's subject type.");
}
Also used :
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
Aggregations
OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)39
ServerException (org.forgerock.oauth2.core.exceptions.ServerException)18
OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)15
JsonValue (org.forgerock.json.JsonValue)9
AccessToken (org.forgerock.oauth2.core.AccessToken)9
HashSet (java.util.HashSet)8
OAuth2Uris (org.forgerock.oauth2.core.OAuth2Uris)8
HashMap (java.util.HashMap)7
ResourceSetStore (org.forgerock.oauth2.resources.ResourceSetStore)7
Request (org.restlet.Request)7
NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)6
ResourceSetDescription (org.forgerock.oauth2.resources.ResourceSetDescription)6
JSONObject (org.json.JSONObject)6
Test (org.testng.annotations.Test)6
UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)5
CoreTokenException (org.forgerock.openam.cts.exceptions.CoreTokenException)5
OpenIdConnectClientRegistration (org.forgerock.openidconnect.OpenIdConnectClientRegistration)5
BeforeTest (org.testng.annotations.BeforeTest)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
OAuth2ProviderSettingsFactory (org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory)4
