Example 31 with OAuth2ProviderSettings
use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.
the class UmaAuditLogger method getResourceSet.
private ResourceSetDescription getResourceSet(String resourceSetId, OAuth2ProviderSettings providerSettings) throws UmaException {
try {
ResourceSetStore store = providerSettings.getResourceSetStore();
Set<ResourceSetDescription> results = store.query(QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_SET_ID, resourceSetId));
if (results.size() != 1) {
throw new UmaException(400, "invalid_resource_set_id", "Could not find Resource Set, " + resourceSetId);
}
return results.iterator().next();
} catch (org.forgerock.oauth2.core.exceptions.ServerException e) {
throw new UmaException(400, "invalid_resource_set_id", e.getMessage());
}
}
Also used :
ResourceSetStore(org.forgerock.oauth2.resources.ResourceSetStore)
UmaException(org.forgerock.openam.uma.UmaException)
ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription)
Example 32 with OAuth2ProviderSettings
use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.
the class UmaAuditLogger method getResourceName.
public String getResourceName(String resourceSetId, Request request) throws NotFoundException, UmaException, org.forgerock.oauth2.core.exceptions.ServerException {
OAuth2ProviderSettings providerSettings = oauth2ProviderSettingsFactory.get(requestFactory.create(request));
ResourceSetDescription resourceSetDescription = getResourceSet(resourceSetId, providerSettings);
return resourceSetDescription.getName();
}
Also used :
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription)
Example 33 with OAuth2ProviderSettings
use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.
the class PermissionRequestEndpoint method registerPermissionRequest.
/**
* Registers the permission that the client requires for it to be able to access a protected resource.
*
* @param entity The permission request JSON body.
* @return A JSON object containing the permission ticket.
* @throws UmaException If the JSON request body is invalid or the requested resource set does not exist.
*/
@Post
public Representation registerPermissionRequest(JsonRepresentation entity) throws UmaException, NotFoundException, ServerException {
JsonValue permissionRequest = json(toMap(entity));
String resourceSetId = getResourceSetId(permissionRequest);
OAuth2Request oAuth2Request = requestFactory.create(getRequest());
String clientId = getClientId(oAuth2Request);
OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(oAuth2Request);
String resourceOwnerId = getResourceOwnerId(oAuth2Request);
ResourceSetDescription resourceSetDescription = getResourceSet(resourceSetId, resourceOwnerId, providerSettings);
Set<String> scopes = validateScopes(permissionRequest, resourceSetDescription);
for (PermissionRequestFilter filter : extensionFilterManager.getFilters(PermissionRequestFilter.class)) {
filter.onPermissionRequest(resourceSetDescription, scopes, clientId);
}
String ticket = umaProviderSettingsFactory.get(getRequest()).getUmaTokenStore().createPermissionTicket(resourceSetId, scopes, clientId).getId();
return setResponse(201, Collections.<String, Object>singletonMap("ticket", ticket));
}
Also used :
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
PermissionRequestFilter(org.forgerock.openam.uma.extensions.PermissionRequestFilter)
JsonValue(org.forgerock.json.JsonValue)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription)
Post(org.restlet.resource.Post)
Example 34 with OAuth2ProviderSettings
use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.
the class IdTokenClaimGatherer method getRequestingPartyId.
@Override
public String getRequestingPartyId(OAuth2Request oAuth2Request, AccessToken authorizationApiToken, JsonValue claimToken) {
try {
SignedJwt idToken = jwtReconstruction.reconstructJwt(claimToken.asString(), SignedJwt.class);
OAuth2ProviderSettings oAuth2ProviderSettings = oauth2ProviderSettingsFactory.get(oAuth2Request);
OAuth2Uris oAuth2Uris = oAuth2UrisFactory.get(oAuth2Request);
byte[] clientSecret = clientRegistrationStore.get(authorizationApiToken.getClientId(), oAuth2Request).getClientSecret().getBytes(Utils.CHARSET);
KeyPair keyPair = oAuth2ProviderSettings.getServerKeyPair();
if (!idToken.getClaimsSet().getIssuer().equals(oAuth2Uris.getIssuer())) {
logger.warn("Issuer of id token, {0}, does not match issuer of authorization server, {1}.", idToken.getClaimsSet().getIssuer(), oAuth2Uris.getIssuer());
return null;
}
if (!verify(clientSecret, keyPair, idToken)) {
logger.warn("Signature of id token is invalid.");
return null;
}
return idToken.getClaimsSet().getSubject();
} catch (InvalidClientException e) {
logger.error("Failed to find client", e);
return null;
} catch (NotFoundException | ServerException e) {
logger.error("Failed to find OAuth2 settings", e);
return null;
}
}
Also used :
KeyPair(java.security.KeyPair)
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
OAuth2Uris(org.forgerock.oauth2.core.OAuth2Uris)
InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException)
NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException)
SignedJwt(org.forgerock.json.jose.jws.SignedJwt)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
Example 35 with OAuth2ProviderSettings
use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.
the class UmaUrisFactory method get.
/**
* <p>Gets the instance of the UmaProviderSettings.</p>
*
* <p>Cache each provider settings on the realm it was created for.</p>
*
* @param context The context instance from which the base URL can be deduced.
* @param realmInfo The realm.
* @return The OAuth2ProviderSettings instance.
*/
public UmaUris get(Context context, RealmInfo realmInfo) throws NotFoundException, ServerException {
String absoluteRealm = realmInfo.getAbsoluteRealm();
HttpContext httpContext = context.asContext(HttpContext.class);
String baseUrl;
try {
baseUrl = baseURLProviderFactory.get(absoluteRealm).getRealmURL(httpContext, "/uma", absoluteRealm);
} catch (InvalidBaseUrlException e) {
throw new ServerException("Configuration error");
}
UmaUris uris = urisMap.get(baseUrl);
if (uris == null) {
OAuth2Uris oAuth2Uris = oAuth2UriFactory.get(context, realmInfo);
uris = get(absoluteRealm, oAuth2Uris, baseUrl);
}
return uris;
}
Also used :
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
OAuth2Uris(org.forgerock.oauth2.core.OAuth2Uris)
HttpContext(org.forgerock.json.resource.http.HttpContext)
InvalidBaseUrlException(org.forgerock.openam.services.baseurl.InvalidBaseUrlException)
Aggregations
OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)39
ServerException (org.forgerock.oauth2.core.exceptions.ServerException)18
OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)15
JsonValue (org.forgerock.json.JsonValue)9
AccessToken (org.forgerock.oauth2.core.AccessToken)9
HashSet (java.util.HashSet)8
OAuth2Uris (org.forgerock.oauth2.core.OAuth2Uris)8
HashMap (java.util.HashMap)7
ResourceSetStore (org.forgerock.oauth2.resources.ResourceSetStore)7
Request (org.restlet.Request)7
NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)6
ResourceSetDescription (org.forgerock.oauth2.resources.ResourceSetDescription)6
JSONObject (org.json.JSONObject)6
Test (org.testng.annotations.Test)6
UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)5
CoreTokenException (org.forgerock.openam.cts.exceptions.CoreTokenException)5
OpenIdConnectClientRegistration (org.forgerock.openidconnect.OpenIdConnectClientRegistration)5
BeforeTest (org.testng.annotations.BeforeTest)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
OAuth2ProviderSettingsFactory (org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory)4
