Examples with Token org.forgerock.oauth2.core.Token used on opensource projects

Example 51 with Token

use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.

the class AccessTokenProtectionFilter method beforeHandle.

@Override
protected int beforeHandle(Request request, Response response) {
    ChallengeResponse challengeResponse = request.getChallengeResponse();
    Status failure = null;
    if (challengeResponse == null) {
        failure = new Status(401, new InvalidTokenException());
    } else {
        String tokenId = challengeResponse.getRawValue();
        try {
            OAuth2Request oAuth2Request = requestFactory.create(request);
            AccessToken accessToken = tokenStore.readAccessToken(oAuth2Request, tokenId);
            if (accessToken == null || accessToken.isExpired()) {
                failure = new Status(401, new InvalidTokenException());
            } else if (requiredScope != null && !accessToken.getScope().contains(requiredScope)) {
                failure = new Status(403, new InsufficientScopeException(requiredScope));
            } else {
                oAuth2Request.setToken(AccessToken.class, accessToken);
            }
        } catch (ServerException e) {
            failure = new Status(500, e);
        } catch (NotFoundException e) {
            debug.message("Error loading token with id: " + tokenId, e);
            failure = new Status(404, e);
        } catch (InvalidGrantException e) {
            debug.message("Error loading token with id: " + tokenId, e);
            failure = new Status(401, new InvalidTokenException());
        }
    }
    if (failure != null) {
        response.setStatus(failure);
        return STOP;
    }
    return super.beforeHandle(request, response);
}

Example 52 with Token

use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.

the class OpenAMResourceOwnerSessionValidator method validate.

/**
     * {@inheritDoc}
     */
public ResourceOwner validate(OAuth2Request request) throws ResourceOwnerAuthenticationRequired, AccessDeniedException, BadRequestException, InteractionRequiredException, LoginRequiredException, ServerException, NotFoundException {
    final OpenIdPrompt openIdPrompt = new OpenIdPrompt(request);
    if (!openIdPrompt.isValid()) {
        String message = "Invalid prompt parameter \"" + openIdPrompt.getOriginalValue() + "\"";
        logger.message(message);
        throw new BadRequestException(message);
    }
    SSOToken token = null;
    try {
        token = ssoTokenManager.createSSOToken(getHttpServletRequest(request.<Request>getRequest()));
    } catch (SSOException e) {
        logger.warning("Error authenticating user against OpenAM: ", e);
    }
    try {
        if (token == null) {
            token = ssoTokenManager.createSSOToken(request.getSession());
        }
    } catch (SSOException e) {
        logger.warning("Error authenticating user against OpenAM: ", e);
    }
    try {
        if (token != null) {
            try {
                // As the organization in the token is stored in lowercase, we need to lower case the auth2realm
                String auth2Realm = dnWrapper.orgNameToDN(realmNormaliser.normalise((String) request.getParameter("realm"))).toLowerCase();
                String tokenRealm = token.getProperty("Organization");
                // auth2Realm can't be null as we would have an error earlier
                if (!auth2Realm.equals(tokenRealm)) {
                    throw authenticationRequired(request);
                }
            } catch (SSOException e) {
                throw new AccessDeniedException(e);
            }
            if (openIdPrompt.containsLogin()) {
                throw authenticationRequired(request, token);
            }
            final String acrValuesStr = request.getParameter(ACR_VALUES);
            if (acrValuesStr != null) {
                setCurrentAcr(token, request, acrValuesStr);
            }
            try {
                final long authTime = stringToDate(token.getProperty(ISAuthConstants.AUTH_INSTANT)).getTime();
                if (isPastMaxAge(getMaxAge(request), authTime)) {
                    alterMaxAge(request);
                    throw authenticationRequired(request, token);
                }
                final AMIdentity id = IdUtils.getIdentity(AccessController.doPrivileged(AdminTokenAction.getInstance()), token.getProperty(Constants.UNIVERSAL_IDENTIFIER));
                return new OpenAMResourceOwner(id.getName(), id, authTime);
            } catch (Exception e) {
                //Exception as chance of MANY exception types here.
                logger.error("Error authenticating user against OpenAM: ", e);
                throw new LoginRequiredException();
            }
        } else if (PASSWORD.equals(request.getParameter(GRANT_TYPE))) {
            // been null from the attempted creation in L148.
            return getResourceOwner(request.getToken(AccessToken.class));
        } else {
            if (openIdPrompt.containsNone()) {
                logger.error("Not pre-authenticated and prompt parameter equals none.");
                if (request.getParameter(OAuth2Constants.Params.RESPONSE_TYPE) != null) {
                    throw new InteractionRequiredException(Utils.isOpenIdConnectFragmentErrorType(splitResponseType(request.<String>getParameter(RESPONSE_TYPE))) ? FRAGMENT : QUERY);
                } else {
                    throw new InteractionRequiredException();
                }
            } else if (!isRefreshToken(request)) {
                throw authenticationRequired(request);
            } else {
                return getResourceOwner(request.getToken(RefreshToken.class));
            }
        }
    } catch (SSOException | UnsupportedEncodingException | URISyntaxException e) {
        throw new AccessDeniedException(e);
    }
}

Example 53 with Token

use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.

the class OpenAMClientDAO method delete.

/**
     * {@inheritDoc}
     */
public void delete(String clientId, OAuth2Request request) throws UnauthorizedClientException {
    try {
        //get the AMIdentity
        final SSOToken token = AccessController.doPrivileged(AdminTokenAction.getInstance());
        final String realm = request.getParameter(OAuth2Constants.Custom.REALM);
        AMIdentityRepository repo = idRepoFactory.create(realm, token);
        AMIdentity theID = null;
        IdSearchControl idsc = new IdSearchControl();
        idsc.setRecursive(true);
        idsc.setAllReturnAttributes(true);
        // search for the identity
        Set<AMIdentity> results;
        idsc.setMaxResults(0);
        IdSearchResults searchResults = repo.searchIdentities(IdType.AGENTONLY, clientId, idsc);
        results = searchResults.getSearchResults();
        if (results == null || results.size() != 1) {
            logger.error("OpenAMClientDAO.delete(): No client profile or more than one profile found.");
            throw new UnauthorizedClientException("Not able to get client from OpenAM");
        }
        theID = results.iterator().next();
        //if the client is deactivated return null
        if (!theID.isActive()) {
            theID = null;
        }
        //delete the AMIdentity
        Set<AMIdentity> identities = new HashSet<AMIdentity>();
        identities.add(theID);
        repo.deleteIdentities(identities);
    } catch (SSOException e) {
        logger.error("OpenAMClientDAO.delete(): Unable to delete client", e);
        throw new UnauthorizedClientException();
    } catch (IdRepoException e) {
        logger.error("OpenAMClientDAO.delete(): Unable to delete client", e);
        throw new UnauthorizedClientException();
    }
}

Example 54 with Token

use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.

the class OpenAMClientDAO method create.

/**
     * {@inheritDoc}
     */
public void create(Client client, OAuth2Request request) throws InvalidClientMetadata {
    Map<String, Set<String>> attrs = createClientAttributeMap(client);
    try {
        final SSOToken token = AccessController.doPrivileged(AdminTokenAction.getInstance());
        final String realm = request.getParameter(OAuth2Constants.Custom.REALM);
        AMIdentityRepository repo = idRepoFactory.create(realm, token);
        repo.createIdentity(IdType.AGENTONLY, client.getClientID(), attrs);
    } catch (Exception e) {
        logger.error("ConnectClientRegistration.Validate(): Unable to create client", e);
        throw new InvalidClientMetadata();
    }
}

Example 55 with Token

use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.

the class OpenAMOAuth2ProviderSettingsFactory method addServiceListener.

private void addServiceListener() {
    try {
        final SSOToken token = AccessController.doPrivileged(AdminTokenAction.getInstance());
        final ServiceConfigManager serviceConfigManager = new ServiceConfigManager(token, OAuth2Constants.OAuth2ProviderService.NAME, OAuth2Constants.OAuth2ProviderService.VERSION);
        if (serviceConfigManager.addListener(this) == null) {
            logger.error("Could not add listener to ServiceConfigManager instance. OAuth2 provider service " + "removals will not be dynamically updated");
        }
    } catch (Exception e) {
        String message = "OAuth2Utils::Unable to construct ServiceConfigManager: " + e;
        logger.error(message, e);
        throw OAuthProblemException.OAuthError.SERVER_ERROR.handle(null, message);
    }
}