use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.
the class UmaTokenStore method deleteRPT.
public void deleteRPT(String id) throws NotFoundException, ServerException {
try {
// check token is RPT
readRPT(id);
cts.delete(id);
} catch (CoreTokenException e) {
throw new ServerException("Could not delete token: " + id);
}
}
use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.
the class UmaTokenStore method readToken.
public UmaToken readToken(String ticketId, JavaBeanAdapter<? extends UmaToken> adapter) throws NotFoundException {
try {
Token token = cts.read(ticketId);
if (token == null) {
throw new NotFoundException("No valid ticket exists with ticketId");
}
UmaToken ticket = adapter.fromToken(token);
if (!realm.equals(ticket.getRealm())) {
throw new NotFoundException("No valid ticket exists with ticketId in the realm, " + realm);
}
return ticket;
} catch (CoreTokenException e) {
throw new NotFoundException("No valid ticket exists with ticketId");
}
}
use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.
the class RestletHeaderAccessTokenVerifierTest method shouldCheckExpired.
@Test
public void shouldCheckExpired() throws Exception {
// Given
ChallengeResponse challengeResponse = new ChallengeResponse(ChallengeScheme.CUSTOM, "foo", "bar");
challengeResponse.setRawValue("freddy");
Request request = new Request();
request.setChallengeResponse(challengeResponse);
OAuth2Request req = new RestletOAuth2Request(null, request);
AccessToken token = new AccessToken(json(object()), "access_token", "freddy") {
@Override
public boolean isExpired() {
return true;
}
};
when(tokenStore.readAccessToken(req, "freddy")).thenReturn(token);
// When
AccessTokenVerifier.TokenState result = verifier.verify(req);
// Then
assertThat(result.isValid()).isFalse();
verify(tokenStore).readAccessToken(req, "freddy");
}
use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.
the class RestletHeaderAccessTokenVerifierTest method shouldCheckValid.
@Test
public void shouldCheckValid() throws Exception {
// Given
ChallengeResponse challengeResponse = new ChallengeResponse(ChallengeScheme.CUSTOM, "foo", "bar");
challengeResponse.setRawValue("freddy");
Request request = new Request();
request.setChallengeResponse(challengeResponse);
OAuth2Request req = new RestletOAuth2Request(null, request);
AccessToken token = new AccessToken(json(object()), "access_token", "freddy") {
@Override
public boolean isExpired() {
return false;
}
};
when(tokenStore.readAccessToken(req, "freddy")).thenReturn(token);
// When
AccessTokenVerifier.TokenState result = verifier.verify(req);
// Then
assertThat(result.isValid()).isTrue();
assertThat(result.getTokenId()).isEqualTo("freddy");
verify(tokenStore).readAccessToken(req, "freddy");
}
use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.
the class OAuth2RouterProvider method get.
@Override
public Router get() {
final Router router = new RestletRealmRouter(realmValidator, coreWrapper);
// Standard OAuth2 endpoints
router.attach("/authorize", auditWithOAuthFilter(new AuthorizeEndpointFilter(wrap(AuthorizeResource.class), jacksonRepresentationFactory)));
router.attach("/access_token", auditWithOAuthFilter(new TokenEndpointFilter(new AccessTokenFlowFinder(), jacksonRepresentationFactory), formAuditor(RESPONSE_TYPE, GRANT_TYPE, CLIENT_ID, USERNAME, SCOPE, REDIRECT_URI), jacksonAuditor(SCOPE, TOKEN_TYPE)));
router.attach("/tokeninfo", auditWithOAuthFilter(wrap(ValidationServerResource.class), noBodyAuditor(), jacksonAuditor(SCOPE, TOKEN_TYPE)));
// OAuth 2.0 Token Introspection Endpoint
router.attach("/introspect", auditWithOAuthFilter(wrap(TokenIntrospectionResource.class), formAuditor(TOKEN_TYPE_HINT), jsonAuditor(SCOPE, TOKEN_TYPE, CLIENT_ID, USERNAME, ACTIVE)));
// OpenID Connect endpoints
router.attach("/connect/register", auditWithOAuthFilter(wrap(ConnectClientRegistration.class), jsonAuditor(CLIENT_NAME.getType(), APPLICATION_TYPE.getType(), REDIRECT_URIS.getType()), jacksonAuditor(CLIENT_ID, CLIENT_NAME.getType(), APPLICATION_TYPE.getType(), REDIRECT_URIS.getType())));
router.attach("/userinfo", auditWithOAuthFilter(wrap(UserInfo.class)));
router.attach("/connect/endSession", auditWithOAuthFilter(wrap(EndSession.class)));
router.attach("/connect/jwk_uri", auditWithOAuthFilter(wrap(OpenIDConnectJWKEndpoint.class)));
// Resource Set Registration
Restlet resourceSetRegistrationEndpoint = auditWithOAuthFilter(getRestlet(OAuth2Constants.Custom.RSR_ENDPOINT), jsonAuditor(NAME, SCOPES), jacksonAuditor("_id"));
router.attach("/resource_set/{rsid}", resourceSetRegistrationEndpoint);
router.attach("/resource_set", resourceSetRegistrationEndpoint);
router.attach("/resource_set/", resourceSetRegistrationEndpoint);
// OpenID Connect Discovery
router.attach("/.well-known/openid-configuration", auditWithOAuthFilter(wrap(OpenIDConnectConfiguration.class)));
// OAuth 2 Device Flow
router.attach("/device/user", auditWithOAuthFilter(wrap(DeviceCodeVerificationResource.class)));
router.attach("/device/code", auditWithOAuthFilter(wrap(DeviceCodeResource.class), formAuditor(RESPONSE_TYPE, GRANT_TYPE, CLIENT_ID, SCOPE), noBodyAuditor()));
return router;
}
Aggregations