Example 6 with BadRequestException
use of org.forgerock.oauth2.core.exceptions.BadRequestException in project OpenAM by OpenRock.
the class OpenIDConnectEndSession method endSession.
/**
* Ends an OpenId Connect session.
*
* @param idToken The OpenId Token.
* @throws BadRequestException If the request is malformed.
* @throws ServerException If any internal server error occurs.
*/
public void endSession(String idToken) throws BadRequestException, ServerException {
if (idToken == null || idToken.isEmpty()) {
logger.warn("No id_token_hint parameter supplied to the endSession endpoint");
throw new BadRequestException("The endSession endpoint requires an id_token_hint parameter");
}
JwtReconstruction jwtReconstruction = new JwtReconstruction();
SignedJwt jwt = jwtReconstruction.reconstructJwt(idToken, SignedJwt.class);
JwtClaimsSet claims = jwt.getClaimsSet();
String opsId = (String) claims.getClaim(OAuth2Constants.JWTTokenParams.OPS);
if (opsId == null) {
opsId = (String) claims.getClaim(OAuth2Constants.JWTTokenParams.LEGACY_OPS);
}
openIDConnectProvider.destroySession(opsId);
}
Also used :
JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet)
JwtReconstruction(org.forgerock.json.jose.common.JwtReconstruction)
BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException)
SignedJwt(org.forgerock.json.jose.jws.SignedJwt)
Example 7 with BadRequestException
use of org.forgerock.oauth2.core.exceptions.BadRequestException in project OpenAM by OpenRock.
the class ClaimsParameterValidator method validateRequest.
@Override
public void validateRequest(OAuth2Request request) throws InvalidClientException, InvalidRequestException, RedirectUriMismatchException, UnsupportedResponseTypeException, ServerException, BadRequestException, InvalidScopeException, NotFoundException {
final OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
final String claims = request.getParameter(OAuth2Constants.Custom.CLAIMS);
//if we aren't supporting this no need to validate
if (!settings.getClaimsParameterSupported()) {
return;
}
//if we support, but it's not requested, no need to validate
if (claims == null) {
return;
}
final JSONObject claimsJson;
//convert claims into JSON object
try {
claimsJson = new JSONObject(claims);
} catch (JSONException e) {
throw new BadRequestException("Invalid JSON in supplied claims parameter.");
}
JSONObject userinfoClaims = null;
try {
userinfoClaims = claimsJson.getJSONObject(OAuth2Constants.UserinfoEndpoint.USERINFO);
} catch (Exception e) {
//fall through
}
//results in an Access Token being issued to the Client for use at the UserInfo Endpoint.
if (userinfoClaims != null) {
String responseType = request.getParameter(OAuth2Constants.Params.RESPONSE_TYPE);
if (responseType != null && responseType.trim().equals(OAuth2Constants.JWTTokenParams.ID_TOKEN)) {
throw new BadRequestException("Must request an access token when providing " + "userinfo in claims parameter.");
}
}
}
Also used :
JSONObject(org.json.JSONObject)
JSONException(org.json.JSONException)
BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException)
InvalidRequestException(org.forgerock.oauth2.core.exceptions.InvalidRequestException)
RedirectUriMismatchException(org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException)
JSONException(org.json.JSONException)
InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException)
BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException)
UnsupportedResponseTypeException(org.forgerock.oauth2.core.exceptions.UnsupportedResponseTypeException)
InvalidScopeException(org.forgerock.oauth2.core.exceptions.InvalidScopeException)
Example 8 with BadRequestException
use of org.forgerock.oauth2.core.exceptions.BadRequestException in project OpenAM by OpenRock.
the class ResourceSetRegistrationExceptionFilterTest method shouldSetBadRequestExceptionResponse.
@Test
@SuppressWarnings("unchecked")
public void shouldSetBadRequestExceptionResponse() throws Exception {
//Given
Request request = mock(Request.class);
Response response = mock(Response.class);
Exception exception = new BadRequestException("MESSAGE");
Status status = new Status(444, exception);
given(response.getStatus()).willReturn(status);
//When
exceptionFilter.afterHandle(request, response);
//Then
ArgumentCaptor<JacksonRepresentation> exceptionResponseCaptor = ArgumentCaptor.forClass(JacksonRepresentation.class);
verify(response).setEntity(exceptionResponseCaptor.capture());
Map<String, String> responseBody = (Map<String, String>) exceptionResponseCaptor.getValue().getObject();
assertThat(responseBody).containsOnly(entry("error", "bad_request"), entry("error_description", "MESSAGE"));
ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
verify(response).setStatus(statusCaptor.capture());
assertThat(statusCaptor.getValue().getCode()).isEqualTo(400);
assertThat(statusCaptor.getValue().getThrowable()).isEqualTo(exception);
}
Also used :
Response(org.restlet.Response)
Status(org.restlet.data.Status)
JacksonRepresentation(org.restlet.ext.jackson.JacksonRepresentation)
Request(org.restlet.Request)
BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException)
Map(java.util.Map)
BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException)
Test(org.testng.annotations.Test)
Example 9 with BadRequestException
use of org.forgerock.oauth2.core.exceptions.BadRequestException in project OpenAM by OpenRock.
the class ResourceSetRegistrationEndpoint method updateResourceSet.
@Put
public Representation updateResourceSet(JsonRepresentation entity) throws NotFoundException, ServerException, BadRequestException {
if (!isConditionalRequest()) {
throw new ResourceException(512, "precondition_failed", "Require If-Match header to update Resource Set", null);
}
final Map<String, Object> resourceSetDescriptionAttributes = validator.validate(toMap(entity));
final String resourceSetId = getResourceSetId();
ResourceSetStore store = providerSettingsFactory.get(requestFactory.create(getRequest())).getResourceSetStore();
ResourceSetDescription resourceSetDescription = store.read(resourceSetId, getResourceOwnerId()).update(resourceSetDescriptionAttributes);
JsonValue labels = resourceSetDescription.getDescription().get(OAuth2Constants.ResourceSets.LABELS);
resourceSetDescription.getDescription().remove(OAuth2Constants.ResourceSets.LABELS);
store.update(resourceSetDescription);
if (labels.isNotNull()) {
resourceSetDescription.getDescription().add(OAuth2Constants.ResourceSets.LABELS, labels.asSet());
} else {
resourceSetDescription.getDescription().add(OAuth2Constants.ResourceSets.LABELS, new HashSet<String>());
}
labelRegistration.updateLabelsForExistingResourceSet(resourceSetDescription);
return createJsonResponse(resourceSetDescription, false, true);
}
Also used :
ResourceSetStore(org.forgerock.oauth2.resources.ResourceSetStore)
JsonValue(org.forgerock.json.JsonValue)
ResourceException(org.restlet.resource.ResourceException)
ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription)
Put(org.restlet.resource.Put)
Example 10 with BadRequestException
use of org.forgerock.oauth2.core.exceptions.BadRequestException in project OpenAM by OpenRock.
the class ResourceSetResource method updateInstance.
/**
* Update the none system labels on a resource set only
*
* @param context {@inheritDoc}
* @param request {@inheritDoc}
*/
@Override
public Promise<ResourceResponse, ResourceException> updateInstance(Context context, String resourceId, UpdateRequest request) {
final Map<String, Object> resourceSetDescriptionAttributes;
try {
resourceSetDescriptionAttributes = validator.validate(request.getContent().asMap());
final String realm = getRealm(context);
final String userId = getUserId(context);
//remove this resource set id from all labels
Set<ResourceSetLabel> labels = umaLabelsStore.forResourceSet(realm, userId, resourceId, true);
for (ResourceSetLabel label : labels) {
if (!isSystemLabel(label)) {
label.removeResourceSetId(resourceId);
umaLabelsStore.update(realm, userId, label);
}
}
//add resource set id to new labels
for (String labelId : (List<String>) resourceSetDescriptionAttributes.get("labels")) {
ResourceSetLabel label = umaLabelsStore.read(realm, userId, labelId);
label.addResourceSetId(resourceId);
umaLabelsStore.update(realm, userId, label);
}
return resourceSetService.getResourceSet(context, realm, resourceId, userId, augmentWithPolicies(request)).thenAsync(new AsyncFunction<ResourceSetDescription, ResourceResponse, ResourceException>() {
@Override
public Promise<ResourceResponse, ResourceException> apply(ResourceSetDescription result) {
try {
JsonValue content = null;
content = getResourceSetJson(result, userId);
return newResultPromise(newResource(result.getId(), content));
} catch (ResourceException e) {
return e.asPromise();
}
}
});
} catch (ResourceException e) {
return e.asPromise();
} catch (org.forgerock.oauth2.core.exceptions.BadRequestException e) {
return new BadRequestException("Error retrieving labels.", e).asPromise();
}
}
Also used :
JsonValue(org.forgerock.json.JsonValue)
ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription)
ResourceSetLabel(org.forgerock.openam.oauth2.resources.labels.ResourceSetLabel)
Promises.newResultPromise(org.forgerock.util.promise.Promises.newResultPromise)
Promise(org.forgerock.util.promise.Promise)
Responses.newResourceResponse(org.forgerock.json.resource.Responses.newResourceResponse)
ResourceResponse(org.forgerock.json.resource.ResourceResponse)
BadRequestException(org.forgerock.json.resource.BadRequestException)
ArrayList(java.util.ArrayList)
List(java.util.List)
ResourceException(org.forgerock.json.resource.ResourceException)
Aggregations
BadRequestException (org.forgerock.oauth2.core.exceptions.BadRequestException)8
JsonValue (org.forgerock.json.JsonValue)7
OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)7
OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)6
ServerException (org.forgerock.oauth2.core.exceptions.ServerException)5
ResourceSetDescription (org.forgerock.oauth2.resources.ResourceSetDescription)5
HashMap (java.util.HashMap)4
NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)4
Test (org.testng.annotations.Test)4
AMIdentity (com.sun.identity.idm.AMIdentity)3
ArrayList (java.util.ArrayList)3
Map (java.util.Map)3
BadRequestException (org.forgerock.json.resource.BadRequestException)3
ResourceException (org.forgerock.json.resource.ResourceException)3
InvalidRequestException (org.forgerock.oauth2.core.exceptions.InvalidRequestException)3
UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)3
SSOException (com.iplanet.sso.SSOException)2
HashSet (java.util.HashSet)2
List (java.util.List)2
ResourceResponse (org.forgerock.json.resource.ResourceResponse)2
