Example 21 with BadRequestException
use of org.forgerock.oauth2.core.exceptions.BadRequestException in project OpenAM by OpenRock.
the class TokenResource method queryCollection.
@Override
public Promise<QueryResponse, ResourceException> queryCollection(Context context, QueryRequest queryRequest, QueryResourceHandler handler) {
try {
JsonValue response;
Collection<QueryFilter<CoreTokenField>> query = new ArrayList<QueryFilter<CoreTokenField>>();
//get uid of submitter
AMIdentity uid;
try {
uid = getUid(context);
if (!uid.equals(adminUserId)) {
query.add(QueryFilter.equalTo(USERNAME_FIELD, uid.getName()));
query.add(QueryFilter.equalTo(REALM_FIELD, DNMapper.orgNameToRealmName(uid.getRealm())));
}
} catch (Exception e) {
if (debug.errorEnabled()) {
debug.error("TokenResource :: QUERY : Unable to query collection as no UID discovered " + "for requesting user.");
}
return new PermanentException(401, "Unauthorized", e).asPromise();
}
String id = queryRequest.getQueryId();
String queryString;
if (id.equals("access_token")) {
queryString = "tokenName=access_token";
} else {
queryString = id;
}
String[] constraints = queryString.split(",");
boolean userNamePresent = false;
for (String constraint : constraints) {
String[] params = constraint.split("=");
if (params.length == 2) {
if (OAuthTokenField.USER_NAME.getOAuthField().equals(params[0])) {
userNamePresent = true;
}
query.add(QueryFilter.equalTo(getOAuth2TokenField(params[0]), params[1]));
}
}
if (adminUserId.equals(uid)) {
if (!userNamePresent) {
return new BadRequestException("userName field MUST be set in _queryId").asPromise();
}
} else if (userNamePresent) {
return new BadRequestException("userName field MUST NOT be set in _queryId").asPromise();
}
response = tokenStore.query(QueryFilter.and(query));
return handleResponse(handler, response, context);
} catch (UnauthorizedClientException e) {
debug.error("TokenResource :: QUERY : Unable to query collection as the client is not authorized.", e);
return new PermanentException(401, e.getMessage(), e).asPromise();
} catch (CoreTokenException e) {
debug.error("TokenResource :: QUERY : Unable to query collection as the token store is not available.", e);
return new ServiceUnavailableException(e.getMessage(), e).asPromise();
} catch (InternalServerErrorException e) {
debug.error("TokenResource :: QUERY : Unable to query collection as writing the response failed.", e);
return e.asPromise();
} catch (NotFoundException e) {
debug.error("TokenResource :: QUERY : Unable to query collection as realm does not have OAuth 2 provider.", e);
return e.asPromise();
}
}
Also used :
JsonValue(org.forgerock.json.JsonValue)
ArrayList(java.util.ArrayList)
CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)
NotFoundException(org.forgerock.json.resource.NotFoundException)
CoreTokenField(org.forgerock.openam.tokens.CoreTokenField)
ServiceUnavailableException(org.forgerock.json.resource.ServiceUnavailableException)
PermanentException(org.forgerock.json.resource.PermanentException)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
ServiceUnavailableException(org.forgerock.json.resource.ServiceUnavailableException)
UnauthorizedClientException(org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)
SSOException(com.iplanet.sso.SSOException)
NotFoundException(org.forgerock.json.resource.NotFoundException)
BadRequestException(org.forgerock.json.resource.BadRequestException)
IdRepoException(com.sun.identity.idm.IdRepoException)
SMSException(com.sun.identity.sm.SMSException)
ResourceException(org.forgerock.json.resource.ResourceException)
CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)
QueryFilter(org.forgerock.util.query.QueryFilter)
AMIdentity(com.sun.identity.idm.AMIdentity)
PermanentException(org.forgerock.json.resource.PermanentException)
UnauthorizedClientException(org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)
BadRequestException(org.forgerock.json.resource.BadRequestException)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
Example 22 with BadRequestException
use of org.forgerock.oauth2.core.exceptions.BadRequestException in project OpenAM by OpenRock.
the class AuthorizationRequestEndpoint method requestAuthorization.
@Post
public Representation requestAuthorization(JsonRepresentation entity) throws BadRequestException, UmaException, EntitlementException, ServerException, NotFoundException {
UmaProviderSettings umaProviderSettings = umaProviderSettingsFactory.get(this.getRequest());
final OAuth2Request oauth2Request = requestFactory.create(getRequest());
OAuth2ProviderSettings oauth2ProviderSettings = oauth2ProviderSettingsFactory.get(oauth2Request);
OAuth2Uris oAuth2Uris = oAuth2UrisFactory.get(oauth2Request);
final UmaTokenStore umaTokenStore = umaProviderSettings.getUmaTokenStore();
String realm = oauth2Request.getParameter("realm");
JsonValue requestBody = json(toMap(entity));
PermissionTicket permissionTicket = getPermissionTicket(umaTokenStore, requestBody);
validatePermissionTicketHolder(umaTokenStore, permissionTicket);
final String resourceSetId = permissionTicket.getResourceSetId();
final Request request = getRequest();
final String resourceOwnerId = getResourceOwnerId(oauth2ProviderSettings, resourceSetId);
AMIdentity resourceOwner = createIdentity(resourceOwnerId, realm);
String requestingPartyId = null;
try {
requestingPartyId = getRequestingPartyId(umaProviderSettings, oAuth2Uris, requestBody);
} finally {
auditLogger.log(resourceSetId, resourceOwner, UmaAuditType.REQUEST, request, requestingPartyId == null ? getAuthorisationApiToken().getResourceOwnerId() : requestingPartyId);
}
if (isEntitled(umaProviderSettings, oauth2ProviderSettings, permissionTicket, requestingPartyId)) {
getResponse().setStatus(new Status(200));
auditLogger.log(resourceSetId, resourceOwner, UmaAuditType.GRANTED, request, requestingPartyId);
return createJsonRpt(umaTokenStore, permissionTicket);
} else {
try {
if (verifyPendingRequestDoesNotAlreadyExist(resourceSetId, resourceOwnerId, permissionTicket.getRealm(), requestingPartyId, permissionTicket.getScopes())) {
auditLogger.log(resourceSetId, resourceOwner, UmaAuditType.DENIED, request, requestingPartyId);
throw new UmaException(403, UmaConstants.NOT_AUTHORISED_ERROR_CODE, "The client is not authorised to access the requested resource set");
} else {
pendingRequestsService.createPendingRequest(ServletUtils.getRequest(getRequest()), resourceSetId, auditLogger.getResourceName(resourceSetId, request), resourceOwnerId, requestingPartyId, permissionTicket.getRealm(), permissionTicket.getScopes());
auditLogger.log(resourceSetId, resourceOwner, UmaAuditType.REQUEST_SUBMITTED, request, requestingPartyId);
}
} catch (org.forgerock.openam.sm.datalayer.store.ServerException e) {
logger.error("Failed to create pending request", e);
throw new UmaException(403, UmaConstants.NOT_AUTHORISED_ERROR_CODE, "Failed to create pending request");
}
throw newRequestSubmittedException();
}
}
Also used :
Status(org.restlet.data.Status)
OAuth2Uris(org.forgerock.oauth2.core.OAuth2Uris)
JsonValue(org.forgerock.json.JsonValue)
UmaPendingRequest(org.forgerock.openam.sm.datalayer.impl.uma.UmaPendingRequest)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
Request(org.restlet.Request)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
AMIdentity(com.sun.identity.idm.AMIdentity)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
Post(org.restlet.resource.Post)
Aggregations
BadRequestException (org.forgerock.oauth2.core.exceptions.BadRequestException)8
JsonValue (org.forgerock.json.JsonValue)7
OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)7
OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)6
ServerException (org.forgerock.oauth2.core.exceptions.ServerException)5
ResourceSetDescription (org.forgerock.oauth2.resources.ResourceSetDescription)5
HashMap (java.util.HashMap)4
NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)4
Test (org.testng.annotations.Test)4
AMIdentity (com.sun.identity.idm.AMIdentity)3
ArrayList (java.util.ArrayList)3
Map (java.util.Map)3
BadRequestException (org.forgerock.json.resource.BadRequestException)3
ResourceException (org.forgerock.json.resource.ResourceException)3
InvalidRequestException (org.forgerock.oauth2.core.exceptions.InvalidRequestException)3
UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)3
SSOException (com.iplanet.sso.SSOException)2
HashSet (java.util.HashSet)2
List (java.util.List)2
ResourceResponse (org.forgerock.json.resource.ResourceResponse)2
