Example 51 with NotFoundException
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class AuthorizationRequestEndpoint method requestAuthorization.
@Post
public Representation requestAuthorization(JsonRepresentation entity) throws BadRequestException, UmaException, EntitlementException, ServerException, NotFoundException {
UmaProviderSettings umaProviderSettings = umaProviderSettingsFactory.get(this.getRequest());
final OAuth2Request oauth2Request = requestFactory.create(getRequest());
OAuth2ProviderSettings oauth2ProviderSettings = oauth2ProviderSettingsFactory.get(oauth2Request);
OAuth2Uris oAuth2Uris = oAuth2UrisFactory.get(oauth2Request);
final UmaTokenStore umaTokenStore = umaProviderSettings.getUmaTokenStore();
String realm = oauth2Request.getParameter("realm");
JsonValue requestBody = json(toMap(entity));
PermissionTicket permissionTicket = getPermissionTicket(umaTokenStore, requestBody);
validatePermissionTicketHolder(umaTokenStore, permissionTicket);
final String resourceSetId = permissionTicket.getResourceSetId();
final Request request = getRequest();
final String resourceOwnerId = getResourceOwnerId(oauth2ProviderSettings, resourceSetId);
AMIdentity resourceOwner = createIdentity(resourceOwnerId, realm);
String requestingPartyId = null;
try {
requestingPartyId = getRequestingPartyId(umaProviderSettings, oAuth2Uris, requestBody);
} finally {
auditLogger.log(resourceSetId, resourceOwner, UmaAuditType.REQUEST, request, requestingPartyId == null ? getAuthorisationApiToken().getResourceOwnerId() : requestingPartyId);
}
if (isEntitled(umaProviderSettings, oauth2ProviderSettings, permissionTicket, requestingPartyId)) {
getResponse().setStatus(new Status(200));
auditLogger.log(resourceSetId, resourceOwner, UmaAuditType.GRANTED, request, requestingPartyId);
return createJsonRpt(umaTokenStore, permissionTicket);
} else {
try {
if (verifyPendingRequestDoesNotAlreadyExist(resourceSetId, resourceOwnerId, permissionTicket.getRealm(), requestingPartyId, permissionTicket.getScopes())) {
auditLogger.log(resourceSetId, resourceOwner, UmaAuditType.DENIED, request, requestingPartyId);
throw new UmaException(403, UmaConstants.NOT_AUTHORISED_ERROR_CODE, "The client is not authorised to access the requested resource set");
} else {
pendingRequestsService.createPendingRequest(ServletUtils.getRequest(getRequest()), resourceSetId, auditLogger.getResourceName(resourceSetId, request), resourceOwnerId, requestingPartyId, permissionTicket.getRealm(), permissionTicket.getScopes());
auditLogger.log(resourceSetId, resourceOwner, UmaAuditType.REQUEST_SUBMITTED, request, requestingPartyId);
}
} catch (org.forgerock.openam.sm.datalayer.store.ServerException e) {
logger.error("Failed to create pending request", e);
throw new UmaException(403, UmaConstants.NOT_AUTHORISED_ERROR_CODE, "Failed to create pending request");
}
throw newRequestSubmittedException();
}
}
Also used :
Status(org.restlet.data.Status)
OAuth2Uris(org.forgerock.oauth2.core.OAuth2Uris)
JsonValue(org.forgerock.json.JsonValue)
UmaPendingRequest(org.forgerock.openam.sm.datalayer.impl.uma.UmaPendingRequest)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
Request(org.restlet.Request)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
AMIdentity(com.sun.identity.idm.AMIdentity)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
Post(org.restlet.resource.Post)
Example 52 with NotFoundException
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class UmaPolicyApplicationListener method identityDeleted.
/**
* Deletes, (based on configuration), the resource servers policy application, policies and
* resource sets.
*
* @param universalId {@inheritDoc}
*/
@Override
public void identityDeleted(String universalId) {
try {
AMIdentity identity = getIdentity(universalId);
if (!isAgentIdentity(identity)) {
return;
}
removeApplication(identity.getRealm(), identity.getName());
} catch (IdRepoException e) {
logger.error("Failed to get identity", e);
} catch (NotFoundException e) {
logger.error("Failed to get UMA Provider settings", e);
} catch (ServerException e) {
logger.error("Failed to get UMA Provider settings", e);
}
}
Also used :
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
AMIdentity(com.sun.identity.idm.AMIdentity)
IdRepoException(com.sun.identity.idm.IdRepoException)
NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException)
DenyOverride(com.sun.identity.entitlement.DenyOverride)
Example 53 with NotFoundException
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class UmaPolicyServiceImpl method internalReadPolicy.
/**
* {@inheritDoc}
*/
private Promise<UmaPolicy, ResourceException> internalReadPolicy(final Context context, final String resourceSetId) {
String resourceOwnerUid = getResourceOwnerUid(context);
QueryRequest request = Requests.newQueryRequest("").setQueryFilter(QueryFilter.and(QueryFilter.equalTo(new JsonPointer("resourceTypeUuid"), resourceSetId), QueryFilter.equalTo(new JsonPointer("createdBy"), resourceOwnerUid)));
return policyResourceDelegate.queryPolicies(context, request).thenAsync(new AsyncFunction<Pair<QueryResponse, List<ResourceResponse>>, UmaPolicy, ResourceException>() {
@Override
public Promise<UmaPolicy, ResourceException> apply(Pair<QueryResponse, List<ResourceResponse>> value) {
try {
if (value.getSecond().isEmpty()) {
return new NotFoundException("UMA Policy not found, " + resourceSetId).asPromise();
} else {
ResourceSetDescription resourceSet = getResourceSet(getRealm(context), resourceSetId);
UmaPolicy umaPolicy = UmaPolicy.fromUnderlyingPolicies(resourceSet, value.getSecond());
return newResultPromise(umaPolicy);
}
} catch (ResourceException e) {
return e.asPromise();
}
}
});
}
Also used :
QueryRequest(org.forgerock.json.resource.QueryRequest)
NotFoundException(org.forgerock.json.resource.NotFoundException)
JsonPointer(org.forgerock.json.JsonPointer)
ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription)
Promise(org.forgerock.util.promise.Promise)
ResourceResponse(org.forgerock.json.resource.ResourceResponse)
Responses.newQueryResponse(org.forgerock.json.resource.Responses.newQueryResponse)
QueryResponse(org.forgerock.json.resource.QueryResponse)
ResourceException(org.forgerock.json.resource.ResourceException)
List(java.util.List)
ArrayList(java.util.ArrayList)
UmaPolicy(org.forgerock.openam.uma.UmaPolicy)
Pair(org.forgerock.util.Pair)
Example 54 with NotFoundException
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class ResourceSetService method isSharedWith.
/**
* Checks whether a ResourceSet is accessible by a user.
* @param resourceSet The resource set to check.
* @param resourceUserId The id of the user to check.
* @param realm The realm to check in.
* @return @code{true} if the user can access that ResourceSet.
*/
public boolean isSharedWith(ResourceSetDescription resourceSet, String resourceUserId, String realm) throws InternalServerErrorException {
Subject subject = createSubject(resourceUserId, realm);
try {
Evaluator evaluator = umaProviderSettingsFactory.get(realm).getPolicyEvaluator(subject, resourceSet.getClientId().toLowerCase());
String sharedResourceName = "uma://" + resourceSet.getId();
List<Entitlement> entitlements = evaluator.evaluate(realm, subject, sharedResourceName, null, false);
if (!entitlements.isEmpty() && !entitlements.iterator().next().getActionValues().isEmpty()) {
return true;
}
} catch (EntitlementException | NotFoundException e) {
throw new InternalServerErrorException(e);
}
return false;
}
Also used :
EntitlementException(com.sun.identity.entitlement.EntitlementException)
NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
Evaluator(com.sun.identity.entitlement.Evaluator)
Entitlement(com.sun.identity.entitlement.Entitlement)
Subject(javax.security.auth.Subject)
Example 55 with NotFoundException
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class UmaAuditLogger method getResourceName.
public String getResourceName(String resourceSetId, Request request) throws NotFoundException, UmaException, org.forgerock.oauth2.core.exceptions.ServerException {
OAuth2ProviderSettings providerSettings = oauth2ProviderSettingsFactory.get(requestFactory.create(request));
ResourceSetDescription resourceSetDescription = getResourceSet(resourceSetId, providerSettings);
return resourceSetDescription.getName();
}
Also used :
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription)
Aggregations
ServerException (org.forgerock.oauth2.core.exceptions.ServerException)44
OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)34
OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)28
NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)24
CoreTokenException (org.forgerock.openam.cts.exceptions.CoreTokenException)21
JsonValue (org.forgerock.json.JsonValue)20
ResourceSetDescription (org.forgerock.oauth2.resources.ResourceSetDescription)13
AccessToken (org.forgerock.oauth2.core.AccessToken)12
ClientRegistration (org.forgerock.oauth2.core.ClientRegistration)11
InvalidGrantException (org.forgerock.oauth2.core.exceptions.InvalidGrantException)11
ResourceSetStore (org.forgerock.oauth2.resources.ResourceSetStore)11
Request (org.restlet.Request)11
SSOException (com.iplanet.sso.SSOException)10
HashSet (java.util.HashSet)10
AMIdentity (com.sun.identity.idm.AMIdentity)9
HashMap (java.util.HashMap)9
IdRepoException (com.sun.identity.idm.IdRepoException)8
OAuth2Uris (org.forgerock.oauth2.core.OAuth2Uris)8
InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)8
UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)8
