Search in sources :

Example 16 with NotFoundException

use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.

the class OpenAMOAuth2ProviderSettingsFactory method getProviderSettings.

private OAuth2ProviderSettings getProviderSettings(String realm) throws NotFoundException {
    synchronized (providerSettingsMap) {
        OAuth2ProviderSettings providerSettings = providerSettingsMap.get(realm);
        if (providerSettings == null) {
            ResourceSetStore resourceSetStore = resourceSetStoreFactory.create(realm);
            providerSettings = new OpenAMOAuth2ProviderSettings(realm, resourceSetStore, cookieExtractor);
            if (providerSettings.exists()) {
                providerSettingsMap.put(realm, providerSettings);
            } else {
                throw new NotFoundException("No OpenID Connect provider for realm " + realm);
            }
        }
        return providerSettings;
    }
}
Also used : ResourceSetStore(org.forgerock.oauth2.resources.ResourceSetStore) NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)

Example 17 with NotFoundException

use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.

the class OpenAMOAuth2UrisFactory method get.

/**
     * Gets a OAuth2Uris instance.
     *
     * @param context TODO
     * @param realmInfo The realm information.
     * @return A UmaProviderSettings instance.
     */
@Override
public OAuth2Uris get(Context context, RealmInfo realmInfo) throws NotFoundException, ServerException {
    String absoluteRealm = realmInfo.getAbsoluteRealm();
    BaseURLProvider baseURLProvider = baseURLProviderFactory.get(absoluteRealm);
    String baseUrl;
    try {
        baseUrl = baseURLProvider.getRealmURL(context.asContext(HttpContext.class), "/oauth2", absoluteRealm);
    } catch (InvalidBaseUrlException e) {
        throw new ServerException("Configuration error");
    }
    return get(absoluteRealm, baseUrl);
}
Also used : ServerException(org.forgerock.oauth2.core.exceptions.ServerException) InvalidBaseUrlException(org.forgerock.openam.services.baseurl.InvalidBaseUrlException) BaseURLProvider(org.forgerock.openam.services.baseurl.BaseURLProvider)

Example 18 with NotFoundException

use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.

the class OpenAMResourceOwnerAuthenticator method authenticate.

/**
     * {@inheritDoc}
     */
public ResourceOwner authenticate(OAuth2Request request, boolean useSession) throws NotFoundException {
    SSOToken token = null;
    try {
        SSOTokenManager mgr = SSOTokenManager.getInstance();
        token = mgr.createSSOToken(ServletUtils.getRequest(request.<Request>getRequest()));
    } catch (Exception e) {
        logger.warning("No SSO Token in request", e);
    }
    if (token == null || !useSession) {
        final String username = request.getParameter(USERNAME);
        final char[] password = request.getParameter(PASSWORD) == null ? null : request.<String>getParameter(PASSWORD).toCharArray();
        final String realm = realmNormaliser.normalise(request.<String>getParameter(OAuth2Constants.Custom.REALM));
        final String authChain = request.getParameter(AUTH_CHAIN);
        return authenticate(username, password, realm, authChain);
    } else {
        try {
            final AMIdentity id = IdUtils.getIdentity(AccessController.doPrivileged(AdminTokenAction.getInstance()), token.getProperty(Constants.UNIVERSAL_IDENTIFIER));
            long authTime = stringToDate(token.getProperty(ISAuthConstants.AUTH_INSTANT)).getTime();
            return new OpenAMResourceOwner(id.getName(), id, authTime);
        } catch (SSOException e) {
            logger.error("Unable to create ResourceOwner", e);
        } catch (ParseException e) {
            logger.error("Unable to create ResourceOwner", e);
        } catch (IdRepoException e) {
            logger.error("Unable to create ResourceOwner", e);
        }
    }
    return null;
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) SSOToken(com.iplanet.sso.SSOToken) AMIdentity(com.sun.identity.idm.AMIdentity) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) ParseException(java.text.ParseException) IdRepoException(com.sun.identity.idm.IdRepoException) ResourceException(org.restlet.resource.ResourceException) ParseException(java.text.ParseException) NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) SSOException(com.iplanet.sso.SSOException)

Example 19 with NotFoundException

use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.

the class OpenAMScopeValidator method getUpdatedAt.

private String getUpdatedAt(String username, String realm, OAuth2Request request) throws NotFoundException {
    try {
        final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
        String modifyTimestampAttributeName;
        String createdTimestampAttributeName;
        try {
            modifyTimestampAttributeName = providerSettings.getModifiedTimestampAttributeName();
            createdTimestampAttributeName = providerSettings.getCreatedTimestampAttributeName();
        } catch (ServerException e) {
            logger.error("Unable to read last modified attribute from datastore", e);
            return DEFAULT_TIMESTAMP;
        }
        if (modifyTimestampAttributeName == null && createdTimestampAttributeName == null) {
            return null;
        }
        final AMHashMap timestamps = getTimestamps(username, realm, modifyTimestampAttributeName, createdTimestampAttributeName);
        final String modifyTimestamp = CollectionHelper.getMapAttr(timestamps, modifyTimestampAttributeName);
        if (modifyTimestamp != null) {
            synchronized (TIMESTAMP_DATE_FORMAT) {
                return Long.toString(TIMESTAMP_DATE_FORMAT.parse(modifyTimestamp).getTime() / 1000);
            }
        } else {
            final String createTimestamp = CollectionHelper.getMapAttr(timestamps, createdTimestampAttributeName);
            if (createTimestamp != null) {
                synchronized (TIMESTAMP_DATE_FORMAT) {
                    return Long.toString(TIMESTAMP_DATE_FORMAT.parse(createTimestamp).getTime() / 1000);
                }
            } else {
                return DEFAULT_TIMESTAMP;
            }
        }
    } catch (IdRepoException e) {
        if (logger.errorEnabled()) {
            logger.error("ScopeValidatorImpl" + ".getUpdatedAt: " + "error searching Identities with username : " + username, e);
        }
    } catch (SSOException e) {
        logger.warning("Error getting updatedAt attribute", e);
    } catch (ParseException e) {
        logger.warning("Error getting updatedAt attribute", e);
    }
    return null;
}
Also used : ServerException(org.forgerock.oauth2.core.exceptions.ServerException) AMHashMap(com.iplanet.am.sdk.AMHashMap) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings) ParseException(java.text.ParseException)

Example 20 with NotFoundException

use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.

the class OpenAMScopeValidator method getUserInfo.

/**
     * {@inheritDoc}
     */
public UserInfoClaims getUserInfo(AccessToken token, OAuth2Request request) throws UnauthorizedClientException, NotFoundException {
    Map<String, Object> response = new HashMap<>();
    Bindings scriptVariables = new SimpleBindings();
    SSOToken ssoToken = getUsersSession(request);
    String realm;
    Set<String> scopes;
    AMIdentity id;
    OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
    Map<String, Set<String>> requestedClaimsValues = gatherRequestedClaims(providerSettings, request, token);
    try {
        if (token != null) {
            OpenIdConnectClientRegistration clientRegistration;
            try {
                clientRegistration = clientRegistrationStore.get(token.getClientId(), request);
            } catch (InvalidClientException e) {
                logger.message("Unable to retrieve client from store.");
                throw new NotFoundException("No valid client registration found.");
            }
            final String subId = clientRegistration.getSubValue(token.getResourceOwnerId(), providerSettings);
            //data comes from token when we have one
            realm = token.getRealm();
            scopes = token.getScope();
            id = identityManager.getResourceOwnerIdentity(token.getResourceOwnerId(), realm);
            response.put(OAuth2Constants.JWTTokenParams.SUB, subId);
            response.put(OAuth2Constants.JWTTokenParams.UPDATED_AT, getUpdatedAt(token.getResourceOwnerId(), token.getRealm(), request));
        } else {
            //otherwise we're simply reading claims into the id_token, so grab it from the request/ssoToken
            realm = DNMapper.orgNameToRealmName(ssoToken.getProperty(ISAuthConstants.ORGANIZATION));
            id = identityManager.getResourceOwnerIdentity(ssoToken.getProperty(ISAuthConstants.USER_ID), realm);
            String scopeStr = request.getParameter(OAuth2Constants.Params.SCOPE);
            scopes = splitScope(scopeStr);
        }
        scriptVariables.put(OAuth2Constants.ScriptParams.SCOPES, getScriptFriendlyScopes(scopes));
        scriptVariables.put(OAuth2Constants.ScriptParams.IDENTITY, id);
        scriptVariables.put(OAuth2Constants.ScriptParams.LOGGER, logger);
        scriptVariables.put(OAuth2Constants.ScriptParams.CLAIMS, response);
        scriptVariables.put(OAuth2Constants.ScriptParams.SESSION, ssoToken);
        scriptVariables.put(OAuth2Constants.ScriptParams.REQUESTED_CLAIMS, requestedClaimsValues);
        ScriptObject script = getOIDCClaimsExtensionScript(realm);
        try {
            return scriptEvaluator.evaluateScript(script, scriptVariables);
        } catch (ScriptException e) {
            logger.message("Error running OIDC claims script", e);
            throw new ServerException("Error running OIDC claims script: " + e.getMessage());
        }
    } catch (ServerException e) {
        //API does not allow ServerExceptions to be thrown!
        throw new NotFoundException(e.getMessage());
    } catch (SSOException e) {
        throw new NotFoundException(e.getMessage());
    }
}
Also used : ScriptObject(org.forgerock.openam.scripting.ScriptObject) OpenIdConnectClientRegistration(org.forgerock.openidconnect.OpenIdConnectClientRegistration) SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) HashSet(java.util.HashSet) ServerException(org.forgerock.oauth2.core.exceptions.ServerException) AMHashMap(com.iplanet.am.sdk.AMHashMap) HashMap(java.util.HashMap) NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException) SSOException(com.iplanet.sso.SSOException) SimpleBindings(javax.script.SimpleBindings) Bindings(javax.script.Bindings) ScriptException(javax.script.ScriptException) SimpleBindings(javax.script.SimpleBindings) AMIdentity(com.sun.identity.idm.AMIdentity) InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException) JSONObject(org.json.JSONObject) ScriptObject(org.forgerock.openam.scripting.ScriptObject) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)

Aggregations

ServerException (org.forgerock.oauth2.core.exceptions.ServerException)44 OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)34 OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)28 NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)24 CoreTokenException (org.forgerock.openam.cts.exceptions.CoreTokenException)21 JsonValue (org.forgerock.json.JsonValue)20 ResourceSetDescription (org.forgerock.oauth2.resources.ResourceSetDescription)13 AccessToken (org.forgerock.oauth2.core.AccessToken)12 ClientRegistration (org.forgerock.oauth2.core.ClientRegistration)11 InvalidGrantException (org.forgerock.oauth2.core.exceptions.InvalidGrantException)11 ResourceSetStore (org.forgerock.oauth2.resources.ResourceSetStore)11 Request (org.restlet.Request)11 SSOException (com.iplanet.sso.SSOException)10 HashSet (java.util.HashSet)10 AMIdentity (com.sun.identity.idm.AMIdentity)9 HashMap (java.util.HashMap)9 IdRepoException (com.sun.identity.idm.IdRepoException)8 OAuth2Uris (org.forgerock.oauth2.core.OAuth2Uris)8 InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)8 UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)8