use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class OpenAMOAuth2ProviderSettingsFactory method getProviderSettings.
private OAuth2ProviderSettings getProviderSettings(String realm) throws NotFoundException {
synchronized (providerSettingsMap) {
OAuth2ProviderSettings providerSettings = providerSettingsMap.get(realm);
if (providerSettings == null) {
ResourceSetStore resourceSetStore = resourceSetStoreFactory.create(realm);
providerSettings = new OpenAMOAuth2ProviderSettings(realm, resourceSetStore, cookieExtractor);
if (providerSettings.exists()) {
providerSettingsMap.put(realm, providerSettings);
} else {
throw new NotFoundException("No OpenID Connect provider for realm " + realm);
}
}
return providerSettings;
}
}
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class OpenAMOAuth2UrisFactory method get.
/**
* Gets a OAuth2Uris instance.
*
* @param context TODO
* @param realmInfo The realm information.
* @return A UmaProviderSettings instance.
*/
@Override
public OAuth2Uris get(Context context, RealmInfo realmInfo) throws NotFoundException, ServerException {
String absoluteRealm = realmInfo.getAbsoluteRealm();
BaseURLProvider baseURLProvider = baseURLProviderFactory.get(absoluteRealm);
String baseUrl;
try {
baseUrl = baseURLProvider.getRealmURL(context.asContext(HttpContext.class), "/oauth2", absoluteRealm);
} catch (InvalidBaseUrlException e) {
throw new ServerException("Configuration error");
}
return get(absoluteRealm, baseUrl);
}
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class OpenAMResourceOwnerAuthenticator method authenticate.
/**
* {@inheritDoc}
*/
public ResourceOwner authenticate(OAuth2Request request, boolean useSession) throws NotFoundException {
SSOToken token = null;
try {
SSOTokenManager mgr = SSOTokenManager.getInstance();
token = mgr.createSSOToken(ServletUtils.getRequest(request.<Request>getRequest()));
} catch (Exception e) {
logger.warning("No SSO Token in request", e);
}
if (token == null || !useSession) {
final String username = request.getParameter(USERNAME);
final char[] password = request.getParameter(PASSWORD) == null ? null : request.<String>getParameter(PASSWORD).toCharArray();
final String realm = realmNormaliser.normalise(request.<String>getParameter(OAuth2Constants.Custom.REALM));
final String authChain = request.getParameter(AUTH_CHAIN);
return authenticate(username, password, realm, authChain);
} else {
try {
final AMIdentity id = IdUtils.getIdentity(AccessController.doPrivileged(AdminTokenAction.getInstance()), token.getProperty(Constants.UNIVERSAL_IDENTIFIER));
long authTime = stringToDate(token.getProperty(ISAuthConstants.AUTH_INSTANT)).getTime();
return new OpenAMResourceOwner(id.getName(), id, authTime);
} catch (SSOException e) {
logger.error("Unable to create ResourceOwner", e);
} catch (ParseException e) {
logger.error("Unable to create ResourceOwner", e);
} catch (IdRepoException e) {
logger.error("Unable to create ResourceOwner", e);
}
}
return null;
}
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class OpenAMScopeValidator method getUpdatedAt.
private String getUpdatedAt(String username, String realm, OAuth2Request request) throws NotFoundException {
try {
final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
String modifyTimestampAttributeName;
String createdTimestampAttributeName;
try {
modifyTimestampAttributeName = providerSettings.getModifiedTimestampAttributeName();
createdTimestampAttributeName = providerSettings.getCreatedTimestampAttributeName();
} catch (ServerException e) {
logger.error("Unable to read last modified attribute from datastore", e);
return DEFAULT_TIMESTAMP;
}
if (modifyTimestampAttributeName == null && createdTimestampAttributeName == null) {
return null;
}
final AMHashMap timestamps = getTimestamps(username, realm, modifyTimestampAttributeName, createdTimestampAttributeName);
final String modifyTimestamp = CollectionHelper.getMapAttr(timestamps, modifyTimestampAttributeName);
if (modifyTimestamp != null) {
synchronized (TIMESTAMP_DATE_FORMAT) {
return Long.toString(TIMESTAMP_DATE_FORMAT.parse(modifyTimestamp).getTime() / 1000);
}
} else {
final String createTimestamp = CollectionHelper.getMapAttr(timestamps, createdTimestampAttributeName);
if (createTimestamp != null) {
synchronized (TIMESTAMP_DATE_FORMAT) {
return Long.toString(TIMESTAMP_DATE_FORMAT.parse(createTimestamp).getTime() / 1000);
}
} else {
return DEFAULT_TIMESTAMP;
}
}
} catch (IdRepoException e) {
if (logger.errorEnabled()) {
logger.error("ScopeValidatorImpl" + ".getUpdatedAt: " + "error searching Identities with username : " + username, e);
}
} catch (SSOException e) {
logger.warning("Error getting updatedAt attribute", e);
} catch (ParseException e) {
logger.warning("Error getting updatedAt attribute", e);
}
return null;
}
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class OpenAMScopeValidator method getUserInfo.
/**
* {@inheritDoc}
*/
public UserInfoClaims getUserInfo(AccessToken token, OAuth2Request request) throws UnauthorizedClientException, NotFoundException {
Map<String, Object> response = new HashMap<>();
Bindings scriptVariables = new SimpleBindings();
SSOToken ssoToken = getUsersSession(request);
String realm;
Set<String> scopes;
AMIdentity id;
OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
Map<String, Set<String>> requestedClaimsValues = gatherRequestedClaims(providerSettings, request, token);
try {
if (token != null) {
OpenIdConnectClientRegistration clientRegistration;
try {
clientRegistration = clientRegistrationStore.get(token.getClientId(), request);
} catch (InvalidClientException e) {
logger.message("Unable to retrieve client from store.");
throw new NotFoundException("No valid client registration found.");
}
final String subId = clientRegistration.getSubValue(token.getResourceOwnerId(), providerSettings);
//data comes from token when we have one
realm = token.getRealm();
scopes = token.getScope();
id = identityManager.getResourceOwnerIdentity(token.getResourceOwnerId(), realm);
response.put(OAuth2Constants.JWTTokenParams.SUB, subId);
response.put(OAuth2Constants.JWTTokenParams.UPDATED_AT, getUpdatedAt(token.getResourceOwnerId(), token.getRealm(), request));
} else {
//otherwise we're simply reading claims into the id_token, so grab it from the request/ssoToken
realm = DNMapper.orgNameToRealmName(ssoToken.getProperty(ISAuthConstants.ORGANIZATION));
id = identityManager.getResourceOwnerIdentity(ssoToken.getProperty(ISAuthConstants.USER_ID), realm);
String scopeStr = request.getParameter(OAuth2Constants.Params.SCOPE);
scopes = splitScope(scopeStr);
}
scriptVariables.put(OAuth2Constants.ScriptParams.SCOPES, getScriptFriendlyScopes(scopes));
scriptVariables.put(OAuth2Constants.ScriptParams.IDENTITY, id);
scriptVariables.put(OAuth2Constants.ScriptParams.LOGGER, logger);
scriptVariables.put(OAuth2Constants.ScriptParams.CLAIMS, response);
scriptVariables.put(OAuth2Constants.ScriptParams.SESSION, ssoToken);
scriptVariables.put(OAuth2Constants.ScriptParams.REQUESTED_CLAIMS, requestedClaimsValues);
ScriptObject script = getOIDCClaimsExtensionScript(realm);
try {
return scriptEvaluator.evaluateScript(script, scriptVariables);
} catch (ScriptException e) {
logger.message("Error running OIDC claims script", e);
throw new ServerException("Error running OIDC claims script: " + e.getMessage());
}
} catch (ServerException e) {
//API does not allow ServerExceptions to be thrown!
throw new NotFoundException(e.getMessage());
} catch (SSOException e) {
throw new NotFoundException(e.getMessage());
}
}
Aggregations