use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class OpenAMResourceOwnerSessionValidator method setCurrentAcr.
/**
* If the user is already logged in when the OAuth2 request comes in with an acr_values parameter, we
* look to see if they've already matched one. If they have, we set the acr value on the request.
*/
private void setCurrentAcr(SSOToken token, OAuth2Request request, String acrValuesStr) throws NotFoundException, ServerException, SSOException, AccessDeniedException, UnsupportedEncodingException, URISyntaxException, ResourceOwnerAuthenticationRequired {
String serviceUsed = token.getProperty(ISAuthConstants.SERVICE);
Set<String> acrValues = new HashSet<>(Arrays.asList(acrValuesStr.split("\\s+")));
OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
Map<String, AuthenticationMethod> acrMap = settings.getAcrMapping();
boolean matched = false;
for (String acr : acrValues) {
if (acrMap.containsKey(acr)) {
if (serviceUsed.equals(acrMap.get(acr).getName())) {
final Request req = request.getRequest();
req.getResourceRef().addQueryParameter(OAuth2Constants.JWTTokenParams.ACR, acr);
matched = true;
}
}
}
if (!matched) {
throw authenticationRequired(request, token);
}
}
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class OpenAMResourceOwnerSessionValidator method chooseBestAcrValue.
/**
* Searches through the supplied 'acr' values to find a matching authentication context configuration service for
* this OpenID Connect client. If the client is not an OIDC client, or if no match is found, then {@code null} is
* returned and the default login configuration for the realm will be used. Values will be tried in the order
* passed, and the first matching value will be chosen.
*
* @param request the OAuth2 request that requires authentication.
* @param acrValues the values of the acr_values parameter, in preference order.
* @return the matching ACR value, or {@code null} if no match was found.
*/
private ACRValue chooseBestAcrValue(final OAuth2Request request, final String... acrValues) throws ServerException, NotFoundException {
final OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
final Map<String, AuthenticationMethod> mapping = settings.getAcrMapping();
if (mapping != null) {
for (String acrValue : acrValues) {
final AuthenticationMethod method = mapping.get(acrValue);
if (method instanceof OpenAMAuthenticationMethod) {
if (logger.messageEnabled()) {
logger.message("Picked ACR value [" + acrValue + "] -> " + method);
}
return new ACRValue(acrValue, (OpenAMAuthenticationMethod) method);
}
}
}
if (logger.messageEnabled()) {
logger.message("No ACR value matched - using default login configuration");
}
return null;
}
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class OpenAMResourceSetStore method delete.
@Override
public void delete(String resourceSetId, String resourceOwnerId) throws NotFoundException, ServerException {
try {
ResourceSetDescription token = read(resourceSetId, resourceOwnerId);
delegate.delete(token.getId());
} catch (org.forgerock.openam.sm.datalayer.store.NotFoundException e) {
throw new NotFoundException("Could not find resource set");
} catch (org.forgerock.openam.sm.datalayer.store.ServerException e) {
throw new ServerException(e);
}
}
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class OpenAMTokenStore method readRefreshToken.
/**
* {@inheritDoc}
*/
public RefreshToken readRefreshToken(OAuth2Request request, String tokenId) throws ServerException, InvalidGrantException, NotFoundException {
RefreshToken loaded = request.getToken(RefreshToken.class);
if (loaded != null) {
return loaded;
}
logger.message("Read refresh token");
JsonValue token;
try {
token = tokenStore.read(tokenId);
} catch (CoreTokenException e) {
logger.error("Unable to read refresh token corresponding to id: " + tokenId, e);
throw new ServerException("Could not read token in CTS: " + e.getMessage());
}
if (token == null) {
logger.error("Unable to read refresh token corresponding to id: " + tokenId);
throw new InvalidGrantException("grant is invalid");
}
OpenAMRefreshToken refreshToken = new OpenAMRefreshToken(token);
validateTokenRealm(refreshToken.getRealm(), request);
request.setToken(RefreshToken.class, refreshToken);
return refreshToken;
}
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class OpenAMTokenStore method updateDeviceCode.
@Override
public void updateDeviceCode(DeviceCode code, OAuth2Request request) throws ServerException, NotFoundException, InvalidGrantException {
try {
readDeviceCode(code.getClientId(), code.getDeviceCode(), request);
tokenStore.update(code);
} catch (CoreTokenException e) {
throw new ServerException("Could not update user code state");
}
}
Aggregations