Search in sources :

Example 26 with NotFoundException

use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.

the class OpenAMResourceOwnerSessionValidator method setCurrentAcr.

/**
     * If the user is already logged in when the OAuth2 request comes in with an acr_values parameter, we
     * look to see if they've already matched one. If they have, we set the acr value on the request.
     */
private void setCurrentAcr(SSOToken token, OAuth2Request request, String acrValuesStr) throws NotFoundException, ServerException, SSOException, AccessDeniedException, UnsupportedEncodingException, URISyntaxException, ResourceOwnerAuthenticationRequired {
    String serviceUsed = token.getProperty(ISAuthConstants.SERVICE);
    Set<String> acrValues = new HashSet<>(Arrays.asList(acrValuesStr.split("\\s+")));
    OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
    Map<String, AuthenticationMethod> acrMap = settings.getAcrMapping();
    boolean matched = false;
    for (String acr : acrValues) {
        if (acrMap.containsKey(acr)) {
            if (serviceUsed.equals(acrMap.get(acr).getName())) {
                final Request req = request.getRequest();
                req.getResourceRef().addQueryParameter(OAuth2Constants.JWTTokenParams.ACR, acr);
                matched = true;
            }
        }
    }
    if (!matched) {
        throw authenticationRequired(request, token);
    }
}
Also used : OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) HttpServletRequest(javax.servlet.http.HttpServletRequest) Request(org.restlet.Request) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings) AuthenticationMethod(org.forgerock.oauth2.core.AuthenticationMethod) HashSet(java.util.HashSet)

Example 27 with NotFoundException

use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.

the class OpenAMResourceOwnerSessionValidator method chooseBestAcrValue.

/**
     * Searches through the supplied 'acr' values to find a matching authentication context configuration service for
     * this OpenID Connect client. If the client is not an OIDC client, or if no match is found, then {@code null} is
     * returned and the default login configuration for the realm will be used. Values will be tried in the order
     * passed, and the first matching value will be chosen.
     *
     * @param request the OAuth2 request that requires authentication.
     * @param acrValues the values of the acr_values parameter, in preference order.
     * @return the matching ACR value, or {@code null} if no match was found.
     */
private ACRValue chooseBestAcrValue(final OAuth2Request request, final String... acrValues) throws ServerException, NotFoundException {
    final OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
    final Map<String, AuthenticationMethod> mapping = settings.getAcrMapping();
    if (mapping != null) {
        for (String acrValue : acrValues) {
            final AuthenticationMethod method = mapping.get(acrValue);
            if (method instanceof OpenAMAuthenticationMethod) {
                if (logger.messageEnabled()) {
                    logger.message("Picked ACR value [" + acrValue + "] -> " + method);
                }
                return new ACRValue(acrValue, (OpenAMAuthenticationMethod) method);
            }
        }
    }
    if (logger.messageEnabled()) {
        logger.message("No ACR value matched - using default login configuration");
    }
    return null;
}
Also used : OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings) AuthenticationMethod(org.forgerock.oauth2.core.AuthenticationMethod)

Example 28 with NotFoundException

use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.

the class OpenAMResourceSetStore method delete.

@Override
public void delete(String resourceSetId, String resourceOwnerId) throws NotFoundException, ServerException {
    try {
        ResourceSetDescription token = read(resourceSetId, resourceOwnerId);
        delegate.delete(token.getId());
    } catch (org.forgerock.openam.sm.datalayer.store.NotFoundException e) {
        throw new NotFoundException("Could not find resource set");
    } catch (org.forgerock.openam.sm.datalayer.store.ServerException e) {
        throw new ServerException(e);
    }
}
Also used : ServerException(org.forgerock.oauth2.core.exceptions.ServerException) NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException) ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription)

Example 29 with NotFoundException

use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.

the class OpenAMTokenStore method readRefreshToken.

/**
     * {@inheritDoc}
     */
public RefreshToken readRefreshToken(OAuth2Request request, String tokenId) throws ServerException, InvalidGrantException, NotFoundException {
    RefreshToken loaded = request.getToken(RefreshToken.class);
    if (loaded != null) {
        return loaded;
    }
    logger.message("Read refresh token");
    JsonValue token;
    try {
        token = tokenStore.read(tokenId);
    } catch (CoreTokenException e) {
        logger.error("Unable to read refresh token corresponding to id: " + tokenId, e);
        throw new ServerException("Could not read token in CTS: " + e.getMessage());
    }
    if (token == null) {
        logger.error("Unable to read refresh token corresponding to id: " + tokenId);
        throw new InvalidGrantException("grant is invalid");
    }
    OpenAMRefreshToken refreshToken = new OpenAMRefreshToken(token);
    validateTokenRealm(refreshToken.getRealm(), request);
    request.setToken(RefreshToken.class, refreshToken);
    return refreshToken;
}
Also used : RefreshToken(org.forgerock.oauth2.core.RefreshToken) ServerException(org.forgerock.oauth2.core.exceptions.ServerException) JsonValue(org.forgerock.json.JsonValue) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException) InvalidGrantException(org.forgerock.oauth2.core.exceptions.InvalidGrantException)

Example 30 with NotFoundException

use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.

the class OpenAMTokenStore method updateDeviceCode.

@Override
public void updateDeviceCode(DeviceCode code, OAuth2Request request) throws ServerException, NotFoundException, InvalidGrantException {
    try {
        readDeviceCode(code.getClientId(), code.getDeviceCode(), request);
        tokenStore.update(code);
    } catch (CoreTokenException e) {
        throw new ServerException("Could not update user code state");
    }
}
Also used : ServerException(org.forgerock.oauth2.core.exceptions.ServerException) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)

Aggregations

ServerException (org.forgerock.oauth2.core.exceptions.ServerException)44 OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)34 OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)28 NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)24 CoreTokenException (org.forgerock.openam.cts.exceptions.CoreTokenException)21 JsonValue (org.forgerock.json.JsonValue)20 ResourceSetDescription (org.forgerock.oauth2.resources.ResourceSetDescription)13 AccessToken (org.forgerock.oauth2.core.AccessToken)12 ClientRegistration (org.forgerock.oauth2.core.ClientRegistration)11 InvalidGrantException (org.forgerock.oauth2.core.exceptions.InvalidGrantException)11 ResourceSetStore (org.forgerock.oauth2.resources.ResourceSetStore)11 Request (org.restlet.Request)11 SSOException (com.iplanet.sso.SSOException)10 HashSet (java.util.HashSet)10 AMIdentity (com.sun.identity.idm.AMIdentity)9 HashMap (java.util.HashMap)9 IdRepoException (com.sun.identity.idm.IdRepoException)8 OAuth2Uris (org.forgerock.oauth2.core.OAuth2Uris)8 InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)8 UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)8