Example 1 with ResourceOwnerAuthenticationRequired
use of org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired in project OpenAM by OpenRock.
the class OpenAMResourceOwnerSessionValidator method authenticationRequired.
private ResourceOwnerAuthenticationRequired authenticationRequired(OAuth2Request request) throws AccessDeniedException, URISyntaxException, ServerException, NotFoundException, UnsupportedEncodingException {
OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
Template loginUrlTemplate = providerSettings.getCustomLoginUrlTemplate();
removeLoginPrompt(request.<Request>getRequest());
String gotoUrl = request.<Request>getRequest().getResourceRef().toString();
if (request.getParameter(USER_CODE) != null) {
gotoUrl += (gotoUrl.indexOf('?') > -1 ? "&" : "?") + USER_CODE + "=" + request.getParameter(USER_CODE);
}
String acrValues = request.getParameter(ACR_VALUES);
String realm = request.getParameter(OAuth2Constants.Custom.REALM);
String moduleName = request.getParameter(MODULE);
String serviceName = request.getParameter(SERVICE);
String locale = getRequestLocale(request);
URI loginUrl;
if (loginUrlTemplate != null) {
loginUrl = buildCustomLoginUrl(loginUrlTemplate, gotoUrl, acrValues, realm, moduleName, serviceName, locale);
} else {
loginUrl = buildDefaultLoginUrl(request, gotoUrl, acrValues, realm, moduleName, serviceName, locale);
}
return new ResourceOwnerAuthenticationRequired(loginUrl);
}
Also used :
ResourceOwnerAuthenticationRequired(org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Request(org.restlet.Request)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
URI(java.net.URI)
Template(freemarker.template.Template)
Example 2 with ResourceOwnerAuthenticationRequired
use of org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired in project OpenAM by OpenRock.
the class OpenAMResourceOwnerSessionValidator method setCurrentAcr.
/**
* If the user is already logged in when the OAuth2 request comes in with an acr_values parameter, we
* look to see if they've already matched one. If they have, we set the acr value on the request.
*/
private void setCurrentAcr(SSOToken token, OAuth2Request request, String acrValuesStr) throws NotFoundException, ServerException, SSOException, AccessDeniedException, UnsupportedEncodingException, URISyntaxException, ResourceOwnerAuthenticationRequired {
String serviceUsed = token.getProperty(ISAuthConstants.SERVICE);
Set<String> acrValues = new HashSet<>(Arrays.asList(acrValuesStr.split("\\s+")));
OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
Map<String, AuthenticationMethod> acrMap = settings.getAcrMapping();
boolean matched = false;
for (String acr : acrValues) {
if (acrMap.containsKey(acr)) {
if (serviceUsed.equals(acrMap.get(acr).getName())) {
final Request req = request.getRequest();
req.getResourceRef().addQueryParameter(OAuth2Constants.JWTTokenParams.ACR, acr);
matched = true;
}
}
}
if (!matched) {
throw authenticationRequired(request, token);
}
}
Also used :
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Request(org.restlet.Request)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
AuthenticationMethod(org.forgerock.oauth2.core.AuthenticationMethod)
HashSet(java.util.HashSet)
Example 3 with ResourceOwnerAuthenticationRequired
use of org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired in project OpenAM by OpenRock.
the class OpenAMResourceOwnerSessionValidatorTest method shouldUseDefaultAuthChainWhenNoSupportedAcrValue.
@Test
public void shouldUseDefaultAuthChainWhenNoSupportedAcrValue() throws Exception {
// Given
mockPrompt("login");
mockSSOToken(NO_SESSION_TOKEN);
mockRequestAcrValues("not_supported");
mockAcrValuesMap(Collections.<String, AuthenticationMethod>emptyMap());
// When
URI loginUri = null;
try {
resourceOwnerSessionValidator.validate(mockOAuth2Request);
fail();
} catch (ResourceOwnerAuthenticationRequired ex) {
loginUri = ex.getRedirectUri();
}
// Then
assertFalse(loginUri.getQuery().contains("service="));
}
Also used :
ResourceOwnerAuthenticationRequired(org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired)
URI(java.net.URI)
Test(org.testng.annotations.Test)
Example 4 with ResourceOwnerAuthenticationRequired
use of org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired in project OpenAM by OpenRock.
the class OpenAMResourceOwnerSessionValidatorTest method shouldUseDefaultAuthChainIfNoAcrValuesSpecified.
@Test
public void shouldUseDefaultAuthChainIfNoAcrValuesSpecified() throws Exception {
// Given
mockPrompt("login");
mockSSOToken(NO_SESSION_TOKEN);
// When
URI loginUri = null;
try {
resourceOwnerSessionValidator.validate(mockOAuth2Request);
fail();
} catch (ResourceOwnerAuthenticationRequired ex) {
loginUri = ex.getRedirectUri();
}
// Then
assertFalse(loginUri.getQuery().contains("service="));
}
Also used :
ResourceOwnerAuthenticationRequired(org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired)
URI(java.net.URI)
Test(org.testng.annotations.Test)
Example 5 with ResourceOwnerAuthenticationRequired
use of org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired in project OpenAM by OpenRock.
the class OpenAMResourceOwnerSessionValidatorTest method shouldUseAcrValuesIfSpecified.
@Test
public void shouldUseAcrValuesIfSpecified() throws Exception {
// Given
String acrValues = "1 2 3";
String service = "myAuthService";
mockPrompt("login");
mockSSOToken(NO_SESSION_TOKEN);
mockRequestAcrValues(acrValues);
mockAcrValuesMap(Collections.<String, AuthenticationMethod>singletonMap("2", new OpenAMAuthenticationMethod(service, AuthContext.IndexType.SERVICE)));
// When
URI loginUri = null;
try {
resourceOwnerSessionValidator.validate(mockOAuth2Request);
fail();
} catch (ResourceOwnerAuthenticationRequired ex) {
loginUri = ex.getRedirectUri();
}
// Then
assertTrue(loginUri.getQuery().contains("service=" + service));
}
Also used :
ResourceOwnerAuthenticationRequired(org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired)
URI(java.net.URI)
Test(org.testng.annotations.Test)
Aggregations
ResourceOwnerAuthenticationRequired (org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired)8
URI (java.net.URI)5
OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)5
InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)4
Test (org.testng.annotations.Test)4
OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)3
OAuth2Exception (org.forgerock.oauth2.core.exceptions.OAuth2Exception)3
RedirectUriMismatchException (org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException)3
ResourceOwnerConsentRequired (org.forgerock.oauth2.core.exceptions.ResourceOwnerConsentRequired)3
Request (org.restlet.Request)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
AuthenticationMethod (org.forgerock.oauth2.core.AuthenticationMethod)2
AuthorizationToken (org.forgerock.oauth2.core.AuthorizationToken)2
ResourceOwner (org.forgerock.oauth2.core.ResourceOwner)2
UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)2
Representation (org.restlet.representation.Representation)2
Post (org.restlet.resource.Post)2
SSOException (com.iplanet.sso.SSOException)1
SSOToken (com.iplanet.sso.SSOToken)1
AMIdentity (com.sun.identity.idm.AMIdentity)1
